From d3ff6a1acd2aca8fb4927e9624e468c61dbf6f19 Mon Sep 17 00:00:00 2001
From: "MSI\\derek" <abc@gmail.com>
Date: Fri, 21 Feb 2025 11:52:06 +0800
Subject: [PATCH] initial commit

---
 .gitignore                                    |  37 +
 README.md                                     |  49 +-
 build.gradle                                  |  56 ++
 gradle/wrapper/gradle-wrapper.jar             | Bin 0 -> 62076 bytes
 gradle/wrapper/gradle-wrapper.properties      |   6 +
 gradlew                                       | 240 ++++++
 gradlew.bat                                   |  91 ++
 settings.gradle                               |   1 +
 .../java/com/ffii/core/entity/BaseEntity.java | 121 +++
 .../java/com/ffii/core/entity/IdEntity.java   |  49 ++
 .../core/exception/BadRequestException.java   |  15 +
 .../core/exception/ConflictException.java     |  16 +
 .../InternalServerErrorException.java         |  19 +
 .../core/exception/NotFoundException.java     |  13 +
 .../UnprocessableEntityException.java         |  37 +
 .../java/com/ffii/core/response/DataRes.java  |  21 +
 .../java/com/ffii/core/response/ErrorRes.java |  36 +
 .../com/ffii/core/response/FailureRes.java    |  39 +
 .../java/com/ffii/core/response/IdRes.java    |  21 +
 .../com/ffii/core/response/RecordsRes.java    |  41 +
 .../support/AbstractBaseEntityService.java    |  42 +
 .../core/support/AbstractIdEntityService.java |  65 ++
 .../ffii/core/support/AbstractRepository.java |  16 +
 .../ffii/core/support/AbstractService.java    |  15 +
 .../com/ffii/core/support/ErrorHandler.java   |  44 +
 .../java/com/ffii/core/support/JdbcDao.java   | 437 ++++++++++
 src/main/java/com/ffii/core/utils/AES.java    |  85 ++
 .../ffii/core/utils/CriteriaArgsBuilder.java  | 242 ++++++
 .../java/com/ffii/core/utils/ExcelUtils.java  | 778 ++++++++++++++++++
 .../java/com/ffii/core/utils/JsonUtils.java   |  47 ++
 .../com/ffii/core/utils/JwtTokenUtil.java     | 114 +++
 .../java/com/ffii/core/utils/MapUtils.java    |  35 +
 src/main/java/com/ffii/core/utils/Params.java |  42 +
 .../com/ffii/core/utils/PasswordUtils.java    |  83 ++
 .../java/com/ffii/tsms/TsmsApplication.java   |  13 +
 .../java/com/ffii/tsms/config/AppConfig.java  |  36 +
 .../java/com/ffii/tsms/config/WebConfig.java  |  29 +
 .../tsms/config/security/SecurityConfig.java  |  80 ++
 .../config/security/jwt/JwtRequestFilter.java |  75 ++
 .../jwt/service/JwtUserDetailsService.java    |  31 +
 .../jwt/web/JwtAuthenticationController.java  | 151 ++++
 .../security/service/LoginLogService.java     |  43 +
 .../com/ffii/tsms/model/AbilityModel.java     |  13 +
 .../ffii/tsms/model/ExceptionResponse.java    |  28 +
 .../java/com/ffii/tsms/model/JwtRequest.java  |  40 +
 .../java/com/ffii/tsms/model/JwtResponse.java |  56 ++
 .../com/ffii/tsms/model/RefreshToken.java     |  39 +
 .../ffii/tsms/model/TokenRefreshRequest.java  |  16 +
 .../ffii/tsms/model/TokenRefreshResponse.java |  37 +
 .../ffii/tsms/modules/common/ErrorCodes.java  |  17 +
 .../tsms/modules/common/PasswordRule.java     | 116 +++
 .../tsms/modules/common/SecurityUtils.java    | 146 ++++
 .../tsms/modules/common/SettingNames.java     |  61 ++
 .../common/service/AuditLogService.java       |  48 ++
 .../modules/settings/entity/Settings.java     |  74 ++
 .../settings/entity/SettingsRepository.java   |  12 +
 .../settings/service/SettingsService.java     | 208 +++++
 .../settings/web/SettingsController.java      |  66 ++
 .../ffii/tsms/modules/user/entity/Group.java  |  37 +
 .../modules/user/entity/GroupRepository.java  |   6 +
 .../ffii/tsms/modules/user/entity/User.java   | 254 ++++++
 .../modules/user/entity/UserRepository.java   |  15 +
 .../modules/user/req/NewPublicUserReq.java    |  29 +
 .../tsms/modules/user/req/NewUserReq.java     |  21 +
 .../tsms/modules/user/req/SaveGroupReq.java   |  80 ++
 .../tsms/modules/user/req/SearchUserReq.java  |  69 ++
 .../tsms/modules/user/req/UpdateUserReq.java  | 151 ++++
 .../modules/user/service/GroupService.java    | 176 ++++
 .../user/service/UserAuthorityService.java    |  48 ++
 .../modules/user/service/UserService.java     | 269 ++++++
 .../modules/user/service/pojo/AuthRecord.java |  41 +
 .../modules/user/service/pojo/UserRecord.java | 155 ++++
 .../modules/user/service/res/LoadUserRes.java |  45 +
 .../modules/user/web/GroupController.java     |  80 ++
 .../tsms/modules/user/web/TestController.java |  21 +
 .../tsms/modules/user/web/UserController.java | 193 +++++
 src/main/resources/application-db-2fi.yml     |   5 +
 src/main/resources/application-db-local.yml   |   5 +
 src/main/resources/application-ldap-local.yml |   9 +
 src/main/resources/application-prod-linux.yml |   2 +
 src/main/resources/application-prod-win.yml   |   2 +
 src/main/resources/application.yml            |  28 +
 .../changes/20230720_01_alex/01_base.sql      |  77 ++
 .../changes/20230720_01_alex/02_settings.sql  |  13 +
 .../20230720_01_alex/03_settings_data.sql     |  10 +
 .../04_update_user_authority.sql              |   5 +
 .../changes/20230725_01_alex/01_audit_log.sql |  13 +
 .../20230725_01_alex/02_user_login_log.sql    |  11 +
 .../db/changelog/db.changelog-master.yaml     |   3 +
 src/main/resources/ldap-test-users.ldif       |  14 +
 src/main/resources/log4j2-prod-linux.yml      |  23 +
 src/main/resources/log4j2-prod-win.yml        |  23 +
 src/main/resources/log4j2.yml                 |  17 +
 .../com/ffii/tsms/ArsApplicationTests.java    |  13 +
 94 files changed, 6350 insertions(+), 1 deletion(-)
 create mode 100644 .gitignore
 create mode 100644 build.gradle
 create mode 100644 gradle/wrapper/gradle-wrapper.jar
 create mode 100644 gradle/wrapper/gradle-wrapper.properties
 create mode 100644 gradlew
 create mode 100644 gradlew.bat
 create mode 100644 settings.gradle
 create mode 100644 src/main/java/com/ffii/core/entity/BaseEntity.java
 create mode 100644 src/main/java/com/ffii/core/entity/IdEntity.java
 create mode 100644 src/main/java/com/ffii/core/exception/BadRequestException.java
 create mode 100644 src/main/java/com/ffii/core/exception/ConflictException.java
 create mode 100644 src/main/java/com/ffii/core/exception/InternalServerErrorException.java
 create mode 100644 src/main/java/com/ffii/core/exception/NotFoundException.java
 create mode 100644 src/main/java/com/ffii/core/exception/UnprocessableEntityException.java
 create mode 100644 src/main/java/com/ffii/core/response/DataRes.java
 create mode 100644 src/main/java/com/ffii/core/response/ErrorRes.java
 create mode 100644 src/main/java/com/ffii/core/response/FailureRes.java
 create mode 100644 src/main/java/com/ffii/core/response/IdRes.java
 create mode 100644 src/main/java/com/ffii/core/response/RecordsRes.java
 create mode 100644 src/main/java/com/ffii/core/support/AbstractBaseEntityService.java
 create mode 100644 src/main/java/com/ffii/core/support/AbstractIdEntityService.java
 create mode 100644 src/main/java/com/ffii/core/support/AbstractRepository.java
 create mode 100644 src/main/java/com/ffii/core/support/AbstractService.java
 create mode 100644 src/main/java/com/ffii/core/support/ErrorHandler.java
 create mode 100644 src/main/java/com/ffii/core/support/JdbcDao.java
 create mode 100644 src/main/java/com/ffii/core/utils/AES.java
 create mode 100644 src/main/java/com/ffii/core/utils/CriteriaArgsBuilder.java
 create mode 100644 src/main/java/com/ffii/core/utils/ExcelUtils.java
 create mode 100644 src/main/java/com/ffii/core/utils/JsonUtils.java
 create mode 100644 src/main/java/com/ffii/core/utils/JwtTokenUtil.java
 create mode 100644 src/main/java/com/ffii/core/utils/MapUtils.java
 create mode 100644 src/main/java/com/ffii/core/utils/Params.java
 create mode 100644 src/main/java/com/ffii/core/utils/PasswordUtils.java
 create mode 100644 src/main/java/com/ffii/tsms/TsmsApplication.java
 create mode 100644 src/main/java/com/ffii/tsms/config/AppConfig.java
 create mode 100644 src/main/java/com/ffii/tsms/config/WebConfig.java
 create mode 100644 src/main/java/com/ffii/tsms/config/security/SecurityConfig.java
 create mode 100644 src/main/java/com/ffii/tsms/config/security/jwt/JwtRequestFilter.java
 create mode 100644 src/main/java/com/ffii/tsms/config/security/jwt/service/JwtUserDetailsService.java
 create mode 100644 src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java
 create mode 100644 src/main/java/com/ffii/tsms/config/security/service/LoginLogService.java
 create mode 100644 src/main/java/com/ffii/tsms/model/AbilityModel.java
 create mode 100644 src/main/java/com/ffii/tsms/model/ExceptionResponse.java
 create mode 100644 src/main/java/com/ffii/tsms/model/JwtRequest.java
 create mode 100644 src/main/java/com/ffii/tsms/model/JwtResponse.java
 create mode 100644 src/main/java/com/ffii/tsms/model/RefreshToken.java
 create mode 100644 src/main/java/com/ffii/tsms/model/TokenRefreshRequest.java
 create mode 100644 src/main/java/com/ffii/tsms/model/TokenRefreshResponse.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/common/ErrorCodes.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/common/PasswordRule.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/common/SecurityUtils.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/common/SettingNames.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/common/service/AuditLogService.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/settings/entity/Settings.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/settings/entity/SettingsRepository.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/settings/service/SettingsService.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/settings/web/SettingsController.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/entity/Group.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/entity/GroupRepository.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/entity/User.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/req/NewPublicUserReq.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/req/NewUserReq.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/req/SaveGroupReq.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/req/SearchUserReq.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/req/UpdateUserReq.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/service/GroupService.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/service/UserAuthorityService.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/service/UserService.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/service/pojo/AuthRecord.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/service/pojo/UserRecord.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/service/res/LoadUserRes.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/web/GroupController.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/web/TestController.java
 create mode 100644 src/main/java/com/ffii/tsms/modules/user/web/UserController.java
 create mode 100644 src/main/resources/application-db-2fi.yml
 create mode 100644 src/main/resources/application-db-local.yml
 create mode 100644 src/main/resources/application-ldap-local.yml
 create mode 100644 src/main/resources/application-prod-linux.yml
 create mode 100644 src/main/resources/application-prod-win.yml
 create mode 100644 src/main/resources/application.yml
 create mode 100644 src/main/resources/db/changelog/changes/20230720_01_alex/01_base.sql
 create mode 100644 src/main/resources/db/changelog/changes/20230720_01_alex/02_settings.sql
 create mode 100644 src/main/resources/db/changelog/changes/20230720_01_alex/03_settings_data.sql
 create mode 100644 src/main/resources/db/changelog/changes/20230720_01_alex/04_update_user_authority.sql
 create mode 100644 src/main/resources/db/changelog/changes/20230725_01_alex/01_audit_log.sql
 create mode 100644 src/main/resources/db/changelog/changes/20230725_01_alex/02_user_login_log.sql
 create mode 100644 src/main/resources/db/changelog/db.changelog-master.yaml
 create mode 100644 src/main/resources/ldap-test-users.ldif
 create mode 100644 src/main/resources/log4j2-prod-linux.yml
 create mode 100644 src/main/resources/log4j2-prod-win.yml
 create mode 100644 src/main/resources/log4j2.yml
 create mode 100644 src/test/java/com/ffii/tsms/ArsApplicationTests.java

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c2065bc
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,37 @@
+HELP.md
+.gradle
+build/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+bin/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+out/
+!**/src/main/**/out/
+!**/src/test/**/out/
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+
+### VS Code ###
+.vscode/
diff --git a/README.md b/README.md
index 01d412a..ad7936d 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,49 @@
-# FPSMS-backend
+# TSMS Backend
 
+## Getting started
+1. Create a schema named `tsmsdb` in MySQL workbench
+2. Create a `launch.json` file and put it into the `.vscode` folder
+```json
+{
+    "version": "0.2.0",
+    "configurations": [
+      {
+        "type": "java",
+        "name": "TsmsApplication",
+        "request": "launch",
+        "mainClass": "com.ffii.tsms.TsmsApplication",
+        "projectName": "TSMS-backend"
+      },
+      {
+        "type": "java",
+        "name": "Launch Local",
+        "request": "launch",
+        "mainClass": "com.ffii.tsms.TsmsApplication",
+        "console": "internalConsole",
+        "projectName": "TSMS-backend",
+        "args": "--spring.profiles.active=db-local,ldap-local"
+      }
+    ]
+}
+```
+3. Create a `settings.json` file and put it into the `.vscode` folder
+   *(You may need to change some settings depending on your development environment)*
+```json
+{
+    "java.configuration.updateBuildConfiguration": "interactive",
+    "java.jdt.ls.java.home": "C:\\java\\jdk-17.0.8",
+    "java.jdt.ls.vmargs": "-XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xmx2G -Xms100m -Xlog:disable"
+}
+```
+
+4. Run and Debug "Launch Local"
+
+## Using gradle
+
+This project can also be run using gradle.
+
+### Running the application
+After creating the table in MySQL, run
+```shell
+./gradlew bootRun --args='--spring.profiles.active=db-local'
+```
diff --git a/build.gradle b/build.gradle
new file mode 100644
index 0000000..43a8eea
--- /dev/null
+++ b/build.gradle
@@ -0,0 +1,56 @@
+plugins {
+	id 'java'
+	id 'org.springframework.boot' version '3.1.1'
+	id 'io.spring.dependency-management' version '1.1.0'
+}
+
+group = 'com.ffii'
+version = '0.0.1-SNAPSHOT'
+
+java {
+	sourceCompatibility = '17'
+}
+
+repositories {
+	mavenCentral()
+}
+
+dependencies {
+	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+	implementation 'org.springframework.boot:spring-boot-starter-data-ldap'
+	implementation 'org.springframework.boot:spring-boot-starter-mail'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.springframework.boot:spring-boot-starter-web'
+	implementation 'org.springframework.boot:spring-boot-starter-validation'
+	implementation 'org.springframework.boot:spring-boot-starter-log4j2'	
+	implementation 'org.springframework.security:spring-security-ldap'
+	implementation 'org.liquibase:liquibase-core'
+	
+	implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
+	implementation group: 'org.apache.poi', name: 'poi', version: '5.2.3'
+	implementation group: 'org.apache.poi', name: 'poi-ooxml', version: '5.2.3'
+
+	implementation group: 'jakarta.persistence', name: 'jakarta.persistence-api', version: '3.1.0'
+	implementation group: 'jakarta.annotation', name: 'jakarta.annotation-api', version: '2.1.1'
+	implementation group: 'jakarta.validation', name: 'jakarta.validation-api', version: '3.0.2'
+	implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.15.2'
+	implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.15.2'
+
+	implementation group: 'io.jsonwebtoken', name: 'jjwt-api', version: '0.11.5'
+	implementation group: 'io.jsonwebtoken', name: 'jjwt-impl', version: '0.11.5'
+	implementation group: 'io.jsonwebtoken', name: 'jjwt-jackson', version: '0.11.5'
+
+	compileOnly group: 'jakarta.servlet', name: 'jakarta.servlet-api', version: '6.0.0'
+	
+	runtimeOnly 'com.mysql:mysql-connector-j'
+	runtimeOnly 'com.unboundid:unboundid-ldapsdk:6.0.9'
+
+	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'org.springframework.security:spring-security-test'
+}
+
+configurations {
+    all {
+        exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging'
+    }
+}
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..c1962a79e29d3e0ab67b14947c167a862655af9b
GIT binary patch
literal 62076
zcmb5VV{~QRw)Y#`wrv{~+qP{x72B%VwzFc}c2cp;N~)5ZbDrJayPv(!dGEd-##*zr
z)#n-$y^sH|_dchh3@8{H5D*j;5D<{i*8l<n`R`94An31eIWbisdMSBvMo=KdzZu#!
z2=IUVG7$V4U%UUmhH^skQsQDNstj`C4{}qJvNH4x^YAkCG&57PP0CD5tUr(Lr|8F|
zrsbw-rRacR&cjU84vV#^0hr{ahs87@nB*8}#Ta+ach127GUL}I|L4%azP25lE&lDO
z{@DihA2t@wMy9rA|5sDgzngkE8#y|fIse-(VW+DelrTU*`j|jKH2?E168}A!#$SIR
zXJlp1U}9_J;*z5Y>5IFJ|DjL!e)upfGNX(kojugZ3I`oH1PvW`wFW_ske0j@lB9bX
zO;2)`y+|!@X(fZ1<2n!Qx*)_^Ai@Cv-dF&(vnudG?0CsddG_&Wtae(n|K59ew)6St
z#dj7_(Cfwzh$H$5M!$UDd8=4>IQsD3xV=lXUq($;(h*$0^yd+b{qq63f0r_de#!o_
zXDngc>zy`uor)4A^2M#U*DC~i+dc<)Tb1Tv&~Ev@oM)5iJ4Sn#8iRw16XXuV50BS7
zdBL5Mefch(&^{luE{*<o)$0CtHMXCiFaqU;N{t<$9@JbXquVr@cf{y~BNB(J5=Tji
zlK?_g|E;1zl$VJ=#ZmElT~Y6jy-|?2PUv}kl<0irKUHY7@2t={_gVdY)lv8kM+ad9
zC<O%>5qtCZk$oFr3<io|2$Itc(&(T+V0vhN)K$Fl^c3u8y`}{@R7L#c1&Qu_+u$L|
zkw6sZeUEd0xxV1r@X7Bj^XUCX<ecNL?GSk}zL!>RH=H!c3wGR=HJ(yKc_re_X9pD`
zJ;uxPzUfVpgU>DSq?J;I@a+10l0ONXPcDkiYcihREt5~T<to{?YLB3#Ek~Bd_FRTK
z3SVU)NWfW~bevBhSgga`J`3XaEJ;UR&tR-QNI#e+fX1mkLg(kYRIlBUeP!g)rVvkV
zmBQF>5Gb}sT0+6Q;AWHl`<y=xe2MOa)>S5dV>lv%-p9l#xNNy7ZCr%cyqHY%TZ8Q4
zbp&#ov1*$#grNG#1vgfFOLJCaNG@K|2!W&HSh@3@Y%T?<RDDZ2kvE4KZX_tTk{8@Y
z+1Qu}v&0qF!3ps~B5R6-#N&o4vQEcX3!~lWKK-JjRoUbPQR)>3YI75bJp!VP*$*!<
z;(ffNS_;@RJ`=c7yX04!u3JP*<8jeqLHVJu#WV&v6wA!OYJS4h<_}^QI&97-;=ojW
zQ-1t)7wnxG*5I%U4)9$wlv5Fr;cIizft@&N+3<m!sp`}{5>2O%B{R1POm$oap@&f|
zh+5J{>U6ftv|vAeKGc|zC=kO(+l7_cLpV}-D#oUltScw})N>~JOZLU_0{Ka2e1evz
z{^a*ZrLr+JUj;)K&u2CoCAXLC2=fVScI(m_p~0FmF>>&3DHziouln?;sxW`NB}cSX
z8?I<poVWwH93~xX>sJB)Z=aYRz!X=yJn$kyOWK%rCYf-YarNqKzmWu$ZvkP12b4qH
z<cj_@_^h^p^q&$rHm}tFrF$o@p+N@Luju~MbeZxq_WbMvMAonH{#8FcaQx#1Ex963
zthr*D;hp#t`U%;8Lw{en#r&PBH>hS9Q>j<}(*frr?z<%9hl*i^#@*O2q<G8@m-E{I
z`}pP(W$_?tQz?qiq)AkeSb{O1HEI<O&IPY2fz^)h2U5WFf)$o|GVN9!>(Z^CN)c2c
z>1B~D;@YpG?G!Yk+*yn4vM4sO-_!&m6+`k|3zd;8DJnxsBYtI;W3We+FN@|tQ5EW=
z!VU>jtim0Mw#iaT8t_<+qKIEB-WwE04lBd%Letbml9N!?SLrEG$nmn7&W(W`VB@5S
zaY=s<l}}fvx=2PUlRXVFqYw_pix_=MLAKV-vfffnNa-G}V}-DjqeGu81{_6c7DT4*
zgNTK&HNdPkT}|m;Wopt-pwH(=vK!Mcs#L3p7EuhKtdS*$(gi7K6)2mt;vO}}@U2?@
zic8*RBj6lGpirRD%IH>Ew2}i@F_1P4OtEw?xj4@D6>_e=m=797#hg}f*l^`AB|Y0#
z9=)o|%TZFCY$SzgSjS|8AI<m~)~<LWT=KD$snpvb;<|raYO=8NN=pEex{aVNGen|i
z4hGyCiz+M`>-%J4x}J)!IMxY3_KYze`_I=c1nmrk@E8c9?MVRu)7+Ue79|<R7R(*W
zmGI9WxS<;F_rj?)6ZJ2+&*@e<mlh^Wi>)rBX7tVB7U|w4*h(;Gi3D9le49B38`wuv
zp7{4X^p<CFK*NrFla6?I(q;<C*K@ag4>+K4*$@gU(Tq3K1a#3SmYhvI42)GzG4f|u
zwQFT1<JTz}_6=eHFU^e2CZtm7+S~2?G10jrHLa$Yc>n_=n|jpi=70-yE9LA+d*T8u
z`=VmmXJ_f6WmZve<c3j)L*cT@L>ZPct$Cgu^~gFiyL>Lnpj*6ee>*0pz=t$IJ}+rE
zsf@>jlcG%Wx;Cp5x)YSVvB<GcbWPQ65t~gc{a(L|Y**_KX&N^LV{4p;>1$yyY1l&o
zvwX=D7k)Dn;ciX?Z)Pn8$flC8#m`nB&(8?RSdBvr?>T9?E$U3u<MGKL6<gI3+cigX
zr2;7xjAPPdw|q3|5<Av+0yh@5pePF?so63EF4(f;!m<(9QF+GK>IX7T?$v4dWCa46
z+&`ot8ZTEgp7G+c52oHJ8nw5}a^dwb_l%MOh(ebVj9>_koQP^$2B~eUfSbw9RY$_<
z&DDWf2LW;b0ZDOaZ&2^i^g+5uTd;GwO(-bbo|P^;CNL-<vp1D1$R<L}_zoyFQ(?^n
zl`6VAFTjED$Nit=axARyg>%?9mRmxEw~5&z=X^Rvbo^WJW=n_%*7974RY}JhFv46>
zd}`2|qkd;89l}R;i~9T)V-Q%K)O=yfVKNM4Gbacc7AOd>#^&W&)Xx!Uy5!BHnp9kh
z`a(7MO6+Ren#>R^D0K)1sE{Bv>}s6Rb9MT14u!(NpZOe-?4V=>qZ>}uS)!y~;jEUK
z&!U7Fj&{WdgU#L0%bM}SYXRtM5z!6M+kgaMKt%3FkjWYh=#QUpt$XX1!*XkpSq-pl
zhMe{muh#<vd{NzT8hJO~2nwSu@|uKui`Q8EdXeGz4>knk{9_V3%qdDcWDv}v)m4t9
z<k^O7as2~K;#kz6&_j;+XcIB_r9LslJ=plZ802GD7!wKurp5N7C0N7MrBiyAL~c=u
zE%@soR=E%Ksd7<Rzkb}c1=?E^tRZO%BD}eh;$H);oB)^Nt6e4N2J+}eE=O>Qhv{;}
zc{}#V^N3H>9mFM8`i`0p+fN@GqX+kl|M94$BK3J-X`Hyj8r!#x6Vt(PXjn?N)qedP
z=o1T^#<s;C9Ui_c^t!}2S-XqPF?-?4;fe4415B~F0>?1^a{;bZ&x`U{f?}TMo8ToN
zkHj5<VbXBbPLm`saJ%OL;G18~%@f$_blKkP1#<P0FY;5DtZHS)$u-A?Yn3SA3J@bT
zA1d!HbKV+f1Ugw07K&jwzua_~#;P<Rn>v|}r}wDEi7I@)Gj+S1aE<Lr;qg@51w32$
zyxn{bK>-GdnLN+$hw!=DzglMaj#{qjXi_dwpr|HL(gcCXwGLEmi|{4&4#OZ4ChceA
zKVd4K!D>_N=_X;{poT~4Q+!Le+ZV>=H7v1*l%w`|`Dx8{)McN@NDlQyln&N3@bFpV
z_1w~O4EH3fF@IzJ9kDk@7@QctFq8FbkbaH7K$iX=bV~o<VCiV&YRTZ}?C^!Fu2yC)
zv{Vzb(sB&ct#XXgvg1<Aax>#gfh?2JD6lZf(XP>~DACF)fGFt)X%-h1yY~MJU{nA5
ze2zxWMs{YdX3q5XU*9hOH0!_S24DOBA5usB+Ws$6{|AMe*joJ?RxfV}*7AKN9V*~J
zK+OMcE@bTD>TG1<D&k;gXJl_GYh`aH;$ZLob;4%Of6;ZSs-6Ri5E?%yZ1lwjNo$M0
zh+s;*GL1qh63T)l8*vTt!qBLZ)~cQ14>*yc?*qGqjBN8mgg@h1cJLDv)0!WRPIkC`
zZrWXrceVw;fB%3`6kq=a!pq|hFIsQ%ZS<kf2ia2#pBvu`A3V%+`AJvHB*NUK3~nQF
zw*gxnx7LCX(Z^1w*|SqdvT{$S%V#1K_mVQ7La-Aw%y<w}ejK@Lu|-CGm40~>lo~)D
z|64!aCnw-?>}AG|*iOl44KVf8@|joXi&|)1rB;EQWgm+iHfVbgllP$f!$<xMKNPGw
z75lQ-&s?W5309;y6gIrMn!YgKCh2h_t)HK6EcT@xYc0sgM!#>Wf42%NO5b(j9Bw6L
z;0dpUUK$5GX4QbMlTmLM_jJt!u<VK-KUt7Z%d43gTkafnEz;tKrLF`kq7eb@)^GVH
zVzlnCl^>r`_0~$b#BB7FL*%XFf<<YlClUogc56^3Yyh4jgqXW7(#Qu|X^(|f$!!nL
zr<Jlyt{`j<%HJ7(Ibr+qi51D$ikY1it_}mi&OTSv%-y{FbY?e9I<zP))1O}CdnlMB
z)E{0F(+ck9%;u_OGgFgau=Rw8qE6u}01y?;f@M5NLv*P|4@P3@#u%P9aWCL)&PJT|
zX@dygu5XWA26#e~n6RWn&*Bl^^VBtoVJBn^bDnW4mHo4ME6_YI9>b__1o)Ao<oAII
zl<ghkn)lbTvrX_mEpa~6_wy3!knhoEQy$s)O&Eje&DuVJ{~mIy!7WXiU&-a=SC+^7
zzq_L1{|UJN-6?C-bu@6*&_3i@#`~C#P@p9X(Ce2%iic!mTBMYuD`LZ<OM}*McxA(w
zkj(d|!1fegueE#LwG9egYdYR8KktNowE4+1AfZ@IuxN3gT>3rlobbN8-(T!1d<VYe
z=uu*dc`@_NH-vid1r!+qd!W<p6Hp2sR=vY4yh`?ujy)PePx7Y^!w{->-bR8D3S0@d
zLI!*GMb5s~Q<&sjd}lBb8Nr0>PqE6_!3!2d(KAWFxa{hm`@u|a(%#i(#f8{BP2wbs
zt+N_slWF4IF_O|{w`c~)Xvh&R{Au~CFmW#0+}MBd2~X}t9lz6*E7uAD`@EBDe$>7W
zzPUkJx<`f$0VA$=>R57^(K^h86>09?>_@M(R4q($!Ck6GG@pnu-x*exAx1jOv|>KH
zjNfG5pwm`E-=ydcb+3BJwuU;V&OS=6yM^4Jq{%AVqnTTLwV`AorIDD}T&<zk=U4_F
z%akElkXp@CbeS<cl%y^#t}u_*o+Kw^Xa%!S>jWr8pB&j28fVtk_y*JRP^t@l*($UZ
z6(B^-PBNZ+z!p?+e8@$&jCv^EWLb$WO=}Scr$6SM*&~B95El~;W_0(Bvoha|uQ1<y
zI;g~pq<puh8JAZSg`e`{9Ul}WlQxSt?3%o&hA!;)cXW-;B<UPjMu}?EtHvVS7g>T<
zO$%_oLAwf1bW*rKWmlD+@CP&$ObiDy=nh1b2ejz%LO9937N{LDe7gle4i!{}I$;&Y
zkexJ9Ybr+lrCmKWg&}p=`2&Gf10orS?<wSRKh%(i*-EzBy^*(nk#EV0x%s+gVr5#i
zF*^yn?NFz@z)jkaF%P~*zrnDtj18`Mit$=8TVU0_Xu0XQT-29W)`{}4Y{_WLO}la2
z3kum*Acd(?w(30MQ0iXECV4}56Baro5eg?Ji{&xv>4$Vr<ApIaAwLyRgnDz_63EnQ
zb0F~DwJxa8Y6V&P@8Y;IWU23PX|5YXwRO5>zWidT=*6{KzOGMo?KI0>GL0{iFWc;C
z+LPq%VH5g}6V@-tg2m{C!-$fapJ9y}c$U}aUmS{9#0CM*8pC|sfer!)nG7Ji>mfRh
z+~6CxNb<thuojmgyDIx-O?L~|1OMp?{&5*5nw(NYRF76i1VE!yuFbdk^SXpYh9d!e
zisi>>6eWKMHBz-w2{mLL<sWnSR{lp+GVAVGNcs2U?&%}ZbUT({ThKL33h5&godIvq
z#4SFCl~dpzw{Kf9GWC*<(5@{J-YWs96Ulo#)6da2L@e?NLIhPLoWud(Gbix6rPhyM
z+#ezG31H`whsp_@rDLe9hoK&0hz}tS!3q2%y1yY-p%>wdA7dA-qfTu^A2yG1+9s5k
zcF=le_UPYG&q!t5Zd_*E_P3Cf5<i9lV%B>T6821bO<oZ<I;eq^g7*0L=5+o%xOyh3
zV}b+qIu^3vM+=S`g6~mUfaz2O^0b~+Y02%irk{L(|9!#otC{hV00sh*`O?q-K|B9x
zc@lEAaI-VBcNOzAF>`daa`;DODm8Ih8k89=RN;-asHIigj`n=ux>*f!OC5#;X5i;Q
z+V!GUy0|&Y_*8k_QRUA8$lHP;GJ3UUD08P|ALknng|YY13)}!!HW@0z$q+kCH%xet
zlWf@BXQ=b=4}QO5eNnN~CzWBbHGUivG=`&eWK}<gH9L&>beuV*;?zt=P#pM*eTuy3
zP}c#}AXJ0OIaqXji78l;YrP4sQe#^pOqwZUiiN6^0RCd#D271XCbEKpk`HI0IsN^s
zES7YtU#7=8gTn#lkrc~6)R9u&SX6*Jk4GFX7){E)WE?pT8a-%6P+zS6o&A#ml{$WX
zABFz#i7`DDlo{34)oo?bOa4Z_lNH>n;f0nbt$JfAl~;4QY@}NH!X|A$KgMmEsd^&Y
zt;pi=>AID7ROQfr;MsMtClr5b0)xo|fwhc=qk33wQ|}$@?{}qXcmECh>#kUQ-If0$
zseb{Wf4VFGLNc*Rax#P8ko*=`MwaR-DQ8L8V8r=2N{Gaips2_^cS|oC$+yScRo*uF
zUO|5=?Q?{p$inDpx*t#Xyo6=s?bbN}y>NNVxj9NZCdtwRI70jxvm3!5R7yiWjREEd
zDUjrsZhS|P&|Ng5r+f^kA6BNN#|Se}_GF>P6sy^e8kBrgMv3#vk%m}9PCwUWJg-AD
zFnZ=}lbi*mN<K#(vlYbGZAX^KQmjvAYCRG*UOU`z2$j+74AdgXr3(r`Z*t~vhyGOF
z)w@e8rCo#wjxU`Xq#TN0kURQy8Y45b@jCRNbbQi7ac)K;Y9F%JPMNFNffNKTTeU*T
zHQTmYG^Gu1I@&Jv`71fu(BSKE_ZcDAC6eM{-i#Ce{raky!z_b9d|h7zARvnW>-AOm
zCs)r=*YQAA!`e<R&0)*Xk7%|k&^;uv62@(5&ac_hW*F9=TfvBeS~Qh~EX`oba74cG
z_zl_hTH19>#1N>aHF=bb*z*hXH#Wl$z^o}x##ZrUc=kh%OHWhp=7;?8%Xj||@V?1c
ziWoaC$^&04;A|T)!Zd9sU<cT<Lad$0pGXX1w=fLRLa7aSLO9sinK2%NmW<mIFjiuc
z-cT9?*>zE&$ODyJ<B|PnBKliB6c94vLSghm91pGb$1o^7rM2a&%c}D$u}j(J@zRz#
zi%s0i4BD9?+o@$HB_##NjTPLR3oh&PgIxvX>aBpvqsw19Uiuq{i#VK1!htkdRWBnb
z`{rat=nHArT%^R>u#CjjCkw-7%g53|&7z-;X<Ac^=g(0g1=gRkv{@6{)+2MuRw4?q
zSyffm46G$5&03=o2M%0CNA&bH8`|Q+lj*sOSA!_VPI<qibefjTL~ySR5|HpXSu-Wk
zjm)E}CNtR?XF>+ewb?OLWiV|#nuc8mp*LuGSi3IP<<*Wyo9GKV7l0Noa4Jr0g3p_$
z*R9{qn=?IXC#WU>48-k5V2Oc_>P;4_)J@bo1|pf=%Rcbgk=5m)CJZ`caHBTm3%!Z9
z_?7LHr_BXbKKr=JD!%?KhwdYSdu8XxPoA{n8^%_lh5cjRHuCY9Zlpz8g+$f@bw@0V
z+6DRMT9c|>1^3D|$Vzc(C?M~iZurGH2pXPT%F!JSaAMdO%!5o0uc&iqHx?ImcX6fI
zCApkzc~OOnfzAd_+-DcMp&AOQxE_EsMqKM{%dRMI5`5CT&%mQO?-@F6tE*xL?aEGZ
z8^wH@wRl`Izx4sDmU>}Ym{ybUm@F83qqZPD<I_<D@SDBXpcm$%pP;@}1x+1rECR~6
z%mPO96ZtCMfz6TZL_tB_o<jX(0%{4O*=Jpf{(}rOT%n6F&#4F#H{^%{gCRk)ccFmy
zlAyZVmLT4N#~F)~@`1bcBU<gu4>6nFm?t?(7>h*?`fw)L3t*l%*iw0Qu#?$5eq!Qc
zpQvqgSxrd83NsdO@lL6#{%lsYXWen~d3p4fGBb7&5xqNYJ)yn84!e1PmPo7ChVd%4
zHUsV0<QfI}<M8O`g)!{5VcjkDZIjCu8(aqo6;;=sPlL7o>Mh?VpzZD=A6%)Qrd~i7
z96*RPbid;BN{Wh?adeD_p8YU``kOrGkNox3D9~!K?w>#kFz!4lzOWR}puS(DmfjJD
z`x0z|qB33*^0mZdM&6$|+T>fq>M%yoy(BEjuh9L0>{P&XJ3enGpoQRx`v6$txXt#c
z0#N?b5%srj(4xmPvJxrlF3H%OM<X=kF451d5XRpaI3Rddya;o<MiVe63o}q9!6}_c
zo)Za~rjO%XWDn6$-;t})ZmU#rhSPD)qiCJFwO-$XixQk0X*gbZ^iyuL^ft*8RskMZ
z61oYTT##Iok;Rg+0anh212gV|jFfog*GZX}VV7x@cwuYn2k0l|CdXJ3M&=>B!jvfy
z;wx8RzU~lb?h_}@V=bh6p8PSb-dG|-T#A?`c&H2`_!u+uenIZe`6f~A7r)`9m8atC
zt(b|6Eg#!Q*DfRU=Ix`#B_dK)nnJ_+>Q<1d7W)eynaVn`FNuN~%B;uO2}vXr5^zi2
z!ifIF5@Zlo0^h~8+ixFBGqtweFc`C~JkSq}&*a3<b*AGX+4JAVcr=k1@(BfrL*bH3
zB2tsVQA!i($9n4x3TKj4fyB9v6dVeLF9ce$&KiuST#O+L;`7)j^T{2s!k-fHs3AFL
z;*i&)+V}HhjAA_Rcq9bBAlY`@fUE4EXY~}ibwoho??7zC!;EPmIuC?iA|=eX-ry23
zydv?^AaCLg6^~XLVJgXk5t3-5-l5#+-WH4#R6H+-pH>C}L?b5Mh-bW=e)({F_g4O3
zb@SFTK3VD9QuFgFnK4Ve_pXc3{S$=+Z;;4+;*{<o#P)-O8F)a#4K`1Xm|~?q)i|U3
zYQ`j;(xom@I4xe9dA2S6y-d+xYe;^;M{B3B`KM&`C&=Gb<o8unUCEbv9DNO{|Er29
z8aca|Ig>H}Rc;845rP?DLK6G5Y-xdUKkA6E3Dz&5f{F^FjJQ(NSpZ8q-_!L3LL@H*
zxbDF{gd^U3uD;)a)sJwAVi}7@%pRM&?5IaUH%+m{E)DlA_$IA1=&jr{KrhD5q&lTC
zAa3c)A(K!{#nOvenH6XrR-y>*4M#DpTTOGQEO5Jr6kni9pDW`rvY*fs|ItV;CVITh
z=`rxcH2nEJpkQ^(;1c^hfb8vGN;{{oR=qNyKtR1;J>CByul*+=`NydWnSWJR#I2lN
zTvgnR|MBx*XFsfdA&;tr^dYaqRZp*2NwkAZE6kV@1f{76e56eUmGrZ>MDId)oqSWw
z7d&r3qfazg+W2?bT}F)4jD6sWaw`_fXZGY&wnGm$FRPFL$HzVTH^MYBHWGCOk-89y
zA+n+Q6EVSSCpgC~%uHfvyg@ufE^#u?JH?<73A}jj5iILz4Qqk5$+^U(SX(-qv5agK
znUkfpke(KDn~dU0>gdKqjTkVk`0`9^0n_wzXO7R!0Thd<OO)*@xLj!dA|^KI{(+g5
z4&&;v3+^PaBya7Rnu#!)XYc}vIWqv)^MY!O)bd!?B<}^dB*bn^DfNh`{LBe@BaZ7K
z79Vu@{$pu8y#gTfUJ?t()owinp0&lUvSWm~f6lhfPNSF&`a(>@S;U`y)VVP&mOd-2
z(hT(|$=>4FY;CBY9#_lB$;|Wd$aOMT5<N7HW=#J5xiuClp{tnl<jC$q#gWfwjqeAY
zV;sA^S=5DG9oD|_sR@+2OPrAQibqT{OGVV96@Akgvd57K5T@^KQN}?9VsiR^`m+&4
z6Wo=&#vs$B<Y9Yj#aZVD^shN}siQ$PUDTmt>O_3}DYXEHn&Jrc3`2JiB`b6X@EUOD
zVl0S{ijm65@n^19T3l%>*;F(?3r3s?zY{thc4%AD30CeL_4{8x6&cN}zN3fE+x<9;
zt2j1RRVy5j22-8U8a6$pyT+<`f+x2l$fd_{qEp_bfxfzu>ORJsXaJn4>U6oNJ#|~p
z`*ZC&NPXl&=vq2{Ne79AkQncuxvbOG+28*2wU$R=GOmns3W@HE%^r)Fu%Utj=r9t`
zd;SVOnA(=MXgnOzI2@3SGKHz8HN~Vpx&!Ea+Df~`*n@8O=0!b4m?7cE^K*~@fqv9q
zF*uk#1@6Re_<^9eElgJD!nTA@K9C732tV~;B`hzZ321Ph=^BH?zXddiu{Du5*IPg}
zqDM=QxjT!Rp|#Bkp$(mL)aar)f(dOAXUiw81pX0DC|Y4;>Vz>>DMshoips^8Frdv}
zlTD=cKa48M>dR<>(YlLPOW%rokJZNF2gp8fwc8b2sN+i6&-pHr?$rj|uFgktK@jg~
zIFS(%=r|QJ=$kvm_~@n=ai1lA{7Z}i+zj&yzY+!t$iGUy|9jH#&oTNJ;JW-3n>DF+
z3aCOzqn|$X-Olu_<wOD+V1cxb0Z}9)qPN6k=yG%7N(OXSN(!|;<~~&ZV7<|dWJ*$O
zcc8BYF-@yY+0BQ2=@gx;O-;QS>p7brzn`uk1F*N4@=b=m;S_C?#hy{&NE#3Hk<sC+
z@RVY+px5c26lyz%OfzZTn@(3s>ATrg?enaVGT^$qIjvgc61y!T$9<1B@?_ibtDZ{G
zeXInVr5?OD_nS_O|CK3|RzzMmu+8!#Zb8Ik;rkIAR%6?$pN@d<0dKD2c@k2quB%s(
zQL^<_EM6ow8F6^wJN1QcPOm|ehA+dP(!>IX=Euz5qqIq}Y3;ibQtJnkDmZ8c8=Cf3
zu`mJ!Q6wI7EblC5RvP*@)j?}W=WxwCvF3*5Up_`3*a~z$`wHwCy)2risye=1mSp%p
zu+tD6NAK3o@)4VBsM!@);qgsjgB$kkCZhaimHg&+k69~drbvRTacWKH;YCK(!rC?8
zP#cK5JPHSw;V;{Yji=55X~S+)%(8fuz}O>*F3)hR;STU`z6T1aM#Wd+FP(M5*@T1P
z^06O;I20S<pPBYLx^KQ-E#4lJKf0#2<$Urm^J75xe^_~ooFOaniz#EWEnAqL5nl;d
z;Y?#EUwvbZHb_{bP#Z+Xi6;``%`1xT4(Qh>k!bxW<-O;E081KRdHZrtsGJflFRRFS
zdi5w<L%xAIZMaxEN{|sC`S2LX=HNoo7yNMxu?JQZn!#EHpMVSC`Z-rSU>9OVDGSL3
zNrC7GVsGN=b;YH9jp8Z2$^!K@h=r-xV(aEH@#JicPy;A0k1>g1g^XeR`YV2HfmqXY
zYbRwaxHvf}OlCAwHoVI&QBLr5R|THf?nAevV-=~V8;gCsX>jndvNOcFA+DI+zbh~#
zZ7<oMFIjT?dRB+;KT%*|Gjj)Lv;R$(lsDCpKH})P;^<HgAW$|Ic$UC!!9k_^)<VFb
z+R-4(+=Oiwvgpt>`qNk&w+_+Yp!}j;OYxIfx_{f0-ONc?mHCiCUak=>j>~>YR4#w#
zuKz~UhT!L~GfW^CPqG8Lg)&Rc6y^{%3H7iLa%^l}cw_8UuG;8nn9)kbPGXS}p3!L_
zd#9~5CrH8xtUd?{d2y^PJg+z(xIfRU;`}^=OlehGN2=?}9yH$4Rag}*+AWotyxfCJ
zHx=r7ZH>j<rs-kbQ;s$ZI)B{YCAt<1f8=Z!C#+cW@(f}Vui2`~bhsJNt4X5FEVH#V
zmS~5qafT)ZOfofB3RY^p$qiO+hKg5MB@4BiWOlTuD_ywdEG^^`73sk%6$@P{w!m`d
zG%&#}O$F6xyMIL5Ey>2kV?%7WTtp+-HMa0)_*DBBmC{sd$)np&GEJ__kEd`xB5a2A
z*J+yx>4o#ZxwA{;NjhU*1KT~=ZK~GAA;KZHDyBNTaWQ1+;tOFFthnD)DrCn`DjBZ%
zk$N5B4^$`n^jNSOr=t(zi8TN4fpaccsb`zOPD~iY=UEK$0Y70bG{idLx@IL)7^(pL
z{??Bnu=lDeguDrd%qW1)H)H`9otsOL-f4bSu};o9OXybo6J!Lek`a4ff>*O)BDT_g
z<6@SrI|C9klY(>_PfA^qai7A_)VNE4c^ZjFcE$Isp>`e5fLc)rg@8Q_d^Uk24$2bn
z9#}6kZ2ZxS9<C46&Y+Q7nYM#)S{~e<-0SXbx^w1jyAP0t!{t{i)+bD@w$9YAlUQVZ
z1TZ|^=9cLiz;Bipmt#c?%u(c5s;}6EMb|KG%X+!BskufNDiLAbfcJAi-eKFCylmQ6
zcLgpiYS;T5u|4vj(43@Xs-;?LT?Reu-O1voTo*8Sg!T${N!fhDdj5F-jP4kcswNTc
zUPNlqr9(p*&QkY(6{Uw9+-&ZY^AVhuru!iEZSXWk{J62Y8RTWl#jvm?@UsOLN*n1U
z!!2c97^PYdYbw;1W(h-dY_NJ_bbOqzz80YwLA6En%W5F}=@a-dB;!cvFG55bE7@zZ
zf}Zz=u;({6%w-qMyr7YLW0H?0K>sI(RqT7?El2@B+($>eBQrNi_k#CDJ8D9}8$mmm
z4oSKO^F$i+NG)-HE$O6s1--6EzJa?C{x=QgK&c=)b(Q9OVoAXYEEH20G|q$}Hue%~
zO3B^bF=t7<z$Rj(z@}-%hhp0KDg5g-Vvj!qOr85&aqTpaaojC^CwQZHKk%N1&RJ@?
z3@mmU8UkLd^u+>t48sN<h@~F@WN(LX`%4J3P$~sLqIq2q^WYYan1y*WKS{^KXRSVj
zlRp2YD0*vmi}GIu(VMSMj`)AFtcV!7m`T~YnAy8nxmvlKskk~@*;{;3?|-#CT^;_>
zWh_zA`w~|){-!^g<vJDMm4#3w(!Hhyj3dofOB57x=Mu^T@6Gt<KN~lv>?6Mqf6ieV
zFx~aPUOJGR=4{KsW7I?<=J2|lY`NTU=lt=%JE9H1vBpkcn=uq(q~=?iBt_-r(PLBM
zP-0dxljJO>4W<w&)Z{UhZ0!m()I68e=px8_4B`37AI|bCZuMk_SVKAQz?8+4(l0C)
z<3()qDfD9UTW*wnelf4D7bR(}=TB;gs;ds+7QE~CAQ*jDKKADDC`3G?7kn$!=a5d&
z?I(JT9>q-;stY)CLB4q`-r*T$!K2o}?E-w_i>3_aEbA^MB7P5piwt1dI-6o!qWCy0
ztYy<q;G5p>!x9arGTS?kabkkyv*yxvsPQ7Vx)twkS6z2T@kZ|kb8yjm+^$|sEBm<L
zGtKcNM?a1<P1GHe%USdss^9iYmKI=GuiV`dL*Z(*)<W%!5IIDyJ!oJjHJOEa1m1VQ
zKco1NMHn5?h{5SRY#VFF?T!bo5_IIEbO;WfqdSQACJa+&8o3bgw;L^BimN?NlN(v)
zotn;%myS`DPUIQ+7RCnB)mY`2o&e;1Xh962y`p4wurO(bDXEWXms!a&F9;L0^G^Mo
zh1W&LQdXhd1KHjKV}xwOkQ>vACeqbz)RmxkkDQX-A*K!YFziuhwb|ym>C$}U|J)4y
z$(z#)GH%uV6{ec%Zy~AhK|+GtG8u@c884Nq%w`O^wv2#A(&xH@c5M`Vjk*SR_tJnq
z0trB#aY)!EKW_}{#L3lph5ow=@|D5Lz<fcUCo&Ka|9|4HGWHH0_J4ujUnr>JYUFD6
z7XnUeo_V0DVSIKMFD_T0AqAO|#VFDc7c?c-Q%#u00F%!_TW1@JVn<z*P@k#}SDu4q
z5BK|xV6S3>sfvm@_9HKWflBOUD~)RL``-!P;(bCON_4eVdduMO>?IrQ__*zE@7(OX
zUtfH@AX*53&xJW*Pu9zcqxGiM>xol0I~QL5B%Toog3Jlenc^WbVgeBvV8C8AX^Vj&
z^I}H})B=VboO%q1;aU5ACMh{yK4J;xlMc`jCnZR^!~LDs_MP&8;dd@4LDWw~*>#OT
zeZHwdQWS!tt5MJQI~cw|Ka^b4c|qyd<d8BjG@CVcx~A0@_+-3ySS5}V#nYxqHn&dJ
z3huaTsOBL$pM0~v6%?s%@?17;o|*#UY1tt-m0po1{B8Xt+V4%@*4l_1x6MTTu=i^t
zEF!^0`A{SAgixqmbf=fe`Q#RQV7q0JEE%qC5Cl7U3dvP`CnnYy>_ly(+Ql2m&AAw^
zQeSXDOOH!!mAgzAp0z)DD>6Xo``b6QwzUV@w%h}Yo>)a|xRi$jGuHQhJVA%>)PUvK
zBQ!l0hq<3VZ*RnrDODP)>&iS^wf64<Gan-0fT=xEEaI^H)!ok-sB8re6ozEmX5c@6
zvzFx43)HzN8|btxEr_+m_ES??hMpoBdA+u`<Ko)3jSDsJ<bNahp^L1kFKCk01nKG#
zd~B+qtlfL5f8$8ToxOxz!oqk&<wEbF*v1K2QV8d>C;MGqDvx>|p;35%6(u+IHoNbK
z;Gb;TneFo<v+>*`zUKS6kwF*&b!U8e5m4YAo03a_e^!5BP42+r)LFhEy?_7U1IR<;
z^0v|DhCYMSj<-;MtY%R@Fg;9Kky^pz_t2nJfKWfh5Eu@_l{^ph%1z{jkg5jQrkvD<
z#vdK!nku*RrH~TdN~`wDs;d>XY1PH?O<4^U4lmA|wUW{Crrv#r%N>7k#{Gc44Fr|t
z@UZP}Y-TrAmnEZ39A*@6;ccsR>)$A)S>$-Cj!=x$rz7IvjHIPM(TB+JFf{ehuIvY$
zsDAwREg*%|=>Hw$`us~RP&3{QJg%}RjJKS^mC_!U;E5u>`X`jW$}P`Mf}?7G7FX#{
zE(9u1SO;3q@ZhDL9O({-RD+SqqPX)`0l5IQu4q)49TUTkxR(czeT}4`WV~pV*KY&i
zAl3~X%D2cPVD^B43*~&f%+Op)wl<&|D{;=SZwImydWL6@_RJjxP2g)s=dH)u9Npki
zs~z9A+3fj0l?yu4N0^4aC5x)O<N_(0*g4u)%5Tt4@gHE>snm0qrhz@?nwG_`h(71P
znbIewljU%T*cC=~NJy|)#hT+lx#^5MuDDnkaMb*Efw9eThXo|*WOQzJ*#3dmRWm@!
zfuSc@#kY{Um^gBc^_Xd<M_=Opb*sV>xnl!n&y&}R4yAbK&RMc+P<gSSGsa9{ngu3h
za2rxBU6lA9Q9VAy<_CQ=#9?ge+|8rFr3YI44QC0@KPf?KG3#CkaUontfvoWcA#`fT
zUZ-M@9-{1Ei|?wN2X<<LG$En}QHwMqs=8ZuZNc+NsKkIl=}k#BjOIG2xpH6pY<h{d
zJ7c4SQ-wCPPp+Ave;R605<i{lO4KXOUo>^Ti;YIUh|C+K<WCtgj)+#X5!{~T0amf)
zA{NO!xG0_A(b+3`Y%~$@K6*;z4@GJOlO9iW_I)Uf=v75p{Zaa%riIlQ1XqxqD1P*v
zC_nl;^-H^oHskLi&AkX0pf_;|=*Q=gaUudCp%zN>1|=Z^{nZ}}rxH*v{xR!i%qO~o
zTr`WDE@k$M9o0r4YUFFeQO7xCu_Zgy)==;fCJ94M_rLAv&~NhfvcLWCoaGg2ao~3e
zBG?Ms9B+efMkp}7BhmISGWmJsKI@a8b}4lLI48oWKY|8<gk-*;t9-{k%FCJZFy<gM
z@C~rOBUWWT##Z+g3*3Vzs8fuTtjp`u#+{x*gRagQ8={zUb)t|^B2y%Lt=XH5-VU*g
zu-s*8g`Ceku&#kTTsG4pdKc+Q1?Ns^+`Anuzw^Kt@dXzw8(rtBy~EfPkytdOlMc6V
z+PjsVo1fq23ba`d{M8JQ|H)T-V`Ygmnsk8K`>?zuuNc$lt5Npr+<T4KxJJ<bPDeY<
zV$Y5gj%daxmn&XvpKy&xAedNSRNzj*+uARZbEwx*_BW(K#OMC!{`XgH-y>p7a#sWu
zh!@2nnLBVJK!$S~>r<AjX6^_+fORZ96soQxKn~@)BfuHDd$;Hq1kJ%oj=cQPA05n|
zlDech7|+hqRvU>2-pN||^w|fY`CT{TFnJy`B|e5;=+_v4l8O-fkN&UQbA4NKTyntd
zqK{xEKh}U{NHoQUf!M=2(&w+eef77VtYr;xs%^cPfKLObyOV_9q<<ILDt_So;x8tA
z{AwHiN2#Wqm5a+41^y+oU(NG>(%76-J%vR>w9!us-0c-~Y?_EVS<!Xa#y}`2>%v!*
z15s2s3eTs$Osz$JayyH|5nPAIPEX=U;r&p;K14G<1)bvn@?bM5kC{am|C5%hyxv}a
z(DeSKI5ZfZ1*%dl8frIX2?);R^^~LuDOpNpk-2R8U1w92HmG1m&|j&J{EK=|p$;f9
z7Rs5|jr4r8k5El&qcuM+YRlKny%t+1CgqEWO>3;BSRZi(LA3U%Jm{@{y+A+w(gzA<
z7dBq6a1sEWa4cD0W7=Ld9z0H7RI^Z7vl(bfA;72j?SWCo`#5mVC$l1Q2--%V)-uN*
z9ha*s-AdfbDZ8R8*fpwjzx=WvOtmSzGFjC#X)hD%Caeo^OWjS(3h|d9_*U)l%{Ab8
z<xdQ$23|WMjf-IqBJa@-|5QJamPBg?UmANYzk#NVaoTNbS)|8H20|;zb3-A+V#wVA
z0O?V!?94t>fv$yoP{OuUl@$(-sEVNt{*=qi5P=lpxWVuz2?I7Dc%BRc+NGNw+323^
z5BXGfS71oP^%apUo(Y#xkxE)y?>BFzEBZ}UBbr~R4$%b7h3iZu3S(|A;&HqBR{nK&
z$;GApNnz=kNO^FL&nYcfpB7Qg;hGJPsCW44CbkG1@l9pn0`~<fs1~obTx_FSX-JYV
zGQWAl6QMe=gj$TPFe4r4b4Ol;Htq0ghUXm#FhLL;q=vj^?zll8F~1Y_ME5KlGBn?W
zJLZAtGO*e1y^&@oxuzM@8GNx$4<>oKy5S777uH)l{irK!ru|X+;4&0D;VE*Ii|<3P
zUx#xUqvZT5kVQxsF#~MwKnv7;1pR^0;PW@$@T7I?s`_rD1EGUdSA5Q(C<>5SzE!vw
z;{L&kKFM-MO>hy#-8z`sdVx})^(Dc-dw;k-h*9O2_YZw}|9^y-|8RQ`BWJUJL(Cer
zP5Z@fNc>p<r+olf3Wx4QNlGzhncc!S>TXABbTRY-B5*MphpZv6#i802giwV&SkFCR
zGMETyUm(KJbh+&$8X*RB#+{surjr;8^REEt`2<qz>&Dubw3$mx>|~B5IKZJ`s_6fw
zKAZx9&PwBqW1Oz0r0A4GtnZd7XTKViX2%kPfv+^X3|_}RrQ2e3l<T~g*|IE{P97HV
zvf#Y<i{KPN_dP%1)NHb~ix&=&GH9>=KG_VyY`H?I5&CS+lAX5HbA%TD9u6&s#v!G>
zzW9n4J%d5ye7x0y`*{KZvqyXUfMEE^ZIffzI=Hh|3J}^yx7eL=s+TPH(Q2GT-sJ~3
zI463C{(ag7-hS1ETtU;_&+49ABt5!A7C<XW?{o=2DnJxLDD~{m*zq$azI0t7>wLwe
z=SoA8mYZIQeU;9txI=zcQVbuO%q@E)JI+6Q!3lMc=Gbj(ASg-<Uq;hB9d^p}DAXc~
zT?U|Ep>{V27u>z2e8n;Nc*pf}AqKz1D>p9G#QA+7mqqrEjGfw+85Uyh!=tTFTv3|O
z+)-kFe_8FF_EkTw!YzwK^Hi^_dV5x-Ob*UWmD-})qKj9@aE8g240nUh=g|j28^?v7
zHRTBo{0KGaWBbyX2+lx$wgXW{3aUab6B<q-FjF>hm1G1{jTC7ota*JM6t+qy)c5<@
zpc&<Cv-}2TvNf)-u^)w4IR#IAb30P8NKX2F^|M`)t)gNvmzY$92){_sASc~#MG?G6
z01+~17JwM!JPSxaJJtTz7$&8s`H3FldxQ%9@~nj<<O#kvf=K=$4nLLmHGiFo3Mq&*
ziIi#gQw#(**q&>(jVdTJf(q3xB=JotgF$X>cxh7k*(T`-V~AR+`%e?YOeALQ2Qud(
zz35YizXt(aW3qndR}fTw1p()Ol4t!D1pitGNL95{SX4ywzh0SF;=!wf=?Q?_h6!f*
zh7<+GFi)q|XBsvXZ^qVCY$LUa{5?!CgwY?EG;*)0ceFe&=A;!~o`ae}Z+6me#^sv-
z<kA1n(=XTnu@rJsCenhu-Zv&%WBDK;wE+-m5)3gqDM=UJSV|IgE?>1F6=WNd6>M(~
z+092z>?Clrcp)lYNQl9jN-JF6n&Y0mp7|I0dpPx+4*RRK+VQI~>en0Dc;Zf<!>l+x
z_e_b7s`t1_A`RP3$H}y7F9_na%D7EM+**G_Z0l_nwE+&d_kc35n$Fxkd4r=ltRZhh
zr9zER8>j(EdV&Jgh(+i}ltESBK62m0nGH6tCBr90!4)-`HeBmz54p~QP#dsu%nb~W
z7sS|(Iydi>C@6ZM(Us!jyIiszMkd)^u<1D+R@~O>HqZIW&kearPWmT>63%_t2B{_G
zX{&a(gOYJx!Hq=!T$RZ&<8LDnxsmx9+TBL0gTk$|vz9O5GkK_Yx+55^R=2g!K}NJ3
zW?C;XQCHZl7H`K5^BF!Q5X2^Mj93&0l_O3Ea3!Ave|ixx+~bS@Iv18v2ctpSt4zO{
zp#7pj!AtDmti$T`e9{s^jf(ku&E|83JIJO5Qo9weT6g?@vX!{7)cNwymo1+u(YQ94
zopuz-L@|5=h8A!(g-<F;G9^=CwUG2BBM&6@esQFH4>MXgLJC0MA|CgQF8qlonnu#j
z;uCeq9ny9QSD|p)9sp3ebgY3rk#y<wu$Scub#>0DA(SHdh$DUm^?GI<>%e1?&}w(b
zd<n{_{wZL^#}W>ip1;P2Z=1wM+$q=TgLP$}svd!vk+BZ@h<^4R=GS2+sri7Z*2f`9
z5_?i)xj?m#pSVchk-SR!2&uNhzEi+#5t1Z$o0PoLGz*pT64%+|Wa+rd5Z}60(j?X=
z{NLjtgRb|W?CUADqOS@(*MA-l|E342NxRaxLTDqsO<GMIr8u8#%dIQrz(r`Q(hkza
zil8N-`Js{wU0Gy<JdGKt>yfWWe%N(jjBh}G<qND?0TH2WotV2BO}oGFXR`nNIoZPu
zAYBqht4AIf6%UvOQWL(@v@#P!g?Z{m=yxdflhU-MrdJ3Lu4OwZ%yKkuPkk0$Ko)O*
z;5yrsNkvYZsjZQILNsEr+ECa0P<^XyVVf2;%`lxDRkz-!;wa1;EB{emo`C=%{Gykq
zq<4i~ETk#P9zK#gq4PdG1l$Vspzwyb@<LIRCp@UiYQvSVfg*oiL+eCZD0<3etyAQ>
zm7WPel6jXijaTiNita+z(5GCO0NM=Melxud57P<u@R2P46Q9-DyjXBHUN>P^d_U##
zbA;9iVi<@wr0DGB8<n8`yw;2Kv**CeqAs$L&plPhIa#v7(dTNoPt@&}ED@M*lxC!x
z`6s~+J|uy;3o7Lq<uMmSEF9Dw$gP)!=7bwIZF}v$SuOexM&6SRtdGcL+`+Tm+leuz
zpp$tX{Sz|>=T9Ab#2K_#zi=<XArhO6r_`n&7XSM212-MzWyRNG*!uO-#ecnE^8eXw
z{A)4%t2FvosVP<UQ~s;l`0?z0m3m-lgN!65Mz=sfFM<3$$g-N5nIt_Q>$igy<I%16
z>K48@;V|W`fg~7;+!q8)aCOo{HA@vpSy-4`^!ze6-~8|QE||hC{ICKllG9fbg_Y7v
z$jn{00!ob3!@~-Z%!rSZ0JO#@>|3k10mLK0JR<I1S>KP-Cc8UYFu>z93=Ab-r^oL2
zl`-&VBh#=-?{l1TatC;VweM^=M7-DUE>m+xO7Xi6vTEsReyLs8KJ+2GZ&rxw$d4IT
zPXy6pu^4#e;;ZTsgmG+ZPx>piodegkx2n0}SM77+Y*j^~ICvp#2wj^BuqRY*&cjmL
zcKp78aZt>e{3YBb4!J_2|K~A`lN=u&5j!byw`1itV(+Q_?RvV7&Z5XS1HF)L2v6ji
z&kOEPmv+k_lSXb{$)of~(BkO^py&7oOzpjdG>vI1kcm_oPFHy38%D4&A4h_CSo#lX
z2#oqMCTEP7UvUR3mwkPxbl8AMW(e{ARi@HCYLPSHE^L<1I}OgZD{I#YH#GKnpRmW3
z2jkz~Sa(D)f?V?$gNi?<F$5NpPo_(+mLu%j0uVGhEpW~}8A-6p@(iN<J78jy&84)}
zW71~;kMKbRG+MZ(!>6)Y;Sm{&?~2p=0&BUl_(@hYeX8YjaRO=IqO7neK0RsSNdYjD
zaw$g2sG(>JR=8Iz1<iqC50Fc?zkwnhu-?J#4v?gbo)h!toq+!EipMj&Dd=4)`^!2@
zL(!GW5QxLJO&{?1u~Q}Au)moY@9Q-~Yr01D0la`rUI3jK%5PxGU7;z+IlI=Bb;^2b
zL|Kc&B2+#W3&e}l>SK4`*kqd_3-?;_BIcaaMd^}<@MYbYisWZm2C2<aQM85hCqTrH
z{L!?Z_;my2c?%RMej)yS*$eqpa!UR3e9te>|Np_l|8r9yM|JkUngSo@?wci(7&O9a
z%|V(4C1c9pps0xxzPbXH=}QTxc2rr7fXk$9`a6TbWKPCz&p=VsB8^W96W=BsB|7bc
zf(QR8&Ktj*iz)wK&mW`#V%4XTM&jWNnDF56O+2bo<3|NyUhQ%#OZE8$Uv2a@J>D%t
zMVMiHh?es!Ex19q&6eC&L=XDU_BA&uR^^w>fpz2_`U87q_?N2y;!Z!bjoeKrzfC)}
z?m^PM=(z{%n9K`p|7Bz$LuC7!>tFOuN74MFELm}OD9?%jpT>38J;=1Y-VWtZAscaI
z_8jUZ#GwWz{JqvGEUmL?G#l5E=*m>`cY?m*XOc*yOCNtpuIGD+Z|kn4Xww=BLrNYS
zGO=wQh}Gtr|7DGXLF%|`G>J~l{k^*{;S-Zhq|&HO7rC_r;o`gTB7)uMZ|WWIn@e0(
zX$MccUMv3ABg^$%_lNrgU{EVi8O^UyGHPNRt%R!1#MQJn41aD|_93NsBQhP80yP<9
zG4(&0u7AtJJXLPcqzjv`S~5;Q|5TVGccN=Uzm}K{v)?f7W!230C<``9(64}D2raRU
zAW5bp%}VEo{4Rko`bD%Ehf=0voW?-4Mk#d3_pXTF!-TyIt6U+({6OXWVAa;s-`Ta5
zTqx&8msH3+DLrVmQOTBOAj=uoxKYT3DS1^zBXM?1W+7gI!aQNPYfUl{3;PzS9*F7g
zWJN8x?KjBDx^V&6iCY8o_gslO16=kh(|Gp)kz8qlQ`dzxQv;)V&t+B}wwdi~uBs4?
zu~G|}y!`3;8#vIMUdyC7YEx6bb^1o}G!Jky4cN?BV9ejBfN<&!4M)L&lRKiuMS#3}
z_B}Nkv+zzxhy{dYCW$oGC&J(Ty&7%=5B$sD0bkuPmj7g>|962`(Q{ZZMDv%YMuT<n
z1<0L@A~^*&C~fETTawHVh1kk4b*^p0vQ^7?+3dKBe<pM8Snh`k_7R%#IZRUEl1U~%
z`#y5ddd+xk?tVQb4dNJ(7Ry%2!BTF1HzW?PK!2%Oj>^Kwe<oH3RpEUQV(1=JAftKZ
zy};jv^`iGA^yoK}($W9zl~UM?CzovcbP5)_-K0QR<B0^>iRDvYTEop3IgFv#)(w>1
zSzH><Zx#DBcM*ETggCrIL|G$?#sL+^<gVn#xwx<>J`q!LK)c(AK>&Ib)A{g`<Y-)}
z(@A>Fdykxqd`Yq@yB}E{gnQV$K!}RsgMGWqC3DKE(=!{}ekB3+(1?g}xF>^icEJbc
z5bdxAPkW90atZT+&*7qoLqL#p=>t-(-lsnl2XMpZcYeW|o|a322&)yO_8p(&Sw{|b
zn(tY$xn5yS$DD)UYS%sP?c|z>1dp!QUD)l;aW#`%qMtQJjE!s2z`+bTSZmLK7SvCR
z=@I4|U^sCwZLQSfd*ACw9B@`1c1|&i^W_OD(570SDLK`MD0wTiR8|$7+%{cF&){$G
zU~|$^Ed?TIxyw{1$e|D$050n8AjJvvOWhLtLHbSB|HIfjMp+gu>DraHZJRrdO53(=
z+o-f{+qNog+qSLB%KY;5>Av6X(>-qYk3IIEwZ<NM%r#@ph<M*8##>5~6a+P9lMpC^
z8CJ0q>rEpjlsxCvJm=kms@tlN4+sv}He`xkr`S}bGih4t`<??rFdF>+#VEIt{1veE
z{ZLtb_pSbcfcYPf4=T1+|BtR!x5|X#x2TZEEkUB6kslKAE;x)*0x~ES0kl4Dex4e-
zT2P~|lT^vUnMp{7e4OExfxak0EE$Hcw;D$ehTV4a6hqxru0$|Mo``<ad1s?_=B%gG
zj{L^&w-1CqbSvv%+|q1FJ)359<5+$A?k|aG#gf7{>>*a5=1Ym0u>BDJKO|=<aBj&U
z!0#X%Y@1|KDHEa^`rc~}k?jREFe&j9TBf#RRLMm;>TEWJ5jZu!W}t$Kv{1!q`4Sn7
zrxRQOt>^6}Iz@%gA3&=5r;Lp=N@WKW;>O!eGIj#J;&>+3va^~GXRHCY2}*g#9ULab
zitCJ<BaQ=1ucETLnpX3y9t5BR+e(ST=YEEKt=Xy112Qwtm%k5x3c!p6oV{m@40JL~
zMB3IXGFiti$`r3qU9KkWdD0B0w2nH;70p*qOE_JEtaHOH+N1->t-OV0*D_Q3<g8V9
zm;BOnA1)>Q`p1_+GbPxRtV_T`<bX@8s=3hE?KYV`p2tWy54^?jcuq~6l*BOhxjN!!
z^YfKP5Wx%5767qY3bUCxe@{w@7?)5tek^Vgrr3xWzb~<2Na~Zi%p1V6d4U4sHORMh
z9<@8lXrisZuzFU)mBl0t68eB`oJwH{20{o{g2s-%u#nv&QU2tWM_W%e#~|NHMfxMp
zRM-h=($EQMHtd>jyATjax<;zZ?;S+VD}a(aN7j?4<~>BkHK7bO8_Vqfdq1#W&p~2H
z&w-gJB4?;Q&pG9%8P(oOGZ#`!m>qAeE)SeL*t8KL|1oe;#+uOK6w&PqSDhw^9-&Fa
zuEzbi!!7|YhlWhqmiUm!muO(F8-F7|r#5lU8d0+=;<`{$mS=AnAo4Zb^{%p}*gZL!
zeE!#-zg0FWsSnabl<CMbQ4500Q{TvpvXiCGkUi%tX9!KeG$87g>w!9$<&K(#z!XOW
z;*BVx2_+H#`1b@>RtY@=KqD)63brP+`Cm$L1@ArAddNS1oP8UE$p05R=bvZoYz+^6
z<)!v7pRvi!u_-V?!d}XWQR1~<lt}&9=&X{!*q{T%vI&{Sql_q~<bs=JfiC4k%hiD{
zRMjOdmSC*@3g=cAidK~^ywyFbdK)j^Qfk#UXd3U_FVoVd36bG{jjlOgvTnRjwERxE
z-E?_B9}RvmAC==a9mt*EnLWKm#&~+??Fr%8dgmR~zKWmR?y!954DdPLk@GI+AE4lI
zaun<-;SD&jV2s%R#Q0+$h!8+tU=(WXL8diA>0q(H3{d^4JGa=W#^Z<@TvI6J*lk!A
zZ*UIKj*hyO#5akL*Bx6iPKvR3_2-^2mw|Rh-3O_SGN3V9GRo52Q;JnW{iTGqb9W99
z7_+F(Op6>~3P-?Q8LTZ-lwB}xh*@J2Ni5HhUI3`ct|*W#pqb>8i*TXOLn~GlYECIj
zhLaa_rBH|1jgi(S%~31Xm{NB!30*mcsF_wgOY2N0XjG_`kFB+<Q#E!oi6v4mWmmdp
zpCrFYK7#3Llx<^JC{`QMc}y7Mn#rZi!bmnYGsz|v>uQuJbBm3bIM$qhUyE&$_u$gb
zpK_r{<D#n}U~r18Q9cpu7_WA|bVw~jkB-T@SBIs83_WOQD$QsrBK8v#YGtIb&;BA|
z^f-o}1u<5bRf8_Ai4>99svp3N3p4yHHS=#csK@j9ql*>j0X=+cD2dj<^Wiu@i>c_v
zK|ovi7}@4sVB#bzq$n3`EgI?~xDmkCW=2&^tD5RuaSNHf@Y!5C(Is$hd6cuyoK|;d
zO}w2AqJPS`Zq+(mc*^%6qe>1d&(n&~()6-ZATASNPsJ|XnxelLkz8r1x@c2XS)<e9
zVDeO<GC^N~@|t1?t&LxH8U-PQrqH;wsans3SgO3&9*BgbwK}9Dflo4DW(9&*G**t#
z5(08JP06aA!pS}33kTL;jmGw?eS&0eIbzv7kJDI{B{&cbYAXd|poH#n6YP+a2@zVP
zWf{CReG1A6D#=7l;{fY(f3mEcnyX-WV_u(j7L&<Bc&1CA15=N1l%Cemxh+LFLxzmc
zt>R*H(_B=IN>JeQUR;T=i3<^~;$<+8W*eRKWGt7c#>N`@;#!`kZ!P!&{9J1>_g8Zj
zXEXxmA=^{8A|3=Au+LfxIWra)4p<}1LYd_$1KI0r3o~s1N(x#QYgvL4#2{z8`=mXy
zQD#iJ0itk1d<pD1VGk%&4ci=+Hjcz)Hl94LD0g{3<>@Iy*DtXw)Wz!H@G2St?QZFz
zVPkM%H8Cd2EZS?teQN*Ecnu|PrC!a7F_XX}AzfZl3fXfhBtc<ff5WA{o}hG14*z(i
z*K_njw8`Ho`NMT6nej4znco^0DB`cm%kp~PK-34BfJ(Qcochw!NghIgsj#o-Nb`t)
zVGl9HfN7q|>2-)zaC2eKx*{XdM~Q<w$HWL{PMI^AT`G`ii!EB$YscY^Nuk(!FqRxn
z*|K+rA*VtJW^XRqgd8Y5^-S8rFcCRbuvV#xa2-&i<B=Kn-}$dv?>Uo4IwcGgVdW69
z1UrSAqqMALf^2|(I}hgo38l|Ur=-SC*^Bo5ej`hb;C$@3%NFxx5{cxXUMnTyaX{>~
zjL~xm;*`d08bG_K3-E+T<mWVYr6j8n!!pJNx6>I>#oqIN2=An(C6aJ*MrKlxj?-;G
zICL$hi>`F%{xd%V{$NhisHSL~R>f!F7AWR&7b~TgLu6!3s#~8|VKIX)KtqTH5aZ8j
zY?wY)XH~1_a3&>#j7N}0az+HZ;is;Zw(Am{MX}YhDTe(t{ZZ;TG}2qWYO+hdX}vp9
z@uIRR8g#y~-^E`Qy<u*MJx^Q>em(31{H0&V?GLdq9LEOb2(ea#e-$_`5Q{T%E?W(6
z(XbX*Ck%TQM;9V2LL}*Tf`yzai{0@pYMwBu%(I@wTY!;kMrzcfq0w?X`+y@0ah510
zQX5SU(I!*Fag4U6a7Lw%LL;L*PQ}2v2WwYF(lHx_Uz2ceI$mnZ7*eZ?RFO8UvKI0H
z9Pq-mB`mEqn6n_W9(s~Jt_D~j!Ln9HA)P;owD-l~9FYszs)oEKShF9Zzcmnb8kZ7%
zQ`>}ki1k<x*@h~9?|=_B5VcO=(N^K=D-I1iVfpHyvC6!w*bgI46!csKF<oV!JERin
zC3YrClGibB+Okmq$7*m2AOB?ld|Q}!uqu?r3IphaCt<@Ce+TI8+X!99XM!>wUO3j~
zEmh140sOkA9v>j@#56ymn_RnSF`p@9cO1XkQy6_Kog?0ivZDb`QWOX@tjMd@^Qr(p
z!sFN=A)QZm!sTh(#q%O{Ovl{IxkF!&+A)w2@50=?a-+VuZt6On1;d4YtUDW{YNDN_
zG@_jZi1IlW8cck{uHg^g=H58l<Vm9}1(ifQn)gr*uOc)p;i+Z*up!G6Q|ct@A`Rg+
z(Pz0_^vr7n#ozLauq<wGnI09PQ^$^ELvBezzpX||sLv`=K>PQ^HwnybWy@@8iw%G!
zwB9qVGt_?~M*nFAKd|{cGg+8`+w{j_^;nD>IrPf-S%YjBslSEDxgKH{5p)3LNr!lD
z4ii)^%d&cCXIU7UK?^ZQwmD(RCd=?OxmY(Ko#+#CsTLT;p#A%{;t5YpHFWgl+@)N1
zZ5VDyB;+TN+<e(DQM$-KBEOK~JQZ@8DI*iN)<P3BrrACFCTIK*u%S0|53PEu^7Ehl
zV?l&OVm@;rL5p)wh*^@1$Q~X9$Hva^6d8UaU{+1U9laP}p;1lPmY%c!ngm|hODD5L
zR(ju!H$Q+Hyll6?dXg{bqQO>g@u~{UrWrv)&#u~k$S&GeW)G{M#&Di)LdYk?{($Cq
zZGMKeYW)aMtjmKgvF0Tg>Mmkf9IB#2tYmH-s%D_9y3{tfFmX1BSMtbe<(yqAyWX60
zzkgSgKb3c{QPG2MalYp`7mIrYg|Y<4Jk?XvJK)?|Ecr+)oNf}XLPuTZK%W>;<|r+%
zTNViRI|{sf1v7CsWHvFrkQ$F7+FbqPQ#Bj7XX=#M(a~9^80}~l-DueX#;b}Ajn3VE
z{BWI}$q{XcQ3g{(p>IOzFcAMDG0xL)H%wA)<(gl3I-oVhK~u_m=hAr&oeo|4lZbf}
z+pe)c34Am<=z@5!2;_lwya;<D$$PCDT2t07f~T~1`gm+|*CJY!i+dS#iTCYHqqaw)
zj3blRU6F#gfxw(pj>l?xV5&kWe}*5uBvckm(d|7R>&(iJNa6Y05SvlZcWBlE{{%2-
z`86)Y5?H!**?{QbzGG~|k2O%eA8q=gxx-3}&Csf6<9BsiXC)T;x4YmbBIkNf;0Nd5
z%whM^!K+9zH>on_<&>Ws?^v-EyNE)}4g$Fk?Z#748e+GFp)QrQQETx@u6(1fk2!(W
zWiCF~MomG*y4@<N?CDr+4XG>Zk;h#2H8S@&@xwBIs|82R*^K(i*0MTE%Rz4rgO&$R
zo9Neb;}_ulaCcdn3i17MO3NxzyJ=l;LU*N9ztBJ30j=+?6>N4{9YXg$m=^9@Cl9VY
zbo^{yS@gU=)EpQ#;UIQBpf&zfCA;00H-ee=1+TRw@(h%W=)7WYSb5a%$UqNS@oI@=
zDrq|+Y9e&SmZrH^iA>Of8(9~Cf-G(P^5Xb%dDgMMIl8gk6zdyh`D3OGNVV4P9<?|P
z-j@F$ZGb0Iv;Q#+1Y3DEbQ`j-$mx&dLKYe~f)g}x!W9%BxOE?Kegu;<P)6;RKC|^}
zuJcGCm-}}fgpn&rErt=!;=F^)mLo%`4-bb4yDU-hjLg207h})(!Na3IFjNh3pKxT}
z=E-#C&M%2%{LBV_R9}(GHx_~&?Nkjbxq||ycJqejQ<li(BiXow>X|EvIhplXDld8d
z^YWtYUz@tpg*38Xys2?z<AsaQ9`FX9=vO?VclV^OO+^DZP}?dQBIRV1wR9IEL|AA?
z7%zFkNU4u`%FPFrUA%S(<E|t-Co&aM3igfI^tDcE$Eb&ti7J;v)|Nx;#i_p~XN=1!
z)X%9>j$F8%ivA47cGSl;h<CJwzu8LTNYjfHY0+mYtoV3~Y9LHg`fNrZqRIVH7(WTd
z42@(A4wsKs;UK_xXvYSsGH}!mq-W9RUS>jD23#*62w3+fwxNE7M7zVK?x_`dBSgPK
zWY_~wF~OEZi9|~CSH8}Xi>#8G73!QLCAh58W+KMJJC81{60?&~BM_0t-u|VsPBxn*
zW7viEKwBBTsn_A{g@1!wnJ8@&h&d>!qAe+j_$$Vk;OJq`hrjzEE8Wjtm)Z>h=*M25
zOgETOM9-8xuuZ&^@rLObtcz>%iWe%!uGV09nUZ*nxJAY%&KAYGY}U1WChFik7HIw%
zZP$3Bx|TG_`~19XV7kfi2GaBEhKap&)Q<9`aPs#^!kMjtPb|+-fX66z3^E)iwyXK7
z8)_p<)O{|i&!qxtgBvWXx8*69WO$5zACl++1qa;)<j>0zlXf`eKWl!0zV&<N=whgf
z=0i25aXKIFe5mUpdv-EHM0EKf_KV-DV|@p1jm^E@ea)Z2_?f|N<(<RzPtbPo`ldD#
zI%|89YOckdy*j(=6Uy}VGgbFV<WBdKw7C5m8tRP;Q*C~&kBFvF=i}Ch{i_Y2;40L{
z)K`6LTNK+2*O5nKkI3d23^q*hZS22n$b8(0jEvxXx>I`8?sG)OD2Vy?reNN<{eK+_
za4M;H<OEXEJ~5%>h%&IszR%)&gpgRCP}yheQ+l#AS-GnY81M!kzhWxIR?PW`G3G?}
z$d%J28uQIuK@QxzGMKU_;r8P0+oIjM+k)&lZ39i#(ntY)*B$fdJnQ3Hw3Lsi8z&V+
zZly2}(Uzpt2aOubRjttzqrvinBFH4jrN)f0hy)tj4__UTwN)#1fj3-&dC_Vh7}ri*
zfJ=oqLMJ-_<#rwVyN}_a-rFBe2>U;;1(7UKH!$L??zTbbzP#bvyg7OQBGQklJ~DgP
zd<1?RJ<}8lWwSL)`jM53iG+}y2`_yUvC!JkMpbZyb&50V3sR~u+lok<jf)#biL}k>
zT0uFRS-yx@8q4fPRZ%KIpLp8R#;2%c&Ra4p(GWRT4)qLaPNxa&?8!LRVdOUZ)2vrh
zBSx&kB%#Y4!+>~)<&c>D$O}!$o{<1AB$M7-<IbItSWbLS$Bc!yc*D!JSUNWc8Xxf_
zVwhYbcOY|jLi^_r`vZ|o_zYvjAL=OwCK>^`h!eW;c(3J~ztoOgy6Ek8Pwu5Y`Xion
zFl9fb!k2`3uHPAbd(D^IZmwR5d<V^a36$=BnmM)YfOhH6RTrUdB@GYwz`_7nuN|p$
z2V+%uCpN}@8r+zC1m$Ow)b62uBx&p=p4>8D$495nN2`Ue&`W;M-nlb8T-OVKt|fHk
zBpjX$a(IR6*-swdNk@#}G?k6F-~c{AE0EWoZ?H|ZpkBxqU<Xf3W+7zF%bMQpG=#+f
zxoMuDrN{!Y23^6mg$;7E;@7@XK+}=Qy_1Iq=)6u><0NUtvubJtwJ1mHV%9v?GdDw;
zAyXZiD}f0Zdt-cl9(P1la<zqwbP8fB?G%>+vQ$Er0~v}gY<d-*YcL&hT|=1btDzQ0
z(6p4%7<LXbtyHJnL793Fi@vF^&-iy&?CL=~h5%o&zh5-LcEwfjJAHm-%n>JVwQazv
zH#+Z%2CIfOf90fNMGos|{zf&N`c0@x0N`tkFv|_9af3~<0z@mnf*e;%r*Fbuwl-IW
z{}B3=(mJ#iwLIPiUP`J3SoP~#)6v;aRXJ)A-pD2?_2_CZ#}SAZ<#v7&Vk6{*i(~|5
z9v^nC`T6o`CN*n%&9+bopj^r|E(|pul;|q6m7Tx+U|UMjWK8o-lBSgc3ZF=rP{|l9
zc&R$4+-UG6i}c==!;I#8aDIb<c|ovf|J^|Tj-z?&rajbtaSL_j7Uc0sHFrW;_^dt-
zQ#fau&15?b-*_*c%@nFsI=MGU)fm~M{Fd@lsp;TW6Jkt3nUS9YuP-Tfk2eIECIc%$
z>AvgLuB66CQLRoTMu~jdw`fPlKy@AKYWS-xyZzPg&JRAa@m-H43*+ne!8B7)HkQY4
zIh}NL4Q79a-`x;I_^>s$Z4J4-Ngq=XNWQ>yAUCoe&SMAYowP>r_O}S=V+3=3&(O=h
zNJDYNs*R3Y{WLmBHc?mFEe<W&)(jM#)z+=`SB74}QX|RMwfle6Thto6L#|vM@u#0*
ztZPlYvT0zrSFcI`K3V@ZCpyY>A4`0Y`_CN%?8qbDvG2m}kMA<oe^a9RxBh_fznjAU
zf#du4cCea-8;%*8ujt0;{b1xdnQNl5jFDE#5oW@VJH^(R%s7q~rTyVyDmv+^@G9kH
z%EEY*)+Bm)^R;|yi#2u-s5sOFeMj}4zCG@p*Wui}tgN&XA2U*^<u-uW$>iqCv`_BK
z_6a@n`$#w6Csr@e2YsMx8udNWtNt=kcqDZdWZ-lGA$?1PA*f4?X*)hjn{sSo8!bHz
zb&lGdAgBx@iTNPK#T_wy`KvOIZvTWqSHb=gWUCKXAiB5ckQI`1KkPx{{%1R*F2)Oc
z(9p@yG{fRSWE*M9cdbrO^)8vQ2U`H6M>V$gK*rz!&f%@3t*d-r3mSW>D;wYxOhUul
zk~~&ip5B$mZ~-F1orsq<|1bc3Zpw6)Ws5;4)HilsN;1t<c`^?I-+NnRQ4BGkk~5AC
z0<$*Ro7kbksCaNZpO7OZW9m3e<*|QD8IN<HqQL0bQb?^#z-zS1;!&h|;E)H}5Jl#+
zCY~IC9W~KX9IJ7*k9=2dUeTLAi3<AIBU3?FCq$C2J&dn1i(kvgVStn3OK%1HGEEH`
zl}RP!K66_VDRlySL3JlB;5@HA+t}EVjAW&zabiDB5+pE{4&BssI0+>x;N6)tuePw&
z==OlmaN*ybM&-V`yt|;vDz(_+UZ0m&&9#{9O|?0I|4j1YCMW;fXm}YT$0%EZ5^YEI
z4i9WV*JBmEU{qz5O{#bs`R1wU%W$qKx?bC|e-iS&d*Qm7S=l~bMT{~m3iZl+PIXq{
zn-c~|l)*|NWLM%ysfTV-oR0AJ3O>=uB-v<rdTg~-U`VQ{V%4>pld{V|cWFhI<K__!
zY_p+lRa{>~sx>ciV9sPkC*3i0Gg_9G!=4ar*-W?D9)?EFL1=;O+W8}WGdp8TT!Fgv
z{HKD`W>t(`Cds_qliEzuE!r{ihwEv1l5o~iqlgjAyGBi)$%zNvl~fSlg@M=C{TE;V
zQkH`zS8b&!ut(m)%4n2E6MB>p*4(oV>+PT51#I{OXs9j1vo>9I<4CL1k<SbW+&Ap)
zSP*RZJ^w%mwwxG^lpbQp<y#<c`2j6=tpT??9=M$m1k}On6M$1Q5AVN0sPBwg`c0Qr
zK7<G4?wG+Kw(dAkFQ`e4mKX@c)c%GbcTo2#ozT|>v1aurV*AFZ^w_qfVL*G2rG@D2
zrs87oV3#mf8^E5hd_b$IXfH6vHe&lm@7On~Nkcq~YtE!}ad~?5*?X*>y`o;6Q9lkk
zmf%TYonZM`{vJg$`lt@MXsg%*&zZZ0uUSse8o=!=bfr&DV)9Y6$c!2$NHyYAQf*Rs
zk{^?gl9<l6aHM&uD+l3hFT+28k8g^pGn-H<ZHHcXYg$z(F4Jtp_Xx|{2t8=tZN`>E
z5Im8wlAsvQ6C2?DyG@95gUXZ3?pPijug25g;#(esF_~3uCj3~94}b*L>N2GSk%Qst
z=w|Z>UX$m!ZOd(x<j9eXHfco7njabXV6r(0b^4(&cOlQ%n~ZRCkU^)bOK|u;Tf(Z<
z)%A&Z?!gx&FfQcJ1ka~zxh=jKlF$aS^I`L9N6Zfp2RNgghhUbdivb)_o_wrkQKiXN
z>V*2xvWjN&c5BVEdVZ0wvmk)I+YxnyK%l~caR=7uNQ=+cnNTLZ@&M!I$Mj-r{!P=;
z`C2)D=VmvK8@T5S9JZoRtN!S*D_oqOxyy!q6Zk|~4aT|*iRN)fL)c>-yycR>-is0X
zKrko-iZw(f(!}dEa?hef5yl%p0-v-8#8CX8!W#n2KNyT--^3hq6r&`)5Y@>}e^4h-
zlPiDT^zt}Ynk&x@F8R&=)k8j$=N{w9qUcIc&)Qo9u4Y(Ae@9tA`3oglxjj6c{^pN(
zQH+Uds2=9WKjH#KBIwrQI%bbs`mP=7V>rs$KG4|}>dxl_k!}3ZSKeEen4Iswt9<Vx
zE>6GGw`E6^5Ov)VyyY}@itlj&sao|>Sb5<mx7{zaG9j_ba8Zn5K#G`;;jnCwfaV@2
zfB--<s_Ho?au3X)Qq+^=$Mw2HA}6H$ph@(};1h67duDcz_!MjV18bU|6b%Yl$;l2>
zeY+#1EK(}iaYI~EaHQkh7Uh>DnzcfIKv8ygx1Dv`8N8a6m+AcTa-f;17RiEed>?RT
zk=dAksmFYPMV1v<x&y*?3CAt4n)nj%7c<8p@rCUMNPw>IS(Qc6tUO+`1jRZ}tcDP?
zt)=7B?yK2RcAd1+Y!$K5*ds=SD;EEqCMG6+OqPoj{&8Y5IqP(&@zq@=A7+X|JBRi4
zMv!czlMPz)gt-St2VZwDD=w_S>g<u1Alo`a@)M5xCeMm@9WTygn}Yg{&GRz>Rpc-g
zUd*J3>bXeZ?Ps<QEw|QH!GID7xAtR|TnBoHBL<H(2d@TU#K4aKAqr%K?)oO@TEsL|
z$E~b1c<o8NtC45_R5dw2rqX6;J5J_&h8cu*m3XD9tC|sJ;e8Y=eOnkOd$m`EdItJX
zTGByXs@S95>johe;z7k|d<*T21PA1i)AOi8iMRwTBSCd0ses{)Q`9o&p9rsKeLaiY
zluBw{1r_IFKR76YCAfl&_S1*(yFW8HM^T()&p#<HVVqAydIWX%r4Ei9mtCFU`OZ^T
z_1ESE&U8ftMAYS>6y%{(j7Qu56^ZJx1LnN`-RTwimdnuo*M8N1ISl+$C-%=HLG-s}
zc99>IXRG#FEWqSV9@GFW$V8!{>=lSO%v@X*pz*7()xb>=yz{E$3VE;e)_Ok@A*~El
zV$sYm=}uNlUxV~6e<6LtYli1!^X!Ii$L~j4e<Di*Wks4eNuVJ#URzGdQAorX=_3nr
zTY4XzG?{}|&rMky&CY^jd+B~p1Ozm))}*z)nm|j_SWDXWZBTh?(8Uy`cyh1-pmxt5
zjD#-N>{sI$tq_A(OkGquC$+>Rw3NFObV2Z)3Rt~Jr{oYGnZaFZ^g5TDZlg;gaeIP}
z!7;T{(9h7mv{s@piF{-35L=Ea%kOp;^j|b5ZC#xvD^^n#vPH=)lopYz1n?Kt;vZmJ
z!FP>Gs7=W{sva+aO9S}jh0vBs+|(B6Jf7t4F^jO3su;M13I{2rd8PJjQe1JyBUJ5v
zcT%>D?8^Kp-70bP8*rulxlm)SySQhG$Pz*bo@mb5bvpLAEp${?r^2!Wl*6d7+0Hs_
zGPaC~w0E!bf1qFLDM@}zso7i~(``)H)zRgcExT_2#!YOPtBVN5Hf5~L<CCU1e$yOy
z6y7=%D3L0U<zJX-p<cShe85I0&7b?ixuHr*ev;88LfDXt4Y`h@aRt6fu_)dfSD<Cr
z3(iZbika`#1V{5t?5XV6saWc^(a!gyl;XpLlkO0|q305rjpn!-bJS#zH-=YO2U^?b
zP1+|Sw)zw1D{|SG>l3f~rWZ(UsJtM?O*cA1_W0)&qz%{bDoA}{$S&-r;0iIkIjbY~
zaAqH45I&ALpP=9Vof4OapFB`+_PLDd-0hMqCQq08>6G+C;9R~}Ug_nm?hhdkK$xpI
zgXl24{4jq(!gPr2bGtq+hyd3%Fg%nofK`psHMs}EFh@}sdWCd!5NMs)eZg`ZlS#O0
zru6b8#NClS(25tXqnl{|Ax@RvzEG!+esNW-VRxba(f`}hGoqci$U(g30i}2w9`&z=
zb8XjQLGN!REzGx)mg~RSBaU{KCPvQx8)|TNf|Oi8KWgv{7^tu}pZq|<WiMz3rpp0|
zLKIB_Ddvk1cM8BJ6cz;POHz%T{sZWf@&L60uqu2&dwrJ0x%22+Vt2z(`{TJ@iys}w
z!}_>BS&S<53fC2K4Fw6>M^s$R$}LD*sUxdy6Pf5YKDbVet;P!bw5Al-<ZmNM;fK}9
z(;Q617)?cwmeRBfr;WSdE!Fz~?sf588oJj!s$c%WwoO(_AtXkQF4F2xuV&`n3oC*l
zLD81gPrag(&l;y|c-6wE>8I1Nr(`SAubX5^D9hk6$agWpF}T#Bdf{b9-F#2WVO*5N
zp+5uGgADy7m!hAcFz{-sS0kM7O)qq*rC!>W@St~^OW@R1wr{ajyYZq5H!T?P0e+)a
zaQ%IL@X_`hzp~vRH0yUblo`#g`LMC%9}P;TGt+I7qNcBSe&tLGL4zqZqB!Bfl%SUa
z6-J_XLrnm*WA`34&mF+&e1sPCP9=deazrM=Pc4Bn(nV;X%HG^4%Afv4CI~&l!Sjzb
z{rHZ3od0!Al{}oBO>F*mOFAJrz>gX-vs!7>+_G%BB(ljWh$252j1h;9p~xVA=9_`P
z5KoFiz96_QsTK%B&>M<OVS!jKFsPBm{4n!1mDS$m*VO~m3uK*2h!9O|jhe3!GzDyp
zmM22!H~y1+2FiH-J&wO+VnjS|-3)(QdJ8GSi_0-d@y02VONd&XMRu?%tIoeyAs1$&
z2@H?hToaxd!hmqD8)Z|B2n$^2x?>SXEYh`|U5PjX1(+4b#1PufXRJ*uZ*KWdth1<0
zsAmgjT%bowLyNDv7bTUGy|g~N34I-?lqxOUtFpTLSV6?o?<7-UFy*`-BEUsrdANh}
zBWkDt2SAcGHRiqz)x!iVoB~&t?$yn6b#T=SP6Ou8lW=B>=>@ik93LaB<r_MA^r8W%
ziwVD->L56ub`>Uo!>0@O8?e)<QIehhF!1N7m_bQW9~;%fo1oD+{TinM^gu6xUX$9F
z^gK5Cv;EFbXK<zio1!h?E;s-FrZ3QhuHd!0)cpDvEbI3w{vR$q;(uOJ7iSCW{{p7}
zzpuyoZ?3nn{f4C38vNHAyE@U#eZOM?=C{-2UlQnl`=S4Hqo#$ulC_2XKi`(Y%2I9%
zqNtzb4J1RV?vRT8h2_}z5~y*Sgu$dNV1nirGVW<X<VBI;%p5`{W68rsXC;}R;jakJ
z0|m|oj_XPtH?ikucx#{-lLC?H?Xm4UZUlvXpMMX?{2yLx{C@@l#~h%b<Z5!*?F#~7
z095<~W**NHf+sw4TNn%fn$l^{-JfWtHQojXS8Dc{?sWuvz_8QOqS~YA!SB*+&X?5E
zc^efB&iaXnDoz0~4^Spx+uz)U7%v&d#A(?qFNi&QSA^y{ire}JOmf8O+>$t(sgy$I
z6tk3nS@yFFBC#aFf?!d_3;%>wHR;A3f2SP?Na8~$r5C1N(>-ME@HOpv4B|Ty7%jAv
zR}GJ<XhgBAgrpe%$kuJ?YuHb|v3u|gT`)+e7qK&fd+OIT;m{2y88S)Qjteg<Q~$%4
ztWsl)3xFMc%#UK*uV$e^e8U)bASn;aR5V)4e)Ps$ABOTa{{}89$FHcj_RA}KxYL!h
zSrRM4@Tm%S<9Rz@I&&S5FGd?4IjT9i`X#uinJ?GKu9Y@)$2gn)g#xfRYzz}$o40kc
zUGLF?z*ujtv{_Guq~e)cC*Ac97qz^+p^m9P_~1ybTfTl`R|}Lp|Ml;SQqm*IP;a^W
z9;xGPWdv5qh996kRjsCCzq4}wrC^JZQF7^!wb*8uc0Cs&R?O~n$pgltCC+R$?wqfx
zwy~I{d?&0hu}J>wsiJZ5@H+D$^Cwj#0XA_(m^COZl8y7Vv(k=iav1=%QgBOVzeAiw
zaDzzdrxzj%sE^c9_uM5D;$A_7)Ln}BvBx^=)fO+${ou%B*u$(IzVr-gH3=zL6La;G
zu0Kzy5CLyNGoKRtK=G0-w|tnwI)puPDOakRzG(}R9fl7#<|oQ<MB>EX;E#yCWVg95
z;NzWbyF&wGg_k+_4x4=z1<Z>GUcn6JrdX4nOVGaAQ8#^Ga>aFvajQN{!+9rgO-dHP
zIp@%&ebVg}IqnRWwZRTNxLds+gz2@~VU(HI=?Epw>?yiEdZ>MjajqlO>2KDxA>)cj
z2|k%dhh%d8SijIo1~20*5YT1eZTDkN2rc^zWr!2`5}f<2f%M_$to*3?Ok>e9$X>AV
z2jYmfAd)s|(h?|B(XYrIfl=Wa_lBvk9R1KaP{90-z{xKi+&8=dI$W0+qzX|ZovW<E
zC+%g!uYXZ#{jQrY@A!`XSl_$&A2T@qFMZ>GOotP+vvYR(o=jo?k1=oG?%;pSqxcU*
zWVGVMw?z__XQ9mnP!hziHC`ChGD{k#SqEn*ph6l46PZVkm>JF^Q{p&0=MKy_6apts
z`}%_y+Tl_dSP(;Ja&sih$>qBH;bG;4;75)jUoVqw^}ee=ciV;0#t09AOhB^Py7`NC
z-m+ybq<g4G1!&FidKvq|9sin}V;o>1>_OO+V*Z>dhk}QFKA8V?9Mc4WSpzj<uaKj4
zz}(y<qx>{6IWfFpF7l^au#r7&^BK2Ac7vCkCn{m0uuN93Ee&rXfl1NBY4NnO9lFUp
zY++C1I;_{#OH#TeP2Dp?l4KOF8ub?m6zE@XOB5Aiu$E~QNBM@;r+A5mF2W1-c7>ex
zHiB=WJ&|`6wDq*+xv8UNLVUy4uW1OT>ey~Xgj@MMpS@wQbHAh>ysYvdl-1YH@&+Q!
z0<dQW^;Ehn%fw-)fLb!<4HzREhM1Zj4kjQ!T09v0)QjqeWq<OYpA_`5xmMw!4+hTR
zy23Q(soXn+J<2mcH_6m%eJ0y`u>75(Qd4C!V`9Q9<BqX7QhEx1y7+HYACF;~N>jI4
zSt{HJRvZec>vaL_brKhQ<Sq8Wy8KCM4!1b}xe_|=NZ|wZo%q0h&x4@*-#-Tbp8b4J
zfIv}0{e+iDV}#Wuh874=&m%<?pIcYWQ;w#b%}b$Vn_q_?BZ`tWoll1nw0pK?nDM!-
z=IiSL)l|LG>QwbpQd4_Lmmr0@1GdUeU-QcC{{8o=@nwwf>+dIKFVzPriGNX4VjHCa
zTbL9w{Y2V87c2ofX%`(48A+4~mYTiFFl!e{3K^C_k%{&QTs<v>gOd0*95KmWN)P}m
zTRr{`f7@=v#+z_&fKYkQT!mJn{*crj%ZJz#(+c?>cD&2Lo~FFAWy&UG*<xxo3kzJ2
zrDbwgE`xL0p0OC~L$bVXy!zt2LN-Bue6r%b!O~*CllYPQ0{bnjSehnxRLfHKB-|@S
zlh%>Op^pV`BR^I|g?T>4l5;b|5OQ@t*?_Slp`*~Y3`&RfKD^1uLezIW(cE-Dq2z%I
zBi8bWsz0857`6e!ahet}1>`9cYyIa{pe53Kl?8|Qg2RGrx@Alv<K-1&TVh*%QiVeJ
zw<z)|0uz2^&{c%EX_mp!Y-<wmxQMClEpwtlv3E9lug>G3HAL-^9c^1GW;)vQt8IK+
zM>!IW*~682A~MDlyCukldMd;8P|<R1w8m*driNj?SBnHCqQ^}34Oe^3F0Wd5k+$DP
zQwx>JCZ&oNL(;HZgJ>ie1PlaInK7C@Jg{3kMKYui?e!b`(<sqcbV3|*ChSZ+u!m%p
zEk@sY6s}w^f<Db4!cs^*ZGoz!MF)itzenWdp0zit8&_HB23ZX%(}%Z-Chi<kQ@WUl
zT(v|=*&C-%O}S43l>&?t6PTb5UPrW-6DVU%^@^E`*y-Fd(p|`+JH&MzfEq;kikdse
ziFOiDW<yyXIOCw#j{)5?sD|95dJ6|$X;1y3bb<7j_^}nbX8;6j=KzRx3FdimHz<(c
zmSo@-#x~D(T}VTzSST7#biiP$37XpFV(s+vv(iSQ7I!I8ZKqf)^AfEZ&wdg|>H(D<
zyV7Rxt^D0_N{v?O53N$a2gu%1pxbeK;&ua`ZkgSic~$+zvt~|<wi2DKd{6zkbA_nq
zIDNbroZZR_UCliI>1Yb=UfKJW2F7wC^evlPf(*El+#}ZBy0d4kbV<JHB3rsDar1c{
z*Grb7r<dUjw#Am*!d&=V6x;*79S0!!;4TYA32Cmkx<yQp-R3&_+bQ0~49f!Bd2Cjh
zY&ZW=x21K3F4Sqd64lC<?QGcC)^WatWhoHF<DfExT|%m}Lve<W;m6AecsIu@s0HQ0
z;sGJq(EmLz1*2Qiyo444kgnXvB8<S~!4hSZRBcLs5-RY^L){UWNUr}q*A1gbe)#eg
zz(0&3ca!IWGoRZDX)3;$au=OUlsYF1T^to-gPZnvv#Y<VH=JL`_g(awH73M`{N`#+
zM=?0F=nU77E!)#P{EV4*TbZi+Vs~bStn<aVgf!NSMHxgf7h?GP4G2di7FV36>JsK-
z05>;>?<bli&gVpMCL_8-A4$tJhB_D&hw-4^NArA$&y|p#ogw7&h}dJ%CEK$3W)AC;
zB<R-89-M6xZfPWd_I--v3O~wpU}AYdMP!!rzs-<7%souf_ov6p&#=XmicWCcA^v(i
z^$FXa(|I&$nbQ+B27F?0?Z^K8%^&ecmd7x56FH*E3-SkLxGOY1IdX{hC<?uJylK#7
zi2V;{_ejM8ds|1sKS)_lFkhgT7C<dvCtL4&gyZ~4^H+QGzy7tLWUlb(Q}7*2=f6KB
z|9wmq{^na*+Zh=D$LrK5O6DKL<=`E2)@Eu~hCrAV@a{mqT|sU4z}1jd<b(ueFLn(4
zUZHTR{bj6UIE0=T-J21VUTh)oVManyGcTv~O$<%sVXX~J8<8H`Ass|=?nH|Vn8KKb
zp7ksuqRA>HZO(YBF&v5tNv_WcI@O@LKFl*VO?L(!BAd!KbkVzo;v@~3v`-816GG?P
zY+H3ujC>5=Am3RIZDdT#0G5A6xe`vGCNq88ZC1aVXafJkUlcYmHE^+Z{*S->ol%-O
znm9R0TYTr2w*N8Vs#s-5=^w*{Y}qp5GG)Yt1oLNsH7y~N@>Eghms|K*Sdt_u!&I}$
z+GSdFTpbz%KH+?B%Ncy;C`uW6oWI46(tk>r|5|-K6)?O0d_neghUUOa9BXHP*>vi;
z={&jIGMn-92HvInCMJcyXwHTJ42FZp&Wxu+9Rx;1x(EcIQwPUQ@YEQQ`bbMy4q3hP
zNFoq~Qd0=|xS-R}k1Im3;8s{BnS!iaHIMLx)aITl)+)?Yt#fo<CYMyMO(N&hjUd(9
zrYcKju%_{w9OiZ0tXHbEUp6a7E}jZhUfM~7VrxCUryOyfws<yaoJP#_!TR~^I8*%M
z_blHbfonlI>v|Eh>}dv@o6R{tG>uHsy&jGmWN5+*wAik|78(b?jtysPHC#e+Bzz~V
zS3eEXv7!Qn4uWi!FS3B?afdD*{fr9>B~&tc671fi--V}~E4un;Q|PzZRwk<k{$576
z3)*^Wn$J&4ijeAub)TAsrRanvyo+2b|HaO}Wck&TsBIjDEciAZ)xNHrg{+;Ot(c~w
z>-azprM$4AesvUb5`S`(5x#5VJ~4%ET6&%GR$<o;Uw@jHNXKq{o{-vatV``S=;pJq
zosYFs*w$E-x(PmXNY}^Ik!Ys=1N(H?1>}muHV-5lTsCi_R|6KM(g2PCD@|yOpKluT
zakH!1V7nKN)?6JmC-zJoA#ciFux8!)ajiY%K#RtEg$gm1#oKUKX_Ms^%hvKWi|B=~
zLbl-L)-=`bfhl`>m!^sRR{}cP`Oim-{7}oz4p@>Y(FF5FUEOfMwO!ft6YytF`iZRq
zfFr{!&0Efqa{1k|bZ4KLox;&V@ZW$997;+Ld8Yle91he{BfjRhjFTFv&^YuBr^&Pe
zswA|Bn$vtifycN8Lxr`D7!Kygd7CuQyWqf}Q_PM}<N^zG*sz{_fcU3v7O7XnC*4Aa
zpb=9eR0`H6KOu7y5Lux$;j6glQ=Cnx<g;4DUpTr~Jiv#5xF0h9DaFBD=)!%6jHEWX
z889cm)A<znb}Qr@2Ih@T`xk4BNl)lK%%ilOmpuyg+8+eO;vs(GN026wy-zF$0Bpho
zpq~g*HNw~h8hh>cX~S1$-6xUD%-jrSi24sBTFNz(Fy{QL2AmNbaVggWOhP;UY4D>S
zqKr!UggZ9Pl9Nh_H;qI`-WoH{ceXj?m8<o#3`K%nSO84PqMf~>y==MGY`AOJ7l0Uu
z)>M%?dtaz2rjn1SW3k+p`1vs&lwb%msw8R!5nLS;upDSxViY98IIbxnh{}mRfEp=9
zbrPl>HEJeN7J=KnB6?dwEA6YMs~chHNG?pJsEj#&iUubd<U9vAx5z41A?(bgtMGpP
zwCR*+-u<wI9%Dmvw`F@KM2us_U9@<TVJ^`{G6!5FE!-2ia+H}$Pk<_s|H<&5&#|JG
z3Zn(zsf_P;Kw|kH0@8N`a`zB$aW?-R7Gz=c|MM@CRcxG;L{NR7$sfsEaj*@Gm8+D)
z(~4{oh<j#<<rU=_ed_JxH3P1uWIgXZ?Yi3Q9}(WL@MIKBarw?*{rs^Y<VO%bf%sm-
z_bzSLCFW%#vYlVDwobBmPB_h8cs)NCW`4*P8t+ny7P4fq&4#)qdy+@I-1a2!GTstR
zV`C1q#W;Z%KqC%`A!VsO1lwv42E|Arp%SMpI;`;{)L@G58XaAs;HkN28=c;-R9iC5
zFv>f3JJwu=C(t?J<di8FrDi&_<8Gi8I{@c2;!g0*Fs7Y{NizU~U~DCr9#QGUWLJ8$
z6So7^8!gBboMj9cpk@?3jQ~}GdEFW_-L0Go4=cq7S|ztSu>pE6xMyhA3e}SRhunDC
zn-~83*9=mADU<BlwTn$=?eGI*${p@%-gJ&Jk4}GnjS5v2d|X>sk^<vsaU5-S-Dt?B
z^CJPj)ts%v&i(kUo{Z{ey^V2<p;Ul;SaF~f0+aoAk+x^fU+c<H8=??`0+ELm<<WYa
zejibs7IS57q5_UvyT>sCc%&&G1q5T^HR9$P#2DejaG`Ui*z1hI#h7dwpIXg)C{8s<
z%^#@uQRAg-$z&fmnYc$Duw63_Zopx|n{Bv*9Xau{a)2%?H<6D>kYY7_)e>OFT<6TT
z0A}MQLgXbC2uf`;67`mhlcUhtXd)Kbc$PMm=|V}h;*_%vCw4L6r>3Vi)lE5`8hkSg
zNGmW-BAOO)(W((6*e_tW&I>Nt9B$xynx|sj^ux~?q?J@F$L4;rnm_xy8E*JYwO-<G
zAw2a{1_{}UDtg6k<H!^~Ep9z*WtT)Wa}-x7C<<#g4x~4C&Od75vZaK9?9f%g*!4dQ
zlJiKHKS~B<_~zQHLZ6Yr&U0^y*|A2BEYT5Dfy(GmpC7JBa0_LKHpXMU18JJV<l9Ls
zF!CE=82FF4{}RO?1()5W%NVF=#KHe0qmy=`QxbdS#(f7zm(X!J9h!WZ#V5Q+oI9e!
z6moH<;DB=(^c^&S`<-WI`KlIm1rpiXUn1r!q_#i$C`6hPDt7K}0@M9MwW@Xl0adOq
zH-`cCnl0!pNDx>02<I8n_zF__isE*QA^i~z{Rx#YCf{3mI<#SoM*K+EC4@|p=};uD
z7_^98UUK#Y*>u9_@@W0_2@?B@1J{y~Q39N3NX^t7#`=34Wh)X~sU&uZWgS1Z09%<L
zecj}N4CM_`#U|#O1uFgDAre$wf)a-3-~Yms53N&v-}+YY_<tMCi2mPu{-62klqQt-
zKRjkVla6-e>_k|EjA4w_QqPdY`oIdv$dJZ;(!k)#U8L+|y~gCzn+6WmFt#d{OUu<Y
zOY_Uc<|e?RL-YmB)%)`@T7RB<R-QF>KHqh1-uX_p*Af8pFYkYvKPKBxyid4KHc}H`
z*KcyY;=@wzXYR{`d{6RYPhapShXIV?0cg_?ahZ7do)Ot#mxgXYJYx}<%E1pX;zqHd
zf!c(onm{~#!O$2`VIXezECAHVd|`vyP)Uyt^-075X@NZDBaQt<>trA3nY-Dayki4S
zZ^j6CCmx1r46`4G9794j-WC0&R9(G7kskS>=y${j-2;(BuIZTLDmAyWTG~`0)Bxqk
zd{NkDe9ug|ms@0A>JVmB-IDuse9h?z9nw!U6tr7t-Lri5H`?TjpV~8(gZWFq4Vru4
z!86bDB;3lpV%{rZ`3gtmcRH1hjj!loI9jN>6stN6A*ujt!~s!2Q+U1(EFQEQb(h4E
z6VKuRouEH`G6+8Qv2C)K@^;ldIuMVXdDDu}-!7FS8~k^&+}e9EXgx~)4V4~o6P^52
z)a|`J-fOirL^oK<pJlgk;{wTU6<tzCapMDlBXxQB3Le5okt#72xJqlvoHh5h4)(GA
zUTE7RMa>}tqD@pqBZi_;7N43%{IQ{v&G9^Y^1?SesL`;Z(dt!nn9Oj5Odde%opv&t
zxJ><~b#m+^KV&b?R#)fRi;eyqAJ_0(nL*61yPkJGt;gZxSHY#t>ATnEl-E%q$E16%
zZdQfvhm5B((y4E3Hk6cBdwGdDy?i5CqBlCVHZr-rI$B#>Tbi4}Gcvyg_~2=6O9D-8
zY2|tKrNzbVR$h57R?Pe+gUU_il}<WpPK0&c7Cf)^kTlHgLh*e9eYX-e@u&J%`pP#5
zSj}Dq@1tQz)i#Nl`VxH|LIiAxaA`Jd1@-!*lgdAtByP{OU%az&?42B}362L=feNrt
z*RxHj$ZWxdny=m=<L*KF`s!?l3-xy=FSk?@Svj!g{kbFhL)s~jx0dj5*@zub3TmN4
zewl(O8Lgo<<c>ZaWu|Az#QO@};=|(L-R<FtHfil3F$IN__;{K(;=@HW!#QUN35a{%
zD~|)u$b9KdYl2xdz7y|l$=m8DlwhQqP%?Kb=<$vL)3-UG2JBk4^e{I9(8U>Vf0AIW
zq#pO+RfM7tdV`9lI6g;{qABNId`fG%U9Va^ravVT^)CklDcx)YJKeJdGpM{W1v8jg
z@&N+mR?BPB=K1}kNwXk_pj44sd>&^;d!Z~P>O78emE@Qp@&8PyB^^4^2f7e)gekMv
z2aZNvP@;%i{+_~>jK7*2wQc6nseT^n6St9KG#1~Y@$~zR_=AcO2hF5lCoH|M&c{vR
zSp(GRVVl=T*m~dIA;HvYm8HOdCkW&&4M~UDd^H)`p__!4k+6b)yG0Zcek8OLw$C^K
z3-BbLiG<G*%4Ey*o=CXuznD%-E)(BI7(ff9<6pa$Zrz&C5rTB04~@$dmXojzFZ}L`
zRg%4@Gzl_8#O!M!**o3FiOinwAw)3js>_%qX|ZYpXJ$(c@aa7b4<SFTt=8S6LG4l8
zlcVxZ?pLGnmVxFRWw8r17^k5AI;7>-*IQkDF}=gZSV`*ljP|5mWuHSCcf$5<NC<*)
ze^<2Ph^^DKawiOIF%89MPGPWue;M0vE~6E*nOMq4MZhj`p<K636GBRJmj%~d#Domc
ztZs(zo{Afl&>qqhZTv&P?I$z^>}qP(q!Aku2yA5vu38d8x*q{6-1<l@ZEBJgr=yj*
z=|5IuLM<?M78&Zia4KQ3zqq+Pj;>`%PrE_r0-9Qo?a#7Zbz#iGI7K<(@k^|i4QJ1H
z4jx?{rZbgV!me2VT72@n<DR5mdN;#-C(eB6{T-1WCMC<4OG#$>BjucoT<x)|o8t&d
zcz=#pXpp<Y6uDD$*V387M|STow%*8!)gvQM!5ojXJnYQsrshiZijh#8qBZXPD|nB>
zUM9;Y%TCoDop<GM?%qaP$qD5N_Re&x#fQeb`~mmirR*mz_8isV?5XN|lxXW*GxnA&
zqsd>?Q5fEQ35bCYk7!;gH*;t9t-QHLXGmUF;|vm365<zVCrfXPo#;){ym}VQ_ne6P
z!(%<fPO&{N)}Gkkd3S$5{D%<)xgUX}Egyy6<A)LM2E@O{a2F|=%ja^_%j2M#nVpYQ
z+Vn8PewW=9ex!-s%zI(~4dD%n1{+wKXJGwACYXJl_&|&PO&v1w1{IxqSjzH=O`!a0
z5uLkNYxP09lfjZM9-3XAXLL^%{CG2G^qD8VIQJT6@woCmj1pDW{O5QmD{ub{Aim!S
zn{UQG3M0t%#80q7^iVb`W7wUM)To100*n8PpM~ji<yC~2IwTb__!9_^>#X)6b2<By
zsr~`(aBfe%efKJJR45%#bJrSl;-dx20E32$(x^6gOAVg&3g6`rfg4?vYT5$B3KPW4
zR@y2a@?kp2S0H8-qBmQlH&;6+BIP#!%KAya@JVOY!KKN){N`mS*zmNqmHEMR@TXC!
zhcA$PyEZicF>Njsyf1h9JW#x$;@x5Nx2$K$Z-O3txa%;OEbOn6xBzd4n4v)Va=sj5
z%rb#j7{_??Tjb8(Hac<^&s^V{yO-BL*uSUk2;X4xt%NC8SjO-3?;Lzld{gM5A=9AV
z)DBu-Z8rRvXXwSVDH|dL-3FODWhfe1C_iF``F05e{dl(MmS|W%k-j)!7(ARkV?6r~
zF=o42y+VapxdZn;GnzZfGu<6oG-gQ7j7Zvgo7Am@jYxC2FpS@I;Jb%EyaJDBQC(q%
zKlZ}TVu!>;i3t~OAgl@QYy1X|T~D{HOyaS*Bh}A}S#a9MYS{XV{R-|niEB*W%GPW!
zP^NU(L<}>Uab<;)#H)rYbnqt|dOK(-DCnY==%d~y(1*{D{Eo1cqIV8*iMfx&J*%yh
zx=+WHjt0q2m*pLx8=--U<Z87HfG;q}m>qfM6ZWjkev>W-*}_*$Y(bikH`#-Gn#!6_
zIA&kxn;XYI;eN9yvqztK-a113A%97in5CL5Z&#VsQ4=fyf&3MeKu70)(x^z_uw*RG
zo2Pv&+81u*DjMO6>Mrr7vKE2CONqR6C0(*;@4FBM;jPIiuTuhQ-0&C)JIzo_k>TaS
zN_hB;_G=JJJvGGpB?uGgSeKaix~AkNtYky4P7GDTW6{rW{}V9K)Cn^vBYKe*OmP!;
zohJs=l-0sv5&p<L!P8aAhZ$ViHW~K#|M7KBLApfQwl43oZQHhO+qTVJwr$(CZCkr+
z8@uY(?Q{A@be}#qA~W(SAO6T0Yt4U+F~`@BEPG!}@M&~EIFlM;(rq@Ri?BtVb@u5*
zx|RMEbuXAhd$7;08`u(fE%ohqn&|hU5^(VBQ@&fnF?s0JBED1gQu;?^PE7T4dO}|O
zc~Gj0(VhmoPr3(bZ>hSCi&8JSrokrKP$LVa!LbtlN#T^cedgH@ijt5T-Acxd9{fQY
z4qsg1O{|U5Rzh_j;9QD(g*j+*=xULyi-FY|-mUXl7-2O`TYQny<@jSQ%^ye*VW_N<
z4mmvhrDYBJ;QSoPvwgi<`7g*Pwg5ANA8i%Ku<P(rO@d^RV)`4sRi51#e6e`Hw-2$Y
zW}^&w?6Wl53TpZ3RvSTtJzxoqf{(p=PmQST7>m;<=i|4lwEdN+`)U3f2%bcRZRK!P
z70kd~`b0vX=j20UM5rBO#$V~+grM)WRhmzb15ya^Vba{SlSB4Kn}zf#EmEEhGruj|
zBn0T2n9G2_GZXnyHcFkUlzdRZEZ0m&bP-Mx<i5eotyLD3y-2$8zJr~=2<Hv9v-(tE
z_xM)!F3ylC^YIyU1aR-?S)6H(Kf=jlYX;vvI|!P4;*aNKFfQbbe4Iw!QST#GDUWsU
z^pkftujqEN?jzAyZ~5r%ZU!)C<)<P6Izz9A-SJd6$7E!^OI4H|Rh|qcxTIqg9C>Nr
zd;kl7=@l^9TVrg;Y6J(%!p#NV*Lo}xV^Nz0#B*~XRk0K2hgu5;7R9}O=t+R(r_U%j
z$`CgPL|7CPH&1cK5vnBo<1$P{WFp8#YUP%W)rS*a_s8kKE@5zdiAh*cjmLiiKVoWD
z!y$<MW5+=XDoq!^qM+du1euPg95l{cqITQE&7aW>@Cc5=Wj^VDr$!04FI#%pu6(a9
zM_FAE+?2tp2<$Sqp5Vt<Mpq>ADB>yY*cRR+{OeZ5g2zW=<Cy9`gd6LkvajL!dSK^Z
z&5H0u>`>(tA~*-T)X|ahF{xQmypWp%2X{385+=0S|Jyf`XA-c7wAx`#5n2b-s*R>m
zP30qtS8aUXa1%8KT8p{=(yEvm2Gvux5z22;isLuY5kN{IIGwYE1Pj);?AS@ex~FEt
zQ`Gc|)o-eOyCams!|F0_;YF$nxcMl^+z0sSs@ry01hpsy3p<l#@@Y=tMk><|xOliR
zr-dxK0`DlAydK!br?|Xi(>buASy4@C8)ccRCJ<Ic#p>3w;v&tA1WOCaieifLl#(J%
zODPi5fr~ASdz$Hln~PVE6xekE{Xb286t(UtYhDWo8JWN6sNyRVkIvC$unIl8QMe@^
z;1c<0RO5~Jv@@gtDGPDOdqnECOurq@l02NC#N98-suyq_)k(`G=O`dJU8I8LcP!4z
z8fkgqViqFbR+3IkwLa)^>Z@O{qxTLU63~^<AJ7tpu)Xpj?m~B++5#`MlS3^80#H}l
zN6i&(&}ptg_Zk!^Z*JR>lod{@${q;-l?S|4Tq0)As-Gz!D(*P)Vf6wm6B8GGW<Y4l
zosyI0A1t#eRi#qB?$wYFYsnwmy)6S~PIYo}U+{J8(^5!Ir@YGSqf%Zx)uI+A3X4IR
z9$qe}ASI!WTI+t+)ohk5zmva329u57GhP-kK^Rn!0=BLs`o*APWjiv<yvqzsd;*oQ
zQM;klXFJOfmbdLO@#jt?r<dnOP1T$NC)jz{oFeepg`$UPq&FKNEKm?yT^IC?#_BgV
z!`uQ`-V@|D+?s4OFToLQb8J_qi*tSmIHhpr(XaR3<{!YkBEB?kZD_u-&IFIX2;MTk
zRPm+@0gV#~Dg>i7B)Q^~T?sseZeI+}LyBAG!LRZn_ktDlht1j2ok@ljteyuNUkG67
zipkCx-7k(FZQhYjZ%T9X7`tO99$Wj~K`9r0IkWhPul`Q_t1YnVK=YI1dMc_b!FEU4
zkv=PGf{5$P#w{|m92tfVnsnfd%%KW;1a*cLmga4bSYl^*49M4cs+Fe>P!n=$G6hL6
z>IM&0+c(Nvr0I!5CGx7WK*Z3<gUB>V^w0+QcF=hU0B4=+;=tn*+XDxKa;NB-z4O~I
zf}TSb^Z;L_Og>!D1`<c@R3>;w@zf@GCqCUNY%N?IPmEkTco^}bX~BWM_Hamu05>#B
zBh%QfUeHPu`MsYVQQ3hO<O5HhK1ygTwlE$cw&K;NHrtLiG)Dxs61T8Lcd5s9WX?ZV
z_S1S`w*B=Cv$(Inh2i|{$+iZ&m`2Pb?_<8o+3YB%6QDg)HaK(3F11>T;HmP_C|nOl
zjl<B4fGzx6t^^DHr+IV5^+XhfFK^5TVxGAu3-QQ#epU@A1+nQ)WyXNtgojtzc}R?R
z_7BTFSLm3Fz#$HG=FK8gdI8RR!e9D;XZHv)%@2E5uvROaEAdJWQO2|qFRllBr@$tL
zD^**VHTFdF7SiY~1X6bumCT*=f8_nUwLlhn+28@S)WRcx)~x371afuz%%Pk21%iR2
zvIAI;>uk7vaSICyQ01h`^c)DWp>cxPjGEc6D^~2L79hyK_J#<9H#8o`&XM4=aB`@<
z<|1oR6Djf))P1l2C{qSwa4u-&LDG{FLz#ym_@<x$XG$co%Kz1v=kJ8Tr~~f+Uj88&
zbgBX_n_v5o@4w#nO7(8FB`;JuzpH-?V$6!zx7!~eG*=JW3Auc7bB0HMAz1JRYC0fh
zD{=OYTCVoECr<b+{tbc~97085hkb~%5RJg!i_8Fz8~VbogbzTBEaofH+rsk(Q5D3H
zX<QvOp$Q?=G-*QJep$vT`VcQB*T4hLQrq4}D`47uB=Bp`?k<o5uOXu~HNGOIKUY^k
z(kEFMQQ|{ZNiv7@Y!`aV<Z-s)Ei07xNnpZF-i5CKtny;u*e<S>I+vo}D}#%;vNN%&
zW&9||THv_^B!1Fo+$3A6hEAed$I-{a^6FVvwMtT~e<X^(wl5dsG`JJgbDLK!PwlQ9
zxZBbsuXRl)SfCshyJQlsBm;mdLpRjfPTv>%*&RvY5mj<@(-{y^x<jL5aAk~H{EKd3
z;3017Tg9>n6ZCYqNK|#v^xbWpy15YL18z#Y&5YwOnd!A*@>k^7CaX0~4<TW(utmrg
zVjF$ow8Oj|$sYGR9>*6QB{Bgh$KJqesFc(lSQ{iQAKY%Ge}2CeuFJ{4YmgrP(gpcH
zXJQjSH^cw`Z0tV^axT&RkOBP2A~#fvmMFrL&mwdDn<*l3;3A425_lzHL`+6sT9LeY
zu@TH0u4tj199jQBzz*~Up5)7=4OP%Ok{rxQYNb!hphAoW-BFJn>O=%ov*$ir?dIx%
z56Y`>?(1YQ8Fc(D7pq2`9swz@*RIoTAvMT%CPbt;$P%eG(P%*ZMjklLoXqTE*Jg^T
zlEQbMi@_E|ll_>pTJ!(-x41R}4sY<5A2VVQ^#4eE{imHt#NEi+#p#EBC2C=9B4A|n
zqe03T*czDqQ-VxZ+jPQG!}!M0SlFm^@wTW?otBZ+q~xkk29u1i7Q|kaJ(9{AiP1`p
zbEe5&!>V;1wnQ1-Qpyn2B5!S(lh=38hl6IilCC6n4|yz~q94S9_5+Od*$c)%r|)f~
z;^-lf=6POs>Ur4i-F>-wm;3(v7Y_itzt)*M!b~&oK%;re(p^>zS#QZ+Rt$T#Y%q1{
zx+?@~+FjR1MkGr~N`OYBSsVr}lcBZ+ij!0SY{^w((2&U*M`AcfSV9apro+J{>F&tX
zT~e<Y!xu;{zrqMP)rERb68gOKYUmCm<qic#Z~2zR|M_k_zaEO{?QRcB$xKZ2eiqU>
zMvsv$Q)AQl_~);g8OOt4plYESr8}9?T!yO(Wb?b~1n0^xVG;gAP}d}#%^9wqN7~F5
z!jWIpqxZ28LyT|UFH!u?V>F6&Hd~H|<(3w*o{Ps>G|4=z`Ws9oX5~)V=uc?Wmg6y<
zJKnB4Opz^9v>vAI)ZLf2$pJdm>ZwOzCX@Yw0;-fqB}Ow+u`wglzwznQAP(xbs`fA7
z<WzPW8bMbnlzHSheO<?zY)tBVy>ylmol=ea)g}&;8;)q0h7>xCJA+01w+RY`x`RO%
z9g1`ypy?w-lF8e5xJXS4(I^=k1zA46V)=lkCv?k-3hR9q?oZPzwJl$yOHWe<UWHmh
zSFE$woyA-<w>Mc9wFuE6;SObNsmC4L6;eWPuAcfHoxd59gD7^Xsb$lS_@xI|S-gb?
z*;u@#_|4vo*IUEL2Fxci+@yQY6<&t=oNcWTVtfi1Ltveqijf``a!Do0s5e#BEhn5C
zBXCHZJY-?lZAEx>nv3k1lE=AN10vz!hpeUY9gy4Xuy940j#Rq^yH`H0W2SgXtn=X1
zV6cY>fV<g=^{e2f`=DN1`hYV#Z-kc{A{Ur$32QLiA$Ac?{|f5}Og*g!ivaJcK)&BL
z_^aJk_}`QteYhw0wHrN1FDq1cs}lPU3fV5xmf)<)p>bQhGwQIaEG!O#p)aE8&{gAS
z^oVa-0M`bG`0DE;mV)ATVNrt;?j-o*?Tdl=M&+WrW12B{+5Um)qKHd_HIv@xPE+;&
zPI|zXfrEr<NYiDc$sLD~u5H%lwEk+k0n0fge`e}3`NLUb`P%N^>YzDD2mOhtrZLAQ
zP#f9e!vqBSyoKZ#{n6R1MAW$n8wH~)P3L~CSeBrk4T0dzIp&g9^(_5zY*7$@l%%nL
zG$Z}u8pu^Mw}%{_KDBaDjp$NWes|DGAn~WKg{Msbp*uPiH9V|tJ_pLQROQY?T0Pmt
zs4^NBZbn7B^L%o#q!-`*+cicZS9Ycu+m)rDb98CJ+m1u}e5ccKwbc0|q)ICBEnLN#
zV)8P1s;r@hE3sG2wID0@`M9XIn~hm+W1(scCZr^Vs)w4PKIW_qasyjbOBC`ixG8K$
z9xu^v(xNy4HV{wu2z-B87XG#yWu~B6@|*X#BhR!_jeF*DG@n_RupAvc{DsC3VCHT#
za6Z&9k#<*y?O0UoK3MLlSX6wRh`q&E>DOZTG=zRxj0pR0c3vskjPOqkh9;o>a1>!P
zxD|LU0q<upX4_0F^D}At^8Pme6{YU3X%VG)Ojqquqx1D=RK)XjUmP8()3oYIS69Wb
ztrr$!w;j~>w6S4~iN8EIM2^$k72(=a6-Tk?%1uSj@0;u$0f*LhC%|mC`m`w#%W)IK
zN_UvJkmzdP84<ffHOf&?D$F{a;oCP=zGcdfHEi9XtjXb+&#u=8Uw^>ZV7CP|@k>j^
zPa%;PDu1TLyNvLQdo!i1XA|49nN}DuTho6=z>Vfduv@}mpM({Jh289V%W@9opFELb
z?R}D#CqVew1@W=XY-SoMNul(J)zX(BFP?#@9x<&R!D1X&d|-P;VS5Gmd?Nvu$eRNM
zG;u~o*~9&A2k&w}IX}@x>LMHv`ith+t6`uQGZP8JyVimg>d}n$0dDw$Av{?qU=vRq
zU@e2worL8vTFtK@%pdbaGdUK*BEe$XE=pYxE_q{(hUR_Gzkn=c#==}ZS^C6fKBIfG
z@hc);p+atn`3yrTY^x+<<nM_ol;*wy4=@Wpw;Lm}&FAxejg|@)gcOBv;}!PxIuy(<
z(6>y`F0>p02jUL8cgLa|&yknDj;g73m&Sm&@ju91?uG*w?^d%Yap&d2Bp3v7KlQmh
z(N<38o-iRk9*UV?wFirV><Bo2@+1@*TNkgF@arJf=LNs*0-c?BIK}*Z`{aDGiSo;k
zONM}nhlp<IV#ji4e)u<6Z`@@Nwa3pqN63#i=YO$tia8n>|46JqxOZ_o8xv_eJ1dv}
zw&zDHZOU%`U{9ckU8DS$lB6J!B`JuThCnwKphODv`3bd?_=~tjNHstM>xoA53-p#F
zLCVB^E`@r_D>yHLr10Sm4NRX8FQ+&zw)wt)VsPmLK|vLwB-}}jwEIE!5fLE;(~|DA
ztMr8D0w^FPKp{trPYHXI7-;UJf;2+DOpHt%*qRgdWawy1qdsj%#7|aRSfRmaT=a1>
zJ8U>fcn-W$l-~R3oikH+W$kRR&a$<Ax5pTqsoQ0T*>L!*HdKD_g}2eu*3p<bt=N-#
z`sUGO4bV1Hw(+da#nhp8s<F>)twz`D+NbtVCD|-IQdJlFnZ0%@=!g`nRA(f!)EnC0
zm+420FOSRm?OJ;~8D2w5HD2m8iH|diz%%gCWR|EjYI^n7vRN@vcBrsyQ;zha15{uh
zJ^HJ`lo+k&C~bcjhccoiB77-5=SS%s<SdAbMkG}s<gOR-5Opiv13AE+O8DnrY3A*6
z%Ol*<l<oj9g?6uEpUW-RMXniyYc?v~;TWkd#y9j)9$v+LYFlluaBc&30hT*h1j$fx
z@fey?+j_6sjpz6b&|`PI*~3lU%1bfgZ3WXd98S_89n58a0w;B8E@Xq5cDs{4=y!}+
zbLIxa7O*Tuq_MG77@U<zd6#Jbcbtr95C(?Kir3`AWYZO3Wpey|pvV~__5d#Xi6Shc
ze*;1*#^{5`US#%yO#im1e!{kCf7+F&gP%~Syj7Fo4BY|`-{&GMsG<U+fKb3LGUFER
z2&IV8$1YS0B#}lW^@jO1sP$E#H4p}tUZt0jMzXxmW)Dc>7UC*H!clrU$4QY@aPf<9
z0JGDeI(6S%|K-f@U#%SP`{>6NKP~I#&rSHBTUUvHn#ul4*A@BcRR`#yL%yfZj*$_%
zAa$P%`!8xJp+N-Zy|yRT$gj#4->h+eV)-R6l}+)9_3lq*A6)zZ)bnogF9`5o!)ub3
zxCx|7GPCqJlnRVPb&!227Ok@-5N2Y6^j#uF6ihX<c^;{6o`#1Cc96j4@6A|h;UJ7`
z6jLyB#QP}+BL&e{%)tj^yALT%HkD}i6X@S#Gvsi9`UP+f5jE{;T4|P>jTRfbf&ZOP
zVc$!`$ns;pPW_=n|8Kw4*2&qx+WMb9!DQ7lC1f@DZyr|zeQcC|B6ma*0}X%BSmFJ6
zeDNWGf=Pmmw5b{1)OZ6^CMK$kw2z*fqN+oup2J8E^)mHj?>nWhBIN|hm#Km4eMyL=
zXRqzro9k7(ulJi5J^<`KH<z`@MQAXLEQ4F<KmwEx`YL_l;DAO*QI#cww0Ng3F1<+N
zS|e!;Gx~o0gnm#I;55bgz({D?<vk7V(auTAoKdK$0wyWRVE-n_aZND$U^qs|5|vB;
z@&q_FlqvE$<SED{y~S$ONe1VOf^-~u8j3oD(+Xc1xir~;yF#FgG%_1c-`+DwW?F-q
z^oh3;qu9=shB%tPL$7ZFh#N!JAx3%(OdM)vy#6f&qtnEUH90NDhBM2J8fT=WgUz)`
z$%j^-7K>JAh-(@W=5x>9+YM<qX%?AZ5P)ngm_{Db$#o>Fcx$6A5dP-5i6u!k*o-zD
z37IkyZqjlNh*%-)rAQrCjJo)u9Hf9Yb1f3-#a=nY&M%a{t<Fke3Jby%HL=arRZ*rP
z);^01c?lc-*MvvB7<vmj6Ot248r#|Nwre04i9NPc&=>0g7w6>{AybZ9IY46i4+%^u
zwq}TCN@~S>i7_2T>GdvrCkf&=-OvQV9V3$RR_Gk7$t}63L}Y6d_4l{3b#f9vup-7s
z3yKz5)54<M2AIh^X)Y$}zZPWG_?3GiZI~PL`FjZ575T{m&^DO+Yqj}ESzn4&nBLs9
zb=9Yq37DHRSySn%nh7=7H5O@uF8<=BOoe-32ifitgOhFLdnjPFj8`mOHG42!KWxLU
z>OVLzH~Ty=HwVC=c$Tl=cvi1L?R>*#ki4t6pgqdB$sx6O(IIvYO8Q>&kq;c3Y-T?b
z*6XAc?orv>?V7#vxmD7geKjf%v~%yjbp%^`%e>dw96!JAm4ybAJLo<vjKLq3yNZ)<
zRwry@hh8VDXT|-LPXGpL<iYXg&5kB=pfARd0$esN{A1R-M_(k7Ddhs1dyo=9o`)%;
zqZmaFH#ipy5hO6&wy^v=(Z)N@f_-g?`Mi{JjE=lHDn1sI(6{M}#Dr=hN3>0+4=TB%
zShgMl)@@lgdotD?C1Ok^o&hFRYfMbmlbfk677k%%Qy-B<ilk;IQ%q(QBBn}Ti+Hv6
zp9EUGy{A(qwF>G3V9txEjZmK+QY5nlL2D$Wq~04&rwN`-ujpp)wUm5YQc}&tK#zUR
zW?HbbHFfSDsT{Xh&RoKiGp)7W<gJR`85#z$HAXQBp{`Bcm&FdT6X&Gyus-nT0?yw(
zamN6vtAmqA9P1X0VO29W9<Pw|^~ey3mqj`ml=DMYj$gk#!rVW&EB0|7!iF*n9>PX4
zD^3(}^!TS|hm?YC16YV59v9ir>ypihBLmr?LAY87PIHgRv*SS>FqZwNJKgf6hy8?9
zaGTxa*_r`ZhE|U9S*pn5Mngb7&%!as3%^ifE@zDvX`GP+=oz@p)rAl2KL}ZO1!-us
zY`+7ln`|c!2=?tVsO{C}=``aibcdc1N#;c^$BfJr<e2apYD6vxaXQI_Ml(o(|GL$g
zMZi$!z0KnLWd$RxiQE5n{ABjQ&l!OSiyy+!?xR;k7XUjsU6x$fWD2=qh{0p<&!rF7
z3pYYY4Y(XeAZf>84=5DCy+OT4AB1BUWkDw1R$=FneVh*ajD&(j2IcWH8stMShVcMe
zAi6d7p)>hgPJbcb(=NMw$Bo;gQ}3=hCQsi{6{2s~=ZEOizY(j{zYY-W8RiNjycv00
z8(JpE{}=CHx0ib3(nZgo776X=wBUbfk$y<o|5$YY`zd5@Vr2DSJ56%Zk56A7eI&Qh
zg^CL2&*unT5`_^y4xV9{VHB}wVm=y^)a`W@wrGA+<JHpl7#1yaygBpT0@OG8ftM^4
zmJwKr$qk2{SI+K77f<QmhnG=004R0VI1!DIbnIXajO$5fSuv5A2QWwVx%x4EX5gN)
z2(+&pef09{+m|gz?~C?>2r*}aNG@A0_zOa4k3?1EeH7Z43{@IP>{^M+M`M)0w*@Go
z>kg~UfgP1{vH+IU(0p(VRVlLNMHN1C&3cFnp*}4d1a*kwHJL)rjf`Fi5z)#RGTr7E
zOhWfTtQyCo&8_N(zIYEug<US@>QI}_k|2X(=dMA43Nt*e93&otv`ha-i;ACB$tIK%
zR<YlHpaVRMM$DSANNUjz<Gwj;v-6@Wnc2jCS;C=5(IAZ`8-rG(JT@6tUjRrI4B!zr
zT4=5Sq#72Q(>DOtU^1CD5>7?&Vbh<+cz)(CBM}@a)qZ^ld?uYfp3OjiZOCP7u6~H#
zMU;=U=1&DQ9Qp|7j4qpN5Dr7sH(p^&Sqy|{uH)lIv3wk?xoVuN`ILg}HUCLs1Bp2^
za8&M?ZQVWFX>Rg4_i$C$U`89i6O(RmWQ4&O=?B6@6`a8fI)Q6q0t{&o%)|n7jN)7V
z{S;u+{UzXnUJN}bCE&4u5wBxaFv7De0huAjhy#o~6NH&1X{OA4Y>v0$F-G*gZqFym
zhTZ7~nfaMdN8I&2ri;fk*`LhES$vkyq-dBuRF!BC)q%;lt0`Z(*=Sl>uvU`LAvbyt
zL1|M@Jas<@1h<c{MKh#bu8q5xS1!fU@CQk5m!|b?L)Q%Uos)!!MRcW3IXvosInlqs
z|60T+7VHAcKNGtbEC2xb|4WbbUq$?1bzA)p=i4&h$@D#G;xA)@zB*WOVq+6AL}4LB
z;xrIxb!c^ygf8O3#B>K!prK}$@&fbf70o7>3&CovCKi815v$6T7R&1GOG~R4pEu2B
z%bxG{n`u$7ps(}Tt(P608J@{+>X(?=-j8CkF!T79c`1@E%?vOL%<iRe8O~Y<_}=@X
zRBdln+>TYrMe1ozi<##IsIC1YRojP!gD%|+7|z^-Vj$a85gbmtB#unyoy%gw9m1yB
z<dQ|H2lvV@o5W-8>|L^-wylT%<VrVVSOyn%tWhe%7Vc#XiORI0+^IJ7BPf7E`J)&@
z(kXui?F{=~kp<4ZJYsM`xG4PGyFS!NH^ymTFi>}=pNpq!QYz9zoV7>zM2g2d9lm{Q
zP|dx3=De3NSNGuMWRdO_ctQJUud?_96HbrHiSKmp;{MHZhX#*L+^I11#r;grJ8_21
zt6b*wmCaAw(>A`ftjlL@vi06Z7xF<&xNOrTHrDeMHk*$$+pGK0p+|}H=Kgl{=naBy
zclyQsRTraO4!uo})OTSp_x`^0jj7>|H=FOGnAbKT_LuSUiSd3QuCMq>sEhB=V63Nm
zZxrtB0)U@x2A#VHqo2ab=pn~tu>kJ;TVASb_&ePAgVcic@>^YM?^LYRLr^O12>~45
z-EE?-Z$xjxsN92EaBi)~D~1OzRVH`o!)kYv7IIx??(B)>R|xa&(wmlU2gdV0+N+3%
z7r$w5(L<|?@46ITJZS5koAELgVV_&KHj(9KG??A);@gL`s1th*c#t5>U(*+nb0+H%
zOhJG5tth59%*>S~JIi%<0VAi;k>}&(Ojg!fyH0(fza!1kA~a}Vt{|3z{`Pt@VuYyB
zFUt(kR$<`X_J&UQ%;ui2zob1!H{PL8X>>wbpGn~@&h__AfBit)4`D^#->1+Qn^MH9
zYD?%)Pa)D-xQzVGm!g)N$^_z`9)(>)gyQ+(7N@k4GO?~43<xmAA6Emv{cGana}urk
zL#8;?nU}YgaWJEPxusbJ5H$95Zbpr20q_0ZuO>wcE-|77;CPwPXHQcfcJ^I&IOOah
zzL|dhoR*#m5sw{b&L=@<-30s9F|{@V05;4Wf6Z_1gpZnJ*SVN}3O7)-=yYuj2)O0d
zX=I9TzzTK%QG&ujvS!F*aJ8eqt4|#VE;``yKqCx7#8QC7AmVn+zW9km3L5TN=R>{5
zLcW`6NKkTz`c{`-w!X9zMG;JZP|skLGs7qBHaWj7Ew!VR=`>n30NX)7j~-RbDmQ6b
zHr)zVcn^~e2xqFCBG4P$ZCcRDml-&1^5fqN=CHgBVu1yTg32_N>tZ;<??Uk_LD!fc
zdd|;~3Yf>N%h*TwOf^1lE#w1$yF$kXaP|V$2XuZ+3wH<yI^aa~zmC)dRtP4{)(h^9
zil+}8S|@`|w{AZ<fuz_O;%6>4Ws6%U;^iP|c6`#etHogQ+E@+~PZ1zdGAty6qTmBM
z>!)Wfgq~%lD)m>avXMm)ReN}s9!T_>ic6<Q$&QXUk8B?Vi8BNWYN%Jn<_RDpif5_E
zA5^E&M^Yv;;kuP)J{$TfJg%AAF;dB%;ahnlgRf;nykK1oD~=)2Mf4k30|`Ej_E*nM
zuWQnYqyJSPVXUDelD5EuF6cf+|C&`eJY^ylg4EWTRG-#lQ<)#`>xA|m7$(&n(Z&j}
zHC=}~I(^-*PS2pc7%>)6w}F1il&p*0jX1z)jSvG%S{I3d9w$A|5;TS)4w81yzq5f8
zZVfF~`74m1KXQg|`OS>;FCgZw!AL;2P<okdtS}<v9EWo%h3?Flsn}9`I)!RKiBX^^
z(+&=lXf^uYrGoygrt^v@*c7u;3kq_48@Z3gx;pDlqD&eG9WDk4wX*m$o14h=b<ld@
zR2tf;EHs$lxei|45^Qux6*~CHXZuxFxMr$4q7s?)WKKn63=C(0&mO-aJy-+OPT&f<
z^5DsVX@LcreLTF_n*In_z+D@P151ApSI%iTG^yer`KA?NLtuYlK@l)Ba1F%7LY**u
zjE!~pNbxUOL7=oKMwHlW`BX>V<xOm`^)-Fu_etnq2h<NN!eC%P1^^p<MdDK-^)q~-
zxB+)G{q&ZY^jGAWvA?fkhBko=ueqsG%CeY9J@pH4@syjvE*G}pT#ZQWmAY)I%3X3m
zt;zsGOEF}JLKGF4sK~~`DC_^|ro>{&8%~rG!;`eD=g!luE0k40GjIgjD!JSDNf$eW
zZtPMF)&EH_#?IwVLEx&Tosh9K8Ln4Pb$`j2=><6MAezsQvhP#YNnw&cL>12xf)dPz
z1tk;{SH6HDcbV0x(+5=2n;A->&iYDa5Zr9$&j?<imUOBYZVSt1M*9w=6xwW7&mghT
zO@X9SA?uHfyK^o3V{|Z;qeim`JyVK@@u>2iAz-(l1;#Vc3-ULyqRV9d0*psG7QHE!
z*J=*<ks}bdC=~h&<y-S)ckH1R>^sKK?iTO$g*+j~C?QzzIu`6Z{2N-ANrd5*?o%x&
z&WMin)$Wq%G!?{EH(2}A?W<DYW}!@Amkc|i1h<ow=~Tp%f<tJp)Q3I`95$^S!#>x@
zn8|q7xPad4Gu>l^&SBl|mhUxp;S+Cb125`h5aBz9pM34$7n-GHGx*=yqAphZKkds7
z$=5Jnt*6&8@y80jNXm|>2IR<$D5frk;c2f5zLS5xe*^W>kkZa5R1+Am34;mo{Gr=Z
zD=z8fgTHwx%)7hzjOo9*Cogbru8GgDzrE;3y%TR+u`|zz%c0Tyd8;<RLLyOh4?zms
zP_~p0!9OJHl99PIWCRAuvf~&qUo?DTj>#EQXdr4Rgx(2LPRzVI2FwsbXwnF;DP^fg
zdYOd|zU&AqgCJ;R+?oSgEgZM`ZX>7&$A-j2m|Tcz4ictXoQkz6Tr<2zhOudU16k<7
zLdk&FCL>=a^>0gV@m#9SnMd)R$5&1mh8p2McnUbk;1|C;`7pPkYjf|o>|a6`x`z1O
zt>8~Q%zHX%C=D2!;_1eo3qfbB4QQK^{ON_f*7XhLk{6sr2(KIVmax}fUtF-zHZiUd
zHPb9jidV`dE;lsw?1uQH!b%MvPE|lh9-8R_z4^PC8{XAf?S73(n*FvYPoMES+LfOx
zcjm4ZZOmKY>M2e${QBVT+XnBQ(oC0fAYcXi7+=}_!hS9m>Y%G@zxn3z#Pb;bJ~-kI
zAHNmWgQJp$e8L-uKQ|c4B;#0BTsfRB+}pl7xe=2_1U7pahx5S$TVbRnU0oi1?Wh|A
zR7ebg9T<XCQdgn&f2Nbv;UybZ_cH5Z$_8xGks)C;bSRl#wpcA{n!v~1tyTs&PW`S?
zLDwu+H8Ee-lv$8bp|6S^1`<;I!q@<E$OzVK?^gmj->K1GgKa4@ic#q_*<;c8?CkjX
zMMyq`J()_&(j-FZY7q%z6CN^a0%V{UL)jmrvEg{doZd?qIjgJ^UPr(QUs`68;qkdI
zzj_XBQ|#K2U!5?fmIEtXX6^rFY;h4=Vx<-C(d;W6Bi_Xsg{ZJPL*K;I?5U$=V-BNP
zn9pKiMc=hZNe**GZBw1kVs#-8c2ZRjol}}^V@^}BqY7c0=!mA;v0`d|(d;R-iT|GK
z>zt>Tt3oV09%Y;^RM6=p9C-ys_a``HB_D-pnyX(CeA(GiJqx7xxFE52Y`j~iMv;sP
z%jPmx#8p%5`flAU(b!c9XBvV+fygn`BP-C#lyRa;9%>YyW6~A_g?@2J+oY0HAg{qO
znT4%ViCgw&eE=<Kn(zI1>W8yt-0{cw`tMieWOG3wyNX#3a^qPhE8TH1?QhwhR~}Ic
zZ^q$TF8$p0b0=L8aw&q<zH9av5=+d!h(DwkxI>aTjuAYPmr-6x;U*k*vRnOaBwb_(
z5+ls5b(E!(71*l)M&(7ZEgBCtB{6Kh#ArV4u0iNnK!ml!nK5=3;9e76yD9oU4xTAK
zPGsG<?YmYArOs+@<cOnAny^yEc3e;Hd8=E<P=wDZI4;F5%%?u1UE!&Nx<#{snpXEa
zLfGX!RJaf@q|$&)X;3BFK8hO0J|c`DW9jHFmYMBPU)Ru;Vl6UC<n~%8pGH~y3-{BM
zTssJ|{)<~CBBH0Vh(jabO1$oBya?ALs8F#m@kToh9K-O4DlOGHvG2P)=vNTnot&Ii
z{0G<dz?qHKJzK{n!i?iSlGShFV;heo+7cR0w%!Lt+hmZU#DltvlbA8T#Cg!|FvCbg
z4l6WG44$xt(Hk~pL5^L{4lWrvW^!_rl*oLo-F`?w{1UKbeo<`{izkwzl|=C%f`a%P
z5uVLN{z$=Pb^*%6H2(eckY#Hf{M0b_g|^d-0mU>kjtFMMY3pRP5u07;#af?b0C7u)
zD^=9X@DRasHaf#c>4rF5GAT!Ggj0!7!z?Q-1_X6ZP2g|+?nVutp|rp}eFlKc8}Q&_
z17$NpDQvQolMWZfj0W0|WKm`nd_KXYH_#wRRzs1aRBYqo#feM}a?joONn30Z4Z9PG
zg1c!_<52-9D53Wq4z8pUzGkEFm1@Ws(kp4}CO7csZ-7+b)^)M)(xo}_IpTLl7}5<b
z+G)1u;(vEC8RSc`yGR<4IGFJBIorjKv$DM06Uc;uUZi_4-+}940cM4_6!D!xkYgkj
z>BmbBCI{4>rw>4c_gBQHtRd5Z=SW&6Qp2qMOjr3W+ZRmP;S(U+h=^BHKohhRp6Zgf
zwt&$zQXhMm@kh1@SB%dIE*kFDZym3Mky$NRljX?}&JGK`PIV1C;Pf!JV{hb4y;Ju-
zlpfEPUd+mV5XQH<#BRFhZ}>b#IdF?a?x;rBg-v)@fZpA?+J{3<wr}7ZlW>WZjbl3E
zv(a&1=pGYPxP@K!6Qg5Vx=-jwc=BA{xL3+QWb&9~DGS1EFkIC+>55{dvY4LV@s5$C
zKJmCjigp7?m27*GN_GROz}<t)0l4|Tct;cyQdA-1<}}}gM+YX_TFdm&wJrtO@)v@o
zqbHowpxH;fsk0gy41&Rf%8$e-H*)oC5P}HRf?lN2rJi+dnAB{PE2<h;Me16Tzs}&(
z?B{{r5plqR@0eqIq{aF+gwysUJRt|9i!B~ey4p`IsvHcz45vOReWnew@c8v`MQxur
zLM;rdC+nxKbV~x?B)rCz_IIQ@obWhsCb>y+y5%iIj=*JTYccaFjvD&VN%ewfSp=0P
zspdFfDqj?gs!N64cEy5uR~wD>af!1PE*xo{^a^8BPIL2=U>B!m2AM0Jf<8qWLoHxi
zxQfkbbwkRXgJgLW_j{ZkCxHLBU{@D6T5u90UNs5P769Zei|C$@nA5$L$4ZvxQl1i?
z8vLHg17}e{zM$=&h%8Swbfz7yw~X^N|7Chp1b<b)<4oa`Myr%@1<Jw)@CMBzg<HiQ
zm{VAL0HY~k@u6BQqH34YawOw?DQ{;8MaJG4pYv->C(oV72l#R8&%Ne5>F=7wR(dB;
zkDX!%&fxS19JBjP<6H7+!dO`nPLvB~xn{aDh#^iHKP|A5UQlCG%v%x9@q1w2fa#&%
za^UwHu!~(qrv99G%9_e4OBbJ-CkB*1M_?t6UXZ#}4JFDzB|x(1Z}ckuiY}$<t)@Y!
zOC3Jf2Ab-XlSc7!yLuP(JKSQH*?q3M3wcufRp<CLD4Dd4;BbrgQy8WBYIBW*EE69D
z8UUtIf(hi(q;hCe9uP&*1<9qL0h)bV_g|HN!qpZv<ZnDXU@P5>{zj`eVo})!rN8Je
z%h2CVJG1$K$2deXx^h8trLs~Han^e>_-M6@0o4C7d548|#mKtm@DvdVAX5ZzA8=*!
zKq5C+cM9u)qJ%YBJ1UAcG}6Ji4=$piaZ(K@>1BiD;$R9bR*QP`dH2T=)dgW#f7U)S
zZ~i#VYLOnUZt^~Iu3x8QPJaHVUxtRyipQ+tbmWKl14iW1!f6JSDvT$xt8>~7-1ZlJ
zU|)Ab*lhvz-JO!$a}RBH9u8$=R)*qeD@iS@(px~OVvML-qqO5&Ujnhw1>G~**Ld{W
zE+7h|!{rDZ#;ipZx4^Tcr9vnO)0>WFPzpFu*MYST(`GFzCq*@Gqse6VwDH#x?-{rs
z+=dqd$W0*AuAEhzM@GC&!oZa1*lRsx>>mP>DNYigdm^A~xzo}=uV$w#iadO+!&q_~
zT>AsHXOEGsNyfcJt2V$rhGxaIcTEvZr7CMVEu=>l30N~52^71U^<_uw6h@v@`BA2!
z)ViU+wF#^$=5o44TpOj?#eyq*+<j5g-m%?%;BoKZ>A&c0ghrt8%}SiK)FgLk-;-^+
zXt|1}1vcKAAuR|?L*a8;04p%!M~U2~UC-OJK)DMtBQ#+ZttJgDFNA4zchA*T)cN(E
zmpIMLU*c*NrCSV^qdLXD751DsO`#V#K1BVX4qI-B3Rg(zcvlg^mgY^V3Q*5RRQ4-8
z_kAlUisma2SNEx47euK5Y#eu_-gwRW0}M90hEI}eIJ9aU?t11^jSCn4>e~XLSF7Y3
z7JF)1ZbS_P<$<#y(*u@w!jF4FW_f~bxzi%cgP~B1K5N6GFYSAf=D_s5XomU0G9I%Y
zPWc{&MItPR#^Le)?zsRkQMmHx^Cnn&;TrPzRVG`wyNH*U;|r3^2NY(z0lwikP}cWF
z`p%R@?dy*7H~0&3ST>L9)b7#kwg+|n0#E&-FNf+Z_t7tpa711FogBPV`S3MW_FMGQ
zJ@8Z}qXR4-l%p76mvcH`{Fu<AE4(Q&oo=V7)p{2T6ly@Y_MXR~gJ$0uDRRbzS2jC4
zW+EoA=?ULvGdBJ~zI!Jy{{@HVkX`u1Dkbzi>(^O;8H2@#LZUH#9p6!EX$AEYV$c`s
zkPimL3kv>y=WQ+?KIAuim``%cAeBhA6g8}p_*FBH(#{vKi)CIz_D)DFXPql*ccC}O
zRW;+Y6V@=&*d6QJUbRxPX+-_24tc-hYHEFaP-IAj*|-P5%xbWujQvu#TF>xigr_r!
znuu7b(!PyYX=O#>;+0cGRx>Sy39(3y=TCf_BZ$<%m#inup<b!?>$>o(3dA1<l)kiI
zz;yjipi`N&mzatRgwN%i>Byfsip8S975-iVe7UklFm|$4&kaJ!n66_k-7-k}Z_<sE
zaQ-cgh5?XBSBMfnXaM~5kGqXc&9|y2hqU)U-hXY94Hw8#BnZ^^X&tuZ8hvIEUkDF<
ze9{8E#>?){LQe&wTeJ^CR{u6p+U#4_iSZZ1wjB-1gVGNQqnkk*-wFLj(eK8Ut{waU
zb1jwb2I?Wg&98jSQWom8c?2>BWt*!3WQ?>fB$KguB9_sStno%x=JXPEFrT|hh~Po2
zSPzu3IL10O?9U(3{X8OLN-!l6DJVtgr$yYXeAPh~%(FECDe;$mIY7R4Miv1GEFk9x
zpw`}E5M)qTr60D^;a#OCd0xP*w8y+my1^l8Qd*V`wLoj)GFFj;;<DnIoionWbq+sb
z;*}ev*NNbM?jV0_Xz^j*CiDW+g|gZcSA$+mUby>esW2PMO=sbas{yX6asXIJ$|LW<
zts$A+JaxoM({kv+2d@#bhl?#V#FZn_=8tTTvup?Vq!p!46W{be)EP=VlYE|UzAU})
zz})UzJVWi;9br0k&5>}sqwa_`TP*c}^$9+q)Dks#qEVg>p)71sqKF-Y<t+FEodZzj
z`Fq@zw$D~pc&)J={G<I8Y$|zTK%#Z9WY)k>LP@UF{<g`{F689;1n~%#<Pn^`YqiA_
z$wU8!<_r<@dw>(>lp7;CHAWK;K0TZ_+<Rt9Lby_)q-yc(-oZD|0CK3=@Nj)ixT~h^
zv?9>?>EtZKprfU@;52a1IU8HNx-mno<dz%x)<p7MVg)hN4p=j%VoN;{Z{21<PEZxX
z#sy^}6?M<S$LffQdAHtDl;nQ<(lNMm0wWTDJBf8Ni)4mt{K)+j^OyIPS;7~d<S+(`
zLOUXsihsBz<sZzp4WNu!D1#u8CV<^Zcae$dW20keVmh)cqZ&z3*gB0FCId->Zrb8|
zP8FPb#T$0VE+G-l508;d{DSfC6#dbp(j|^i^I3z9?Qm<yz$IojNJqGNTnWmOu5IGt
zt!YFGhiCZG*ExX>kr+(dw^w??h}WTN{_ls-GuE~lF;1Urgbtq|Ud_r>wecb@?{{z?
zX>X$&Ud+(I(5}5d^>&Z2m+qy=h#vR*lS084ATwUWZLg6PX1Ft+YI`0iI)ynij}{4X
zrQE!Mr1m^-?kw<|VT0mG+5J{!;j;zJT`?_=P*09n+=e``CN|7rC$u~Ksg7LSMS(Q~
z51!n1htcK0q7*K-*u0?c8ZlvPXcNwXmFe0Or2}}R@?j@{ECCNZ6va1tZ>|ZOgGZ1j
z9?mRkeSK%{X4O><Rso(1yYXqgS|{gjr_9;5U^Qa(9wk&`c`OCMaE`DZf%iLvGRZLM
zPwk&g7Nx^-d2;%iny119tEzz8wx`<1U6CVdsvMH=A=evh?_|I0as18fI^b1`+3X0|
z?1}|<L>J$@hyFsD)7s67Uldb>O93wQQiV%-FfbEY_@q>1VUstIJs|QgB`o1z**F#s
z^joAYN~5{EQ_wZ~R6<l9Iu}$nCKCCS@2hGlQ=xvYAnV#T<~>-nEV#HsQbNU59dT;G
zovb$}pb=LdR^{W2Nh~8yWfq*vC_DvJxM=)2N`5x+N6Sl`3{Wl@$*BYol#0^idTuM`
zJ=prt$REkxn6<eny-TNTT|OA1I=24<pax{+882M@jeDY+rT6glZ@T7fFXyw}kFLr5
zV<^G<&ytX|o!S3$I|nCP{a@ty=r>%dimg%99{(Dt6D67sTUR6l1F@9&Z9<)XgWK#x
zVohUH6>_xRuw1^V**+BCZ@dZj97T*67OBO>6UUivH`<@ray~ym^E?bO=vKqFfK3Kv
z`RKxs4raHacB<(XAeH`@0G*K2@ill_U@m=icT@F{k1PU3j<V;|#fFanf^7!sJ4<eM
z<QZN*<}>4VBde`ThtW8%Z~A>)45ARjQCDXbH}_rS^IxHGp#utBEj3W3<M6CD*#v55
z*bgt-EbYaWI;#xS-4y;4{86IXFW^qF(B(Cg&2DsWb7ZvQ4wbWYOqHvg`?6|TQNhLG
zrY^_(!6!6ACWITOK?HcnqjTU()~&!Qg+!@b4VgBC?&T<y)%<oP^P7fYZddh%;XFd9
z$!U+4S|h~qf<)mU36R$$4tQ|L+|v69juObX>KSAU+$6I4s~9OWueETo!J-f~+DV8<
z+VMtdcQ?M+?S}kl&uImYiIUJ-K0-te7W4sdWpS6Fqs-I!Tj{8Qp6lMn$Zm8uU)s{X
z8|O}H<cquTz$_U%ChM~AN(D`_2JzMzu3q5tz(ZDieU`&F;6C{};8MnD2&7&p2vrG^
zxEOXP9*LT$x2lTCBjG5A-qSvMOgbMSb7VukgxY)}!jPe6L6P$E1yAo$_MVhkC5bAC
zQ(g+v$69?XxpNN?=@0}A1j4&3ytzh6;q?*(T1-(>N%8sEl4em&qv{VBq{}$@cCG{B
z5~3DY$WRYSkO~z=sxRct5^G5bPZW;LF)(zY)HREgpRrkYV@H3^BTD6u+bJE~$cqr<
zw@Gb3^|n*kHZ%Vnu6~B7pB4iM0C4kDuk8Q1R^<(x%>|sCOl%CTe^N)K?Tiepg?|#m
z94!og0*38u|67h%*!)SJhUdvFimsktaqp#im9IpH-$fQc79gi259qPkEZ)XU?2uWW
zRg?$8`vl;V%-Tk+rwpTGaxy)h%3AmF^78<#i+Q6~M4#>J4`NNEEzy~xZ&O*9q%}@7
zs9XBO#vSKSM<-OjPIDzO9JiAYFWrK14Am{uZT=S3zaCu~K%kZo&u*=k9L#xi6vyaG
zQFD76MOE&=c1G;7Zivp<%%fRq+@3wgZg>k@AYQf|*Qyzy$tqc20m?F5nGbG@V#gW`
z8RMb2oBxgiqa?)_G6&-;L#(HCoaJrs_ED{IUZ^$~)+e#0iZT!AJDb2V{Sen*70TO&
zyI`*~#ZdLFhYP_#DTuoqQ0OS6j0o15r{}O&YoT5wCp|x_dD{#Y;Y}0P1ta?2VEh4*
ztrRN5tL6<xRm0s+S;O1!ORqdThuz@PkYEl2y^jc-q;Wb24hKlOaF8DUC>UvoH@M9L
z=%FKpf@iSp2P>C(*o<-Ng4qF#A?i!AxjXLG8%Gm`$rZxw;ZqSvv5@@sZ|N*~do5fb
zKWR)<u>T_>`kxaS|MHFh`-`fc`C%=i@EFk$O&)*_OVrgP4MWsZkE2RJB(WC>w}him
zb3KV>1I&nHP9};o8Kw-K$wF8`(R?UMzNB22kSIn#dEe|V-CuMw8I7|#`qSB6dpYg$
zoaDHj%zV6*;`u`VVdsTBKv&g75Q`68rdQU6O>_wkMT9d!z@)q2E)R3(j$*C4jp$Fo
z2pE>*ih{4Xzh}W+5!Qw)#M*^E(0X-6-!%wj@4*^)8F=N*0Y5<W?ORDCw7q>Or+>d=
zhMNs@R~>R9;KmyP@I@bpU3&w?)jj0rGrb@q)P>wLVbz1!TZY$#+H-mK6B^0{vdvt0
zaJ0~7p%I#1PpPm1DvBzh7*UsCl^I5^`@XzPzbg+v3T_WyKN?TJ9J=57v^IUO`aQN}
z@>Y>WIj+gT@-sobU-tW%L5GP(qY?Eep&I;@osY}O*3i1Ar?Sv|EI6S-pK_!~*A$K|
zs-hHESqd`vv;zIzgv2ho5-hsIL5Ke~siJ(v0`Qm7W_Rms2rB67=p&HGRhA-)$p-BS
zvXSmgGIGgeJMBcsgp=L8U3Ep$VPBFhvJ!3M5{pocGBS~iZj0({9Jt9nbC{Z$LVb%=
zGqzRBjlqkAU{#sOX56})^QjX;jQ26M`poAFIZ#H31td9sQlgBBrfIYgDC9+kO~}s{
zb1i*{#{5tPWhv4pecAZygXG>?5xKx7iPXd?nR;QaIfhlhqNBaLDy>9Yd1Sf3P!s4~
zhfHaFGsIFy&ZM=6^qc>>V>o!zk%5Lk5BtS7oU=YfjWUN<V9_5xh(l^dZ+rr!mYfr&
zxJpljbcI@k31|IpMqvv7IXK3`TqTIwARrx*OuZshW4aEpz6V;AV)qVPH-&rf1pkm0
z&;T-<Oz1K8Sl=}eOAiWPE`v?hq76~)Eg{N#O9SQ}4x;E?OHl1TF9exGZdk6Q_yG<C
z+Fe*sC<BcFBHVmyFH2WY?w$?=qvH~&tD?lFWqBStqVEiEZy%jRdQy<yoi%cA$}Lul
zZ=@S2_V<1AEQ4(LYj)7?0S|&-T-<OIfS&7TP#B-&E7BMB9^GqYP_Kawf9qh4G=q{w
zbJ{$0@z~OiS*XHiw#8qez8q2${JhqBPAjVvP1TmJORU8!MS_YmRp;ai)(T6M&4>;c
zrh$6Cyr%KC@QNTzTZvb)QXQkV)01MEY+EzC<XZyPGWD(!36_Z?dqznTG?nSHYMuE<
zs~FDjf^C>%CJx)Q&6MM={paB}Dp=qCn^eJ}5LeXG9Gqynt0ir>DvSIZ=i?*_xR3=%
zppf1<vl|sOHU_EPsYCn4onD%`f)5x4EGG_6q|`wi8D?}c4yg|5Az>w51ypF2KL6ug
zCm}eCi>&>xT;Idzh^PmtDWrU(&eC2hAt(nmd#?;W)*&4lb2Z2Ykv*XLNDEm`_1n3C
z`l!wZwiF9b?mN@z?s~>v%hT01C{E3md6M5_Xi3fKD6s26Tt~Z>8|~Ao9ds!cF_Y1|
zRG>!=TD0k0`|T*)oX!SlSt8g4Uh@nc(QosCoen@i*ZCSyh|IliliuhEw$8?4ZL9N2
zMQ%%S=3Tj_QilhHW@cSr1UYTtDem{A-ZxyCa$K9A%(!`X_?ieJzXbfERST|JxqmbL
zHe!hSqYk|!=!$8CJ5>q}Pj63@Q#PO{gpVb+0-qHFM`j5x_s#~dxvy5u62vywq8upP
z_)N)3n9cn7YEf2D8L}x0#_B_~>HT8;;8JC5q+}1gEyd%XqYvY?deQzwD1Lx{ghI3;
zv?f;&6CY$H&dDL$k#)hb)5lIqUZ~oU!z)hMI!B9THhw?9!}ykqpFJ|hB?JjV9uwqb
z3_70pMV^C7I<3Cg&yMi8JJ3V<ylVg9OoW#DRVURez$PvChZczEcrLQj;QSE`hcdv3
zL7~Krs|4GV=5zKIyi4rE{Y1Rz1l6+<#C_B`VeXxEuJ@2k@s}n0noCi{si!M2uvGk@
zv#J=c10i0)<~>2gYTOMV=IopfZ#1o>&+j-mB-V${Ok(f?I3{+vR~zE_RR$?9xI~^%
z53<a7&JP4?_Di&JSi!OIpv3_{qu3{tjd7CI?6573;rWk`9Rd9MoZBZAhB3^ymZS>~
z&bCl+6UeKkUWJ-%mnK{9K>?(3BM3C`@xi}v8)q#;YJhMr5dWvMtAL7X``!bHv~(%m
zH8d#Q4N6G~lEW}aGn9ZZNT?v9bV$emf)dg#ASDV?(nu+wpu!_X;(vL<<1zBo-~X&N
z>keyizVGaP&c65DbIyEw<fVYGT8@$EOBMH3xD0}QFnVWK<1)TT_l8buIt@llnj*EQ
z&PC#m3|EsnkJEMDWcP@bLB7ux$)XkMDczUFOidWKDT#^W6V8}PNQ%GFqoVkt&m<rG
zz?qS34+LJg-R|N)du2{<rGryY9`e3l-+sltav_>Fn2%(L`P424ZI3nFBA%w{yJ?E}
zlwSKF;jIhs(!TFOdMUW|(=qHjr#U-k>`>1u1_yL5Gyy;7@WTOt_)nfIp{D9kwR8f0
z;^Fq=iF(&yd|z30&+I`FBM-P6ouHQ@96TkIe@9=pDDL#_zgXos)-ri5lX-&2D~DsI
z4R>xVM$c&aFLgFjw<T^pI3sA?X1IqOdA9q7jerGNMkoeos@|9za}St%m%Q_RLT2~W
z5>q{1I;jpODOx|n*#@e2+Wgdkm(E(Fad_)peD`1^CJ2TpglmgoC)<BdOspQ<QcJcB
z(&tg#lvp!r)|KL&zC-rP?S5s@lN+_?8hpLY?+_v@*?Q;)tjUss$Pu%fZhnm7{*F#J
zJR_OJiEHF%`jb2r@Nz_is3RrHE!mjS31;FFJ%sy=`+LRA($|A5&vqpQviFy8Owv{u
zz@#K030s;@)=CwWrLm>F(Z)F7y2rzzDU^4wvO{bzw{mzSs4tF;*qabKkC?D!j!tbF
z4D_6zbqFVI>n@2-Qmg1BiDdD}>E(72)aMv1Y9duOxwlG|E!L(QmQ#j5vmN@<aegFJ
zwg~^6kdRo;B$H-QQQQL=(Q|c)-9nL;iK{*XYhbqCMH?rD^AFu3Z4C!jgBAKSG;?_q
zQ$zpiJ@qO47TADoIFCmpYPh0g!2e4ftqL+TqA&lo_0_Nr(yJGS+Hb}Q43AZ2vJOyB
z&FVyH7v%+Zcp$1P?+c5tLxloXKbp#{Tt`&KmXKaYAS2n~e%hgV-e@_PN$UfN{l%OG
zSxmQM8hY%>a7v{zIt3qQSP?96^$ITE=h~sLn|N|v8Y<ozTK{I)pejp4jJYmv6x~c`
zw0yCvGsej?8|)Zc-&Ggtc@+xI<Px<|x6EyyWHye<XTnpFyVyeDkXLy-<__48r~CWj
z#!V>qmA~-0HWgcPHZ@!3Dzm2X{Bozc{qm>J`Ehp}`FQ%Ecbw%+|H8f`pykvo-%&0a
z?&ZtJF*{#AYs8Z|z(IFI8sBiZs)L!C9#1W@;hEInZZZdPz2ZnmhoSP9VHQt7mzZUZ
zhM!!5IJbe4Z@zEoMjKaxH&Px8p}1<0YmtWwcG@ZP<D0H#u6Vu|*-gedGt#nom&7L@
zvebqYR91rxQ}3|#T<xRnc)}wkcQ;n#uj1w5@`sBLrk3hU^=Ixo=4mb1>Y@*oQSteU
zRy+W=Rs>sJ##v^8EJJt0=5---o<@^?<eNgQ4J+7xnG;M_W!$)9O$imTo4eF*81xrD
z*fKIGvv7m1`719nxp+Y2H1Q*SJkV--yfy7s_a(BME#^xkINRmnNgsTdG}mUQc8Kfi
zYigEyv?c2BAc=`PLOU2f{mYa?q2klA>fOEp=N<~xXvcf?$gXD0zVHziRMMmC#Mp3o
ze<OfS#jBf%U#RG&0YaiuGfT^&`P}NP>(eT!dvjmXp9_C%pV_>{H=nsqYO)n1J?Ihi
zjy7f00`|S<;)I!ZyUO{~#+wXX)z(BWsN|$7n9s}H%ZzE8YQv#vRTHjq@D%tYyfe<i
z(EQk`_O)w539&9IqnHL&pw=63@%7}yfCjN``TjyGx7#W24LdkXiA37ZGR-r5;VBzk
z>=3)|7jYxRT#E16nFk&1jFC6CH5d4kiJCVq+%r_$Rec7=G!GuZ-0*$5N2G<TOfOJo
z*hqC5Q##}oE@q)r;NF9vt;n#)dM?ZKnvxdTgX3}LR-vwjHQOlb9F&N7V+ug&RU7+1
z&u<$7IV)TsZVJv$wlJuNo8{39<J}lDJs@pG=o@+12+6$HH!@<fk#t2lZM5)iihKhX
zlLl(%gqT(m2U0dQNbAJ=kgg%uR=j{fnT}-#lJs#WXssBuWUltB^l;zmn+fyhXcn03
z@<gHR=#m5tB@7Wwp`c{6p+~Rggl%9$6qA^p62gnUQKSrfvWP&VKAzG3Jn$7EIC^H5
z`-c*yg*-5QY<Ti1riW{0ExI_(W2vE!20!2qtcs6rTzvKhn?<663);~!ay{!U3xi(|
zuPJ-Ao3F}pv&M^U_+ydFnGjM2CG=ge*5D!!q7gou5XcAZ*CykIRaZ~g8(dz|&K0F$
zn9+yPaAzy0)oG>qXB(dqWPS1Um4{xgi2k=;eO_LDy&GR=Q!)bjKY{f!0yoc0Rol<i
z6fi&NDxxGQAIi3?t_dq{rRLu7CpGjO_oA%u?tBS%=6f?zCp++BoECarBAef74IHAq
zHf68O_++IqzjF3!i~lVvNLnIeBtZ^U*>&!E`2BkI$5y4U^*k<RVkA#$K@zVbu%r2v
zEaHUJu5U&{a<x*bZm(Q7e)lpSmt7@R{@eSvjiW)>0=GyL-m8XJL%8prM%;fwyX9M^
zs48n3Oh#a>FVWI7dsm~*l0$^J)lxnfTTw~1ceZ73yNvNurwd`;+^1XuucaFN85M8?
z$fNl!D9g*O>6IE^POaoDq`86Sw0t4%jIi`&*EEZI?wwOiEvH8(qpfyDvAe`4pWf7k
z3-pFgeT{qtj)<OYO90WQ63g#li|4p_o%M$nF;%C!oU;`mMW(KFMGN$eM6F^pI}e85
zfVyWZNW#IXD$Ir{Enm<^z~C~u+D06)8u!PEUNpK+@pH0<t9kQ{8x{zRX=^!(N`~;L
zS;VFh5srw4zwG?e`9^BqTMa=x?s6>B!1ZamZ5g3z6Nd40P(%^Kf@#!uzbIk~8w`<T
zf7u6g?HIhOftWAd<l??Dpi$URid0E6a1tuc2AwjFlHzSwkXDVt^tqdK-e0y=GD_t_
z!_}y%Li~1VN*i*zjX+Hg|7KoQYLQrJhE>9wbhWc~1E|sw6-FsOqrhb2DLDwlaq@)Y
zAi$KoA=Vyn=Yxqxtf7wu*$47Ht>WZi{AdeN79#9ws~CtE;~gC$q7T>*5yKK3VT<I8
zqR}=sB_&;5Zg%-C2G<Bbs)5(b^ZO~TI51{ps}tVIulox8YVCV=*;jv|#V)7Q8hb<E
zA~)(MY5>)Q=sllRR}lBIGd17+<zAwz+3C1^@venI3}-l^mT=$sWJMT;EZI{R>bOu|
zeUeUrMgF=Gjk-{epAyUd_KNgwZK_Pz=H$+{4~E_ZRa3IJpU~IZ5U4Z3l%u3{Ls~`H
z(iysmm+!HBJTC-$EpHM9yrXUM^_FZ(3sdmsyZ6=lU8bb3V(WK>P0$l~#QA&NMj@OA
z*OQ>^-s_D-bda022~!G!bTh7@FR>t!1r`Js1;4$(^_*hH-_pUPf5C}K-v$%i#KBB!
zU{~<gm47vBW1lWl<?6yPJSrqPG$ArJI59dnEW^*jIOb7Oe&yO5yW!>a7)R>i<uZ~_
zqKU(``H;_!CfVs4MnIMfSB1R3o7xu_NBN81Dwt|3YdVhe*Z!6FBuww-ILYi+)pdfL
z)7QUCa1%?#s8^<TAwJjboIgXzQX}Dug(b<t3QZInFD8)U%NTx^XK^lZy?$ES*uZ>x
z#LA|<6v#rwKkB1JBLWkWu#M0#8i1J0e4dFDP3jrlFfxhkDs%Q~)e6e7fR$U?e$<{x
zfZb0?UMsB|E}Fk)@|^{)_^L7O%rp1GRNig@bUX(^6}6HoGi8IXoSKpI1A(GV)uA=7
zOXG&KjZYVjYn6}2YV0yfnKsnpDlF)h$Gv--|6$BsWFg|IWnp|#sk}zOAb6Bb?vb@t
zs^7=4<N@~rEcEqYxkzUT8Pa6;xYRx#|C0MTDd#x(+tVScl?>IdiKE_rUT@rG!D4Zy
zcnas#XT77V&%igMXY(lQS|)lgO{pN9!P-94KeZH_+PK5jESYCSPMN)=D(JIAVeB%D
zI_>_lvD;pylkZ#Ral0IzC6ei$J$4NnGw(pnVd`<QnlIZ?4@|=nBlsLMVI#=2xP^fs
z-p*nVjb_et;~5*r%zOB{O)d<qrP2>&aaNT5mfq-4)aPjj(v;`VvJ6Xxjm@3DX+Kju
z@9-h++s7x><TZsV)-i9T=ej6i`t*Ici6vV3!&sbEJZi9u&#!f9ygp+t#;EZ;OV-RH
zCf!pN`-`oQptOpbim|haXT|+Dq}N_jtE(d`^&YQqbwDt~ql(@KP*Nn$=iA`);NE~%
zjhPj2tjUv0Ec=jrHr&$ujvnBoyR77Q`|OREv%B&GqHJqcwCbvr;!5h1_XTv>idTEL
zd)ptYy?P2$S*_DI;eMR0ZdAuS)~fGEZEguO&+3AwW@Sw$&KvgJr6aGK*Ar;0wx`lr
z7V&!+9C7`VcV^t+Wj~AweOGQL!)0)serr$8Fez7kC(VSVRdjqpQuq964RW^2euIre
zh10&Tv)|dj*CoRozrW<4y_+5}3EGRok+G7ODl3-CF1r?JYDdw&N<YIM;T?7-Z5pcI
zAe|p4S^JX5MmdDC>bcVT=7ljq_K+8bMeG3uRw@3=cof?j+v+WaKI`WqwByf#7aFK3
z0+R34xQ-6nxQ&9xJKl}`C9FlUe1-h^i?5fr5kjot#MA-$%k106t>*gM<N<oiUfT+-
zGMBgUpezpa0?d!Nn0)blnTj<g=8!7VIXQO)6zK0#8JpL1v5`Q!m<l~}{f)1TF1YGu
zUh?8|pKl0;d~tPZB5^LnnhNUZh;zC9Rm*t5>+yF3m2X#=1tt07`cK)<Tc!3p?6ppR
z?z>37dA^A4d8%6R>@0U-UZ~wSvzMlK$tlm~aK`%e8|quXyH`aLM0#Dcu%sqEsKV%i
zVn<puvOAYnxr;dGeH~udbYKk`v`023wOF0xYEFz}`<v`jkJQ$c7eAi!6OamCuve4k
zlFC@Y)NdQ4k}@kU@3Ri)i|ZvV&TUV1BN5laQiXSmDzS>_*W-Qbnl)h?RP>)<eNC(h
z)%0v`a-SG^pCG(EI&H@4_Suh~y~JT@q3%Y7<j2^G5D&+C=Op9Mjz>$rZ5JL!*H;Z{
zk7(FB`lo~h&zB|S6j-Na;y$QM*rn^tkO{>#DWZN@IwJps3*Nm&ox0{{;=J~hvPb-*
zvAOEPImrdq()yl~`j`Q;R1Y%CdLKKw*;gtNaM~WDO95YXsTjKCOdRD2Is@aVRTYFD
zpS=_EB!@Ub&c*JmNMF=F+)Bq)52|=83IEG;M5(Ol*97!W(S-5X-5w&7->`1Pw-0Ml
zpA>jaofnyPQTCzoIG}OK9j^nn>F>jC#$iSnJY8y6ue4nxs@3HtfNx01XVK7NcX#Cu
z34g-z=0!7ip&@wI>>6ynJYyFTEgH6DA?b>~V%2s_@NPDza5&6cno!S(|85*74}6_M
z%s1c4`B{lqMu``(4~Jk#_`^=tu36TgXPv_}{lhhyi(rrSM_uoVVNuZOuxCXom9|wg
zNf&BtzX=<p_ys%MnPjA4jHb<Tki+mVWWXDpCtOp1{UY}L)|u(*r0IIxcx#al10rM*
zA_>hVi*4dG&1J!^QW;O%fQ$jVH=W74B8WR)*tM1{(@cHRqiS_W6R^h8uxd@zV>KNI
zR(-LNNkLqh>e<iNh1u-l=>=CmL|q9sR<b@PR#q1->Hm#1<x-4BTla+!ZaXOJhkmjG
z$+LVR;yg?PYPYU%G+*J&bS640Dq&P`Rn9b6SXqs4fbG;r{J3_Tl8aA3pCgGkymg|J
zo9Ptonx-N-P1jDv7*$%IHFQpE%wrTVle&A2OQ;}Te_nx^T$OW%*YmQAP(cr~-c&^j
z_lh)AF>5%q$o7_GQMp8FLX-HGnJ<+(;k{Q%+Sk+!^mM+2#1y9+gG2IDZGt%;Cfk{+
zT5}^x=!i2$t<JCbv?45#KKw2v=M}YRm?G~*n9)4a)Y2JO+v=HV%YPFqT<pQfPCIBg
zuyLymgK-dpMDzXF%I7cN7}5$Q9lXzAg@-w3;Jf<8GTscL`5w%?Q!Rq{uuRbru|Uts
zB!-sALJ#Hqs)ZPuO5vKdr}7z+SEs^Uq@X5krCZD@!Og9^M?=9O&L9WBE>nH_se6eC
zkn;kK>%ICpo=X&=cSsbxQ|AjJ;5Ff;AyIj>$YA<jr%Oao=H<n2!cRyNyebpUlbl}}
zY?;nyFG8Gc$8nI<Me}=tRat;-YIv%Ed6KfS;k(%+mK`~nl6saLxzF1qS&d0ydlPgO
z(i~z<8Z$ravS$}Acj)Bm(`u-y5hcmvcCo(Z|H3j@ON8e_3Hdm#_`HoYz5EfcqmtQ(
zDYK6!`@{DjaC5jFA49RB+!}Q-WQ_bNYe7x8<)_T8Nxl3>8cw*?W^Nn}S|1jrbf@Bd
zr82I8KlOh4#5C0sw3oVvuC0NFPKH4S0$~F$U4JM1Im$B%%oGm_5$Lnr{#Pv}eL1k&
zMP(pG$MI^8&!nYffq#$zJ^<K11&QDUzW-BAOYWkYvXY)Yua+_@!hRKC&+zX8tce|z
zed1)``+g3?U)2C)7XDS^`9Tfn--0N=tVnuT542D9>3GF|cC%2d4V@qKV#fu6u2O<P
zT>k)oKu82Fu=RODzQrHPEC+Mz{hW(G7VuCl8g1ou-Ot!41bp_>OC1&@A_6e*hc)1X
zMuDvzEZyB*fW1^+7dL0%ofr;-xT6B@0~|VazatI{60!X=po^uOr6UB$1POKmuI_&b
zOL&O+w*!>`k+y%?Z|wm4$@_1|WC|pKM(F{k8TR$-4hs?i|GBc9)qa{vYq)~5qa(2N
zsR?s}0Pp^ufVGE<pr|Gf-YhFI0tV0`&_5D~*uWKu*aNmJQQCG04+!NQc<|4O{PVkf
zRDkZ*0BkvKM-ecnP>B8oE9VCFa0K$x0HSpem!tIyR69y0rnjg8cqjmWyz7*Kx3~X>
z|BZX}Y;oVB1HX@l9_-y7dI*WgruY@?rC&64`}3W`ECA>O@Y#Q@JS<4WBF(QbwJqHM
zt)fE#6jTSyZ^E8y0INaIf!omWjvS=@15`O%V2CKg+}z=M9##kLKRN0uJuK250bXVU
zwzT&n@30^dzKnlL^us;wClg?CKWEtiEb#zhPVx{PxFQiwEPp^C53zN21EdZAz?3D&
zC6fK|_!S5M<zq}OK*#*|pgHIX1xt4bpo{=<a)-eIHAOw(OokH_@ZJ8M;h)6-)P9o8
z!PCG6T<1*;0!ba?gmeD^r-l=dFz<)^ezXEeM+=9X?8qllXwyi*yj5TTA9v)i;2%(F
z!Q9;egMN?!VfYKCu&d~nc>q&0z;xWGLEv}!zjfpRg_orp<hMrQ7e`;M0jTl-s`JPE
zHwGM_`9rGTby6bF^O+prZjuQM!~J79hXn{xAh!OH<hQ1X@vtxE0;ZG$xAx<a^bv64
zAF})ybteyi;5{AJSb)GAAUNJFGqV39!S6iw6u*@Q6QHUDLJ1gL{}d#mPvH-!e(S5z
z*geEJfPW1Lo&8zUVL>7|fXMx=uP!@X`yT@5(N_Hza}p5fBk&|)J7fZ`NQ9Nz@5xT?
zi?iV$q+bG!2LZUpF)>Yl!u;DEHV3!i{ipcJm_8Gj@Dac%N<jbe9BU_u&F?XPMBT~A
zrk<_xen0@=0RbR>3|SQVGqRhrJ;WOR|CtrwzPTW^&$A6!A$E)h7xohm>hA8p{PUZ~
z_&zeg@OL3PxPtzkfsNZAqXCZ8Is7yQ+plm~8;}|~DEkv&f@?q5hB*OGQYXuwVQOp0
z?QQ`6qyp|-$47wjuV74IE_x2I17$+grwMBE^25d<5!lYhnszuh|5Yk;RB+Uk*hk=m
zu73=E^7ul{40{A^?Rg^fq0ZfZO@C1HupR*_d;J>lkFv6&x&}4N;t}1T@2}~AC^<3b
zA}RxFPPZe5R{_6dIN9N-GT29Oa}RzA2ekKuEVZbuMOB?Xf**`N5&m}?)TjigdY(rF
z?~+a=`0);TlDa1<G^)(v5%i;nCqko$E~4V0iWwf^MWmjLcU;;K6%SRX>j)1G`AfW?
zRl883QPq=<pj)$l1%2`uLp^wZgf`r8BHF)?;iEPU^<?xBSjdYL!H%7w{jYP<s4S>w
zbB|bHEx%_u*$t@Yl#Vc;y*?2W^|^NJ)DmioQFr~1&>MSBL_b(YIpGWdDm3bT=Mgm1
e+h0K+-~H6qzyuy}`;+tYAZFmzUSVSYum1yJqxCBQ

literal 0
HcmV?d00001

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 0000000..37aef8d
--- /dev/null
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,6 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+networkTimeout=10000
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
new file mode 100644
index 0000000..a69d9cb
--- /dev/null
+++ b/gradlew
@@ -0,0 +1,240 @@
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+
+APP_NAME="Gradle"
+APP_BASE_NAME=${0##*/}
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"
diff --git a/gradlew.bat b/gradlew.bat
new file mode 100644
index 0000000..f127cfd
--- /dev/null
+++ b/gradlew.bat
@@ -0,0 +1,91 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/settings.gradle b/settings.gradle
new file mode 100644
index 0000000..211d3ce
--- /dev/null
+++ b/settings.gradle
@@ -0,0 +1 @@
+rootProject.name = 'TSMS'
diff --git a/src/main/java/com/ffii/core/entity/BaseEntity.java b/src/main/java/com/ffii/core/entity/BaseEntity.java
new file mode 100644
index 0000000..b8dc60b
--- /dev/null
+++ b/src/main/java/com/ffii/core/entity/BaseEntity.java
@@ -0,0 +1,121 @@
+package com.ffii.core.entity;
+
+import java.io.Serializable;
+import java.time.LocalDateTime;
+import java.util.Optional;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.MappedSuperclass;
+import jakarta.persistence.PrePersist;
+import jakarta.persistence.PreUpdate;
+import jakarta.persistence.Version;
+import jakarta.validation.constraints.NotNull;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+
+/** @author Terence */
+@MappedSuperclass
+public abstract class BaseEntity<ID extends Serializable> extends IdEntity<ID> {
+
+	@NotNull
+	@Version
+	@Column
+	private Integer version;
+
+	@NotNull
+	@Column(updatable = false)
+	private LocalDateTime created;
+
+	@Column(updatable = false)
+	private String createdBy;
+
+	@NotNull
+	@Column
+	private LocalDateTime modified;
+
+	@Column
+	private String modifiedBy;
+
+	@NotNull
+	@Column
+	private Boolean deleted;
+
+	@PrePersist
+	public void autoSetCreated() {
+		this.setCreated(LocalDateTime.now());
+		this.setModified(LocalDateTime.now());
+		this.setDeleted(Boolean.FALSE);
+
+		Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
+				.ifPresentOrElse(
+						authentication -> {
+							this.setCreatedBy(authentication.getName());
+							this.setModifiedBy(authentication.getName());
+						},
+						() -> {
+							this.setCreatedBy(null);
+							this.setModifiedBy(null);
+						});
+	}
+
+	@PreUpdate
+	public void autoSetModified() {
+		this.setModified(LocalDateTime.now());
+		Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()).ifPresentOrElse(
+				authentication -> this.setModifiedBy(authentication.getName()),
+				() -> this.setModifiedBy(null));
+	}
+
+	public Integer getVersion() {
+		return this.version;
+	}
+
+	public void setVersion(Integer version) {
+		this.version = version;
+	}
+
+	public LocalDateTime getCreated() {
+		return this.created;
+	}
+
+	public void setCreated(LocalDateTime created) {
+		this.created = created;
+	}
+
+	public String getCreatedBy() {
+		return this.createdBy;
+	}
+
+	public void setCreatedBy(String createdBy) {
+		this.createdBy = createdBy;
+	}
+
+	public LocalDateTime getModified() {
+		return this.modified;
+	}
+
+	public void setModified(LocalDateTime modified) {
+		this.modified = modified;
+	}
+
+	public String getModifiedBy() {
+		return this.modifiedBy;
+	}
+
+	public void setModifiedBy(String modifiedBy) {
+		this.modifiedBy = modifiedBy;
+	}
+
+	public Boolean isDeleted() {
+		return this.deleted;
+	}
+
+	public Boolean getDeleted() {
+		return this.deleted;
+	}
+
+	public void setDeleted(Boolean deleted) {
+		this.deleted = deleted;
+	}
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/core/entity/IdEntity.java b/src/main/java/com/ffii/core/entity/IdEntity.java
new file mode 100644
index 0000000..210fe41
--- /dev/null
+++ b/src/main/java/com/ffii/core/entity/IdEntity.java
@@ -0,0 +1,49 @@
+package com.ffii.core.entity;
+
+import java.io.Serializable;
+
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.MappedSuperclass;
+import jakarta.persistence.PostLoad;
+import jakarta.persistence.PrePersist;
+import jakarta.persistence.Transient;
+
+import org.springframework.data.domain.Persistable;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+/** @author Terence */
+@MappedSuperclass
+public abstract class IdEntity<ID extends Serializable> implements Persistable<ID> {
+
+	@Id
+	@GeneratedValue(strategy = GenerationType.IDENTITY)
+	private ID id;
+
+	@Transient
+	private boolean isNew = true;
+
+	@JsonIgnore
+	@Override
+	public boolean isNew() {
+		return isNew;
+	}
+
+	@PrePersist
+	@PostLoad
+	void markNotNew() {
+		this.isNew = false;
+	}
+
+	// getter and setter
+
+	public ID getId() {
+		return id;
+	}
+
+	public void setId(ID id) {
+		this.id = id;
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/core/exception/BadRequestException.java b/src/main/java/com/ffii/core/exception/BadRequestException.java
new file mode 100644
index 0000000..7ac98c0
--- /dev/null
+++ b/src/main/java/com/ffii/core/exception/BadRequestException.java
@@ -0,0 +1,15 @@
+package com.ffii.core.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.server.ResponseStatusException;
+
+public class BadRequestException extends ResponseStatusException {
+
+  public BadRequestException() {
+    super(HttpStatus.BAD_REQUEST);
+  }
+
+  public BadRequestException(String reason) {
+    super(HttpStatus.BAD_REQUEST, reason);
+  }
+}
diff --git a/src/main/java/com/ffii/core/exception/ConflictException.java b/src/main/java/com/ffii/core/exception/ConflictException.java
new file mode 100644
index 0000000..cc1f9c5
--- /dev/null
+++ b/src/main/java/com/ffii/core/exception/ConflictException.java
@@ -0,0 +1,16 @@
+package com.ffii.core.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.server.ResponseStatusException;
+
+/* e.g. sub record not under record */
+public class ConflictException extends ResponseStatusException {
+
+  public ConflictException() {
+    super(HttpStatus.CONFLICT);
+  }
+
+  public ConflictException(String reason) {
+    super(HttpStatus.CONFLICT, reason);
+  }
+}
diff --git a/src/main/java/com/ffii/core/exception/InternalServerErrorException.java b/src/main/java/com/ffii/core/exception/InternalServerErrorException.java
new file mode 100644
index 0000000..5587158
--- /dev/null
+++ b/src/main/java/com/ffii/core/exception/InternalServerErrorException.java
@@ -0,0 +1,19 @@
+package com.ffii.core.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.server.ResponseStatusException;
+
+public class InternalServerErrorException extends ResponseStatusException {
+
+  public InternalServerErrorException() {
+    super(HttpStatus.INTERNAL_SERVER_ERROR);
+  }
+
+  public InternalServerErrorException(String reason) {
+    super(HttpStatus.INTERNAL_SERVER_ERROR, reason);
+  }
+
+  public InternalServerErrorException(String reason, Throwable e) {
+    super(HttpStatus.INTERNAL_SERVER_ERROR, reason, e);
+  }
+}
diff --git a/src/main/java/com/ffii/core/exception/NotFoundException.java b/src/main/java/com/ffii/core/exception/NotFoundException.java
new file mode 100644
index 0000000..f41d0a3
--- /dev/null
+++ b/src/main/java/com/ffii/core/exception/NotFoundException.java
@@ -0,0 +1,13 @@
+package com.ffii.core.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.server.ResponseStatusException;
+
+/* main record not found (e.g. item record) */
+public class NotFoundException extends ResponseStatusException{
+
+  public NotFoundException() {
+    super(HttpStatus.NOT_FOUND);
+  }
+  
+}
diff --git a/src/main/java/com/ffii/core/exception/UnprocessableEntityException.java b/src/main/java/com/ffii/core/exception/UnprocessableEntityException.java
new file mode 100644
index 0000000..d099908
--- /dev/null
+++ b/src/main/java/com/ffii/core/exception/UnprocessableEntityException.java
@@ -0,0 +1,37 @@
+package com.ffii.core.exception;
+
+import java.util.Map;
+
+import jakarta.validation.constraints.NotNull;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.server.ResponseStatusException;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+/* sub record not found (e.g. item_line record) */
+public class UnprocessableEntityException extends ResponseStatusException {
+
+  public UnprocessableEntityException() {
+    super(HttpStatus.UNPROCESSABLE_ENTITY);
+  }
+
+  public UnprocessableEntityException(@NotNull Map<String, Object> map) {
+    super(HttpStatus.UNPROCESSABLE_ENTITY, map2Str(map));
+  }
+
+  public UnprocessableEntityException(String reason) {
+    super(HttpStatus.UNPROCESSABLE_ENTITY, reason);
+  }
+
+  private static String map2Str(@NotNull Map<String, Object> map) {
+    try {
+      return new ObjectMapper().writeValueAsString(map);
+    } catch (JsonProcessingException e) {
+      e.printStackTrace();
+      return "";
+    }
+  }
+
+}
diff --git a/src/main/java/com/ffii/core/response/DataRes.java b/src/main/java/com/ffii/core/response/DataRes.java
new file mode 100644
index 0000000..d4edb54
--- /dev/null
+++ b/src/main/java/com/ffii/core/response/DataRes.java
@@ -0,0 +1,21 @@
+package com.ffii.core.response;
+
+public class DataRes<T> {
+  private T data;
+
+  public DataRes() {
+  }
+
+  public DataRes(T data) {
+    this.data = data;
+  }
+
+  public T getData() {
+    return data;
+  }
+
+  public void setData(T data) {
+    this.data = data;
+  }
+
+}
diff --git a/src/main/java/com/ffii/core/response/ErrorRes.java b/src/main/java/com/ffii/core/response/ErrorRes.java
new file mode 100644
index 0000000..40f2a66
--- /dev/null
+++ b/src/main/java/com/ffii/core/response/ErrorRes.java
@@ -0,0 +1,36 @@
+package com.ffii.core.response;
+
+import java.time.LocalDateTime;
+
+public class ErrorRes {
+
+  private LocalDateTime timestamp;
+
+  private String traceId;
+
+  public ErrorRes() {
+    this.timestamp = LocalDateTime.now();
+  }
+
+  public ErrorRes(String traceId) {
+    this.timestamp = LocalDateTime.now();
+    this.traceId = traceId;
+  }
+
+  public LocalDateTime getTimestamp() {
+    return timestamp;
+  }
+
+  public void setTimestamp(LocalDateTime timestamp) {
+    this.timestamp = timestamp;
+  }
+
+  public String getTraceId() {
+    return traceId;
+  }
+
+  public void setTraceId(String traceId) {
+    this.traceId = traceId;
+  }
+
+}
diff --git a/src/main/java/com/ffii/core/response/FailureRes.java b/src/main/java/com/ffii/core/response/FailureRes.java
new file mode 100644
index 0000000..838b2b4
--- /dev/null
+++ b/src/main/java/com/ffii/core/response/FailureRes.java
@@ -0,0 +1,39 @@
+package com.ffii.core.response;
+
+import java.time.LocalDateTime;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+public class FailureRes {
+
+  private LocalDateTime timestamp;
+
+  @JsonInclude(JsonInclude.Include.NON_NULL)
+  private String error;
+
+  public FailureRes() {
+    this.timestamp = LocalDateTime.now();
+  }
+
+  public FailureRes(String error) {
+    this.timestamp = LocalDateTime.now();
+    this.error = error;
+  }
+
+  public LocalDateTime getTimestamp() {
+    return timestamp;
+  }
+
+  public void setTimestamp(LocalDateTime timestamp) {
+    this.timestamp = timestamp;
+  }
+
+  public String getError() {
+    return error;
+  }
+
+  public void setError(String error) {
+    this.error = error;
+  }
+
+}
diff --git a/src/main/java/com/ffii/core/response/IdRes.java b/src/main/java/com/ffii/core/response/IdRes.java
new file mode 100644
index 0000000..95f72bd
--- /dev/null
+++ b/src/main/java/com/ffii/core/response/IdRes.java
@@ -0,0 +1,21 @@
+package com.ffii.core.response;
+
+public class IdRes {
+  private long id;
+
+  public IdRes() {
+  }
+
+  public IdRes(long id) {
+    this.id = id;
+  }
+
+  public long getId() {
+    return id;
+  }
+
+  public void setId(long id) {
+    this.id = id;
+  }
+
+}
diff --git a/src/main/java/com/ffii/core/response/RecordsRes.java b/src/main/java/com/ffii/core/response/RecordsRes.java
new file mode 100644
index 0000000..7798b9e
--- /dev/null
+++ b/src/main/java/com/ffii/core/response/RecordsRes.java
@@ -0,0 +1,41 @@
+package com.ffii.core.response;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+public class RecordsRes<T> {
+  private List<T> records;
+
+  @JsonInclude(JsonInclude.Include.NON_NULL)
+  private Integer total;
+
+  public RecordsRes() {
+  }
+
+  public RecordsRes(List<T> records) {
+    this.records = records;
+  }
+
+  public RecordsRes(List<T> records, int total) {
+    this.records = records;
+    this.total = total;
+  }
+
+  public List<T> getRecords() {
+    return records;
+  }
+
+  public void setRecords(List<T> records) {
+    this.records = records;
+  }
+
+  public Integer getTotal() {
+    return total;
+  }
+
+  public void setTotal(Integer total) {
+    this.total = total;
+  }
+
+}
diff --git a/src/main/java/com/ffii/core/support/AbstractBaseEntityService.java b/src/main/java/com/ffii/core/support/AbstractBaseEntityService.java
new file mode 100644
index 0000000..1a75e6e
--- /dev/null
+++ b/src/main/java/com/ffii/core/support/AbstractBaseEntityService.java
@@ -0,0 +1,42 @@
+package com.ffii.core.support;
+
+import java.io.Serializable;
+import java.util.Optional;
+
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.Assert;
+
+import com.ffii.core.entity.BaseEntity;
+import com.ffii.core.exception.ConflictException;
+
+/** @author Alex */
+public abstract class AbstractBaseEntityService<T extends BaseEntity<ID>, ID extends Serializable, R extends AbstractRepository<T, ID>>
+		extends AbstractIdEntityService<T, ID, R> {
+
+	public AbstractBaseEntityService(JdbcDao jdbcDao, R repository) {
+		super(jdbcDao, repository);
+	}
+
+	/** find and check versionId */
+	public Optional<T> find(ID id, int version) {
+		Assert.notNull(id, "id must not be null");
+		return repository.findById(id)
+				.map(entity -> {
+					if (entity.getVersion() != version) throw new ConflictException("OPTIMISTIC_LOCK");
+					return entity;
+				});
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public void markDelete(ID id) {
+		Assert.notNull(id, "id must not be null");
+		find(id).ifPresent(t -> markDelete(t));
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public void markDelete(T entity) {
+		Assert.notNull(entity, "entity must not be null");
+		entity.setDeleted(Boolean.TRUE);
+		save(entity);
+	}
+}
diff --git a/src/main/java/com/ffii/core/support/AbstractIdEntityService.java b/src/main/java/com/ffii/core/support/AbstractIdEntityService.java
new file mode 100644
index 0000000..30612b1
--- /dev/null
+++ b/src/main/java/com/ffii/core/support/AbstractIdEntityService.java
@@ -0,0 +1,65 @@
+package com.ffii.core.support;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.Assert;
+
+import com.ffii.core.entity.IdEntity;
+
+/** @author Alex */
+public abstract class AbstractIdEntityService<T extends IdEntity<ID>, ID extends Serializable, R extends AbstractRepository<T, ID>>
+		extends AbstractService {
+
+	protected R repository;
+
+	public AbstractIdEntityService(JdbcDao jdbcDao, R repository) {
+		super(jdbcDao);
+		this.repository = repository;
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public T save(T entity) {
+		Assert.notNull(entity, "entity must not be null");
+		return this.repository.save(entity);
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public T saveAndFlush(T entity) {
+		Assert.notNull(entity, "entity must not be null");
+		return this.repository.saveAndFlush(entity);
+	}
+
+	public List<T> listAll() {
+		return this.repository.findAll();
+	}
+
+	public Optional<T> find(ID id) {
+		Assert.notNull(id, "id must not be null");
+		return this.repository.findById(id);
+	}
+
+	public boolean existsById(ID id) {
+		Assert.notNull(id, "id must not be null");
+		return this.repository.existsById(id);
+	}
+
+	public List<T> findAllByIds(List<ID> ids) {
+		Assert.notNull(ids, "ids must not be null");
+		return this.repository.findAllById(ids);
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public void delete(ID id) {
+		Assert.notNull(id, "id must not be null");
+		this.repository.deleteById(id);
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public void delete(T entity) {
+		Assert.notNull(entity, "entity must not be null");
+		this.repository.delete(entity);
+	}
+}
diff --git a/src/main/java/com/ffii/core/support/AbstractRepository.java b/src/main/java/com/ffii/core/support/AbstractRepository.java
new file mode 100644
index 0000000..3606539
--- /dev/null
+++ b/src/main/java/com/ffii/core/support/AbstractRepository.java
@@ -0,0 +1,16 @@
+package com.ffii.core.support;
+
+import java.io.Serializable;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.repository.NoRepositoryBean;
+
+import com.ffii.core.entity.IdEntity;
+
+/**
+ * @author Alex
+ * @see https://docs.spring.io/spring-data/jpa/docs/2.7.0/reference/html/#jpa.query-methods.query-creation
+ */
+@NoRepositoryBean
+public interface AbstractRepository<T extends IdEntity<ID>, ID extends Serializable> extends JpaRepository<T, ID> {
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/core/support/AbstractService.java b/src/main/java/com/ffii/core/support/AbstractService.java
new file mode 100644
index 0000000..855e504
--- /dev/null
+++ b/src/main/java/com/ffii/core/support/AbstractService.java
@@ -0,0 +1,15 @@
+package com.ffii.core.support;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/** @author Terence */
+public abstract class AbstractService {
+	protected final Log logger = LogFactory.getLog(getClass());
+
+	protected JdbcDao jdbcDao;
+
+	public AbstractService(JdbcDao jdbcDao) {
+		this.jdbcDao = jdbcDao;
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/core/support/ErrorHandler.java b/src/main/java/com/ffii/core/support/ErrorHandler.java
new file mode 100644
index 0000000..c8f5c10
--- /dev/null
+++ b/src/main/java/com/ffii/core/support/ErrorHandler.java
@@ -0,0 +1,44 @@
+package com.ffii.core.support;
+
+import java.util.UUID;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.server.ResponseStatusException;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
+
+import com.ffii.core.exception.ConflictException;
+import com.ffii.core.exception.InternalServerErrorException;
+import com.ffii.core.response.ErrorRes;
+import com.ffii.core.response.FailureRes;
+
+@RestControllerAdvice
+public class ErrorHandler extends ResponseEntityExceptionHandler {
+  private final Log logger = LogFactory.getLog(getClass());
+
+  @ExceptionHandler({ ConflictException.class, ResponseStatusException.class })
+  public ResponseEntity<FailureRes> error409422(final Exception ex) {
+    ResponseStatusException e = (ResponseStatusException) ex;
+    return new ResponseEntity<>(new FailureRes(e.getReason()), e.getStatusCode());
+  }
+
+  @ExceptionHandler(AccessDeniedException.class)
+  public ResponseEntity<?> error403(final Exception ex) {
+    return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+  }
+
+  @ExceptionHandler({ InternalServerErrorException.class, Exception.class })
+  @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+  public ResponseEntity<ErrorRes> error500(final Exception ex) {
+    UUID traceId = UUID.randomUUID();
+    logger.error("traceId: " + traceId, ex);
+    return new ResponseEntity<>(new ErrorRes(traceId.toString()), HttpStatus.INTERNAL_SERVER_ERROR);
+  }
+
+}
diff --git a/src/main/java/com/ffii/core/support/JdbcDao.java b/src/main/java/com/ffii/core/support/JdbcDao.java
new file mode 100644
index 0000000..c6854ff
--- /dev/null
+++ b/src/main/java/com/ffii/core/support/JdbcDao.java
@@ -0,0 +1,437 @@
+package com.ffii.core.support;
+
+import java.math.BigDecimal;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import javax.sql.DataSource;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.dao.IncorrectResultSizeDataAccessException;
+import org.springframework.dao.InvalidDataAccessApiUsageException;
+import org.springframework.jdbc.BadSqlGrammarException;
+import org.springframework.jdbc.IncorrectResultSetColumnCountException;
+import org.springframework.jdbc.core.BeanPropertyRowMapper;
+import org.springframework.jdbc.core.namedparam.BeanPropertySqlParameterSource;
+import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
+import org.springframework.jdbc.core.namedparam.SqlParameterSourceUtils;
+
+/** @author Terence */
+public class JdbcDao {
+
+	private NamedParameterJdbcTemplate template;
+
+	public JdbcDao(DataSource dataSource) {
+		this.template = new NamedParameterJdbcTemplate(dataSource);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public String queryForString(String sql) {
+		return this.queryForString(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public String queryForString(String sql, Map<String, ?> paramMap) {
+		try {
+			return this.template.queryForObject(sql, paramMap, String.class);
+		} catch (EmptyResultDataAccessException e) {
+			return StringUtils.EMPTY;
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public String queryForString(String sql, Object paramObj) {
+		try {
+			return this.template.queryForObject(sql, new BeanPropertySqlParameterSource(paramObj), String.class);
+		} catch (EmptyResultDataAccessException e) {
+			return StringUtils.EMPTY;
+		}
+	}
+
+	/**
+	 * @return {@code true} if non-zero, {@code false} if zero
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public boolean queryForBoolean(String sql) {
+		return this.queryForBoolean(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @return {@code true} if non-zero, {@code false} if zero
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public boolean queryForBoolean(String sql, Map<String, ?> paramMap) {
+		try {
+			var rs = this.template.queryForObject(sql, paramMap, Boolean.class);
+			return rs == null ? false : rs;
+		} catch (EmptyResultDataAccessException e) {
+			return false;
+		}
+	}
+
+	/**
+	 * @return {@code true} if non-zero, {@code false} if zero
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public boolean queryForBoolean(String sql, Object paramObj) {
+		try {
+			var rs = this.template.queryForObject(sql, new BeanPropertySqlParameterSource(paramObj), Boolean.class);
+			return rs == null ? false : rs;
+		} catch (EmptyResultDataAccessException e) {
+			return false;
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public int queryForInt(String sql) {
+		return this.queryForInt(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public int queryForInt(String sql, Map<String, ?> paramMap) {
+		try {
+			var rs = this.template.queryForObject(sql, paramMap, Integer.class);
+			return rs == null ? 0 : rs;
+		} catch (EmptyResultDataAccessException e) {
+			return 0;
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public int queryForInt(String sql, Object paramObj) {
+		try {
+			var rs = this.template.queryForObject(sql,
+					new BeanPropertySqlParameterSource(paramObj), Integer.class);
+			return rs == null ? 0 : rs;
+		} catch (EmptyResultDataAccessException e) {
+			return 0;
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public BigDecimal queryForDecimal(String sql) {
+		return this.queryForDecimal(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public BigDecimal queryForDecimal(String sql, Map<String, ?> paramMap) {
+		try {
+			return this.template.queryForObject(sql, paramMap, BigDecimal.class);
+		} catch (EmptyResultDataAccessException e) {
+			return BigDecimal.ZERO;
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSetColumnCountException  Incorrect column count
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public BigDecimal queryForDecimal(String sql, Object paramObj) {
+		try {
+			return this.template.queryForObject(sql,
+					new BeanPropertySqlParameterSource(paramObj), BigDecimal.class);
+		} catch (EmptyResultDataAccessException e) {
+			return BigDecimal.ZERO;
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public <T> Optional<T> queryForEntity(String sql, Class<T> entity) {
+		return this.queryForEntity(sql, (Map<String, ?>) null, entity);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public <T> Optional<T> queryForEntity(String sql, Map<String, ?> paramMap, Class<T> entity) {
+		try {
+			return Optional.of(this.template.queryForObject(sql, paramMap,
+					new BeanPropertyRowMapper<T>(entity)));
+		} catch (EmptyResultDataAccessException e) {
+			return Optional.empty();
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                  sql error
+	 * @throws InvalidDataAccessApiUsageException      params missing when needed
+	 * @throws IncorrectResultSizeDataAccessException: Incorrect result size
+	 */
+	public <T> Optional<T> queryForEntity(String sql, Object paramObj, Class<T> entity) {
+		try {
+			return Optional.of(this.template.queryForObject(sql,
+					new BeanPropertySqlParameterSource(paramObj), new BeanPropertyRowMapper<T>(entity)));
+		} catch (EmptyResultDataAccessException e) {
+			return Optional.empty();
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException sql error
+	 */
+	public <T> List<T> queryForList(String sql, Class<T> entity) {
+		return this.queryForList(sql, (Map<String, ?>) null, entity);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public <T> List<T> queryForList(String sql, Map<String, ?> paramMap, Class<T> entity) {
+		return this.template.query(sql, paramMap, new BeanPropertyRowMapper<T>(entity));
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public <T> List<T> queryForList(String sql, Object paramObj, Class<T> entity) {
+		return this.template.query(sql, new BeanPropertySqlParameterSource(paramObj),
+				new BeanPropertyRowMapper<T>(entity));
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<Integer> queryForInts(String sql) {
+		return this.queryForInts(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<Integer> queryForInts(String sql, Map<String, ?> paramMap) {
+		return this.template.queryForList(sql, paramMap, Integer.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<Integer> queryForInts(String sql, Object paramObj) {
+		return this.template.queryForList(sql, new BeanPropertySqlParameterSource(paramObj), Integer.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<LocalDate> queryForDates(String sql) {
+		return this.queryForDates(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<LocalDate> queryForDates(String sql, Map<String, ?> paramMap) {
+		return this.template.queryForList(sql, paramMap, LocalDate.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<LocalDate> queryForDates(String sql, Object paramObj) {
+		return this.template.queryForList(sql, new BeanPropertySqlParameterSource(paramObj), LocalDate.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<LocalDateTime> queryForDatetimes(String sql) {
+		return this.queryForDatetimes(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<LocalDateTime> queryForDatetimes(String sql, Map<String, ?> paramMap) {
+		return this.template.queryForList(sql, paramMap, LocalDateTime.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<LocalDateTime> queryForDatetimes(String sql, Object paramObj) {
+		return this.template.queryForList(sql, new BeanPropertySqlParameterSource(paramObj), LocalDateTime.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<String> queryForStrings(String sql) {
+		return this.queryForStrings(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<String> queryForStrings(String sql, Map<String, ?> paramMap) {
+		return this.template.queryForList(sql, paramMap, String.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException                 sql error
+	 * @throws InvalidDataAccessApiUsageException     params missing when needed
+	 * @throws IncorrectResultSetColumnCountException Incorrect column count
+	 */
+	public List<String> queryForStrings(String sql, Object paramObj) {
+		return this.template.queryForList(sql, new BeanPropertySqlParameterSource(paramObj), String.class);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException sql error
+	 */
+	public List<Map<String, Object>> queryForList(String sql) {
+		return this.queryForList(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public List<Map<String, Object>> queryForList(String sql, Map<String, ?> paramMap) {
+		return this.template.queryForList(sql, paramMap);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public List<Map<String, Object>> queryForList(String sql, Object paramObj) {
+		return this.template.queryForList(sql, new BeanPropertySqlParameterSource(paramObj));
+	}
+
+	/**
+	 * @throws BadSqlGrammarException sql error
+	 */
+	public Optional<Map<String, Object>> queryForMap(String sql) {
+		return this.queryForMap(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public Optional<Map<String, Object>> queryForMap(String sql, Map<String, ?> paramMap) {
+		try {
+			return Optional.of(this.template.queryForMap(sql, paramMap));
+		} catch (EmptyResultDataAccessException e) {
+			return Optional.empty();
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public Optional<Map<String, Object>> queryForMap(String sql, Object paramObj) {
+		try {
+			return Optional.of(this.template.queryForMap(sql, new BeanPropertySqlParameterSource(paramObj)));
+		} catch (EmptyResultDataAccessException e) {
+			return Optional.empty();
+		}
+	}
+
+	/**
+	 * @throws BadSqlGrammarException sql error
+	 */
+	public int executeUpdate(String sql) {
+		return this.executeUpdate(sql, (Map<String, ?>) null);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public int executeUpdate(String sql, Map<String, ?> paramMap) {
+		return this.template.update(sql, paramMap);
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public int executeUpdate(String sql, Object paramObj) {
+		return this.template.update(sql, new BeanPropertySqlParameterSource(paramObj));
+	}
+
+	/**
+	 * @throws BadSqlGrammarException             sql error
+	 * @throws InvalidDataAccessApiUsageException params missing when needed
+	 */
+	public int[] batchUpdate(String sql, List<?> paramsMapOrObject) {
+		return this.template.batchUpdate(sql, SqlParameterSourceUtils.createBatch(paramsMapOrObject));
+	}
+}
diff --git a/src/main/java/com/ffii/core/utils/AES.java b/src/main/java/com/ffii/core/utils/AES.java
new file mode 100644
index 0000000..89830e7
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/AES.java
@@ -0,0 +1,85 @@
+package com.ffii.core.utils;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.Base64;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class AES {
+
+  protected final Log logger = LogFactory.getLog(getClass());
+
+  private static SecretKeySpec secretKey;
+  private static byte[] key;
+
+  public static void setKey(String myKey) {
+    MessageDigest sha = null;
+    try {
+      key = myKey.getBytes("UTF-8");
+      sha = MessageDigest.getInstance("SHA-1");
+      key = sha.digest(key);
+      key = Arrays.copyOf(key, 16);
+      secretKey = new SecretKeySpec(key, "AES");
+    } catch (NoSuchAlgorithmException e) {
+      e.printStackTrace();
+    } catch (UnsupportedEncodingException e) {
+      e.printStackTrace();
+    }
+  }
+
+  public static String encrypt(String strToEncrypt, String secret) {
+    try {
+      setKey(secret);
+      Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
+      cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+      return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes("UTF-8")));
+    } catch (Exception e) {
+      System.out.println("Error while encrypting: " + e.toString());
+    }
+    return null;
+  }
+
+  public static String urlEncrypt(String strToEncrypt, String secret) {
+    try {
+      setKey(secret);
+      Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
+      cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+      return Base64.getUrlEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes("UTF-8")));
+    } catch (Exception e) {
+      System.out.println("Error while encrypting: " + e.toString());
+    }
+    return null;
+  }
+
+  public static String decrypt(String strToDecrypt, String secret) {
+    try {
+      setKey(secret);
+      Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
+      cipher.init(Cipher.DECRYPT_MODE, secretKey);
+      return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt)), "UTF-8");
+    } catch (Exception e) {
+      System.out.println("Error while decrypting: " + e.toString());
+    }
+    return null;
+  }
+
+  public static String urlDecrypt(String strToDecrypt, String secret) {
+    try {
+      setKey(secret);
+      System.out.println("strToDecrypt: " + strToDecrypt);
+      Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
+      cipher.init(Cipher.DECRYPT_MODE, secretKey);
+      return new String(cipher.doFinal(Base64.getUrlDecoder().decode(strToDecrypt)), "UTF-8");
+    } catch (Exception e) {
+      System.out.println("Error while decrypting: " + e.toString());
+    }
+    return null;
+  }
+}
diff --git a/src/main/java/com/ffii/core/utils/CriteriaArgsBuilder.java b/src/main/java/com/ffii/core/utils/CriteriaArgsBuilder.java
new file mode 100644
index 0000000..138b755
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/CriteriaArgsBuilder.java
@@ -0,0 +1,242 @@
+package com.ffii.core.utils;
+
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeParseException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.web.bind.ServletRequestBindingException;
+import org.springframework.web.bind.ServletRequestUtils;
+
+/** @author Alex */
+public class CriteriaArgsBuilder {
+
+  private HttpServletRequest request;
+  private Map<String, Object> args;
+
+  private CriteriaArgsBuilder(HttpServletRequest request, Map<String, Object> args) {
+    this.args = args;
+    this.request = request;
+  }
+
+  public static CriteriaArgsBuilder withRequest(HttpServletRequest request) {
+    return new CriteriaArgsBuilder(request, new HashMap<String, Object>());
+  }
+
+  public static CriteriaArgsBuilder withRequestNMap(HttpServletRequest request, Map<String, Object> args) {
+    return new CriteriaArgsBuilder(request, args);
+  }
+
+  public CriteriaArgsBuilder addStringExact(String paramName) throws ServletRequestBindingException {
+    String value = StringUtils.trimToNull(ServletRequestUtils.getStringParameter(this.request, paramName));
+    if (value != null)
+      args.put(paramName, value);
+    return this;
+  }
+
+  public CriteriaArgsBuilder addStringLike(String paramName) throws ServletRequestBindingException {
+    String value = StringUtils.trimToNull(ServletRequestUtils.getStringParameter(this.request, paramName));
+    if (value != null)
+      args.put(paramName, "%" + value + "%");
+    return this;
+  }
+
+  public CriteriaArgsBuilder addString(String paramName) throws ServletRequestBindingException {
+    return this.addStringExact(paramName);
+  }
+
+  public CriteriaArgsBuilder addStringStartsWith(String paramName) throws ServletRequestBindingException {
+    String value = StringUtils.trimToNull(ServletRequestUtils.getStringParameter(this.request, paramName));
+    if (value != null)
+      args.put(paramName, value + "%");
+    return this;
+  }
+
+  public CriteriaArgsBuilder addStringEndsWith(String paramName) throws ServletRequestBindingException {
+    String value = StringUtils.trimToNull(ServletRequestUtils.getStringParameter(this.request, paramName));
+    if (value != null)
+      args.put(paramName, "%" + value);
+    return this;
+  }
+
+  public CriteriaArgsBuilder addStringList(String paramName) throws ServletRequestBindingException {
+    String[] params = ServletRequestUtils.getStringParameters(this.request, paramName);
+    if (params.length > 0) {
+      List<String> value = new ArrayList<String>(params.length);
+      for (String param : params)
+        if (StringUtils.isNotBlank(param))
+          value.add(param);
+      if (value.size() > 0)
+        args.put(paramName, value);
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addStringCsv(String paramName) throws ServletRequestBindingException {
+    String text = ServletRequestUtils.getStringParameter(this.request, paramName);
+    if (text != null && StringUtils.isNotEmpty(text))
+      args.put(paramName, Arrays.asList(text.split(",")));
+    return this;
+  }
+
+  public CriteriaArgsBuilder addInteger(String paramName) throws ServletRequestBindingException {
+    Integer value = StringUtils.isNotBlank(this.request.getParameter(paramName))
+        ? ServletRequestUtils.getRequiredIntParameter(request, paramName)
+        : null;
+    if (value != null)
+      args.put(paramName, value);
+    return this;
+  }
+
+  public CriteriaArgsBuilder addNonZeroInteger(String paramName) throws ServletRequestBindingException {
+    Integer value = StringUtils.isNotBlank(this.request.getParameter(paramName))
+        ? ServletRequestUtils.getRequiredIntParameter(request, paramName)
+        : null;
+    if (value != null && value.intValue() != 0)
+      args.put(paramName, value);
+    return this;
+  }
+
+  public CriteriaArgsBuilder addIntegerList(String paramName) throws ServletRequestBindingException {
+    int[] params = ServletRequestUtils.getIntParameters(request, paramName);
+    if (params.length > 0) {
+      List<Integer> values = new ArrayList<Integer>();
+      for (int param : params)
+        values.add(param);
+      args.put(paramName, values);
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addNonZeroIntegerList(String paramName) throws ServletRequestBindingException {
+    int[] params = ServletRequestUtils.getIntParameters(request, paramName);
+    if (params.length > 0) {
+      List<Integer> values = new ArrayList<Integer>();
+      for (int param : params)
+        if (param != 0)
+          values.add(param);
+      args.put(paramName, values);
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addLong(String paramName) throws ServletRequestBindingException {
+    Long value = StringUtils.isNotBlank(this.request.getParameter(paramName))
+        ? ServletRequestUtils.getRequiredLongParameter(request, paramName)
+        : null;
+    if (value != null)
+      args.put(paramName, value);
+    return this;
+  }
+
+  public CriteriaArgsBuilder addNonZeroLong(String paramName) throws ServletRequestBindingException {
+    Long value = StringUtils.isNotBlank(this.request.getParameter(paramName))
+        ? ServletRequestUtils.getRequiredLongParameter(request, paramName)
+        : null;
+    if (value != null && value.longValue() != 0L)
+      args.put(paramName, value);
+    return this;
+  }
+
+  public CriteriaArgsBuilder addDatetime(String paramName) throws ServletRequestBindingException {
+    String value = ServletRequestUtils.getStringParameter(request, paramName);
+    if (StringUtils.isNotBlank(value)) {
+      try {
+        args.put(paramName, LocalDateTime.parse(value));
+      } catch (DateTimeParseException e) {
+        throw new ServletRequestBindingException(paramName);
+      }
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addDatetime(String paramName, DateTimeFormatter formatter)
+      throws ServletRequestBindingException {
+    String value = ServletRequestUtils.getStringParameter(request, paramName);
+    if (StringUtils.isNotBlank(value)) {
+      try {
+        args.put(paramName, LocalDateTime.parse(value, formatter));
+      } catch (DateTimeParseException e) {
+        throw new ServletRequestBindingException(paramName);
+      }
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addDate(String paramName) throws ServletRequestBindingException {
+    String value = ServletRequestUtils.getStringParameter(request, paramName);
+    if (StringUtils.isNotBlank(value)) {
+      try {
+        args.put(paramName, LocalDate.parse(value));
+      } catch (DateTimeParseException e) {
+        throw new ServletRequestBindingException(paramName);
+      }
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addDate(String paramName, DateTimeFormatter formatter)
+      throws ServletRequestBindingException {
+    String value = ServletRequestUtils.getStringParameter(request, paramName);
+    if (StringUtils.isNotBlank(value)) {
+      try {
+        args.put(paramName, LocalDate.parse(value, formatter));
+      } catch (DateTimeParseException e) {
+        throw new ServletRequestBindingException(paramName);
+      }
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addDateTo(String paramName) throws ServletRequestBindingException {
+    String value = ServletRequestUtils.getStringParameter(request, paramName);
+    if (StringUtils.isNotBlank(value)) {
+      try {
+        args.put(paramName, LocalDate.parse(value).plusDays(1));
+      } catch (DateTimeParseException e) {
+        throw new ServletRequestBindingException(paramName);
+      }
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addDateTo(String paramName, DateTimeFormatter formatter)
+      throws ServletRequestBindingException {
+    String value = ServletRequestUtils.getStringParameter(request, paramName);
+    if (StringUtils.isNotBlank(value)) {
+      try {
+        args.put(paramName, LocalDate.parse(value, formatter).plusDays(1));
+      } catch (DateTimeParseException e) {
+        throw new ServletRequestBindingException(paramName);
+      }
+    }
+    return this;
+  }
+
+  public CriteriaArgsBuilder addBoolean(String paramName) throws ServletRequestBindingException {
+
+    if (request.getParameter(paramName) == null || request.getParameter(paramName).isEmpty()) {
+      return this;
+    }
+    Boolean value = ServletRequestUtils.getBooleanParameter(request, paramName);
+    args.put(paramName, value);
+    return this;
+  }
+
+  public CriteriaArgsBuilder put(String key, Object value) {
+    args.put(key, value);
+    return this;
+  }
+
+  public Map<String, Object> build() {
+    return this.args;
+  }
+}
diff --git a/src/main/java/com/ffii/core/utils/ExcelUtils.java b/src/main/java/com/ffii/core/utils/ExcelUtils.java
new file mode 100644
index 0000000..b750b63
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/ExcelUtils.java
@@ -0,0 +1,778 @@
+package com.ffii.core.utils;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigDecimal;
+import java.math.RoundingMode;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.LocalTime;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeParseException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.math.NumberUtils;
+import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
+import org.apache.poi.openxml4j.opc.OPCPackage;
+import org.apache.poi.poifs.crypt.EncryptionInfo;
+import org.apache.poi.poifs.crypt.EncryptionMode;
+import org.apache.poi.poifs.crypt.Encryptor;
+import org.apache.poi.poifs.filesystem.POIFSFileSystem;
+import org.apache.poi.ss.usermodel.Cell;
+import org.apache.poi.ss.usermodel.CellType;
+import org.apache.poi.ss.usermodel.DataFormatter;
+import org.apache.poi.ss.usermodel.DateUtil;
+import org.apache.poi.ss.usermodel.RichTextString;
+import org.apache.poi.ss.usermodel.Row;
+import org.apache.poi.ss.usermodel.Sheet;
+import org.apache.poi.ss.usermodel.Workbook;
+import org.apache.poi.ss.util.CellRangeAddress;
+import org.apache.poi.xssf.usermodel.XSSFWorkbook;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import jakarta.servlet.http.HttpServletResponse;
+
+public abstract class ExcelUtils {
+
+	/**
+	 * static A to Z char array
+	 */
+	private static final char[] A2Z = {
+			'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
+			'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
+			'U', 'V', 'W', 'X', 'Y', 'Z' };
+
+	private static final DataFormatter DATA_FORMATTER = new DataFormatter();
+
+	/** max rows limit of .xls **/
+	public static final int MAX_ROWS = 65536;
+	/** max columns limit of .xls **/
+	public static final int MAX_COLS = 256;
+
+	/**
+	 * Column reference to index (0-based) map, support up to 256 columns (compatible with .xls format)
+	 */
+	public static final Map<String, Integer> COL_IDX = new HashMap<String, Integer>(MAX_COLS, 1.0f);
+
+	static {
+		for (int columnIndex = 0; columnIndex < MAX_COLS; columnIndex++) {
+			int tempColumnCount = columnIndex;
+			StringBuilder sb = new StringBuilder(2);
+			do {
+				sb.insert(0, A2Z[tempColumnCount % 26]);
+				tempColumnCount = (tempColumnCount / 26) - 1;
+			} while (tempColumnCount >= 0);
+			COL_IDX.put(sb.toString(), Integer.valueOf(columnIndex));
+		}
+	}
+
+	/**
+	 * Load XSSF workbook (xlsx file) from template source.
+	 *
+	 * @param url
+	 *          the relative path to the template source, e.g. "WEB-INF/excel/exampleReportTemplate.xlsx"
+	 *
+	 * @return the workbook, or null if the template file cannot be loaded
+	 */
+	public static final Workbook loadXSSFWorkbookFromTemplateSource(ResourceLoader resourceLoader, String url) {
+		Resource resource = resourceLoader.getResource(url);
+		try {
+			return new XSSFWorkbook(resource.getInputStream());
+		} catch (IOException e) {
+			return null;
+		}
+	}
+
+	/**
+	 * Write the workbook to byte array.
+	 *
+	 * @param workbook
+	 *          The Excel workbook (cannot be null)
+	 *
+	 * @return the byte[], or null if IO exception occurred
+	 */
+	public static final byte[] toByteArray(Workbook workbook) {
+		ByteArrayOutputStream baos = new ByteArrayOutputStream();
+		try {
+			workbook.write(baos);
+		} catch (IOException e) {
+			return null;
+		}
+		return baos.toByteArray();
+	}
+
+	/**
+	 * Check if the cell exists in the given sheet, row and column.
+	 *
+	 * @param sheet
+	 *          the Sheet (cannot be null)
+	 * @param rowIndex
+	 *          0-based row index
+	 * @param colIndex
+	 *          0-based column index
+	 *
+	 * @return {@code true} if cell exists, else {@code false}
+	 */
+	public static final boolean isCellExists(Sheet sheet, int rowIndex, int colIndex) {
+		Row row = sheet.getRow(rowIndex);
+		if (row != null) {
+			Cell cell = row.getCell(colIndex);
+			return cell != null;
+		}
+		return false;
+	}
+
+	/**
+	 * Convenient method to obtain the cell in the given sheet, row and column.
+	 * <p>
+	 * Creates the row and the cell if not already exist.
+	 *
+	 * @param sheet
+	 *          the Sheet (cannot be null)
+	 * @param rowIndex
+	 *          0-based row index
+	 * @param colIndex
+	 *          0-based column index
+	 *
+	 * @return the Cell (never null)
+	 */
+	public static final Cell getCell(Sheet sheet, int rowIndex, int colIndex) {
+		Row row = sheet.getRow(rowIndex);
+		if (row == null) {
+			row = sheet.createRow(rowIndex);
+		}
+		Cell cell = row.getCell(colIndex);
+		if (cell == null) {
+			cell = row.createCell(colIndex);
+		}
+		return cell;
+	}
+
+	/**
+	 * Get column index by column reference (support up to 256 columns)
+	 *
+	 * @param columnRef
+	 *          column reference such as "A", "B", "AA", "AB"...
+	 *
+	 * @return the column index
+	 *
+	 * @throws NullPointerException
+	 *           if column reference is invalid or the index exceeds 256
+	 */
+	public static final int getColumnIndex(String columnRef) {
+		return COL_IDX.get(columnRef);
+	}
+
+	/**
+	 * Get column reference by column index
+	 *
+	 * @param columnIndex
+	 *          0-based column index
+	 *
+	 * @return the column reference such as "A", "B", "AA", "AB"...
+	 */
+	public static final String getColumnRef(int columnIndex) {
+		StringBuilder sb = new StringBuilder();
+		int tempColumnCount = columnIndex;
+		do {
+			sb.insert(0, A2Z[tempColumnCount % 26]);
+			tempColumnCount = (tempColumnCount / 26) - 1;
+		} while (tempColumnCount >= 0);
+		return sb.toString();
+	}
+
+	/**
+	 * Get the Excel Cell Ref String by columnIndex and rowIndex
+	 *
+	 * @param columnIndex
+	 *          0-based column index
+	 * @param rowIndex
+	 *          0-based row index
+	 */
+	public static final String getCellRefString(int columnIndex, int rowIndex) {
+		StringBuilder sb = new StringBuilder();
+		int tempColumnCount = columnIndex;
+		do {
+			sb.insert(0, A2Z[tempColumnCount % 26]);
+			tempColumnCount = (tempColumnCount / 26) - 1;
+		} while (tempColumnCount >= 0);
+		sb.append(rowIndex + 1);
+		return sb.toString();
+	}
+
+	/**
+	 * Get Cell value as <code>String</code>
+	 */
+	public static String getStringValue(Cell cell) {
+		if (cell != null && cell.getCellType() == CellType.FORMULA) {
+			try {
+				return cell.getStringCellValue();
+			} catch (Exception e) {
+				return "";
+			}
+		}
+		return DATA_FORMATTER.formatCellValue(cell);
+	}
+
+	/**
+	 * Get Cell value as <code>BigDecimal</code>, with a fallback value
+	 * <p>
+	 * Only support {@link CellType#NUMERIC} and {@link CellType#STRING}
+	 *
+	 * @return the <code>BigDecimal</code> value, or the default value if cell is <code>null</code> or cell type is {@link CellType#BLANK}
+	 */
+	public static BigDecimal getDecimalValue(Cell cell, BigDecimal defaultValue) {
+		if (cell == null || cell.getCellType() == CellType.BLANK) return defaultValue;
+		if (cell.getCellType() == CellType.STRING) {
+			return new BigDecimal(cell.getStringCellValue());
+		} else {
+			return BigDecimal.valueOf(cell.getNumericCellValue());
+		}
+	}
+
+	/**
+	 * Get Cell value as <code>BigDecimal</code>
+	 * <p>
+	 * Only support {@link CellType#NUMERIC} and {@link CellType#STRING}
+	 *
+	 * @return the <code>BigDecimal</code> value, or <code>BigDecimal.ZERO</code> if cell is <code>null</code> or cell type is {@link CellType#BLANK}
+	 */
+	public static BigDecimal getDecimalValue(Cell cell) {
+		return getDecimalValue(cell, BigDecimal.ZERO);
+	}
+
+	/**
+	 * Get Cell value as <code>double</code>
+	 * <p>
+	 * Only support {@link CellType#NUMERIC} and {@link CellType#STRING}
+	 */
+	public static double getDoubleValue(Cell cell) {
+		if (cell == null) return 0.0;
+		if (cell.getCellType() == CellType.STRING) {
+			return NumberUtils.toDouble(cell.getStringCellValue());
+		} else {
+			return cell.getNumericCellValue();
+		}
+	}
+
+	/**
+	 * Get Cell value as <code>int</code> (rounded half-up to the nearest integer)
+	 * <p>
+	 * Only support {@link CellType#NUMERIC} and {@link CellType#STRING}
+	 */
+	public static int getIntValue(Cell cell) {
+		return BigDecimal.valueOf(getDoubleValue(cell)).setScale(0, RoundingMode.HALF_UP).intValue();
+	}
+
+	/**
+	 * Get Cell Integer value (truncated)
+	 */
+	public static Integer getIntValue(Cell cell, Integer defaultValue) {
+		if (cell == null) return defaultValue;
+		if (cell.getCellType() == CellType.STRING) {
+			return NumberUtils.toInt(cell.getStringCellValue(), defaultValue);
+		} else {
+			return (int) cell.getNumericCellValue();
+		}
+	}
+
+	public static LocalDate getDateValue(Cell cell, DateTimeFormatter formatter) {
+		if (cell == null) return null;
+		if (cell.getCellType() == CellType.STRING) {
+			try {
+				return LocalDate.parse(cell.getStringCellValue(), formatter);
+			} catch (DateTimeParseException e) {
+				return null;
+			}
+		}
+		if (DateUtil.isCellDateFormatted(cell)) {
+			try {
+				return DateUtil.getJavaDate(cell.getNumericCellValue()).toInstant()
+						.atZone(ZoneId.systemDefault())
+						.toLocalDate();
+			} catch (NumberFormatException e) {
+				return null;
+			}
+		} else {
+			return null;
+		}
+	}
+
+	public static LocalDateTime getDatetimeValue(Cell cell, DateTimeFormatter formatter) {
+		if (cell == null) return null;
+		if (cell.getCellType() == CellType.STRING) {
+			try {
+				return LocalDateTime.parse(cell.getStringCellValue(), formatter);
+			} catch (DateTimeParseException e) {
+				return null;
+			}
+		}
+		if (DateUtil.isCellDateFormatted(cell)) {
+			try {
+				return DateUtil.getJavaDate(cell.getNumericCellValue()).toInstant()
+						.atZone(ZoneId.systemDefault())
+						.toLocalDateTime();
+			} catch (NumberFormatException e) {
+				return null;
+			}
+		} else {
+			return null;
+		}
+	}
+
+	/**
+	 * Convenient method to set Cell value
+	 *
+	 * @param cell
+	 *          the Cell (cannot be null)
+	 * @param value
+	 *          the value to set
+	 */
+	public static void setCellValue(Cell cell, Object value) {
+		if (value instanceof String)
+			cell.setCellValue((String) value);
+		else if (value instanceof RichTextString)
+			cell.setCellValue((RichTextString) value);
+		else if (value instanceof Number)
+			cell.setCellValue(((Number) value).doubleValue());
+		else if (value instanceof Boolean)
+			cell.setCellValue(((Boolean) value).booleanValue());
+		else if (value instanceof Calendar)
+			cell.setCellValue((Calendar) value);
+		else if (value instanceof Date)
+			cell.setCellValue((Date) value);
+		else if (value instanceof LocalDate)
+			cell.setCellValue((LocalDate) value);
+		else if (value instanceof LocalTime)
+			cell.setCellValue(((LocalTime) value).toString());
+		else if (value instanceof LocalDateTime)
+			cell.setCellValue((LocalDateTime) value);
+		else if (value == null)
+			cell.setCellValue("");
+		else
+			throw new IllegalArgumentException(value.getClass().toString() + " is not supported");
+	}
+
+	/**
+	 * Convenient method to set Cell value by Sheet, row index, and column index
+	 *
+	 * @param sheet
+	 *          the Sheet (cannot be null)
+	 * @param rowIndex
+	 *          0-based row index
+	 * @param colIndex
+	 *          0-based column index
+	 * @param value
+	 *          the value to set
+	 */
+	public static void setCellValue(Sheet sheet, int rowIndex, int colIndex, Object value) {
+		setCellValue(getCell(sheet, rowIndex, colIndex), value);
+	}
+
+	/**
+	 * Increase Row Height (if necessary, but never decrease it) by counting the no. of lines in a String value
+	 *
+	 * @param sheet
+	 *          The Excel worksheet
+	 * @param row
+	 *          The row index (0-based)
+	 * @param value
+	 *          The (multi-line) String value to count for the no. of lines
+	 * @param heightInPoints
+	 *          The height (in points) for 1 line of text
+	 */
+	public static void increaseRowHeight(Sheet sheet, int row, String value, int heightInPoints) {
+		int lines = StringUtils.countMatches(value, "\n") + 1; // count no. of lines
+		float newHeight = heightInPoints * lines;
+
+		Row r = sheet.getRow(row);
+		if (r == null) r = sheet.createRow(row);
+
+		// increase the row height if necessary, but never decrease it
+		if (r.getHeightInPoints() < newHeight) {
+			r.setHeightInPoints(newHeight);
+		}
+	}
+
+	/**
+	 * Add merged region (i.e. merge cells)
+	 *
+	 * @param sheet
+	 *          The Excel worksheet
+	 * @param firstRowIdx
+	 *          The first row index (0-based)
+	 * @param lastRowIdx
+	 *          The last row index (0-based)
+	 * @param firstColIdx
+	 *          The first column index (0-based)
+	 * @param lastColIdx
+	 *          The last column index (0-based)
+	 */
+	public static void addMergedRegion(Sheet sheet, int firstRowIdx, int lastRowIdx, int firstColIdx, int lastColIdx) {
+		CellRangeAddress cellRangeAddress = new CellRangeAddress(firstRowIdx, lastRowIdx, firstColIdx, lastColIdx);
+		sheet.addMergedRegion(cellRangeAddress);
+	}
+
+	/**
+	 * Copy and Insert Row
+	 *
+	 * @param workbook
+	 *          The Excel workbook
+	 * @param sourceSheet
+	 *          The source Excel worksheet
+	 * @param destinationSheet
+	 *          The destination Excel worksheet
+	 * @param sourceRowNum
+	 *          The source row index (0-based) to copy from
+	 * @param destinationRowNum
+	 *          The destination row index (0-based) to insert into (from the copied row)
+	 */
+	public static void copyAndInsertRow(Workbook workbook, Sheet sourceSheet, Sheet destinationSheet, int sourceRowNum, int destinationRowNum) {
+		// get the source / destination row
+		Row sourceRow = sourceSheet.getRow(sourceRowNum);
+		Row destRow = destinationSheet.getRow(destinationRowNum);
+
+		// if the row exist in destination, push down all rows by 1
+		if (destRow != null) {
+			destinationSheet.shiftRows(destinationRowNum, destinationSheet.getLastRowNum(), 1, true, false);
+		}
+		// create a new row
+		destRow = destinationSheet.createRow(destinationRowNum);
+
+		// loop through source columns to add to new row
+		for (int i = 0; i < sourceRow.getLastCellNum(); i++) {
+			// grab a copy of the old cell
+			Cell oldCell = sourceRow.getCell(i);
+
+			// if the old cell is null jump to next cell
+			if (oldCell == null) continue;
+
+			// create a new cell in destination row
+			Cell newCell = destRow.createCell(i);
+
+			// apply cell style to new cell from old cell
+			newCell.setCellStyle(oldCell.getCellStyle());
+
+			// if there is a cell comment, copy
+			if (oldCell.getCellComment() != null) {
+				newCell.setCellComment(oldCell.getCellComment());
+			}
+
+			// if there is a cell hyperlink, copy
+			if (oldCell.getHyperlink() != null) {
+				newCell.setHyperlink(oldCell.getHyperlink());
+			}
+
+			// copy the cell data value
+			switch (oldCell.getCellType()) {
+			case NUMERIC:
+				newCell.setCellValue(oldCell.getNumericCellValue());
+				break;
+			case STRING:
+				newCell.setCellValue(oldCell.getRichStringCellValue());
+				break;
+			case FORMULA:
+				newCell.setCellFormula(oldCell.getCellFormula());
+				break;
+			case BLANK:
+				newCell.setCellValue(oldCell.getStringCellValue());
+				break;
+			case BOOLEAN:
+				newCell.setCellValue(oldCell.getBooleanCellValue());
+				break;
+			case ERROR:
+				newCell.setCellErrorValue(oldCell.getErrorCellValue());
+				break;
+			default:
+				break;
+			}
+		}
+
+		// if there are any merged regions in the source row, copy to new row
+		for (int i = 0; i < sourceSheet.getNumMergedRegions(); i++) {
+			CellRangeAddress cellRangeAddress = sourceSheet.getMergedRegion(i);
+			if (cellRangeAddress.getFirstRow() == sourceRow.getRowNum()) {
+				addMergedRegion(
+						destinationSheet,
+						destRow.getRowNum(),
+						(destRow.getRowNum() + (cellRangeAddress.getLastRow() - cellRangeAddress.getFirstRow())),
+						cellRangeAddress.getFirstColumn(),
+						cellRangeAddress.getLastColumn());
+			}
+		}
+
+		// copy row height
+		destRow.setHeight(sourceRow.getHeight());
+	}
+
+	/**
+	 * Copy and Insert Row
+	 *
+	 * @param workbook
+	 *          The Excel workbook
+	 * @param sheet
+	 *          The Excel worksheet
+	 * @param sourceRowNum
+	 *          The source row index (0-based) to copy from
+	 * @param destinationRowNum
+	 *          The destination row index (0-based) to insert into (from the copied row)
+	 */
+	public static void copyAndInsertRow(Workbook workbook, Sheet sheet, int sourceRowNum, int destinationRowNum) {
+		copyAndInsertRow(workbook, sheet, sheet, sourceRowNum, destinationRowNum);
+	}
+
+	public static void copyAndInsertRow(Workbook workbook, Sheet sourceSheet, int sourceRowNum, int destinationRowNum, int times) {
+		// get the source / destination row
+		Row sourceRow = sourceSheet.getRow(sourceRowNum);
+
+		Row[] destRows = new Row[times];
+		for (int j = 0; j < times; j++) {
+			Row destRow = sourceSheet.getRow(destinationRowNum + j);
+			// if the row exist in destination, push down all rows by 1
+			if (destRow != null) {
+				sourceSheet.shiftRows(destinationRowNum + j, sourceSheet.getLastRowNum(), 1, true, false);
+			}
+			// create a new row
+			destRows[j] = sourceSheet.createRow(destinationRowNum + j);
+			// copy row height
+			destRows[j].setHeight(sourceRow.getHeight());
+		}
+
+		// loop through source columns to add to new row
+		for (int i = 0; i < sourceRow.getLastCellNum(); i++) {
+			// grab a copy of the old cell
+			Cell oldCell = sourceRow.getCell(i);
+
+			// if the old cell is null jump to next cell
+			if (oldCell == null) continue;
+
+			for (int k = 0; k < times; k++) {
+				// create a new cell in destination row
+				Cell newCell = destRows[k].createCell(i);
+
+				// apply cell style to new cell from old cell
+				newCell.setCellStyle(oldCell.getCellStyle());
+			}
+		}
+	}
+
+	/**
+	 * Copy Column
+	 * 
+	 * @param workbook
+	 *          The Excel workbook
+	 * @param sourceSheet
+	 *          The source Excel worksheet
+	 * @param destinationSheet
+	 *          The destination Excel worksheet
+	 * @param rowStart
+	 *          The source row start index (0-based) to copy from
+	 * @param rowEnd
+	 *          The source row end index (0-based) to copy from
+	 * @param sourceColumnNum
+	 *          The source column index (0-based) to copy from
+	 * @param destinationColumnNum
+	 *          The destination column index (0-based) to copy into (from the copied row)
+	 */
+	public static void copyColumn(Workbook workbook, Sheet sourceSheet, Sheet destinationSheet, int rowStart, int rowEnd, int sourceColumnNum,
+			int destinationColumnNum) {
+		for (int i = rowStart; i <= rowEnd; i++) {
+			Row sourceRow = sourceSheet.getRow(i);
+			if (sourceRow == null) continue;
+
+			Row destinationRow = destinationSheet.getRow(i);
+			if (destinationRow == null) destinationRow = destinationSheet.createRow(i);
+
+			Cell oldCell = sourceRow.getCell(sourceColumnNum);
+			if (oldCell == null) continue;
+
+			Cell newCell = destinationRow.createCell(destinationColumnNum);
+
+			newCell.setCellStyle(oldCell.getCellStyle());
+
+			if (oldCell.getCellComment() != null) {
+				newCell.setCellComment(oldCell.getCellComment());
+			}
+
+			if (oldCell.getHyperlink() != null) {
+				newCell.setHyperlink(oldCell.getHyperlink());
+			}
+
+			switch (oldCell.getCellType()) {
+			case NUMERIC:
+				newCell.setCellValue(oldCell.getNumericCellValue());
+				break;
+			case STRING:
+				newCell.setCellValue(oldCell.getRichStringCellValue());
+				break;
+			case FORMULA:
+				newCell.setCellFormula(oldCell.getCellFormula());
+				break;
+			case BLANK:
+				newCell.setCellValue(oldCell.getStringCellValue());
+				break;
+			case BOOLEAN:
+				newCell.setCellValue(oldCell.getBooleanCellValue());
+				break;
+			case ERROR:
+				newCell.setCellErrorValue(oldCell.getErrorCellValue());
+				break;
+			default:
+				break;
+			}
+
+			for (int ii = 0; ii < sourceSheet.getNumMergedRegions(); ii++) {
+				CellRangeAddress cellRangeAddress = sourceSheet.getMergedRegion(ii);
+				if (cellRangeAddress.getFirstRow() == sourceRow.getRowNum()) {
+					addMergedRegion(
+							destinationSheet,
+							cellRangeAddress.getFirstRow(),
+							cellRangeAddress.getLastRow(),
+							destinationColumnNum,
+							(destinationColumnNum + (cellRangeAddress.getLastColumn() - cellRangeAddress.getFirstColumn())));
+				}
+			}
+		}
+
+		destinationSheet.setColumnWidth(destinationColumnNum, sourceSheet.getColumnWidth(sourceColumnNum));
+	}
+
+	/**
+	 * Copy Column
+	 * 
+	 * @param workbook
+	 *          The Excel workbook
+	 * @param sheet
+	 *          The Excel worksheet
+	 * @param rowStart
+	 *          The source row start index (0-based) to copy from
+	 * @param rowEnd
+	 *          The source row end index (0-based) to copy from
+	 * @param sourceColumnNum
+	 *          The source column index (0-based) to copy from
+	 * @param destinationColumnNum
+	 *          The destination column index (0-based) to copy into (from the copied row)
+	 */
+	public static void copyColumn(Workbook workbook, Sheet sheet, int rowStart, int rowEnd, int sourceColumnNum, int destinationColumnNum) {
+		copyColumn(workbook, sheet, sheet, rowStart, rowEnd, sourceColumnNum, destinationColumnNum);
+	}
+
+	public static void shiftColumns(Row row, int startingIndex, int shiftCount) {
+		for (int i = row.getPhysicalNumberOfCells() - 1; i >= startingIndex; i--) {
+			Cell oldCell = row.getCell(i);
+			Cell newCell = row.createCell(i + shiftCount);
+
+			// apply cell style to new cell from old cell
+			newCell.setCellStyle(oldCell.getCellStyle());
+
+			// if there is a cell comment, copy
+			if (oldCell.getCellComment() != null) {
+				newCell.setCellComment(oldCell.getCellComment());
+			}
+
+			// if there is a cell hyperlink, copy
+			if (oldCell.getHyperlink() != null) {
+				newCell.setHyperlink(oldCell.getHyperlink());
+			}
+
+			// copy the cell data value
+			switch (oldCell.getCellType()) {
+			case NUMERIC:
+				newCell.setCellValue(oldCell.getNumericCellValue());
+				break;
+			case STRING:
+				newCell.setCellValue(oldCell.getRichStringCellValue());
+				break;
+			case FORMULA:
+				newCell.setCellFormula(oldCell.getCellFormula());
+				break;
+			case BLANK:
+				newCell.setCellValue(oldCell.getStringCellValue());
+				break;
+			case BOOLEAN:
+				newCell.setCellValue(oldCell.getBooleanCellValue());
+				break;
+			case ERROR:
+				newCell.setCellErrorValue(oldCell.getErrorCellValue());
+				break;
+			default:
+				break;
+			}
+		}
+	}
+
+	/** handle some invalid char included ( /\*[]:? ) */
+	public static void setSheetName(Workbook workbook, Sheet sheet, String name) {
+		if (workbook != null && sheet != null && StringUtils.isNotBlank(name))
+			workbook.setSheetName(workbook.getSheetIndex(sheet), name.replaceAll("[/\\\\*\\[\\]:\\?]", "_"));
+	}
+
+	/** delete row */
+	public static void deleteRow(Sheet sheet, int rowIndex) {
+		if (sheet != null) {
+			sheet.removeRow(sheet.getRow(rowIndex));
+			if (rowIndex < sheet.getLastRowNum())
+				sheet.shiftRows(rowIndex, sheet.getLastRowNum(), -1);
+		}
+	}
+
+	public static byte[] encrypt(Workbook workbook, String password) {
+		return encrypt(toByteArray(workbook), password);
+	}
+
+	public static byte[] encrypt(byte[] bytes, String password) {
+		try {
+			POIFSFileSystem fs = new POIFSFileSystem();
+			EncryptionInfo info = new EncryptionInfo(EncryptionMode.agile);
+			// EncryptionInfo info = new EncryptionInfo(EncryptionMode.agile, CipherAlgorithm.aes192, HashAlgorithm.sha384, -1, -1, null);
+
+			Encryptor enc = info.getEncryptor();
+			enc.confirmPassword(password);
+
+			// Read in an existing OOXML file and write to encrypted output stream
+			// don't forget to close the output stream otherwise the padding bytes aren't added
+			OPCPackage opc = OPCPackage.open(new ByteArrayInputStream(bytes));
+			OutputStream os = enc.getDataStream(fs);
+			opc.save(os);
+
+			ByteArrayOutputStream bos = new ByteArrayOutputStream();
+			fs.writeFilesystem(bos);
+
+			return bos.toByteArray();
+		} catch (Exception e) {
+			throw new RuntimeException(e);
+		}
+	}
+
+	public static Workbook loadTemplate(String templateClasspath) throws InvalidFormatException, IOException {
+		return loadTemplateFile(templateClasspath);
+	}
+
+	public static Workbook loadTemplateFile(String templateClasspath) throws InvalidFormatException, IOException {
+		ClassPathResource r = new ClassPathResource(templateClasspath + "_" + ".xlsx");
+		if (!r.exists()) r = new ClassPathResource(templateClasspath + ".xlsx");
+
+		try (InputStream in = r.getInputStream()) {
+			return new XSSFWorkbook(in);
+		}
+	}
+
+	public static void send(HttpServletResponse response, Workbook workbook, String filename) throws IOException {
+		response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
+		response.setHeader("Content-Disposition", String.format("attachment; filename=\"%s\"",
+				response.encodeURL(filename + ".xlsx")));
+		try (OutputStream out = response.getOutputStream()) {
+			workbook.write(out);
+		}
+	}
+}
diff --git a/src/main/java/com/ffii/core/utils/JsonUtils.java b/src/main/java/com/ffii/core/utils/JsonUtils.java
new file mode 100644
index 0000000..4efd35a
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/JsonUtils.java
@@ -0,0 +1,47 @@
+package com.ffii.core.utils;
+
+import java.io.IOException;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+
+/**
+ * JSON Utils
+ *
+ * @author Patrick
+ */
+public abstract class JsonUtils {
+
+	// Default mapper instance
+	private static final ObjectMapper mapper = new ObjectMapper();
+	
+	/**
+	 * Method that can be used to serialize any Java value as a JSON String.
+	 */
+	public static String toJsonString(Object obj) {
+		try {
+			mapper.registerModule(new JavaTimeModule());
+			mapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+			return mapper.writeValueAsString(obj);
+		} catch (JsonProcessingException e) {
+			return null;
+		}
+	}
+
+	/**
+	 * Read from JSON String.
+	 *
+	 * @param content
+	 *            JSON String content
+	 * @param valueType
+	 *            the return type
+	 */
+	public static <T> T fromJsonString(String content, Class<T> valueType) throws JsonParseException, JsonMappingException, IOException {
+		return mapper.readValue(content, valueType);
+	}
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/core/utils/JwtTokenUtil.java b/src/main/java/com/ffii/core/utils/JwtTokenUtil.java
new file mode 100644
index 0000000..b058f71
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/JwtTokenUtil.java
@@ -0,0 +1,114 @@
+package com.ffii.core.utils;
+
+import java.io.Serializable;
+import java.security.Key;
+import java.time.Instant;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.config.ConfigurableBeanFactory;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+import com.ffii.tsms.model.RefreshToken;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+
+@Component
+@Scope(value = ConfigurableBeanFactory. SCOPE_SINGLETON)
+public class JwtTokenUtil implements Serializable {
+
+  Logger logger = LoggerFactory.getLogger(JwtTokenUtil.class);
+
+  private static final long serialVersionUID = -2550185165626007488L;
+
+  // * 60000 = 1 Min 
+  public static final long JWT_TOKEN_EXPIRED_TIME = 60000 * 14400;
+  public static final String AES_SECRET = "ffii";
+  public static final String TOKEN_SEPARATOR = "@@";
+
+  // @Value("${jwt.secret}")
+  // private String secret;
+
+  private static final Key secretKey = Keys.secretKeyFor(SignatureAlgorithm.HS512);
+
+  // retrieve username from jwt token
+  public String getUsernameFromToken(String token) {
+    return getClaimFromToken(token, Claims::getSubject);
+  }
+
+  // retrieve expiration date from jwt token
+  public Date getExpirationDateFromToken(String token) {
+    return getClaimFromToken(token, Claims::getExpiration);
+  }
+
+  public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
+    final Claims claims = getAllClaimsFromToken(token);
+    return claimsResolver.apply(claims);
+  }
+
+  // for retrieveing any information from token we will need the secret key
+  private Claims getAllClaimsFromToken(String token) {
+    return Jwts.parserBuilder().setSigningKey(secretKey).build().parseClaimsJws(token).getBody();
+  }
+
+  // check if the token has expired
+  private Boolean isTokenExpired(String token) {
+    final Date expiration = getExpirationDateFromToken(token);
+    return expiration.before(new Date());
+  }
+
+  // generate token for user
+  public String generateToken(UserDetails userDetails) {
+    Map<String, Object> claims = new HashMap<>();
+    return doGenerateToken(claims, userDetails.getUsername());
+  }
+
+  // while creating the token -
+  // 1. Define claims of the token, like Issuer, Expiration, Subject, and the ID
+  // 2. Sign the JWT using the HS512 algorithm and secret key.
+  // 3. According to JWS Compact
+  // Serialization(https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-3.1)
+  // compaction of the JWT to a URL-safe string
+  private String doGenerateToken(Map<String, Object> claims, String subject) {
+    logger.info((new Date(System.currentTimeMillis() + JWT_TOKEN_EXPIRED_TIME)).toString());
+    return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
+        .setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_EXPIRED_TIME))
+        .signWith(secretKey).compact();
+  }
+
+  // validate token
+  public Boolean validateToken(String token, UserDetails userDetails) {
+    final String username = getUsernameFromToken(token);
+    return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
+  }
+
+  public RefreshToken createRefreshToken(String username) {
+    RefreshToken refreshToken = new RefreshToken();
+    refreshToken.setUserName(username);
+    refreshToken.setExpiryDate(Instant.now().plusMillis(JWT_TOKEN_EXPIRED_TIME * 60 * 24));
+    long instantNum = Instant.now().plusMillis(JWT_TOKEN_EXPIRED_TIME * 60 * 24).toEpochMilli();
+    refreshToken.setToken(AES.encrypt(username + TOKEN_SEPARATOR + instantNum, AES_SECRET));
+    return refreshToken;
+  }
+
+  public boolean verifyExpiration(RefreshToken token) throws Exception {
+    if (token.getExpiryDate().compareTo(Instant.now()) < 0) {
+      return false;
+    }
+
+    return true;
+  }
+
+  public String getUsernameFromRefreshToken(String refreshToken) {
+    return AES.decrypt(refreshToken, AES_SECRET);
+  }
+}
diff --git a/src/main/java/com/ffii/core/utils/MapUtils.java b/src/main/java/com/ffii/core/utils/MapUtils.java
new file mode 100644
index 0000000..733bda9
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/MapUtils.java
@@ -0,0 +1,35 @@
+package com.ffii.core.utils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * MapUtils
+ *
+ * @author Patrick
+ */
+public class MapUtils {
+
+	/**
+	 * Convert key-value pairs to HashMap
+	 *
+	 * @param keyValuePairs
+	 *            Keys and values must be in pairs
+	 *
+	 * @return Map
+	 */
+	@SuppressWarnings("unchecked")
+	public static <K, V> Map<K, V> toHashMap(Object... keyValuePairs) {
+		if (keyValuePairs.length % 2 != 0)
+			throw new IllegalArgumentException("Keys and values must be in pairs");
+
+		Map<K, V> map = new HashMap<K, V>(keyValuePairs.length / 2);
+
+		for (int i = 0; i < keyValuePairs.length; i += 2) {
+			map.put((K) keyValuePairs[i], (V) keyValuePairs[i + 1]);
+		}
+
+		return map;
+	}
+
+}
diff --git a/src/main/java/com/ffii/core/utils/Params.java b/src/main/java/com/ffii/core/utils/Params.java
new file mode 100644
index 0000000..5fa0b23
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/Params.java
@@ -0,0 +1,42 @@
+package com.ffii.core.utils;
+
+/** @author Alex */
+public abstract class Params {
+  public static final String ERROR = "error";
+
+  public static final String SUCCESS = "success";
+  public static final String DATA = "data";
+  public static final String RECORDS = "records";
+  public static final String TOTAL = "total";
+
+  public static final String ID = "id";
+  public static final String CODE = "code";
+  public static final String NAME = "name";
+  public static final String TYPE = "type";
+  public static final String MSG = "msg";
+  public static final String MSG_CODE = "msgCode";
+  public static final String MESSAGES = "messages";
+  public static final String FROM = "from";
+  public static final String TO = "to";
+
+  // sql
+  public static final String QUERY = "query";
+
+  // pagin
+  public static final String PAGE = "page";
+  public static final String START = "start";
+  public static final String LIMIT = "limit";
+
+  // filter
+  public static final String FILTER = "filter";
+  public static final String OPERATOR = "operator";
+  public static final String LIKE = "like";
+  public static final String PROPERTY = "property";
+
+  // sort
+  public static final String SORT = "sort";
+  public static final String DIRECTION = "direction";
+
+  public static final String VALUE = "value";
+
+}
diff --git a/src/main/java/com/ffii/core/utils/PasswordUtils.java b/src/main/java/com/ffii/core/utils/PasswordUtils.java
new file mode 100644
index 0000000..4c5c94f
--- /dev/null
+++ b/src/main/java/com/ffii/core/utils/PasswordUtils.java
@@ -0,0 +1,83 @@
+/*******************************************************************************
+ * Copyright 2Fi Business Solutions Ltd.
+ *
+ * This code is copyrighted. Under no circumstances should any party, people,
+ * or organization should redistribute any portions of this code in any form,
+ * either verbatim or through electronic media, to any third parties, unless
+ * under explicit written permission by 2Fi Business Solutions Ltd.
+ ******************************************************************************/
+package com.ffii.core.utils;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+import java.util.regex.Pattern;
+
+public abstract class PasswordUtils {
+
+	private static final Pattern PATTERN_DIGITS = Pattern.compile("[0-9]");
+	private static final Pattern PATTERN_A2Z_LOWER = Pattern.compile("[a-z]");
+	private static final Pattern PATTERN_A2Z_UPPER = Pattern.compile("[A-Z]");
+
+	private static final String A2Z_LOWER = "abcdefghijklmnopqrstuvwxyz";
+	private static final String A2Z_UPPER = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+	private static final String DIGITS = "0123456789";
+
+	/*
+	 * Ref: https://www.owasp.org/index.php/Password_special_characters
+	 * without space character
+	 */
+	private static final String SPECIAL_CHARS = "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
+	private static Pattern PATTERN_SPECIAL_CHARS = Pattern.compile("[!\"#$%&'()*+,-./:;<=>?@\\[\\\\\\]^_`{|}~]");
+
+	public static final boolean checkPwd(String pwd, IPasswordRule rule) {
+		if (pwd == null) return false;
+		if (pwd.length() < rule.getMin()) return false;
+		if (pwd.length() > rule.getMax()) return false;
+
+		if (rule.needNumberChar() && !PATTERN_DIGITS.matcher(pwd).find()) return false;
+		if (rule.needUpperEngChar() && !PATTERN_A2Z_UPPER.matcher(pwd).find()) return false;
+		if (rule.needLowerEngChar() && !PATTERN_A2Z_LOWER.matcher(pwd).find()) return false;
+		if (rule.needSpecialChar() && !PATTERN_SPECIAL_CHARS.matcher(pwd).find()) return false;
+
+		return true;
+	}
+
+	public static String genPwd(IPasswordRule rule) {
+		int length = rule.getMin();
+
+		StringBuilder password = new StringBuilder(length);
+		Random random = new Random(System.nanoTime());
+
+		List<String> charCategories = new ArrayList<>(4);
+		if (rule.needLowerEngChar()) charCategories.add(A2Z_LOWER);
+		if (rule.needUpperEngChar()) charCategories.add(A2Z_UPPER);
+		if (rule.needNumberChar()) charCategories.add(DIGITS);
+		if (rule.needSpecialChar()) charCategories.add(SPECIAL_CHARS);
+
+		for (int i = 0; i < length; i++) {
+			String charCategory = charCategories.get(i % charCategories.size());
+			char randomChar = charCategory.charAt(random.nextInt(charCategory.length()));
+			if (password.length() > 0)
+				password.insert(random.nextInt(password.length()), randomChar);
+			else
+				password.append(randomChar);
+		}
+
+		return password.toString();
+	}
+
+	public static interface IPasswordRule {
+		public int getMin();
+
+		public int getMax();
+
+		public boolean needNumberChar();
+
+		public boolean needUpperEngChar();
+
+		public boolean needLowerEngChar();
+
+		public boolean needSpecialChar();
+	}
+}
diff --git a/src/main/java/com/ffii/tsms/TsmsApplication.java b/src/main/java/com/ffii/tsms/TsmsApplication.java
new file mode 100644
index 0000000..939668e
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/TsmsApplication.java
@@ -0,0 +1,13 @@
+package com.ffii.tsms;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class TsmsApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(TsmsApplication.class, args);
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/config/AppConfig.java b/src/main/java/com/ffii/tsms/config/AppConfig.java
new file mode 100644
index 0000000..2286aed
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/config/AppConfig.java
@@ -0,0 +1,36 @@
+package com.ffii.tsms.config;
+
+import javax.sql.DataSource;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.jdbc.DataSourceBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.scheduling.annotation.EnableAsync;
+import org.springframework.scheduling.annotation.EnableScheduling;
+
+import com.ffii.core.support.JdbcDao;
+
+/** @author Terence */
+@Configuration
+// @EnableJpaRepositories("com.ffii.ars.*")
+// @ComponentScan(basePackages = { "com.ffii.core.*" })
+@ComponentScan(basePackages = { "com.ffii.core.*","com.ffii.tsms.*"}) 
+// @EntityScan("com.ffii.ars.*")
+@EnableScheduling
+@EnableAsync
+public class AppConfig {
+
+	@Bean
+	@ConfigurationProperties(prefix = "spring.datasource")
+	public DataSource dataSource() {
+		return DataSourceBuilder.create().build();
+	}
+
+	@Bean
+	public JdbcDao jdbcDao(DataSource dataSource) {
+		return new JdbcDao(dataSource);
+	}
+	
+}
diff --git a/src/main/java/com/ffii/tsms/config/WebConfig.java b/src/main/java/com/ffii/tsms/config/WebConfig.java
new file mode 100644
index 0000000..bf3c622
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/config/WebConfig.java
@@ -0,0 +1,29 @@
+package com.ffii.tsms.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.view.InternalResourceViewResolver;
+
+@Configuration
+@EnableWebMvc
+public class WebConfig implements WebMvcConfigurer {
+
+  @Override
+  public void addCorsMappings(CorsRegistry registry) {
+    registry.addMapping("/**")
+        .allowedHeaders("*")
+        .allowedOrigins("*")
+        .exposedHeaders("filename")
+        .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD");
+
+  }
+
+  @Bean
+  public InternalResourceViewResolver defaultViewResolver() {
+    return new InternalResourceViewResolver();
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/config/security/SecurityConfig.java b/src/main/java/com/ffii/tsms/config/security/SecurityConfig.java
new file mode 100644
index 0000000..6a92d38
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/config/security/SecurityConfig.java
@@ -0,0 +1,80 @@
+package com.ffii.tsms.config.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
+import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import com.ffii.tsms.config.security.jwt.JwtRequestFilter;
+
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity
+public class SecurityConfig {
+
+    public static final String INDEX_URL = "/";
+    public static final String LOGIN_URL = "/login";
+    public static final String LDAP_LOGIN_URL = "/ldap-login";
+
+    public static final String[] URL_WHITELIST = {
+            INDEX_URL,
+            LOGIN_URL,
+            LDAP_LOGIN_URL
+    };
+
+    @Lazy
+    @Autowired
+    private JwtRequestFilter jwtRequestFilter;
+
+    @Bean
+    @Qualifier("AuthenticationManager")
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
+            throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+
+    @Bean
+    @Qualifier("LdapAuthenticationManager")
+    public AuthenticationManager ldapAuthenticationManager(BaseLdapPathContextSource contextSource) {
+        LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
+        factory.setUserSearchFilter("cn={0}");
+        return factory.createAuthenticationManager();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    @Order(1)
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        return http
+                .cors(Customizer.withDefaults()).csrf(csrf -> csrf.disable())
+                .requestCache(requestCache -> requestCache.disable())
+                .authorizeHttpRequests(
+                        authRequest -> authRequest.requestMatchers(URL_WHITELIST).permitAll().anyRequest().authenticated())
+                .httpBasic(httpBasic -> httpBasic.authenticationEntryPoint(
+                        (request, response, authException) -> response.sendError(HttpStatus.UNAUTHORIZED.value())))
+                .sessionManagement(
+                        sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
+                .build();
+    }
+}
diff --git a/src/main/java/com/ffii/tsms/config/security/jwt/JwtRequestFilter.java b/src/main/java/com/ffii/tsms/config/security/jwt/JwtRequestFilter.java
new file mode 100644
index 0000000..b035eec
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/config/security/jwt/JwtRequestFilter.java
@@ -0,0 +1,75 @@
+package com.ffii.tsms.config.security.jwt;
+
+import java.io.IOException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.ffii.core.utils.JwtTokenUtil;
+import com.ffii.tsms.config.security.jwt.service.JwtUserDetailsService;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class JwtRequestFilter extends OncePerRequestFilter {
+
+	@Autowired
+	private JwtUserDetailsService jwtUserDetailsService;
+
+	@Autowired
+	private JwtTokenUtil jwtTokenUtil;
+
+	@Override
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+			throws ServletException, IOException {
+
+		final String requestTokenHeader = request.getHeader("Authorization");
+
+		String username = null;
+		String jwtToken = null;
+		// JWT Token is in the form "Bearer token". Remove Bearer word and get
+		// only the Token
+		if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
+			jwtToken = requestTokenHeader.substring(7).replaceAll("\"", "");
+			try {
+				username = jwtTokenUtil.getUsernameFromToken(jwtToken);
+			} catch (IllegalArgumentException e) {
+				logger.error("Unable to get JWT Token");
+			} catch (ExpiredJwtException e) {
+				logger.error("JWT Token has expired");
+			}
+		} else {
+			logger.warn("JWT Token does not begin with Bearer String");
+		}
+
+		// Once we get the token validate it.
+		if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+
+			UserDetails userDetails = jwtUserDetailsService.loadUserByUsername(username);
+
+			// if token is valid configure Spring Security to manually set
+			// authentication
+			if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
+
+				UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
+						userDetails, null, userDetails.getAuthorities());
+				usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+				// After setting the Authentication in the context, we specify
+				// that the current user is authenticated. So it passes the
+				// Spring Security Configurations successfully.
+				SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+			}
+		}
+		chain.doFilter(request, response);
+	}
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/tsms/config/security/jwt/service/JwtUserDetailsService.java b/src/main/java/com/ffii/tsms/config/security/jwt/service/JwtUserDetailsService.java
new file mode 100644
index 0000000..c335928
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/config/security/jwt/service/JwtUserDetailsService.java
@@ -0,0 +1,31 @@
+package com.ffii.tsms.config.security.jwt.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import com.ffii.tsms.modules.user.entity.User;
+import com.ffii.tsms.modules.user.entity.UserRepository;
+import com.ffii.tsms.modules.user.service.UserAuthorityService;
+import com.ffii.tsms.modules.user.service.UserService;
+
+@Service
+public class JwtUserDetailsService implements UserDetailsService {
+
+	@Autowired
+	UserRepository userRepository;
+
+	@Autowired
+	UserAuthorityService userAuthService;
+
+	@Autowired
+	UserService userService;
+
+
+	@Override
+	public User loadUserByUsername(String username) throws UsernameNotFoundException {
+		return userService.loadUserOptByUsername(username).orElseThrow(() -> new UsernameNotFoundException(username));
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java b/src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java
new file mode 100644
index 0000000..ef2a78a
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/config/security/jwt/web/JwtAuthenticationController.java
@@ -0,0 +1,151 @@
+package com.ffii.tsms.config.security.jwt.web;
+
+import java.time.Instant;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.server.ResponseStatusException;
+
+import com.ffii.core.utils.AES;
+import com.ffii.core.utils.JwtTokenUtil;
+import com.ffii.tsms.config.security.jwt.service.JwtUserDetailsService;
+import com.ffii.tsms.config.security.service.LoginLogService;
+import com.ffii.tsms.model.AbilityModel;
+import com.ffii.tsms.model.ExceptionResponse;
+import com.ffii.tsms.model.JwtRequest;
+import com.ffii.tsms.model.JwtResponse;
+import com.ffii.tsms.model.RefreshToken;
+import com.ffii.tsms.model.TokenRefreshRequest;
+import com.ffii.tsms.model.TokenRefreshResponse;
+import com.ffii.tsms.modules.common.SecurityUtils;
+import com.ffii.tsms.modules.user.entity.User;
+import com.ffii.tsms.modules.user.entity.UserRepository;
+import com.ffii.tsms.modules.user.service.UserAuthorityService;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.Valid;
+
+@RestController
+@CrossOrigin(origins = "*", allowedHeaders = "*")
+public class JwtAuthenticationController {
+
+  @Autowired
+  @Qualifier("AuthenticationManager")
+  private AuthenticationManager authenticationManager;
+
+  @Autowired
+  @Qualifier("LdapAuthenticationManager")
+  private AuthenticationManager ldapAuthenticationManager;
+
+  @Autowired
+  private JwtTokenUtil jwtTokenUtil;
+
+  @Autowired
+  private JwtUserDetailsService userDetailsService;
+
+  @Autowired
+  private UserRepository userRepository;
+
+  @Autowired
+  UserAuthorityService userAuthorityService;
+
+  @Autowired
+  LoginLogService loginLogService;
+
+  @PostMapping("/login")
+  public ResponseEntity<?> login(@RequestBody JwtRequest authenticationRequest, HttpServletRequest request) throws Exception {
+    String username = authenticationRequest.getUsername();
+    try {
+      boolean success = authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
+      loginLogService.createLoginLog(username, request.getRemoteAddr(), success);
+    } catch (Exception e) {
+      if (username != null) {
+        loginLogService.createLoginLog(username, request.getRemoteAddr(), false);
+      }
+      return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+          .body(new ExceptionResponse("Unauthorized", ExceptionUtils.getStackTrace(e)));
+    }
+    return createAuthTokenResponse(authenticationRequest);
+  }
+
+  @PostMapping("/ldap-login")
+  public ResponseEntity<?> ldapLogin(@RequestBody JwtRequest authenticationRequest, HttpServletRequest request) throws Exception {
+    String username = authenticationRequest.getUsername();
+    try {
+      boolean success = ldapAuthenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
+		  loginLogService.createLoginLog(username, request.getRemoteAddr(), success);
+    } catch (Exception e) {
+      loginLogService.createLoginLog(username, request.getRemoteAddr(), false);
+      return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+          .body(new ExceptionResponse("Unauthorized", ExceptionUtils.getStackTrace(e)));
+    }
+    return createAuthTokenResponse(authenticationRequest);
+  }
+
+  private boolean authenticate(String username, String password) throws Exception {
+    authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
+    return true;
+  }
+
+  private boolean ldapAuthenticate(String username, String password) throws Exception {
+    ldapAuthenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
+    return true;
+  }
+
+  private ResponseEntity<?> createAuthTokenResponse(JwtRequest authenticationRequest) {
+    final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
+    if (userDetails == null) {
+      return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+          .body(new ExceptionResponse(authenticationRequest.getUsername() + " not yet register in the system.", null));
+    }
+
+    final String accessToken = jwtTokenUtil.generateToken(userDetails);
+    final String refreshToken = jwtTokenUtil.createRefreshToken(userDetails.getUsername()).getToken();
+
+    User user = userRepository.findByName(authenticationRequest.getUsername()).get(0);
+
+    Set<AbilityModel> abilities = new HashSet<>();
+    userAuthorityService.getUserAuthority(user).forEach(auth -> abilities.add(new AbilityModel(auth.getAuthority())));
+
+    return ResponseEntity.ok(new JwtResponse(accessToken, refreshToken, null, user, abilities));
+  }
+
+  @PostMapping("/refresh-token")
+  public ResponseEntity<TokenRefreshResponse> refreshtoken(@Valid @RequestBody TokenRefreshRequest request)
+      throws Exception {
+    String requestRefreshToken = request.getRefreshToken();
+
+    requestRefreshToken = requestRefreshToken.replaceAll("\"", "");
+    String[] decryptStringList = AES.decrypt(requestRefreshToken, JwtTokenUtil.AES_SECRET)
+        .split(JwtTokenUtil.TOKEN_SEPARATOR);
+    RefreshToken instance = new RefreshToken();
+    String username = decryptStringList[0];
+    instance.setExpiryDate(Instant.ofEpochMilli(Long.valueOf(decryptStringList[1])));
+    instance.setToken(requestRefreshToken);
+    instance.setUserName(decryptStringList[0]);
+
+    if (!jwtTokenUtil.verifyExpiration(instance)) {
+      throw new ResponseStatusException(HttpStatus.EXPECTATION_FAILED,
+          "Refresh token was expired. Please make a new signin request");
+    }
+
+    final UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+
+    String accessToken = jwtTokenUtil.generateToken(userDetails);
+    String refreshToken = jwtTokenUtil.createRefreshToken(username).getToken();
+    return ResponseEntity.ok(new TokenRefreshResponse(accessToken, refreshToken));
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/config/security/service/LoginLogService.java b/src/main/java/com/ffii/tsms/config/security/service/LoginLogService.java
new file mode 100644
index 0000000..ae953b3
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/config/security/service/LoginLogService.java
@@ -0,0 +1,43 @@
+package com.ffii.tsms.config.security.service;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Isolation;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.ffii.core.support.AbstractService;
+import com.ffii.core.support.JdbcDao;
+import com.ffii.core.utils.MapUtils;
+
+@Service
+public class LoginLogService extends AbstractService {
+
+	public LoginLogService(JdbcDao jdbcDao) {
+		super(jdbcDao);
+	  }
+
+	@Transactional(isolation = Isolation.READ_COMMITTED, rollbackFor = Exception.class, readOnly = false)
+	public boolean createLoginLog(String username, String remoteAddr, boolean success) {
+		String sql = "INSERT INTO user_login_log (`username`, `loginTime`, `ipAddr`, `success`) "
+			+"VALUES (:username, :loginTime, :ipAddr, :success)";
+		Map<String, Object> args = new HashMap<>(4);
+		args.put("username", username);
+		args.put("loginTime", new Date());
+		args.put("ipAddr", remoteAddr);
+		args.put("success", success);
+
+		return (jdbcDao.executeUpdate(sql, args) == 1);
+	}
+
+	@Transactional(isolation = Isolation.READ_COMMITTED, rollbackFor = Exception.class, readOnly = true)
+	public List<Map<String, Object>> listLastLog(String username, int limit) {
+		return jdbcDao.queryForList("SELECT success FROM user_login_log where username = :username ORDER BY loginTime DESC LIMIT " + limit,
+				MapUtils.toHashMap("username", username));
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/model/AbilityModel.java b/src/main/java/com/ffii/tsms/model/AbilityModel.java
new file mode 100644
index 0000000..79d8ab0
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/model/AbilityModel.java
@@ -0,0 +1,13 @@
+package com.ffii.tsms.model;
+
+public class AbilityModel {
+
+  private final String actionSubjectCombo;
+  public AbilityModel(String actionSubjectCombo) {
+    this.actionSubjectCombo = actionSubjectCombo;
+  }
+
+  public String getActionSubjectCombo() {
+    return actionSubjectCombo;
+  }
+}
diff --git a/src/main/java/com/ffii/tsms/model/ExceptionResponse.java b/src/main/java/com/ffii/tsms/model/ExceptionResponse.java
new file mode 100644
index 0000000..f22c306
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/model/ExceptionResponse.java
@@ -0,0 +1,28 @@
+package com.ffii.tsms.model;
+
+public class ExceptionResponse {
+    private String message;
+    private String exception;
+
+    public ExceptionResponse(String message, String exception) {
+        this.message = message;
+        this.exception = exception;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public String getException() {
+        return exception;
+    }
+
+    public void setException(String exception) {
+        this.exception = exception;
+    }
+
+}
diff --git a/src/main/java/com/ffii/tsms/model/JwtRequest.java b/src/main/java/com/ffii/tsms/model/JwtRequest.java
new file mode 100644
index 0000000..2d2b2cc
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/model/JwtRequest.java
@@ -0,0 +1,40 @@
+package com.ffii.tsms.model;
+
+
+import java.io.Serializable;
+
+public class JwtRequest implements Serializable {
+
+	private static final long serialVersionUID = 5926468583005150707L;
+	
+	private String username;
+	private String password;
+	
+	//need default constructor for JSON Parsing
+	public JwtRequest()
+	{
+		
+	}
+
+	public JwtRequest(String username, String password) {
+		this.setUsername(username);
+		this.setPassword(password);
+	}
+
+	public String getUsername() {
+		return this.username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	public String getPassword() {
+		return this.password;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/tsms/model/JwtResponse.java b/src/main/java/com/ffii/tsms/model/JwtResponse.java
new file mode 100644
index 0000000..9b0d4e7
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/model/JwtResponse.java
@@ -0,0 +1,56 @@
+package com.ffii.tsms.model;
+
+import java.io.Serializable;
+import java.util.Set;
+
+import com.ffii.tsms.modules.user.entity.User;
+
+public class JwtResponse implements Serializable {
+
+	private static final long serialVersionUID = -8091879091924046844L;
+	private final Long id;
+	private final String name;
+	private final String email;
+	private final String accessToken;
+	private final String refreshToken;
+	private final String role;
+	private final Set<AbilityModel> abilities;
+
+	public JwtResponse(String accessToken, String refreshToken, String role, User user, Set<AbilityModel> abilities) {
+		this.accessToken = accessToken;
+		this.refreshToken = refreshToken;
+		this.role = role;
+		this.id = user.getId();
+		this.name = user.getName();
+		this.email = user.getEmail();
+		this.abilities = abilities;
+	}
+
+	public String getAccessToken() {
+		return this.accessToken;
+	}
+
+	public String getRole() {
+		return role;
+	}
+
+	public String getRefreshToken() {
+		return refreshToken;
+	}
+
+	public Long getId() {
+		return id;
+	}
+
+	public String getName() {
+		return name;
+	}
+
+	public String getEmail() {
+		return email;
+	}
+
+	public Set<AbilityModel> getAbilities() {
+		return abilities;
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/tsms/model/RefreshToken.java b/src/main/java/com/ffii/tsms/model/RefreshToken.java
new file mode 100644
index 0000000..159113f
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/model/RefreshToken.java
@@ -0,0 +1,39 @@
+package com.ffii.tsms.model;
+
+import java.time.Instant;
+
+public class RefreshToken {
+  
+  private String userName;
+
+  private String token;
+
+  private Instant expiryDate;
+
+  
+
+  public String getUserName() {
+    return userName;
+  }
+
+  public void setUserName(String userName) {
+    this.userName = userName;
+  }
+
+  public String getToken() {
+    return token;
+  }
+
+  public void setToken(String token) {
+    this.token = token;
+  }
+
+  public Instant getExpiryDate() {
+    return expiryDate;
+  }
+
+  public void setExpiryDate(Instant expiryDate) {
+    this.expiryDate = expiryDate;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/model/TokenRefreshRequest.java b/src/main/java/com/ffii/tsms/model/TokenRefreshRequest.java
new file mode 100644
index 0000000..23d18ae
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/model/TokenRefreshRequest.java
@@ -0,0 +1,16 @@
+package com.ffii.tsms.model;
+import jakarta.validation.constraints.NotBlank;
+
+public class TokenRefreshRequest {
+  @NotBlank
+  private String refreshToken;
+
+  public String getRefreshToken() {
+    return refreshToken;
+  }
+
+  public void setRefreshToken(String refreshToken) {
+    this.refreshToken = refreshToken;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/model/TokenRefreshResponse.java b/src/main/java/com/ffii/tsms/model/TokenRefreshResponse.java
new file mode 100644
index 0000000..983cc9a
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/model/TokenRefreshResponse.java
@@ -0,0 +1,37 @@
+package com.ffii.tsms.model;
+
+public class TokenRefreshResponse {
+  private String accessToken;
+  private String refreshToken;
+  private String tokenType = "Bearer";
+
+  public TokenRefreshResponse(String accessToken, String refreshToken) {
+    this.accessToken = accessToken;
+    this.refreshToken = refreshToken;
+  }
+
+  public String getAccessToken() {
+    return accessToken;
+  }
+
+  public void setAccessToken(String accessToken) {
+    this.accessToken = accessToken;
+  }
+
+  public String getRefreshToken() {
+    return refreshToken;
+  }
+
+  public void setRefreshToken(String refreshToken) {
+    this.refreshToken = refreshToken;
+  }
+
+  public String getTokenType() {
+    return tokenType;
+  }
+
+  public void setTokenType(String tokenType) {
+    this.tokenType = tokenType;
+  }
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/tsms/modules/common/ErrorCodes.java b/src/main/java/com/ffii/tsms/modules/common/ErrorCodes.java
new file mode 100644
index 0000000..fd95d5f
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/common/ErrorCodes.java
@@ -0,0 +1,17 @@
+package com.ffii.tsms.modules.common;
+
+public class ErrorCodes {
+
+  public static final String FILE_UPLOAD_ERROR = "FILE_UPLOAD_ERROR";
+
+  public static final String STOCK_IN_WRONG_POST = "STOCK_IN_WRONG_POST";
+
+  public static final String USER_WRONG_NEW_PWD = "USER_WRONG_NEW_PWD";
+
+  public static final String SEND_EMAIL_ERROR = "SEND_EMAIL_ERROR";
+  public static final String USERNAME_NOT_AVAILABLE = "USERNAME_NOT_AVAILABLE";
+
+  public static final String INIT_EXCEL_ERROR = "INIT_EXCEL_ERROR";
+
+  public static final String CHANGE_MAIN_CUSTOMER_ERROR = "CHANGE_MAIN_CUSTOMER_ERROR";
+}
diff --git a/src/main/java/com/ffii/tsms/modules/common/PasswordRule.java b/src/main/java/com/ffii/tsms/modules/common/PasswordRule.java
new file mode 100644
index 0000000..f5fc7ce
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/common/PasswordRule.java
@@ -0,0 +1,116 @@
+package com.ffii.tsms.modules.common;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.ffii.core.utils.PasswordUtils.IPasswordRule;
+import com.ffii.tsms.modules.settings.service.SettingsService;
+
+
+public class PasswordRule implements IPasswordRule {
+  private Integer min;
+  private Integer max;
+
+  private Boolean number;
+  private Boolean upperEng;
+  private Boolean lowerEng;
+  private Boolean specialChar;
+
+  public PasswordRule(SettingsService settingsService) {
+    if (settingsService == null){
+      throw new IllegalArgumentException("settingsService");
+    }
+
+    this.min = settingsService.getInt(SettingNames.SYS_PASSWORD_RULE_MIN);
+    this.max = settingsService.getInt(SettingNames.SYS_PASSWORD_RULE_MAX);
+    this.number = settingsService.getBoolean(SettingNames.SYS_PASSWORD_RULE_NUMBER);
+    this.upperEng = settingsService.getBoolean(SettingNames.SYS_PASSWORD_RULE_UPPER_ENG);
+    this.lowerEng = settingsService.getBoolean(SettingNames.SYS_PASSWORD_RULE_LOWER_ENG);
+    this.specialChar = settingsService.getBoolean(SettingNames.SYS_PASSWORD_RULE_SPECIAL);
+  }
+
+  @Override
+  public int getMin() {
+    return min;
+  }
+
+  @Override
+  public int getMax() {
+    return max;
+  }
+
+  @Override
+  public boolean needNumberChar() {
+    return number;
+  }
+
+  @Override
+  public boolean needUpperEngChar() {
+    return upperEng;
+  }
+
+  @Override
+  public boolean needLowerEngChar() {
+    return lowerEng;
+  }
+
+  @Override
+  public boolean needSpecialChar() {
+    return specialChar;
+  }
+
+  public void setMin(Integer min) {
+    this.min = min;
+  }
+
+  public void setMax(Integer max) {
+    this.max = max;
+  }
+
+  public Boolean getNumber() {
+    return number;
+  }
+
+  public void setNumber(Boolean number) {
+    this.number = number;
+  }
+
+  public Boolean getUpperEng() {
+    return upperEng;
+  }
+
+  public void setUpperEng(Boolean upperEng) {
+    this.upperEng = upperEng;
+  }
+
+  public Boolean getLowerEng() {
+    return lowerEng;
+  }
+
+  public void setLowerEng(Boolean lowerEng) {
+    this.lowerEng = lowerEng;
+  }
+
+  public Boolean getSpecialChar() {
+    return specialChar;
+  }
+
+  public void setSpecialChar(Boolean specialChar) {
+    this.specialChar = specialChar;
+  }
+
+  @JsonIgnore
+  public String getWrongMsg() {
+    StringBuilder msg = new StringBuilder("Please Following Password Rule.\n");
+    msg.append("Minimum " + getMin() + " Characters\n");
+    msg.append("Maximum " + getMax() + " Characters\n");
+    if (needNumberChar())
+      msg.append("Numbers\n");
+    if (needLowerEngChar())
+      msg.append("Lower-Case Letters\n");
+    if (needUpperEngChar())
+      msg.append("Capital Letters\n");
+    if (needSpecialChar())
+      msg.append("Symbols\n");
+    return msg.toString();
+  }
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/tsms/modules/common/SecurityUtils.java b/src/main/java/com/ffii/tsms/modules/common/SecurityUtils.java
new file mode 100644
index 0000000..2930fb4
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/common/SecurityUtils.java
@@ -0,0 +1,146 @@
+package com.ffii.tsms.modules.common;
+
+import java.util.Optional;
+
+import org.springframework.dao.DataAccessException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import com.ffii.tsms.modules.user.entity.User;
+
+/**
+ * Security Utils - for Spring Security
+ *
+ * @author Patrick
+ */
+public class SecurityUtils {
+
+  /**
+   * Obtains the current {@code SecurityContext}.
+   *
+   * @return the security context (never {@code null})
+   */
+  public static final SecurityContext getSecurityContext() {
+    return SecurityContextHolder.getContext();
+  }
+
+  /**
+   * @return the authenticated {@code Principal})
+   * @see Authentication#getPrincipal()
+   */
+  public static final Optional<User> getUser() {
+    try {
+      return Optional.of((User) getSecurityContext().getAuthentication().getPrincipal());
+    } catch (ClassCastException e) {
+      // no authenticated principal
+      return Optional.empty();
+    } catch (NullPointerException e) {
+      // no authentication information is available
+      return Optional.empty();
+    }
+  }
+
+  /**
+   * Updates the Authentication Token with the user (e.g. user changed the password)
+   *
+   * @see SecurityContext#setAuthentication(Authentication)
+   */
+  public static final void updateUserAuthentication(final UserDetails user) {
+    getSecurityContext().setAuthentication(new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()));
+  }
+
+  /**
+   * Checks if the current user is GRANTED the {@code role}
+   *
+   * @param role
+   *          the {@code role} to check for
+   * @return {@code true} if the current user is GRANTED the {@code role}, else {@code false}
+   */
+  public static final boolean isGranted(String role) {
+    Authentication authentication = getSecurityContext().getAuthentication();
+    if (authentication == null) return false;
+    for (GrantedAuthority auth : authentication.getAuthorities()) {
+      if (role.equals(auth.getAuthority())) return true;
+    }
+    return false;
+  }
+
+  /**
+   * Checks if the current user is NOT GRANTED the {@code role}
+   *
+   * @param role
+   *          the {@code role} to check for
+   * @return {@code true} if the current user is NOT GRANTED the {@code role}, else {@code false}
+   */
+  public static final boolean isNotGranted(String role) {
+    return !isGranted(role);
+  }
+
+  /**
+   * Checks if the current user is GRANTED ANY of the {@code role}s
+   *
+   * @param roles
+   *          the {@code role}s to check for
+   * @return {@code true} if the current user is GRANTED ANY of the {@code role}s, else {@code false}
+   */
+  public static final boolean isGrantedAny(String... roles) {
+    for (int i = 0; i < roles.length; i++) {
+      if (isGranted(roles[i])) return true;
+    }
+    return false;
+  }
+
+  /**
+   * Checks if the current user is NOT GRANTED ANY of the {@code role}s
+   *
+   * @param roles
+   *          the {@code role}s to check for
+   * @return {@code true} if the current user is NOT GRANTED ANY of the {@code role}s, else {@code false}
+   */
+  public static final boolean isNotGrantedAny(String... roles) {
+    return !isGrantedAny(roles);
+  }
+
+  /**
+   * Checks if the current user is GRANTED ALL of the {@code role}s
+   *
+   * @param roles
+   *          the {@code role}s to check for
+   * @return {@code true} if the current user is GRANTED ALL of the {@code role}s, else {@code false}
+   */
+  public static final boolean isGrantedAll(String... roles) {
+    for (int i = 0; i < roles.length; i++) {
+      if (isNotGranted(roles[i])) return false;
+    }
+    return true;
+  }
+
+  /**
+   * Login a user non-interactively
+   *
+   * @param userService
+   *          any implementation of {@link UserDetailsService}
+   * @param username
+   *          the username
+   *
+   * @throws UsernameNotFoundException
+   *           if the user could not be found or the user has no GrantedAuthority
+   * @throws DataAccessException
+   *           if user could not be found for a repository-specific reason
+   */
+  public static final void loginUser(UserDetailsService userService, String username) {
+    /* load the user, throw exception if user not found */
+    UserDetails userDetails = userService.loadUserByUsername(username);
+
+    /* create authentication token for the specified user */
+    Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
+    getSecurityContext().setAuthentication(authentication);
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/common/SettingNames.java b/src/main/java/com/ffii/tsms/modules/common/SettingNames.java
new file mode 100644
index 0000000..674e04d
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/common/SettingNames.java
@@ -0,0 +1,61 @@
+package com.ffii.tsms.modules.common;
+
+public abstract class SettingNames {
+  /*
+   * System-wide settings
+   */
+
+  /** Define all available language names as comma separated string */
+  public static final String SYS_AVAILABLE_LANGUAGES = "SYS.availableLanguages";
+
+  /** Define all available locales as comma separated string */
+  public static final String SYS_AVAILABLE_LOCALES = "SYS.availableLocales";
+
+  /** Define the system default locale as string */
+  public static final String SYS_DEFAULT_LOCALE = "SYS.defaultLocale";
+
+  /** Define the system available currencies as comma separated string */
+  public static final String SYS_CURRENCIES = "SYS.currencies";
+
+  /** Define the system modules (authorities.module) */
+  public static final String SYS_ROLE_MODULES = "SYS.modules";
+
+  /*
+   * Mail settings
+   */
+
+  /** Mail - SMTP host */
+  public static final String MAIL_SMTP_HOST = "MAIL.smtp.host";
+
+  /** Mail - SMTP port */
+  public static final String MAIL_SMTP_PORT = "MAIL.smtp.port";
+
+  /** Mail - SMTP username */
+  public static final String MAIL_SMTP_USERNAME = "MAIL.smtp.username";
+
+  /** Mail - SMTP password */
+  public static final String MAIL_SMTP_PASSWORD = "MAIL.smtp.password";
+
+  public static final String MAIL_SMTP_RECIPIENTS = "MAIL.smtp.recipients";
+
+  public static final String JS_VERSION = "JS.version";
+
+  public static final String REPORT_DAILYMAINT_RECIPIENTS_MECH = "REPORT.dailyMaint.recipients.mech";
+  public static final String REPORT_DAILYMAINT_RECIPIENTS_VOGUE = "REPORT.dailyMaint.recipients.vogue";
+  public static final String REPORT_DAILYMAINT_RECIPIENTS_VOGUE_CC = "REPORT.dailyMaint.recipients.vogue.cc";
+
+  public static final String SYS_PASSWORD_RULE_MIN = "SYS.password.rule.length.min";
+  public static final String SYS_PASSWORD_RULE_MAX = "SYS.password.rule.length.max";
+  public static final String SYS_PASSWORD_RULE_NUMBER = "SYS.password.rule.number";
+  public static final String SYS_PASSWORD_RULE_UPPER_ENG = "SYS.password.rule.upper.eng";
+  public static final String SYS_PASSWORD_RULE_LOWER_ENG = "SYS.password.rule.lower.eng";
+  public static final String SYS_PASSWORD_RULE_SPECIAL = "SYS.password.rule.special";
+
+  public static final String AUTO_SCHEDULE_MAX_SCHEDULE_DATE = "AUTO_SCHEDULE.maxScheduleDate";
+
+  /** PM_CHECKLIST - vogue's signature */
+  public static final String PM_CHECKLIST_USER_SIGN_ID = "PM_CHECKLIST.vogueSign";
+
+  public static final String LCTS_FLOOR = "LCTS.floor";
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/common/service/AuditLogService.java b/src/main/java/com/ffii/tsms/modules/common/service/AuditLogService.java
new file mode 100644
index 0000000..55aa3a4
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/common/service/AuditLogService.java
@@ -0,0 +1,48 @@
+package com.ffii.tsms.modules.common.service;
+
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Isolation;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.ffii.core.support.AbstractService;
+import com.ffii.core.support.JdbcDao;
+import com.ffii.core.utils.MapUtils;
+import jakarta.annotation.Nullable;
+
+@Service
+public class AuditLogService extends AbstractService {
+
+	public AuditLogService(JdbcDao jdbcDao) {
+		super(jdbcDao);
+	  }
+
+	private static final String SQL_INSERT_AUDIT_LOG = "INSERT INTO audit_log (`tableName`, `recordId`, `modifiedBy`, `modified`, `oldData`, `newData`) "
+			+ "VALUES (:tableName, :recordId, :modifiedBy, :modified, :oldData, :newData)";
+
+	@Transactional(isolation = Isolation.SERIALIZABLE, rollbackFor = Exception.class, readOnly = false)
+	public int save(String tableName, Long recordId, Long modifiedBy, Date modified, @Nullable String oldData, String newData) {
+		return jdbcDao.executeUpdate(SQL_INSERT_AUDIT_LOG,MapUtils.toHashMap("tableName", tableName, "recordId", recordId,
+		"modifiedBy", modifiedBy, "modified", modified,
+		"oldData", oldData, "newData", newData));
+	}
+
+	@Transactional(isolation = Isolation.READ_COMMITTED, rollbackFor = Exception.class, readOnly = true)
+	public List<Map<String, Object>> search(String tableName, Integer recordId) {
+
+		String sql = "SELECT * FROM audit_log WHERE tableName = :tableName AND recordId = :recordId ORDER BY modified";
+
+		return jdbcDao.queryForList(sql, Map.of("tableName", tableName, "recordId", recordId));
+	}
+
+	@Transactional(isolation = Isolation.READ_COMMITTED, rollbackFor = Exception.class, readOnly = true)
+	public List<Map<String, Object>> getTables() {
+		String sql = "SELECT DISTINCT tableName FROM audit_log";
+
+		return jdbcDao.queryForList(sql, "");
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/settings/entity/Settings.java b/src/main/java/com/ffii/tsms/modules/settings/entity/Settings.java
new file mode 100644
index 0000000..52e8d39
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/settings/entity/Settings.java
@@ -0,0 +1,74 @@
+package com.ffii.tsms.modules.settings.entity;
+
+import com.ffii.core.entity.IdEntity;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+import jakarta.validation.constraints.NotNull;
+
+@Entity
+@Table(name = "settings")
+public class Settings extends IdEntity<Long> {
+  public static String TYPE_STRING = "string";
+  public static String TYPE_INT = "integer";
+  public static String TYPE_FLOAT = "float";
+  public static String TYPE_BOOLEAN = "boolean";
+  public static String TYPE_DATE = "date";
+  public static String TYPE_TIME = "time";
+  public static String TYPE_DATETIME = "datetime";
+  // other "A/B" value must "A" or "B"
+
+  //lowercase
+  public static String VALUE_BOOLEAN_TRUE = "true";
+  public static String VALUE_BOOLEAN_FALSE = "false";
+
+  // TODO: pattern??
+
+  @NotNull
+  @Column
+  private String name;
+
+  @NotNull
+  @Column
+  private String value;
+
+  @Column
+  private String category;
+
+  @Column
+  private String type;
+
+  public String getName() {
+    return name;
+  }
+
+  public void setName(String name) {
+    this.name = name;
+  }
+
+  public String getValue() {
+    return value;
+  }
+
+  public void setValue(String value) {
+    this.value = value;
+  }
+
+  public String getCategory() {
+    return category;
+  }
+
+  public void setCategory(String category) {
+    this.category = category;
+  }
+
+  public String getType() {
+    return type;
+  }
+
+  public void setType(String type) {
+    this.type = type;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/settings/entity/SettingsRepository.java b/src/main/java/com/ffii/tsms/modules/settings/entity/SettingsRepository.java
new file mode 100644
index 0000000..fdf27ef
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/settings/entity/SettingsRepository.java
@@ -0,0 +1,12 @@
+package com.ffii.tsms.modules.settings.entity;
+
+import java.util.Optional;
+
+import org.springframework.data.repository.query.Param;
+
+import com.ffii.core.support.AbstractRepository;
+
+public interface SettingsRepository extends AbstractRepository<Settings, Long> {
+
+  Optional<Settings> findByName(@Param("name") String name);
+}
diff --git a/src/main/java/com/ffii/tsms/modules/settings/service/SettingsService.java b/src/main/java/com/ffii/tsms/modules/settings/service/SettingsService.java
new file mode 100644
index 0000000..c1a8d19
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/settings/service/SettingsService.java
@@ -0,0 +1,208 @@
+package com.ffii.tsms.modules.settings.service;
+
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeParseException;
+import java.util.Optional;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.ffii.core.exception.InternalServerErrorException;
+import com.ffii.core.support.AbstractIdEntityService;
+import com.ffii.core.support.JdbcDao;
+import com.ffii.tsms.modules.settings.entity.Settings;
+import com.ffii.tsms.modules.settings.entity.SettingsRepository;
+
+
+@Service
+public class SettingsService extends AbstractIdEntityService<Settings, Long, SettingsRepository> {
+
+  public SettingsService(JdbcDao jdbcDao, SettingsRepository repository) {
+    super(jdbcDao, repository);
+  }
+
+  public Optional<Settings> findByName(String name) {
+    return this.repository.findByName(name);
+  }
+
+  public boolean validateType(String type, String value) {
+    if (StringUtils.isBlank(type)) return true;
+
+    if (Settings.TYPE_STRING.equals(type)) return true;
+
+    if (Settings.TYPE_BOOLEAN.equals(type)) {
+      return Settings.VALUE_BOOLEAN_TRUE.equals(value) || Settings.VALUE_BOOLEAN_FALSE.equals(value);
+    }
+
+    if (Settings.TYPE_INT.equals(type)) {
+      try {
+        Integer.parseInt(value);
+        return true;
+      } catch (NumberFormatException e) {
+        return false;
+      }
+    }
+    if (Settings.TYPE_FLOAT.equals(type)) {
+      try {
+        Float.parseFloat(value);
+        return true;
+      } catch (NumberFormatException e) {
+        return false;
+      }
+    }
+    if (Settings.TYPE_DATE.equals(type)) {
+      try {
+        LocalDate.parse(value, DateTimeFormatter.ISO_DATE);
+        return true;
+      } catch (DateTimeParseException e) {
+        return false;
+      }
+    }
+    if (Settings.TYPE_TIME.equals(type)) {
+      try {
+        LocalTime.parse(value, DateTimeFormatter.ISO_TIME);
+        return true;
+      } catch (DateTimeParseException e) {
+        return false;
+      }
+    }
+    if (Settings.TYPE_DATETIME.equals(type)) {
+      try {
+        LocalDateTime.parse(value, DateTimeFormatter.ISO_DATE_TIME);
+        return true;
+      } catch (DateTimeParseException e) {
+        return false;
+      }
+    }
+
+    if (StringUtils.indexOf(type, "/") >= 0) {
+      for (String t : type.split("/")) {
+        if (t.equals(value)) return true;
+      }
+      return false;
+    }
+
+    return false;
+  }
+
+  @Transactional(rollbackFor = Exception.class)
+  public void update(String name, String value) {
+    Settings settings = this.findByName(name)
+        .orElseThrow(InternalServerErrorException::new);
+    if (!validateType(settings.getType(), value)) {
+      throw new InternalServerErrorException();
+    }
+    settings.setValue(value);
+    this.save(settings);
+  }
+
+  @Transactional(rollbackFor = Exception.class)
+  public void update(String name, LocalDate date) {
+    this.update(name, date.format(DateTimeFormatter.ISO_DATE));
+  }
+
+  @Transactional(rollbackFor = Exception.class)
+  public void update(String name, LocalDateTime datetime) {
+    this.update(name, datetime.format(DateTimeFormatter.ISO_DATE_TIME));
+  }
+
+  @Transactional(rollbackFor = Exception.class)
+  public void update(String name, LocalTime time) {
+    this.update(name, time.format(DateTimeFormatter.ISO_TIME));
+  }
+
+  public String getString(String name) {
+    return this.findByName(name)
+        .map(Settings::getValue)
+        .orElseThrow(InternalServerErrorException::new);
+  }
+
+  public int getInt(String name) {
+    return this.findByName(name)
+        .map(Settings::getValue)
+        .map(v -> {
+          try {
+            return Integer.parseInt(v);
+          } catch (final NumberFormatException nfe) {
+            return null;
+          }
+        })
+        .orElseThrow(InternalServerErrorException::new);
+  }
+
+  public double getDouble(String name) {
+    return this.findByName(name)
+        .map(Settings::getValue)
+        .map(v -> {
+          try {
+            return Double.parseDouble(v);
+          } catch (final NumberFormatException nfe) {
+            return null;
+          }
+        })
+        .orElseThrow(InternalServerErrorException::new);
+  }
+
+  public boolean getBoolean(String name) {
+    return this.findByName(name)
+        .map(Settings::getValue)
+        .map(Settings.VALUE_BOOLEAN_TRUE::equals)
+        .orElseThrow(InternalServerErrorException::new);
+  }
+
+  public LocalDate getDate(String name) {
+    return this.getDate(name, DateTimeFormatter.ISO_DATE);
+  }
+
+  private LocalDate getDate(String name, DateTimeFormatter formatter) {
+    return this.findByName(name)
+        .map(Settings::getValue)
+        .map(v -> {
+          try {
+            return LocalDate.parse(v, formatter);
+          } catch (DateTimeParseException e) {
+            return null;
+          }
+        })
+        .orElseThrow(InternalServerErrorException::new);
+  }
+
+  public LocalDateTime getDatetime(String name) {
+    return this.getDatetime(name, DateTimeFormatter.ISO_DATE_TIME);
+  }
+
+  private LocalDateTime getDatetime(String name, DateTimeFormatter formatter) {
+    return this.findByName(name)
+        .map(Settings::getValue)
+        .map(v -> {
+          try {
+            return LocalDateTime.parse(v, formatter);
+          } catch (DateTimeParseException e) {
+            return null;
+          }
+        })
+        .orElseThrow(InternalServerErrorException::new);
+  }
+
+  public LocalTime getTime(String name) {
+    return this.getTime(name, DateTimeFormatter.ISO_TIME);
+  }
+
+  private LocalTime getTime(String name, DateTimeFormatter formatter) {
+    return this.findByName(name)
+        .map(Settings::getValue)
+        .map(v -> {
+          try {
+            return LocalTime.parse(v, formatter);
+          } catch (DateTimeParseException e) {
+            return null;
+          }
+        })
+        .orElseThrow(InternalServerErrorException::new);
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/settings/web/SettingsController.java b/src/main/java/com/ffii/tsms/modules/settings/web/SettingsController.java
new file mode 100644
index 0000000..3a76fcb
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/settings/web/SettingsController.java
@@ -0,0 +1,66 @@
+package com.ffii.tsms.modules.settings.web;
+
+import java.util.List;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.ffii.core.exception.BadRequestException;
+import com.ffii.core.exception.NotFoundException;
+import com.ffii.tsms.modules.settings.entity.Settings;
+import com.ffii.tsms.modules.settings.service.SettingsService;
+
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
+
+@RestController
+@RequestMapping("/settings")
+public class SettingsController{
+
+  private SettingsService settingsService;
+
+  public SettingsController(SettingsService settingsService) {
+    this.settingsService = settingsService;
+  }
+
+  // @Operation(summary = "list system settings")
+  @GetMapping
+  // @PreAuthorize("hasAuthority('ADMIN')")
+  public List<Settings> listAll() {
+    return this.settingsService.listAll();
+  }
+
+  // @Operation(summary = "update system setting")
+  @PatchMapping("/{name}")
+  // @PreAuthorize("hasAuthority('ADMIN')")
+  @ResponseStatus(HttpStatus.NO_CONTENT)
+  public void update(@PathVariable String name, @RequestBody @Valid UpdateReq body) {
+    Settings entity = this.settingsService.findByName(name)
+        .orElseThrow(NotFoundException::new);
+    if (!this.settingsService.validateType(entity.getType(), body.value)) {
+      throw new BadRequestException();
+    }
+
+    entity.setValue(body.value);
+    this.settingsService.save(entity);
+  }
+
+  public static class UpdateReq {
+    @NotBlank
+    private String value;
+
+    public String getValue() {
+      return value;
+    }
+
+    public void setValue(String value) {
+      this.value = value;
+    }
+  }
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/entity/Group.java b/src/main/java/com/ffii/tsms/modules/user/entity/Group.java
new file mode 100644
index 0000000..e6d7bd2
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/entity/Group.java
@@ -0,0 +1,37 @@
+package com.ffii.tsms.modules.user.entity;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+import jakarta.validation.constraints.NotNull;
+
+import com.ffii.core.entity.BaseEntity;
+
+@Entity
+@Table(name = "`group`")
+public class Group extends BaseEntity<Long> {
+
+	@NotNull
+	@Column
+	private String name;
+
+	@Column
+	private String description;
+
+	public String getName() {
+		return name;
+	}
+
+	public void setName(String name) {
+		this.name = name;
+	}
+
+	public String getDescription() {
+		return description;
+	}
+
+	public void setDescription(String description) {
+		this.description = description;
+	}
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/ffii/tsms/modules/user/entity/GroupRepository.java b/src/main/java/com/ffii/tsms/modules/user/entity/GroupRepository.java
new file mode 100644
index 0000000..966f7f8
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/entity/GroupRepository.java
@@ -0,0 +1,6 @@
+package com.ffii.tsms.modules.user.entity;
+
+import com.ffii.core.support.AbstractRepository;
+
+public interface GroupRepository extends AbstractRepository<Group, Long> {
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/entity/User.java b/src/main/java/com/ffii/tsms/modules/user/entity/User.java
new file mode 100644
index 0000000..e319e6f
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/entity/User.java
@@ -0,0 +1,254 @@
+package com.ffii.tsms.modules.user.entity;
+
+import java.time.LocalDate;
+import java.util.Collection;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+import jakarta.persistence.Transient;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.ffii.core.entity.BaseEntity;
+
+/** @author Terence */
+@Entity
+@Table(name = "user")
+public class User extends BaseEntity<Long> implements UserDetails {
+
+	@NotBlank
+	@Column(unique = true)
+	private String username;
+
+	@JsonIgnore
+	@NotBlank
+	@Column
+	private String password;
+
+	// @NotNull
+	@Column
+	private Boolean locked = Boolean.FALSE;
+
+	@NotBlank
+	@Column
+	private String name;
+
+	@Column
+	private LocalDate expiryDate;
+
+	@JsonIgnore
+	@Transient
+	private Collection<GrantedAuthority> authorities;
+
+	@Column
+	private String locale;
+
+	@Column
+	private String fullname;
+
+	@Column
+	private String firstname;
+
+	@Column
+	private String lastname;
+
+	@Column
+	private String department;
+
+	@Column
+	private String title;
+
+	@Column
+	private String email;
+
+	@Column
+	private String phone1;
+
+	@Column
+	private String phone2;
+
+	@Column
+	private String remarks;
+
+	@Column
+	private boolean lotusNotesUser = false;
+
+	public boolean isLocked() {
+		return this.locked == null ? false : this.locked;
+	}
+
+	// getter & setter
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	public Boolean getLocked() {
+		return locked;
+	}
+
+	public void setLocked(Boolean locked) {
+		this.locked = locked;
+	}
+
+	public String getName() {
+		return name;
+	}
+
+	public void setName(String name) {
+		this.name = name;
+	}
+
+	public LocalDate getExpiryDate() {
+		return expiryDate;
+	}
+
+	public void setExpiryDate(LocalDate expiryDate) {
+		this.expiryDate = expiryDate;
+	}
+
+	public void setAuthorities(Collection<GrantedAuthority> authorities) {
+		this.authorities = authorities;
+	}
+
+	public String getLocale() {
+		return locale;
+	}
+
+	public void setLocale(String locale) {
+		this.locale = locale;
+	}
+
+	public String getFullname() {
+		return fullname;
+	}
+
+	public void setFullname(String fullname) {
+		this.fullname = fullname;
+	}
+
+	public String getFirstname() {
+		return firstname;
+	}
+
+	public void setFirstname(String firstname) {
+		this.firstname = firstname;
+	}
+
+	public String getLastname() {
+		return lastname;
+	}
+
+	public void setLastname(String lastname) {
+		this.lastname = lastname;
+	}
+
+	public String getTitle() {
+		return title;
+	}
+
+	public void setTitle(String title) {
+		this.title = title;
+	}
+
+	public String getEmail() {
+		return email;
+	}
+
+	public void setEmail(String email) {
+		this.email = email;
+	}
+
+	public String getPhone1() {
+		return phone1;
+	}
+
+	public void setPhone1(String phone1) {
+		this.phone1 = phone1;
+	}
+
+	public String getPhone2() {
+		return phone2;
+	}
+
+	public void setPhone2(String phone2) {
+		this.phone2 = phone2;
+	}
+
+	public String getRemarks() {
+		return remarks;
+	}
+
+	public void setRemarks(String remarks) {
+		this.remarks = remarks;
+	}
+
+	// override
+
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return this.authorities;
+	}
+
+	@Override
+	public String getPassword() {
+		return this.password;
+	}
+
+	@Override
+	public String getUsername() {
+		return this.username;
+	}
+
+	@Override
+	public boolean isAccountNonExpired() {
+		return this.getExpiryDate() == null || this.getExpiryDate().isAfter(LocalDate.now());
+	}
+
+	@Override
+	public boolean isAccountNonLocked() {
+		return !this.isLocked();
+	}
+
+	@JsonIgnore
+	@Override
+	public boolean isCredentialsNonExpired() {
+		return true;
+	}
+
+	@JsonIgnore
+	@Override
+	public boolean isEnabled() {
+		return true;
+	}
+
+	public String getDepartment() {
+		return department;
+	}
+
+	public void setDepartment(String department) {
+		this.department = department;
+	}
+
+	public boolean isLotusNotesUser() {
+		return this.lotusNotesUser;
+	}
+
+	public boolean getLotusNotesUser() {
+		return this.lotusNotesUser;
+	}
+
+	public void setLotusNotesUser(boolean lotusNotesUser) {
+		this.lotusNotesUser = lotusNotesUser;
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java b/src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java
new file mode 100644
index 0000000..1abe93e
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/entity/UserRepository.java
@@ -0,0 +1,15 @@
+package com.ffii.tsms.modules.user.entity;
+
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.data.repository.query.Param;
+
+import com.ffii.core.support.AbstractRepository;
+
+public interface UserRepository extends AbstractRepository<User, Long> {
+
+  List<User> findByName(@Param("name") String name);
+
+  Optional<User> 	findByUsernameAndDeletedFalse(String username);
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/req/NewPublicUserReq.java b/src/main/java/com/ffii/tsms/modules/user/req/NewPublicUserReq.java
new file mode 100644
index 0000000..076573d
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/req/NewPublicUserReq.java
@@ -0,0 +1,29 @@
+package com.ffii.tsms.modules.user.req;
+
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
+
+/** @author Alex */
+public class NewPublicUserReq extends UpdateUserReq {
+
+	@Size(max = 30)
+	@Pattern(regexp = "^[A-Za-z0-9]+$")
+	private String username;
+	private String password;
+
+	public String getUsername() {
+		return username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	public String getPassword() {
+		return this.password;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/req/NewUserReq.java b/src/main/java/com/ffii/tsms/modules/user/req/NewUserReq.java
new file mode 100644
index 0000000..53f5429
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/req/NewUserReq.java
@@ -0,0 +1,21 @@
+package com.ffii.tsms.modules.user.req;
+
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
+
+/** @author Alex */
+public class NewUserReq extends UpdateUserReq {
+
+	@Size(max = 30)
+	@Pattern(regexp = "^[A-Za-z0-9]+$")
+	private String username;
+
+	public String getUsername() {
+		return username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/req/SaveGroupReq.java b/src/main/java/com/ffii/tsms/modules/user/req/SaveGroupReq.java
new file mode 100644
index 0000000..c2517a8
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/req/SaveGroupReq.java
@@ -0,0 +1,80 @@
+package com.ffii.tsms.modules.user.req;
+
+import java.util.List;
+
+import jakarta.validation.constraints.NotNull;
+
+public class SaveGroupReq {
+  private Long id;
+
+  @NotNull
+  private String name;
+  private String description;
+
+  @NotNull
+  private List<Long> addUserIds;
+  @NotNull
+  private List<Long> removeUserIds;
+
+  @NotNull
+  private List<Long> addAuthIds;
+  @NotNull
+  private List<Long> removeAuthIds;
+
+  public Long getId() {
+    return id;
+  }
+
+  public void setId(Long id) {
+    this.id = id;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public void setName(String name) {
+    this.name = name;
+  }
+
+  public String getDescription() {
+    return description;
+  }
+
+  public void setDescription(String description) {
+    this.description = description;
+  }
+
+  public List<Long> getAddUserIds() {
+    return addUserIds;
+  }
+
+  public void setAddUserIds(List<Long> addUserIds) {
+    this.addUserIds = addUserIds;
+  }
+
+  public List<Long> getRemoveUserIds() {
+    return removeUserIds;
+  }
+
+  public void setRemoveUserIds(List<Long> removeUserIds) {
+    this.removeUserIds = removeUserIds;
+  }
+
+  public List<Long> getAddAuthIds() {
+    return addAuthIds;
+  }
+
+  public void setAddAuthIds(List<Long> addAuthIds) {
+    this.addAuthIds = addAuthIds;
+  }
+
+  public List<Long> getRemoveAuthIds() {
+    return removeAuthIds;
+  }
+
+  public void setRemoveAuthIds(List<Long> removeAuthIds) {
+    this.removeAuthIds = removeAuthIds;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/req/SearchUserReq.java b/src/main/java/com/ffii/tsms/modules/user/req/SearchUserReq.java
new file mode 100644
index 0000000..bf5dd59
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/req/SearchUserReq.java
@@ -0,0 +1,69 @@
+package com.ffii.tsms.modules.user.req;
+
+public class SearchUserReq {
+  private Integer id;
+  private Integer groupId;
+  private String username;
+  private String name;
+  private Boolean locked;
+
+  private Integer start;
+  private Integer limit;
+
+  public Integer getId() {
+    return id;
+  }
+
+  public void setId(Integer id) {
+    this.id = id;
+  }
+
+  public Integer getGroupId() {
+    return groupId;
+  }
+
+  public void setGroupId(Integer groupId) {
+    this.groupId = groupId;
+  }
+
+  public String getUsername() {
+    return username;
+  }
+
+  public void setUsername(String username) {
+    this.username = username;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public void setName(String name) {
+    this.name = name;
+  }
+
+  public Integer getStart() {
+    return start;
+  }
+
+  public void setStart(Integer start) {
+    this.start = start;
+  }
+
+  public Integer getLimit() {
+    return limit;
+  }
+
+  public void setLimit(Integer limit) {
+    this.limit = limit;
+  }
+
+  public Boolean getLocked() {
+    return locked;
+  }
+
+  public void setLocked(Boolean locked) {
+    this.locked = locked;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/req/UpdateUserReq.java b/src/main/java/com/ffii/tsms/modules/user/req/UpdateUserReq.java
new file mode 100644
index 0000000..531eba6
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/req/UpdateUserReq.java
@@ -0,0 +1,151 @@
+package com.ffii.tsms.modules.user.req;
+
+import java.time.LocalDate;
+import java.util.List;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+/** @author Alex */
+public class UpdateUserReq {
+
+	@NotNull
+	private Boolean locked;
+
+	@Size(max = 90)
+	@NotBlank
+	private String name;
+
+	private String firstname;
+	private String lastname;
+	private LocalDate expiryDate;
+	private String locale;
+	private String remarks;
+
+	@NotBlank
+	@Email
+	private String email;
+	@NotBlank
+	private String department;
+
+	// @NotNull
+	private List<Integer> addGroupIds;
+	// @NotNull
+	private List<Integer> removeGroupIds;
+
+	// @NotNull
+	private List<Integer> addAuthIds;
+	// @NotNull
+	private List<Integer> removeAuthIds;
+
+	public Boolean getLocked() {
+		return locked;
+	}
+
+	public void setLocked(Boolean locked) {
+		this.locked = locked;
+	}
+
+	public String getName() {
+		return name;
+	}
+
+	public void setName(String name) {
+		this.name = name;
+	}
+
+	public LocalDate getExpiryDate() {
+		return expiryDate;
+	}
+
+	public void setExpiryDate(LocalDate expiryDate) {
+		this.expiryDate = expiryDate;
+	}
+
+	public String getFirstname() {
+		return firstname;
+	}
+
+	public void setFirstName(String firstname) {
+		this.firstname = firstname;
+	}
+
+	public String getLastname() {
+		return lastname;
+	}
+
+	public void setLastname(String lastname) {
+		this.lastname = lastname;
+	}
+
+	public String getLocale() {
+		return locale;
+	}
+
+	public void setLocale(String locale) {
+		this.locale = locale;
+	}
+
+	public void setFirstname(String firstname) {
+		this.firstname = firstname;
+	}
+
+	public List<Integer> getAddGroupIds() {
+		return addGroupIds;
+	}
+
+	public void setAddGroupIds(List<Integer> addGroupIds) {
+		this.addGroupIds = addGroupIds;
+	}
+
+	public List<Integer> getRemoveGroupIds() {
+		return removeGroupIds;
+	}
+
+	public void setRemoveGroupIds(List<Integer> removeGroupIds) {
+		this.removeGroupIds = removeGroupIds;
+	}
+
+	public List<Integer> getAddAuthIds() {
+		return addAuthIds;
+	}
+
+	public void setAddAuthIds(List<Integer> addAuthIds) {
+		this.addAuthIds = addAuthIds;
+	}
+
+	public List<Integer> getRemoveAuthIds() {
+		return removeAuthIds;
+	}
+
+	public void setRemoveAuthIds(List<Integer> removeAuthIds) {
+		this.removeAuthIds = removeAuthIds;
+	}
+
+	public String getRemarks() {
+		return remarks;
+	}
+
+	public void setRemarks(String remarks) {
+		this.remarks = remarks;
+	}
+
+	public String getEmail() {
+		return email;
+	}
+
+	public void setEmail(String email) {
+		this.email = email;
+	}
+
+	public String getDepartment() {
+		return department;
+	}
+
+	public void setDepartment(String department) {
+		this.department = department;
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/service/GroupService.java b/src/main/java/com/ffii/tsms/modules/user/service/GroupService.java
new file mode 100644
index 0000000..f7cc523
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/service/GroupService.java
@@ -0,0 +1,176 @@
+package com.ffii.tsms.modules.user.service;
+
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.ffii.core.exception.NotFoundException;
+import com.ffii.core.support.AbstractBaseEntityService;
+import com.ffii.core.support.JdbcDao;
+import com.ffii.core.utils.JsonUtils;
+import com.ffii.core.utils.Params;
+import com.ffii.tsms.modules.common.SecurityUtils;
+import com.ffii.tsms.modules.common.service.AuditLogService;
+import com.ffii.tsms.modules.user.entity.Group;
+import com.ffii.tsms.modules.user.entity.GroupRepository;
+import com.ffii.tsms.modules.user.req.SaveGroupReq;
+
+import jakarta.persistence.Table;
+import jakarta.validation.Valid;
+
+
+@Service
+public class GroupService extends AbstractBaseEntityService<Group, Long, GroupRepository> {
+
+	@Autowired
+	private AuditLogService auditLogService;
+
+	public GroupService(JdbcDao jdbcDao, GroupRepository repository) {
+		super(jdbcDao, repository);
+	}
+
+	public List<Map<String, Object>> search(Map<String, Object> args) {
+		StringBuilder sql = new StringBuilder("SELECT"
+				+ " g.*"
+				+ " FROM `group` g"
+				+ " WHERE g.deleted = FALSE");
+
+		if (args != null) {
+			if (args.containsKey(Params.QUERY)) sql.append(" AND (g.name LIKE :query)");
+			if (args.containsKey(Params.ID)) sql.append(" AND g.id = :id");
+			if (args.containsKey(Params.NAME)) sql.append(" AND g.name LIKE :name");
+		}
+
+		sql.append(" ORDER BY g.name");
+
+		return jdbcDao.queryForList(sql.toString(), args);
+	}
+
+	public List<Map<String, Object>> searchForCombo(Map<String, Object> args) {
+		StringBuilder sql = new StringBuilder("SELECT"
+				+ " g.id,"
+				+ " g.name"
+				+ " FROM `group` g"
+				+ " WHERE g.deleted = FALSE");
+
+		if (args != null) {
+			if (args.containsKey(Params.QUERY)) sql.append(" AND (g.name LIKE :query)");
+			if (args.containsKey(Params.ID)) sql.append(" AND g.id = :id");
+		}
+
+		sql.append(" ORDER BY g.name");
+
+		return jdbcDao.queryForList(sql.toString(), args);
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public void delete(Group instance) {
+		Map<String, Object> args = Map.of("groupId", instance.getId());
+		jdbcDao.executeUpdate("DELETE FROM user_group WHERE groupId = :groupId;", args);
+		jdbcDao.executeUpdate("DELETE FROM group_authority WHERE groupId = :groupId;", args);
+		markDelete(instance);
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public Group saveOrUpdate(@Valid SaveGroupReq req ) {
+		Group instance;
+
+		if (req.getId() != null) {
+			instance = find(req.getId()).orElseThrow(NotFoundException::new);
+		} else {
+			instance = new Group();
+		}
+		BeanUtils.copyProperties(req, instance);
+
+		String tableName = instance.getClass().getAnnotation(Table.class).name();
+		StringBuilder sql = new StringBuilder("SELECT * FROM " + tableName + " WHERE id = :id");
+		String oldValueJson = null;
+		String newValueJson = null;
+
+		if (instance != null && instance.getId() != null && instance.getId() > 0) {
+			oldValueJson = JsonUtils.toJsonString(jdbcDao.queryForMap(sql.toString(), Map.of("id", instance.getId())).orElseThrow(NotFoundException::new));
+		}
+		
+		instance = saveAndFlush(instance);
+		Long id = instance.getId();
+
+		List<Map<String, Long>> userBatchInsertValues = req.getAddUserIds().stream()
+				.map(userId -> Map.of("groupId", id, "userId", userId))
+				.collect(Collectors.toList());
+		List<Map<String, Long>> userBatchDeleteValues = req.getRemoveUserIds().stream()
+				.map(userId -> Map.of("groupId", id, "userId", userId))
+				.collect(Collectors.toList());
+
+		if (!userBatchInsertValues.isEmpty()) {
+			jdbcDao.batchUpdate(
+					"INSERT IGNORE INTO user_group (groupId,userId)"
+							+ " VALUES (:groupId, :userId)",
+					userBatchInsertValues);
+		}
+		if (!userBatchDeleteValues.isEmpty()) {
+			jdbcDao.batchUpdate(
+					"DELETE FROM user_group"
+							+ " WHERE groupId = :groupId AND userId = :userId",
+					userBatchDeleteValues);
+		}
+
+		List<Map<String, Long>> authBatchInsertValues = req.getAddAuthIds().stream()
+				.map(authId -> Map.of("groupId", id, "authId", authId))
+				.collect(Collectors.toList());
+		List<Map<String, Long>> authBatchDeleteValues = req.getRemoveAuthIds().stream()
+				.map(authId -> Map.of("groupId", id, "authId", authId))
+				.collect(Collectors.toList());
+
+		if (!authBatchInsertValues.isEmpty()) {
+			jdbcDao.batchUpdate(
+					"INSERT IGNORE INTO group_authority (groupId, authId)"
+							+ " VALUES (:groupId, :authId)",
+					authBatchInsertValues);
+		}
+		if (!authBatchDeleteValues.isEmpty()) {
+			jdbcDao.batchUpdate(
+					"DELETE FROM group_authority"
+							+ " WHERE groupId = :groupId AND authId = :authId",
+					authBatchDeleteValues);
+		}
+
+		if (instance != null && instance.getId() != null && instance.getId() > 0) {
+			newValueJson = JsonUtils.toJsonString(jdbcDao.queryForMap(sql.toString(), Map.of("id", instance.getId())).orElseThrow(NotFoundException::new));
+		}
+
+		auditLogService.save(
+				tableName,
+				id,
+				SecurityUtils.getUser() != null ? SecurityUtils.getUser().get().getId() : null,
+				new Date(),
+				oldValueJson,
+				newValueJson);
+		return instance;
+	}
+
+	public List<Integer> listGroupAuthId(Long id) {
+		return jdbcDao.queryForInts(
+				"SELECT"
+						+ " ga.authId"
+						+ " FROM group_authority ga"
+						+ " WHERE ga.groupId = :id",
+				Map.of(Params.ID, id));
+	}
+
+	public List<Integer> listGroupUserId(Long id) {
+		return jdbcDao.queryForInts(
+				"SELECT"
+						+ " gu.userId"
+						+ " FROM user_group gu"
+						+ " INNER JOIN user u ON u.deleted = FALSE AND gu.userId = u.id"
+						+ " WHERE gu.groupId = :id",
+				Map.of(Params.ID, id));
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/service/UserAuthorityService.java b/src/main/java/com/ffii/tsms/modules/user/service/UserAuthorityService.java
new file mode 100644
index 0000000..6d2e4f7
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/service/UserAuthorityService.java
@@ -0,0 +1,48 @@
+package com.ffii.tsms.modules.user.service;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.ffii.core.support.AbstractService;
+import com.ffii.core.support.JdbcDao;
+import com.ffii.tsms.modules.user.entity.User;
+
+@Service
+public class UserAuthorityService extends AbstractService {
+  private static final String USER_AUTH_SQL = "SELECT a.authority"
+      + " FROM `user` u"
+      + " JOIN user_authority ua ON ua.userId = u.id"
+      + " JOIN authority a ON a.id = ua.authId"
+      + " WHERE u.deleted = 0"
+      + " AND u.id = :userId";
+  private static final String UNION_SQL = " UNION ";
+  private static final String GROUP_AUTH_SQL = "SELECT a.authority"
+      + " FROM `user` u"
+      + " JOIN user_group ug ON ug.userId = u.id"
+      + " JOIN `group` g ON g.deleted = 0 AND g.id = ug.groupId"
+      + " JOIN group_authority ga ON ga.groupId = g.id"
+      + " JOIN authority a ON a.id = ga.authId"
+      + " WHERE u.deleted = 0"
+      + " AND u.id = :userId";
+
+  public UserAuthorityService(JdbcDao jdbcDao) {
+    super(jdbcDao);
+  }
+
+  @Transactional(rollbackFor = Exception.class)
+  public Set<SimpleGrantedAuthority> getUserAuthority(User user) {
+    Set<SimpleGrantedAuthority> auths = new HashSet<>();
+    List<Map<String, Object>> records = jdbcDao.queryForList(USER_AUTH_SQL + UNION_SQL + GROUP_AUTH_SQL,
+        Map.of("userId", user.getId()));
+
+    records.forEach(item -> auths.add(new SimpleGrantedAuthority((String) item.get("authority"))));
+    return auths;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/service/UserService.java b/src/main/java/com/ffii/tsms/modules/user/service/UserService.java
new file mode 100644
index 0000000..3bb0e39
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/service/UserService.java
@@ -0,0 +1,269 @@
+package com.ffii.tsms.modules.user.service;
+
+import java.io.UnsupportedEncodingException;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.LocaleUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.ffii.core.exception.NotFoundException;
+import com.ffii.core.exception.UnprocessableEntityException;
+import com.ffii.core.support.AbstractBaseEntityService;
+import com.ffii.core.support.JdbcDao;
+import com.ffii.core.utils.Params;
+import com.ffii.core.utils.PasswordUtils;
+import com.ffii.tsms.modules.common.ErrorCodes;
+import com.ffii.tsms.modules.common.PasswordRule;
+import com.ffii.tsms.modules.settings.service.SettingsService;
+import com.ffii.tsms.modules.user.entity.User;
+import com.ffii.tsms.modules.user.entity.UserRepository;
+import com.ffii.tsms.modules.user.req.NewPublicUserReq;
+import com.ffii.tsms.modules.user.req.NewUserReq;
+import com.ffii.tsms.modules.user.req.SearchUserReq;
+import com.ffii.tsms.modules.user.req.UpdateUserReq;
+import com.ffii.tsms.modules.user.service.pojo.UserRecord;
+
+import jakarta.mail.internet.InternetAddress;
+
+@Service
+public class UserService extends AbstractBaseEntityService<User, Long, UserRepository> {
+	private static final String USER_AUTH_SQL = "SELECT a.authority"
+			+ " FROM `user` u"
+			+ " JOIN user_authority ua ON ua.userId = u.id"
+			+ " JOIN authority a ON a.id = ua.authId"
+			+ " WHERE u.deleted = 0"
+			+ " AND u.id = :userId";
+	private static final String UNION_SQL = " UNION ";
+	private static final String GROUP_AUTH_SQL = "SELECT a.authority"
+			+ " FROM `user` u"
+			+ " JOIN user_group ug ON ug.userId = u.id"
+			+ " JOIN `group` g ON g.deleted = 0 AND g.id = ug.groupId"
+			+ " JOIN group_authority ga ON ga.groupId = g.id"
+			+ " JOIN authority a ON a.id = ga.authId"
+			+ " WHERE u.deleted = 0"
+			+ " AND u.id = :userId";
+
+	@Autowired
+	private SettingsService settingsService;
+	@Autowired
+	private PasswordEncoder passwordEncoder;
+
+	@Autowired
+	UserRepository userRepository;
+
+	public UserService(JdbcDao jdbcDao, UserRepository userRepository) {
+		super(jdbcDao, userRepository);
+	}
+
+	public Optional<User> loadUserOptByUsername(String username) {
+		return findByUsername(username)
+				.map(user -> {
+					Set<GrantedAuthority> auths = new LinkedHashSet<GrantedAuthority>();
+					auths.add(new SimpleGrantedAuthority("ROLE_USER"));
+					jdbcDao.queryForList(USER_AUTH_SQL + UNION_SQL + GROUP_AUTH_SQL, Map.of("userId", user.getId()))
+							.forEach(item -> auths.add(new SimpleGrantedAuthority((String) item.get("authority"))));
+
+					user.setAuthorities(auths);
+					return user;
+				});
+	}
+
+	public Optional<User> findByUsername(String username) {
+		return userRepository.findByUsernameAndDeletedFalse(username);
+	}
+
+	// @Transactional(rollbackFor = Exception.class)
+	public List<UserRecord> search(SearchUserReq req) {
+		StringBuilder sql = new StringBuilder("SELECT"
+				+ " u.id,"
+				+ " u.created,"
+				+ " u.createdBy,"
+				+ " u.version,"
+				+ " u.modified,"
+				+ " u.modifiedBy,"
+				+ " u.username,"
+				+ " u.locked,"
+				+ " u.name,"
+				+ " u.locale,"
+				+ " u.firstname,"
+				+ " u.lastname,"
+				+ " u.title,"
+				+ " u.department,"
+				+ " u.email,"
+				+ " u.phone1,"
+				+ " u.phone2,"
+				+ " u.remarks "
+				+ " FROM `user` u"
+				+ " left join user_group ug on u.id = ug.userId"
+				+ " where u.deleted = false");
+
+		if (req != null) {
+			if (req.getId() != null)
+				sql.append(" AND u.id = :id");
+
+			if (req.getGroupId() != null)
+				sql.append(" AND ug.groupId = :groupId");
+			if (StringUtils.isNotBlank(req.getUsername())) {
+				req.setUsername("%" + req.getUsername() + "%");
+				sql.append(" AND u.username LIKE :username");
+			}
+			if (StringUtils.isNotBlank(req.getName())) {
+				req.setName("%" + req.getName() + "%");
+				sql.append(" AND u.name LIKE :name");
+			}
+			if (req.getLocked() != null) {
+				sql.append(" AND u.locked = :locked");
+			}
+		}
+		sql.append(" ORDER BY u.name");
+
+		if (req != null) {
+			if (req.getStart() != null && req.getLimit() != null)
+				sql.append(" LIMIT :start, :limit");
+		}
+
+		return jdbcDao.queryForList(sql.toString(), req, UserRecord.class);
+	}
+
+	public List<Integer> listUserAuthId(long id) {
+		return jdbcDao.queryForInts(
+				"SELECT"
+						+ " ua.authId"
+						+ " FROM user_authority ua"
+						+ " WHERE ua.userId = :id",
+				Map.of(Params.ID, id));
+	}
+
+	public List<Integer> listUserGroupId(long id) {
+		return jdbcDao.queryForInts(
+				"SELECT"
+						+ " gu.groupId"
+						+ " FROM user_group gu"
+						+ " INNER JOIN `group` g ON g.deleted = FALSE AND g.id = gu.groupId"
+						+ " WHERE gu.userId = :id",
+				Map.of(Params.ID, id));
+	}
+
+	private User saveOrUpdate(User instance, UpdateUserReq req) {
+	
+		if (instance.getId() == null){
+			req.setLocked(false);
+		}
+		BeanUtils.copyProperties(req,instance);
+		instance = save(instance);
+		// long id = instance.getId();
+
+		// List<Map<String, Integer>> groupBatchInsertValues = req.getAddGroupIds().stream()
+		// 		.map(groupId -> Map.of("userId", (int) id, "groupId", groupId))
+		// 		.collect(Collectors.toList());
+		// List<Map<String, Integer>> groupBatchDeleteValues = req.getRemoveGroupIds().stream()
+		// 		.map(groupId -> Map.of("userId", (int) id, "groupId", groupId))
+		// 		.collect(Collectors.toList());
+
+		// if (!groupBatchInsertValues.isEmpty()) {
+		// 	jdbcDao.batchUpdate(
+		// 			"INSERT IGNORE INTO user_group (groupId,userId)"
+		// 					+ " VALUES (:groupId, :userId)",
+		// 			groupBatchInsertValues);
+		// }
+		// if (!groupBatchDeleteValues.isEmpty()) {
+		// 	jdbcDao.batchUpdate(
+		// 			"DELETE FROM user_group"
+		// 					+ " WHERE groupId = :groupId AND userId = :userId",
+		// 			groupBatchDeleteValues);
+		// }
+
+		// List<Map<String, Integer>> authBatchInsertValues = req.getAddAuthIds().stream()
+		// 		.map(authId -> Map.of("userId", (int)id, "authId", authId))
+		// 		.collect(Collectors.toList());
+		// List<Map<String, Integer>> authBatchDeleteValues = req.getRemoveAuthIds().stream()
+		// 		.map(authId -> Map.of("userId", (int)id, "authId", authId))
+		// 		.collect(Collectors.toList());
+		// if (!authBatchInsertValues.isEmpty()) {
+		// 	jdbcDao.batchUpdate(
+		// 			"INSERT IGNORE INTO user_authority (userId, authId)"
+		// 					+ " VALUES (:userId, :authId)",
+		// 			authBatchInsertValues);
+		// }
+
+		// if (!authBatchDeleteValues.isEmpty()) {
+		// 	jdbcDao.batchUpdate(
+		// 			"DELETE FROM user_authority"
+		// 					+ " WHERE userId = :userId AND authId = :authId",
+		// 			authBatchDeleteValues);
+		// }
+		return instance;
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public User newRecord(NewUserReq req) throws UnsupportedEncodingException {
+		if (findByUsername(req.getUsername()).isPresent()) {
+			throw new UnprocessableEntityException(ErrorCodes.USERNAME_NOT_AVAILABLE);
+		}
+
+		String randomPassword = PasswordUtils.genPwd(new PasswordRule(settingsService));
+		String pwdHash = passwordEncoder.encode(randomPassword);
+
+		User instance = new User();
+		instance.setPassword(pwdHash);
+		instance = saveOrUpdate(instance, req);
+		
+		// Locale locale = instance.getLocale() != null ? LocaleUtils.from(instance.getLocale()) : Locale.ENGLISH;
+		// mailService.send(
+		// 		MailRequest.builder()
+		// 				.subject(messageSource.getMessage("USER.newAc.subject", null, locale))
+		// 				.template("mail/newUser")
+		// 				.args(Map.of("username", instance.getUsername(), "password", StringEscapeUtils.escapeHtml4(randomPassword)))
+		// 				.addTo(new InternetAddress(instance.getEmail(), instance.getName()))
+		// 				.build(),
+		// 		locale);
+		return instance;
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public User newPublicUserRecord(NewPublicUserReq req) throws UnsupportedEncodingException {
+		if (findByUsername(req.getUsername()).isPresent()) {
+			throw new UnprocessableEntityException(ErrorCodes.USERNAME_NOT_AVAILABLE);
+		}
+
+		String submitedPassword = req.getPassword();
+		String pwdHash = passwordEncoder.encode(submitedPassword);
+		req.setPassword(pwdHash);
+		User instance = new User();
+
+		instance = saveOrUpdate(instance, req);
+		return instance;
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public void updateRecord(long id, UpdateUserReq req) {
+		saveOrUpdate(
+				find(id).orElseThrow(NotFoundException::new),
+				req);
+	}
+
+	@Transactional(rollbackFor = Exception.class)
+	public String resetPassword(long id) throws UnsupportedEncodingException {
+		User instance = find(id).orElseThrow(NotFoundException::new);
+		String randomPassword = PasswordUtils.genPwd(new PasswordRule(settingsService));
+
+		instance.setPassword(passwordEncoder.encode(randomPassword));
+		instance = save(instance);
+		return randomPassword;
+	}
+
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/service/pojo/AuthRecord.java b/src/main/java/com/ffii/tsms/modules/user/service/pojo/AuthRecord.java
new file mode 100644
index 0000000..33ad0b5
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/service/pojo/AuthRecord.java
@@ -0,0 +1,41 @@
+package com.ffii.tsms.modules.user.service.pojo;
+
+public class AuthRecord {
+  private Integer id;
+  private String module;
+  private String authority;
+  private String name;
+
+  public Integer getId() {
+    return id;
+  }
+
+  public void setId(Integer id) {
+    this.id = id;
+  }
+
+  public String getModule() {
+    return module;
+  }
+
+  public void setModule(String module) {
+    this.module = module;
+  }
+
+  public String getAuthority() {
+    return authority;
+  }
+
+  public void setAuthority(String authority) {
+    this.authority = authority;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public void setName(String name) {
+    this.name = name;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/service/pojo/UserRecord.java b/src/main/java/com/ffii/tsms/modules/user/service/pojo/UserRecord.java
new file mode 100644
index 0000000..6af65aa
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/service/pojo/UserRecord.java
@@ -0,0 +1,155 @@
+package com.ffii.tsms.modules.user.service.pojo;
+
+import java.time.LocalDateTime;
+
+public class UserRecord {
+  private Integer id;
+  private LocalDateTime created;
+  private String createdBy;
+  private String modified;
+  private String modifiedBy;
+  private String username;
+  private Boolean locked;
+  private String name;
+  private Integer companyId;
+  private Integer customerId;
+  private String locale;
+  private String fullname;
+  private String firstname;
+  private String lastname;
+  private String title;
+  private String department;
+  private String deptId;
+  private String email;
+  private String phone1;
+  private String phone2;
+  private String remarks;
+
+  public Integer getId() {
+    return id;
+  }
+  public void setId(Integer id) {
+    this.id = id;
+  }
+  public LocalDateTime getCreated() {
+    return created;
+  }
+  public void setCreated(LocalDateTime created) {
+    this.created = created;
+  }
+  public String getCreatedBy() {
+    return createdBy;
+  }
+  public void setCreatedBy(String createdBy) {
+    this.createdBy = createdBy;
+  }
+  public String getModified() {
+    return modified;
+  }
+  public void setModified(String modified) {
+    this.modified = modified;
+  }
+  public String getModifiedBy() {
+    return modifiedBy;
+  }
+  public void setModifiedBy(String modifiedBy) {
+    this.modifiedBy = modifiedBy;
+  }
+  public String getUsername() {
+    return username;
+  }
+  public void setUsername(String username) {
+    this.username = username;
+  }
+  public Boolean getLocked() {
+    return locked;
+  }
+  public void setLocked(Boolean locked) {
+    this.locked = locked;
+  }
+  public String getName() {
+    return name;
+  }
+  public void setName(String name) {
+    this.name = name;
+  }
+  public Integer getCompanyId() {
+    return companyId;
+  }
+  public void setCompanyId(Integer companyId) {
+    this.companyId = companyId;
+  }
+  public Integer getCustomerId() {
+    return customerId;
+  }
+  public void setCustomerId(Integer customerId) {
+    this.customerId = customerId;
+  }
+  public String getLocale() {
+    return locale;
+  }
+  public void setLocale(String locale) {
+    this.locale = locale;
+  }
+  public String getFullname() {
+    return fullname;
+  }
+  public void setFullname(String fullname) {
+    this.fullname = fullname;
+  }
+  public String getFirstname() {
+    return firstname;
+  }
+  public void setFirstname(String firstname) {
+    this.firstname = firstname;
+  }
+  public String getLastname() {
+    return lastname;
+  }
+  public void setLastname(String lastname) {
+    this.lastname = lastname;
+  }
+  public String getTitle() {
+    return title;
+  }
+  public void setTitle(String title) {
+    this.title = title;
+  }
+  public String getDepartment() {
+    return department;
+  }
+  public void setDepartment(String department) {
+    this.department = department;
+  }
+  public String getDeptId() {
+    return deptId;
+  }
+  public void setDeptId(String deptId) {
+    this.deptId = deptId;
+  }
+  public String getEmail() {
+    return email;
+  }
+  public void setEmail(String email) {
+    this.email = email;
+  }
+  public String getPhone1() {
+    return phone1;
+  }
+  public void setPhone1(String phone1) {
+    this.phone1 = phone1;
+  }
+  public String getPhone2() {
+    return phone2;
+  }
+  public void setPhone2(String phone2) {
+    this.phone2 = phone2;
+  }
+  public String getRemarks() {
+    return remarks;
+  }
+  public void setRemarks(String remarks) {
+    this.remarks = remarks;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/service/res/LoadUserRes.java b/src/main/java/com/ffii/tsms/modules/user/service/res/LoadUserRes.java
new file mode 100644
index 0000000..c2a47c6
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/service/res/LoadUserRes.java
@@ -0,0 +1,45 @@
+package com.ffii.tsms.modules.user.service.res;
+
+import java.util.List;
+
+import com.ffii.tsms.modules.user.entity.User;
+
+public class LoadUserRes {
+  private User data;
+  private List<Integer> authIds;
+  private List<Integer> groupIds;
+
+  public LoadUserRes() {
+  }
+
+  public LoadUserRes(User data, List<Integer> authIds, List<Integer> groupIds) {
+    this.data = data;
+    this.authIds = authIds;
+    this.groupIds = groupIds;
+  }
+
+  public User getData() {
+    return data;
+  }
+
+  public void setData(User data) {
+    this.data = data;
+  }
+
+  public List<Integer> getAuthIds() {
+    return authIds;
+  }
+
+  public void setAuthIds(List<Integer> authIds) {
+    this.authIds = authIds;
+  }
+
+  public List<Integer> getGroupIds() {
+    return groupIds;
+  }
+
+  public void setGroupIds(List<Integer> groupIds) {
+    this.groupIds = groupIds;
+  }
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/web/GroupController.java b/src/main/java/com/ffii/tsms/modules/user/web/GroupController.java
new file mode 100644
index 0000000..89752b4
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/web/GroupController.java
@@ -0,0 +1,80 @@
+package com.ffii.tsms.modules.user.web;
+
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.ServletRequestBindingException;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.ffii.core.exception.NotFoundException;
+import com.ffii.core.response.IdRes;
+import com.ffii.core.response.RecordsRes;
+import com.ffii.core.utils.CriteriaArgsBuilder;
+import com.ffii.core.utils.Params;
+import com.ffii.tsms.modules.user.req.SaveGroupReq;
+import com.ffii.tsms.modules.user.service.GroupService;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.Valid;
+
+@RestController
+@RequestMapping("/group")
+public class GroupController{
+
+    private final Log logger = LogFactory.getLog(getClass());
+    private GroupService groupService;
+	
+    public GroupController(
+		GroupService groupService
+		) {
+		this.groupService = groupService;
+	}
+    
+    @PostMapping("/save")
+	public IdRes saveOrUpdate(@RequestBody @Valid SaveGroupReq req) {
+		return new IdRes(groupService.saveOrUpdate(req).getId());
+	}
+
+	@DeleteMapping("/{id}")
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	public void delete(@PathVariable Long id) {
+		groupService.delete(groupService.find(id).orElseThrow(NotFoundException::new));
+	}
+
+	@GetMapping("/{id}")
+	public Map<String, Object> load(@PathVariable Long id) {
+		return Map.of(
+				Params.DATA, groupService.find(id).orElseThrow(NotFoundException::new),
+				"authIds", groupService.listGroupAuthId(id),
+				"userIds", groupService.listGroupUserId(id));
+	}
+
+	@GetMapping("/combo")
+	public RecordsRes<Map<String, Object>> comboJson(HttpServletRequest request) throws ServletRequestBindingException {
+		return new RecordsRes<>(groupService.searchForCombo(
+				CriteriaArgsBuilder.withRequest(request)
+						.addInteger(Params.ID)
+						.addStringLike(Params.QUERY)
+						.build()));
+	}
+
+	@GetMapping
+	public RecordsRes<Map<String, Object>> listJson(HttpServletRequest request) throws ServletRequestBindingException {
+		return new RecordsRes<>(groupService.search(
+				CriteriaArgsBuilder.withRequest(request)
+						.addInteger(Params.ID)
+						.addStringLike(Params.NAME)
+						.addInteger("userId")
+						.build()));
+	}
+
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/web/TestController.java b/src/main/java/com/ffii/tsms/modules/user/web/TestController.java
new file mode 100644
index 0000000..dd8a382
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/web/TestController.java
@@ -0,0 +1,21 @@
+package com.ffii.tsms.modules.user.web;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class TestController {
+
+    private final Log logger = LogFactory.getLog(getClass());
+    
+    @GetMapping("/test")
+    @Secured("ROLE_USER")
+    public ResponseEntity<?> test() throws Exception {
+        logger.info("hihihihihii");
+        return ResponseEntity.ok("hihi");
+    }
+}
diff --git a/src/main/java/com/ffii/tsms/modules/user/web/UserController.java b/src/main/java/com/ffii/tsms/modules/user/web/UserController.java
new file mode 100644
index 0000000..8ab3cdf
--- /dev/null
+++ b/src/main/java/com/ffii/tsms/modules/user/web/UserController.java
@@ -0,0 +1,193 @@
+package com.ffii.tsms.modules.user.web;
+
+import java.io.UnsupportedEncodingException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.ffii.core.exception.BadRequestException;
+import com.ffii.core.exception.NotFoundException;
+import com.ffii.core.exception.UnprocessableEntityException;
+import com.ffii.core.response.IdRes;
+import com.ffii.core.utils.PasswordUtils;
+import com.ffii.tsms.modules.common.ErrorCodes;
+import com.ffii.tsms.modules.common.PasswordRule;
+import com.ffii.tsms.modules.common.SecurityUtils;
+import com.ffii.tsms.modules.settings.service.SettingsService;
+import com.ffii.tsms.modules.user.entity.User;
+import com.ffii.tsms.modules.user.req.NewPublicUserReq;
+import com.ffii.tsms.modules.user.req.NewUserReq;
+import com.ffii.tsms.modules.user.req.SearchUserReq;
+import com.ffii.tsms.modules.user.req.UpdateUserReq;
+import com.ffii.tsms.modules.user.service.UserService;
+import com.ffii.tsms.modules.user.service.res.LoadUserRes;
+
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
+
+@RestController
+@RequestMapping("/user")
+public class UserController{
+
+    private final Log logger = LogFactory.getLog(getClass());
+    private UserService userService;
+	private PasswordEncoder passwordEncoder;
+	private SettingsService settingsService;
+	
+    public UserController(
+		UserService userService,
+		PasswordEncoder passwordEncoder,
+		SettingsService settingsService) {
+		this.userService = userService;
+		this.passwordEncoder = passwordEncoder;
+		this.settingsService = settingsService;
+	}
+    
+    // @Operation(summary = "list user", responses = { @ApiResponse(responseCode = "200"),
+	// 		@ApiResponse(responseCode = "404", content = @Content) })
+	@GetMapping
+	@PreAuthorize("hasAuthority('VIEW_USER')")
+	public ResponseEntity<?> list(@ModelAttribute @Valid SearchUserReq req) {
+        logger.info("Test List user");
+        return ResponseEntity.ok(userService.search(req));
+	}
+
+    // @Operation(summary = "load user data", responses = { @ApiResponse(responseCode = "200"),
+	// 		@ApiResponse(responseCode = "404", content = @Content) })
+	@GetMapping("/{id}")
+	@PreAuthorize("hasAuthority('VIEW_USER')")
+	public LoadUserRes load(@PathVariable long id) {
+		LoadUserRes test = new LoadUserRes(
+											userService.find(id).orElseThrow(NotFoundException::new),
+											userService.listUserAuthId(id),
+											userService.listUserGroupId(id));
+											logger.info("Test List user2");
+				logger.info(test);
+		return test;
+	}
+
+	// @Operation(summary = "delete user", responses = { @ApiResponse(responseCode = "204"),
+	// 		@ApiResponse(responseCode = "404", content = @Content) })
+	@DeleteMapping("/{id}")
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	@PreAuthorize("hasAuthority('MAINTAIN_USER')")
+	public void delete(@PathVariable long id) {
+		userService.markDelete(userService.find(id).orElseThrow(NotFoundException::new));
+	}
+
+	// @Operation(summary = "new user")
+	@PostMapping
+	@ResponseStatus(HttpStatus.CREATED)
+	@PreAuthorize("hasAuthority('MAINTAIN_USER')")
+	public IdRes newRecord(@RequestBody @Valid NewUserReq req) throws UnsupportedEncodingException {
+		return new IdRes(userService.newRecord(req).getId());
+	}
+
+	// @Operation(summary = "new user by public user")
+	@PostMapping("/registry")
+	@ResponseStatus(HttpStatus.CREATED)
+	// @PreAuthorize("hasAuthority('MAINTAIN_USER')")
+	public ResponseEntity<?> createPublicUserRecord(@RequestBody NewPublicUserReq req) throws UnsupportedEncodingException {
+		logger.info("Create user request:");
+		return ResponseEntity.ok(new IdRes(userService.newPublicUserRecord(req).getId())) ;
+	}
+
+	// @Operation(summary = "update user", responses = {
+	// 		@ApiResponse(responseCode = "204"),
+	// 		@ApiResponse(responseCode = "400", content = @Content),
+	// 		@ApiResponse(responseCode = "404", content = @Content),
+	// })
+
+	@PutMapping("/{id}")
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	@PreAuthorize("hasAuthority('MAINTAIN_USER')")
+	public void updateRecord(@PathVariable int id, @RequestBody @Valid UpdateUserReq req) {
+		userService.updateRecord(id, req);
+	}
+
+	// @Operation(summary = "current user change password", description = "error: USER_WRONG_NEW_PWD = new password not available", responses = {
+	// 		@ApiResponse(responseCode = "204"),
+	// 		@ApiResponse(responseCode = "400", content = @Content),
+	// 		@ApiResponse(responseCode = "404", content = @Content),
+	// 		@ApiResponse(responseCode = "422", content = @Content(schema = @Schema(implementation = FailureRes.class))),
+	// })
+	@PatchMapping("/change-password")
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	// @PreAuthorize("hasAuthority('MAINTAIN_USER')")
+	public void changePassword(@RequestBody @Valid ChangePwdReq req) {
+		long id = SecurityUtils.getUser().get().getId();
+		User instance = userService.find(id).orElseThrow(NotFoundException::new);
+
+		logger.info("TEST req: "+req.getPassword());
+		logger.info("TEST instance: "+instance.getPassword());
+		if (!passwordEncoder.matches(req.getPassword(), instance.getPassword())) {
+			throw new BadRequestException();
+		}
+
+		PasswordRule rule = new PasswordRule(settingsService);
+		if (!PasswordUtils.checkPwd(req.getNewPassword(), rule)) {
+			throw new UnprocessableEntityException(ErrorCodes.USER_WRONG_NEW_PWD);
+		}
+
+		instance.setPassword(passwordEncoder.encode(req.getNewPassword()));
+		userService.save(instance);
+	}
+
+	// @Operation(summary = "reset password", responses = {
+	// 		@ApiResponse(responseCode = "204"),
+	// 		@ApiResponse(responseCode = "404", content = @Content),
+	// })
+	@PostMapping("/{id}/reset-password")
+	@PreAuthorize("hasAuthority('MAINTAIN_USER')")
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	public ResponseEntity<?> resetPassword(@PathVariable long id) throws UnsupportedEncodingException {
+		String password = userService.resetPassword(id);
+		return ResponseEntity.ok(password);
+	}
+
+	// @Operation(summary = "get password rules")
+	@GetMapping("/password-rule")
+	public PasswordRule passwordRlue() {
+		return new PasswordRule(settingsService);
+	}
+
+	public static class ChangePwdReq {
+		@NotBlank
+		private String password;
+		@NotBlank
+		private String newPassword;
+
+		public String getPassword() {
+			return password;
+		}
+
+		public void setPassword(String password) {
+			this.password = password;
+		}
+
+		public String getNewPassword() {
+			return newPassword;
+		}
+
+		public void setNewPassword(String newPassword) {
+			this.newPassword = newPassword;
+		}
+
+	}
+
+}
diff --git a/src/main/resources/application-db-2fi.yml b/src/main/resources/application-db-2fi.yml
new file mode 100644
index 0000000..661776e
--- /dev/null
+++ b/src/main/resources/application-db-2fi.yml
@@ -0,0 +1,5 @@
+spring:
+  datasource:
+    jdbc-url: jdbc:mysql://192.168.1.81:3306/arsdb?useUnicode=true&characterEncoding=UTF8&serverTimezone=GMT%2B8
+    username: root
+    password: secret
\ No newline at end of file
diff --git a/src/main/resources/application-db-local.yml b/src/main/resources/application-db-local.yml
new file mode 100644
index 0000000..0e698ad
--- /dev/null
+++ b/src/main/resources/application-db-local.yml
@@ -0,0 +1,5 @@
+spring:
+  datasource:
+    jdbc-url: jdbc:mysql://127.0.0.1:3306/tsmsdb?useUnicode=true&characterEncoding=UTF8&serverTimezone=GMT%2B8
+    username: root
+    password: secret
\ No newline at end of file
diff --git a/src/main/resources/application-ldap-local.yml b/src/main/resources/application-ldap-local.yml
new file mode 100644
index 0000000..6974913
--- /dev/null
+++ b/src/main/resources/application-ldap-local.yml
@@ -0,0 +1,9 @@
+spring:
+  ldap:
+    embedded:
+      port: 8389
+      base-dn: dc=springframework,dc=org
+      ldif: classpath:ldap-test-users.ldif
+      validation:
+        enabled: false
+    urls: ldap://localhost:8389
\ No newline at end of file
diff --git a/src/main/resources/application-prod-linux.yml b/src/main/resources/application-prod-linux.yml
new file mode 100644
index 0000000..41ac797
--- /dev/null
+++ b/src/main/resources/application-prod-linux.yml
@@ -0,0 +1,2 @@
+logging:
+    config: 'classpath:log4j2-prod-linux.yml'
\ No newline at end of file
diff --git a/src/main/resources/application-prod-win.yml b/src/main/resources/application-prod-win.yml
new file mode 100644
index 0000000..b7b358c
--- /dev/null
+++ b/src/main/resources/application-prod-win.yml
@@ -0,0 +1,2 @@
+logging:
+    config: 'classpath:log4j2-prod-win.yml'
\ No newline at end of file
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
new file mode 100644
index 0000000..8fd5034
--- /dev/null
+++ b/src/main/resources/application.yml
@@ -0,0 +1,28 @@
+server:
+    servlet:
+        contextPath: /api                
+        encoding:
+            charset: UTF-8
+            enabled: true
+            force: true
+    port: 8090
+    error:
+        include-message: always
+
+spring:
+    servlet:
+        multipart:
+            max-file-size: 500MB
+            max-request-size: 600MB
+    jpa:
+        hibernate:
+            naming:
+                physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+        database-platform: org.hibernate.dialect.MySQL8Dialect
+        properties:
+            hibernate:
+                dialect:
+                    storage_engine: innodb
+
+logging:
+    config: 'classpath:log4j2.yml'
\ No newline at end of file
diff --git a/src/main/resources/db/changelog/changes/20230720_01_alex/01_base.sql b/src/main/resources/db/changelog/changes/20230720_01_alex/01_base.sql
new file mode 100644
index 0000000..263c542
--- /dev/null
+++ b/src/main/resources/db/changelog/changes/20230720_01_alex/01_base.sql
@@ -0,0 +1,77 @@
+--liquibase formatted sql
+
+--changeset alex:user
+--comment: core table
+CREATE TABLE `user` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `createdBy` varchar(30) DEFAULT NULL,
+  `version` int NOT NULL DEFAULT '0',
+  `modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `modifiedBy` varchar(30) DEFAULT NULL,
+  `deleted` tinyint(1) NOT NULL DEFAULT '0',
+  `username` varchar(30) NOT NULL,
+  `password` varchar(60) DEFAULT NULL,
+  `locked` tinyint(1) NOT NULL DEFAULT '0',
+  `expiryDate` date DEFAULT NULL,
+  `name` varchar(50) NOT NULL,
+  `locale` varchar(5) DEFAULT NULL,
+  `fullname` varchar(90) DEFAULT NULL,
+  `firstname` varchar(45) DEFAULT NULL,
+  `lastname` varchar(30) DEFAULT NULL,
+  `title` varchar(60) DEFAULT NULL,
+  `department` varchar(60) DEFAULT NULL,
+  `email` varchar(120) DEFAULT NULL,
+  `phone1` varchar(30) DEFAULT NULL,
+  `phone2` varchar(30) DEFAULT NULL,
+  `remarks` varchar(600) DEFAULT NULL,
+  `lotusNotesUser` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `username` (`username`)
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+INSERT INTO `user`(`name`,`username`, `password`)VALUES ('2fi','2fi','$2a$10$65S7/AhKn8MldlYmvFN5JOfr1yaULwFNDIhTskLTuUCKgbbs8sFAi');
+INSERT INTO `user`(`name`,`username`, `password`,`lotusNotesUser`)VALUES ('user1','user1',null,1);
+
+CREATE TABLE `authority` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `authority` varchar(255) NOT NULL,
+  `name` varchar(100) NOT NULL,
+  `module` varchar(50) DEFAULT NULL,
+  `description` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `authority` (`authority`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+INSERT INTO `authority` VALUES (1,'MAINTAIN_USER','Maintain User',NULL,NULL),(2,'MAINTAIN_GROUP','Maintain group',NULL,NULL),(3,'VIEW_USER','view user',NULL,NULL),(4,'VIEW_GROUP','view group',NULL,NULL);
+CREATE TABLE `user_authority` (
+  `userId` int NOT NULL,
+  `authId` int NOT NULL,
+  PRIMARY KEY (`userId`,`authId`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+INSERT INTO `user_authority` VALUES (1,3);
+
+--changeset alex:group
+--comment: group table
+CREATE TABLE `group` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `createdBy` varchar(30) DEFAULT NULL,
+  `version` int NOT NULL DEFAULT '0',
+  `modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `modifiedBy` varchar(30) DEFAULT NULL,
+  `deleted` tinyint(1) NOT NULL DEFAULT '0',
+  `name` varchar(50) NOT NULL,
+  `description` varchar(255) CHARACTER SET utf8mb3 COLLATE utf8mb3_bin DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `name` (`name`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+CREATE TABLE `user_group` (
+  `groupId` int NOT NULL,
+  `userId` int NOT NULL,
+  PRIMARY KEY (`groupId`,`userId`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+CREATE TABLE `group_authority` (
+  `groupId` int NOT NULL,
+  `authId` int NOT NULL,
+  PRIMARY KEY (`groupId`,`authId`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
diff --git a/src/main/resources/db/changelog/changes/20230720_01_alex/02_settings.sql b/src/main/resources/db/changelog/changes/20230720_01_alex/02_settings.sql
new file mode 100644
index 0000000..7ce6b27
--- /dev/null
+++ b/src/main/resources/db/changelog/changes/20230720_01_alex/02_settings.sql
@@ -0,0 +1,13 @@
+--liquibase formatted sql
+
+--changeset alex:settings
+--comment: settings table
+CREATE TABLE `settings` (
+	`id` INT PRIMARY KEY AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `value` varchar(1000) NOT NULL,
+  `category` varchar(50),
+  `type` varchar(10),
+
+  INDEX `name_idx` (`name`)
+);
\ No newline at end of file
diff --git a/src/main/resources/db/changelog/changes/20230720_01_alex/03_settings_data.sql b/src/main/resources/db/changelog/changes/20230720_01_alex/03_settings_data.sql
new file mode 100644
index 0000000..b0565f7
--- /dev/null
+++ b/src/main/resources/db/changelog/changes/20230720_01_alex/03_settings_data.sql
@@ -0,0 +1,10 @@
+--liquibase formatted sql
+
+--changeset alex:settings_data
+INSERT INTO `settings` (`name`, `value`,`type`) VALUES
+  ('SYS.password.rule.length.max', '20', 'integer'),
+  ('SYS.password.rule.length.min', '8', 'integer'),
+  ('SYS.password.rule.lower.eng', 'true', 'boolean'),
+  ('SYS.password.rule.number', 'true', 'boolean'),
+  ('SYS.password.rule.special', 'true', 'boolean'),
+  ('SYS.password.rule.upper.eng', 'true', 'boolean');
\ No newline at end of file
diff --git a/src/main/resources/db/changelog/changes/20230720_01_alex/04_update_user_authority.sql b/src/main/resources/db/changelog/changes/20230720_01_alex/04_update_user_authority.sql
new file mode 100644
index 0000000..6336b37
--- /dev/null
+++ b/src/main/resources/db/changelog/changes/20230720_01_alex/04_update_user_authority.sql
@@ -0,0 +1,5 @@
+--liquibase formatted sql
+
+--changeset alex:update_user_authority
+INSERT INTO `tsmsdb`.`user_authority` (`userId`, `authId`) VALUES ('1', '1');
+INSERT INTO `tsmsdb`.`user_authority` (`userId`, `authId`) VALUES ('1', '2');
\ No newline at end of file
diff --git a/src/main/resources/db/changelog/changes/20230725_01_alex/01_audit_log.sql b/src/main/resources/db/changelog/changes/20230725_01_alex/01_audit_log.sql
new file mode 100644
index 0000000..8aa0ef6
--- /dev/null
+++ b/src/main/resources/db/changelog/changes/20230725_01_alex/01_audit_log.sql
@@ -0,0 +1,13 @@
+--liquibase formatted sql
+
+--changeset alex:audit_log
+--comment: audit log
+CREATE TABLE `audit_log` (
+  `tableName` varchar(30) NOT NULL,
+  `recordId` int(11) NOT NULL,
+  `modifiedBy` int(11) DEFAULT NULL,
+  `modified` datetime DEFAULT NULL,
+  `oldData` json DEFAULT NULL,
+  `newData` json DEFAULT NULL,
+  KEY `idx_tableName_recordId` (`tableName`,`recordId`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
\ No newline at end of file
diff --git a/src/main/resources/db/changelog/changes/20230725_01_alex/02_user_login_log.sql b/src/main/resources/db/changelog/changes/20230725_01_alex/02_user_login_log.sql
new file mode 100644
index 0000000..c611b38
--- /dev/null
+++ b/src/main/resources/db/changelog/changes/20230725_01_alex/02_user_login_log.sql
@@ -0,0 +1,11 @@
+--liquibase formatted sql
+
+--changeset alex:user_login_log
+--comment: user login log
+CREATE TABLE `user_login_log` (
+  `username` varchar(32) NOT NULL,
+  `loginTime` datetime NOT NULL,
+  `ipAddr` varchar(45) NOT NULL,
+  `success` tinyint(1) NOT NULL,
+  PRIMARY KEY (`username`,`loginTime`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
\ No newline at end of file
diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml
new file mode 100644
index 0000000..b5832ba
--- /dev/null
+++ b/src/main/resources/db/changelog/db.changelog-master.yaml
@@ -0,0 +1,3 @@
+databaseChangeLog:
+  - includeAll:
+      path: classpath:/db/changelog/changes
\ No newline at end of file
diff --git a/src/main/resources/ldap-test-users.ldif b/src/main/resources/ldap-test-users.ldif
new file mode 100644
index 0000000..f368cda
--- /dev/null
+++ b/src/main/resources/ldap-test-users.ldif
@@ -0,0 +1,14 @@
+dn: dc=springframework,dc=org
+objectClass: top
+objectClass: domain
+dc: springframework
+
+dn: uid=user1,dc=springframework,dc=org
+objectClass: top
+cn: user1
+userPassword: userPass1
+
+dn: uid=user2,dc=springframework,dc=org
+objectClass: top
+cn: user2
+userPassword: userPass2
\ No newline at end of file
diff --git a/src/main/resources/log4j2-prod-linux.yml b/src/main/resources/log4j2-prod-linux.yml
new file mode 100644
index 0000000..1859476
--- /dev/null
+++ b/src/main/resources/log4j2-prod-linux.yml
@@ -0,0 +1,23 @@
+Configutation:
+  name: Prod-Default
+  Properties:
+    Property:
+      name: log_location
+      value: /usr/springboot/logs/
+  Appenders:
+    RollingFile:
+      name: RollingFile_Appender
+      fileName: ${log_location}tsms-all.log
+      filePattern: ${log_location}tsms-all.log.%i.gz
+      PatternLayout:
+        Pattern: "%d %p [%l] - %m%n"
+      Policies:
+        SizeBasedTriggeringPolicy:
+          size: 4096KB
+      DefaultRollOverStrategy:
+          max: 99
+  Loggers:
+    Root:
+      level: info
+      AppenderRef:
+        - ref: RollingFile_Appender
\ No newline at end of file
diff --git a/src/main/resources/log4j2-prod-win.yml b/src/main/resources/log4j2-prod-win.yml
new file mode 100644
index 0000000..8e770f5
--- /dev/null
+++ b/src/main/resources/log4j2-prod-win.yml
@@ -0,0 +1,23 @@
+Configutation:
+  name: Prod-Default
+  Properties:
+    Property:
+      name: log_location
+      value: C:/workspace/
+  Appenders:
+    RollingFile:
+      name: RollingFile_Appender
+      fileName: ${log_location}tsms-all.log
+      filePattern: ${log_location}tsms-all.log.%i.gz
+      PatternLayout:
+        Pattern: "%d %p [%l] - %m%n"
+      Policies:
+        SizeBasedTriggeringPolicy:
+          size: 4096KB
+      DefaultRollOverStrategy:
+          max: 99
+  Loggers:
+    Root:
+      level: info
+      AppenderRef:
+        - ref: RollingFile_Appender
\ No newline at end of file
diff --git a/src/main/resources/log4j2.yml b/src/main/resources/log4j2.yml
new file mode 100644
index 0000000..1d9a0cd
--- /dev/null
+++ b/src/main/resources/log4j2.yml
@@ -0,0 +1,17 @@
+Configutation:
+  name: Default
+  Properties:
+    Property:
+      name: log_pattern
+      value: "%d{yyyy-MM-dd HH:mm:ss.SSS} %5p ${hostName} --- [%15.15t] %-40.40c{1.} : %m%n%ex"
+  Appenders:
+    Console:
+      name: Console_Appender
+      target: SYSTEM_OUT
+      PatternLayout:
+        pattern: ${log_pattern}
+  Loggers:
+    Root:
+      level: info
+      AppenderRef:
+        - ref: Console_Appender
\ No newline at end of file
diff --git a/src/test/java/com/ffii/tsms/ArsApplicationTests.java b/src/test/java/com/ffii/tsms/ArsApplicationTests.java
new file mode 100644
index 0000000..01e63dd
--- /dev/null
+++ b/src/test/java/com/ffii/tsms/ArsApplicationTests.java
@@ -0,0 +1,13 @@
+package com.ffii.tsms;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class TsmsApplicationTests {
+
+	@Test
+	void contextLoads() {
+	}
+
+}