添加文档

Dev

.gitignore

@@ -2,6 +2,7 @@
 .idea/
 anylink-deploy
 anylink-deploy.tar.gz
+anylink-deploy-*
 anylink
 anylink.db
 

README.md

@@ -26,7 +26,7 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
 AnyLink 使用 TLS/DTLS 进行数据加密，因此需要 RSA 或 ECC 证书，可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
 
 AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过，如需要安装在其他系统，需要服务端支持 tun/tap
-功能、ip 设置命令。
+功能、ip 设置命令、iptables命令。
 
 ## Screenshot
 
@@ -74,18 +74,22 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
 
 ### 自行编译安装
 
-> 需要提前安装好 golang >= 1.20 和 nodejs = 16.x 和 yarn >= v1.22.x
+> 需要提前安装好 docker
 
 ```shell
 git clone https://github.com/bjdgyc/anylink.git
 
-# 编译参考软件版本
+# docker编译 参考软件版本(不需要安装)
 # go 1.20.12
 # node v16.20.2
 # yarn 1.22.19
 
 
 cd anylink
+
+# 编译前端
+bash build_web.sh
+# 编译 anylink-deploy 发布文件
 bash build.sh
 
 # 注意使用root权限运行
@@ -432,6 +436,7 @@ ipv4_end = "10.1.2.200"
 - [三方文档-男孩的天职](https://note.youdao.com/s/X4AxyWfL)
 - [三方文档-issues](https://github.com/bjdgyc/anylink/issues)
 - [三方文档-思有云](https://www.ioiox.com/archives/128.html)
+- [三方文档-啵品](https://yangpin.link/archives/1633.html)
 
 ## Support Client
 

build.sh

@@ -7,15 +7,22 @@ ver=$(cat version)
 echo $ver
 
 #前端编译 仅需要执行一次
-bash ./build_web.sh
+#bash ./build_web.sh
 
-cd $cpath/server
+bash build_docker.sh
 
-go build -v -o anylink
+deploy="anylink-deploy-$ver"
-
+docker container rm $deploy
-./anylink -v
+docker container create --name $deploy bjdgyc/anylink:$ver
+rm -rf anylink-deploy anylink-deploy.tar.gz
+docker cp -a $deploy:/app ./anylink-deploy
+tar zcf ${deploy}.tar.gz anylink-deploy
 
 
-echo "anylink 编译完成，目录: $cpath/server/anylink"
+./anylink-deploy/anylink -v
+
+
+echo "anylink 编译完成，目录: anylink-deploy"
+ls -lh anylink-deploy
 
 

build_docker.sh

@@ -11,8 +11,9 @@ echo $ver
 #bash ./build_web.sh
 
 # docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 本地不生成镜像
-docker build -t bjdgyc/anylink:latest --no-cache --progress=plain --platform linux/amd64 \
+docker build -t bjdgyc/anylink:latest --no-cache --progress=plain \
-  --build-arg CN="yes" --build-arg appVer=$ver --build-arg commitId=$(git rev-parse HEAD) -f docker/Dockerfile .
+  --build-arg CN="yes" --build-arg appVer=$ver --build-arg commitId=$(git rev-parse HEAD) \
+  -f docker/Dockerfile .
 
 echo "docker tag latest $ver"
 docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver

build_web.sh

@@ -1,7 +1,9 @@
 #!/bin/bash
 
+rm -rf web/ui server/ui
+
 docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \
   sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build"
 
-rm -rf server/ui
+
 cp -r web/ui server/ui

doc/question.md

@@ -10,6 +10,10 @@
 
 > 请使用手机安装 freeotp ，然后扫描otp二维码，生成的数字即是动态码
 
+### 用户策略问题
+
+> 只要有用户策略，组策略就不生效，相当于覆盖了组策略的配置
+
 ### 远程桌面连接
 
 > 本软件已经支持远程桌面里面连接anyconnect。

index_template/自定义首页2.html

@@ -0,0 +1,165 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+
+<head>
+    <meta charset=UTF-8">
+    <title id="pageTitle">客户端下载</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <style type="text/css">
+        body {
+            background-color: #fff;
+            background-image: linear-gradient(0deg, transparent 24%, rgba(207, 207, 207, 0.2) 25%, rgba(207, 207, 207, 0.2) 26%, transparent 27%, transparent 74%, rgba(207, 207, 207, 0.2) 75%, rgba(207, 207, 207, 0.2) 76%, transparent 77%, transparent),
+            linear-gradient(90deg, transparent 24%, rgba(207, 207, 207, 0.2) 25%, rgba(207, 207, 207, 0.2) 26%, transparent 27%, transparent 74%, rgba(207, 207, 207, 0.2) 75%, rgba(207, 207, 207, 0.2) 76%, transparent 77%, transparent);
+            background-size: 50px 50px;
+            margin: 0;
+            padding: 0;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            height: 100vh;
+        }
+
+        #box {
+            background-color: #ffffff;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+            position: relative;
+            padding: 20px;
+            border-radius: 8px;
+            max-width: 550px;
+            width: 100%;
+            box-sizing: border-box;
+        }
+
+        h2 {
+            color: #333;
+            font-weight: 600;
+            font-size: 28px;
+            margin: 0 0 20px 0;
+        }
+
+        p {
+            color: #666;
+            font-size: 16px;
+            line-height: 1.6;
+            margin-top: 20px;
+        }
+
+        .button {
+            background-color: #ddd;
+            text-decoration: none;
+            line-height: 44px;
+            padding: 9px 42px;
+            font-weight: 500;
+            color: #fff;
+            font-size: 16px;
+            -webkit-transition: background-color 0.25s ease-out 0s;
+            -moz-transition: background-color 0.25s ease-out 0s;
+            transition: background-color 0.25s ease-out 0s;
+            -moz-border-radius: 4px;
+            -webkit-border-radius: 4px;
+            border-radius: 4px;
+        }
+
+        .button:hover {
+            background-color: #CCC;
+            color: #444;
+        }
+
+        .button:active {
+            background-color: #666;
+            color: #eee;
+        }
+
+        .blue {
+            background-color: #007BFF;
+        }
+
+        .deep-blue {
+            background-color: #0056B3;
+        }
+
+        .green {
+            background-color: #28A745;
+        }
+
+        .grey {
+            background-color: #6C757D;
+        }
+
+        .black {
+            background-color: #343A40;
+        }
+
+        .light-blue {
+            background-color: #17A2B8;
+        }
+
+        .dark-grey {
+            background-color: #495057;
+        }
+
+        @media (max-width: 768px) {
+            h2 {
+                font-size: 24px;
+            }
+
+            p {
+                font-size: 14px;
+            }
+
+            .button {
+                padding: 7px 35px;
+            }
+        }
+    </style>
+</head>
+
+<body>
+<div id="app">
+    <div id="box">
+        <h2 id="title">请选择对应平台下载</h2>
+        <p id="windowsTab">Windows 系统</p>
+        <a id="linkWindowsX86_64" class="button blue" href="#">Win X86_64</a>
+        <a id="linkWindowsARM64" class="button deep-blue" href="#">Win ARM64</a>
+
+        <p id="mobileTab">移动端</p>
+        <a id="linkAndroid" class="button green" href="#">Android</a>
+        <a id="linkIphone" class="button grey" href="#" target="_blank">iPhone</a>
+
+        <p id="macOSTab">MacOS 系统</p>
+        <a id="linkMacos" class="button black" href="#">Mac Intel</a>
+        <a id="linkMacosARM64" class="button blue" href="#">Mac ARM64</a>
+
+        <p id="totpTab">TOTP 移动客户端</p>
+        <a id="linkTotpAndroid" class="button light-blue" href="#">Android</a>
+        <a id="linkTotpIphone" class="button dark-grey" href="#" target="_blank">iPhone</a>
+    </div>
+</div>
+<script>
+    const data = {
+        links: {
+            windowsX86_64: '/files/anyconnect-win-4.10.05111.msi',
+            windowsARM64: '/files/anyconnect-win-4.10.05111.msi',
+            android: '/files/CiscoSecureClientAnyConnect_v5.0.00247.apk',
+            iphone: 'https://apps.apple.com/cn/app/cisco-anyconnect/id1135064690',
+            macosIntel: '/files/anyconnect-macos-4.10.05111.dmg',
+            macosARM64: '/files/anyconnect-macos-4.10.05111.dmg',
+            totpAndroid: '/files/Authenticator_v5.10_apkpure.com.apk',
+            totpIphone: 'https://apps.apple.com/cn/app/google-authenticator/id388497605',
+        }
+    };
+
+    window.onload = function () {
+        document.getElementById('linkWindowsX86_64').href = data.links.windowsX86_64;
+        document.getElementById('linkWindowsARM64').href = data.links.windowsARM64;
+        document.getElementById('linkAndroid').href = data.links.android;
+        document.getElementById('linkIphone').href = data.links.iphone;
+        document.getElementById('linkMacos').href = data.links.macosIntel;
+        document.getElementById('linkMacosARM64').href = data.links.macosARM64;
+        document.getElementById('linkTotpAndroid').href = data.links.totpAndroid;
+        document.getElementById('linkTotpIphone').href = data.links.totpIphone;
+    };
+</script>
+</body>
+
+</html>

server/admin/api_user.go

@@ -17,6 +17,7 @@ import (
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/sessdata"
 	"github.com/skip2/go-qrcode"
+	mail "github.com/xhit/go-simple-mail/v2"
 )
 
 func UserList(w http.ResponseWriter, r *http.Request) {
@@ -272,5 +273,13 @@ func userAccountMail(user *dbdata.User) error {
 		return err
 	}
 	// fmt.Println(w.String())
-	return SendMail(base.Cfg.Issuer+"平台通知", user.Email, w.String())
+	imgData, _ := userOtpQr(user.Id, false)
+	attach := &mail.File{
+		MimeType: "image/png",
+		Name:     "userOtpQr.png",
+		Data:     []byte(imgData),
+		Inline:   true,
+	}
+
+	return SendMail(base.Cfg.Issuer, user.Email, w.String(), attach)
 }

server/admin/common.go

@@ -43,7 +43,7 @@ func GetJwtData(jwtToken string) (map[string]interface{}, error) {
 	return claims, nil
 }
 
-func SendMail(subject, to, htmlBody string) error {
+func SendMail(subject, to, htmlBody string, attach *mail.File) error {
 
 	dataSmtp := &dbdata.SettingSmtp{}
 	err := dbdata.SettingGet(dataSmtp)
@@ -102,6 +102,10 @@ func SendMail(subject, to, htmlBody string) error {
 		AddTo(to).
 		SetSubject(subject)
 
+	if attach != nil {
+		email.Attach(attach)
+	}
+
 	email.SetBody(mail.TextHTML, htmlBody)
 
 	// Call Send and pass the client

server/base/config.go

@@ -55,9 +55,9 @@ var configs = []config{
 	{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
 	{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
 	{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 3},
-	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10},
+	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 20},
 	{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 4},
-	{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15},
+	{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 60},
 	{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
 	{Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接，0关闭此功能", ValInt: 0},
 	{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连，0永不过期", ValInt: 3600},

server/conf/server-sample.toml

@@ -12,9 +12,15 @@ cert_key = "./conf/vpn_cert.key"
 files_path = "./conf/files"
 profile = "./conf/profile.xml"
 #profile name(用于区分不同服务端的配置)
-#客户端存放位置 C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile
+#客户端存放位置
+#Windows 10
+#%ProgramData%Cisco\Cisco AnyConnect Secure Mobility Client\Profile
+#Mac Os X
+#/opt/cisco/anyconnect/profile
+#Linux
+#/opt/cisco/anyconnect/profile
 profile_name = "anylink"
-#日志目录,为空写入标准输出
+#日志目录,默认为空写入标准输出
 #log_path = "./log"
 log_path = ""
 log_level = "debug"
@@ -66,9 +72,9 @@ default_group = "one"
 
 #客户端失效检测时间(秒) dpd > keepalive
 cstp_keepalive = 3
-cstp_dpd = 10
+cstp_dpd = 20
 mobile_keepalive = 4
-mobile_dpd = 15
+mobile_dpd = 60
 
 # 根据实际情况修改
 #cstp_keepalive = 20

server/conf/server.toml

@@ -10,6 +10,9 @@ db_source = "./conf/anylink.db"
 cert_file = "./conf/vpn_cert.pem"
 cert_key = "./conf/vpn_cert.key"
 files_path = "./conf/files"
+
+#日志目录,默认为空写入标准输出
+#log_path = "./log"
 log_level = "debug"
 
 #系统名称

server/dbdata/db.go

@@ -1,6 +1,7 @@
 package dbdata
 
 import (
+	"net/http"
 	"time"
 
 	"github.com/bjdgyc/anylink/base"
@@ -121,6 +122,7 @@ func addInitData() error {
 	other := &SettingOther{
 		LinkAddr:    "vpn.xx.com",
 		Banner:      "您已接入公司网络，请按照公司规定使用。\n请勿进行非工作下载及视频行为！",
+		Homecode:    http.StatusOK,
 		Homeindex:   "AnyLink 是一个企业级远程办公 sslvpn 的软件，可以支持多人同时在线使用。",
 		AccountMail: accountMail,
 	}
@@ -181,10 +183,15 @@ const accountMail = `<p>您好:</p>
     用户PIN码: <b>{{.PinCode}}</b> <br/>
     <!-- 
     用户动态码(3天后失效):<br/>
-    <img src="{{.OtpImg}}"/>
+    <img src="{{.OtpImg}}"/><br/>
+
+    用户动态码(请妥善保存):<br/>
+    <img src="{{.OtpImgBase64}}"/><br/>
+
+    下面是兼容 gmail 的写法
     -->
     用户动态码(请妥善保存):<br/>
-    <img src="{{.OtpImgBase64}}"/>
+    <img src="cid:userOtpQr.png" alt="userOtpQr" /><br/>
 </p>
 <div>
     使用说明:

server/dbdata/setting.go

@@ -29,6 +29,7 @@ type SettingAuditLog struct {
 type SettingOther struct {
 	LinkAddr    string `json:"link_addr"`
 	Banner      string `json:"banner"`
+	Homecode    int    `json:"homecode"`
 	Homeindex   string `json:"homeindex"`
 	AccountMail string `json:"account_mail"`
 }

server/handler/link_home.go

@@ -27,10 +27,16 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
 	if err := dbdata.SettingGet(index); err != nil {
 		return
 	}
+
+	if index.Homecode > 0 {
+		w.WriteHeader(index.Homecode)
+	} else {
 		w.WriteHeader(http.StatusOK)
-	if index.Homeindex == "" {
-		index.Homeindex = "AnyLink 是一个企业级远程办公 SSL VPN 软件，可以支持多人同时在线使用。"
 	}
+
+	// if index.Homeindex == "" {
+	// 	index.Homeindex = "AnyLink 是一个企业级远程办公 SSL VPN 软件，可以支持多人同时在线使用。"
+	// }
 	fmt.Fprintln(w, index.Homeindex)
 }
 

server/handler/link_tun.go

@@ -51,6 +51,9 @@ func checkTun() {
 		// 添加注释
 		natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-m", "comment",
 			"--comment", "AnyLink", "-j", "MASQUERADE"}
+		if base.InContainer {
+			natRule = []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
+		}
 		err = ipt.InsertUnique("nat", "POSTROUTING", 1, natRule...)
 		if err != nil {
 			base.Error(err)
@@ -58,6 +61,9 @@ func checkTun() {
 
 		// 添加注释
 		forwardRule := []string{"-m", "comment", "--comment", "AnyLink", "-j", "ACCEPT"}
+		if base.InContainer {
+			forwardRule = []string{"-j", "ACCEPT"}
+		}
 		err = ipt.InsertUnique("filter", "FORWARD", 1, forwardRule...)
 		if err != nil {
 			base.Error(err)

server/handler/start.go

@@ -17,6 +17,12 @@ func Start() {
 	sessdata.Start()
 	cron.Start()
 
+	// 开启服务器转发
+	err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"})
+	if err != nil {
+		base.Fatal(err)
+	}
+
 	switch base.Cfg.LinkMode {
 	case base.LinkModeTUN:
 		checkTun()

version

@@ -1 +1 @@
-0.11.3
+0.11.4

web/src/pages/group/List.vue

@@ -197,10 +197,14 @@
                 </el-input>
                 </el-form-item>
                 <el-form-item label="排除本地网络" prop="allow_lan">
-                <el-switch
+                <!--  active-text="开启后 用户本地所在网段将不通过anylink加密传输" -->
-                    v-model="ruleForm.allow_lan"
+                <el-switch v-model="ruleForm.allow_lan"></el-switch>
-                    active-text="开启后 用户本地所在网段将不通过anylink加密传输">
+                <div class="msg-info">
-                </el-switch>
+                 注：本地网络 指的是：
+                 运行 anyconnect 客户端的PC 所在的的网络，既本地路由网段。
+                 开启后，PC本地路由网段的数据就不会走隧道链路转发数据了。
+                 同时 anyconnect 客户端需要勾选本地网络(Local Lan)的开关，功能才能生效。
+                 </div>
                 </el-form-item>
 
                 <el-form-item label="客户端DNS" prop="client_dns">
@@ -377,7 +381,7 @@
                 </el-form-item>                
                 <el-form-item label="排除域名" prop="ds_exclude_domains">
                     <el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔，默认匹配所有子域名, 如baidu.com,163.com"></el-input>
-                    <div class="msg-info">注：域名拆分隧道，仅支持AnyConnect的桌面客户端，不支持移动端.</div>
+                    <div class="msg-info">注：域名拆分隧道，仅支持AnyConnect的windows和MacOS桌面客户端，不支持移动端.</div>
                 </el-form-item>
             </el-tab-pane>
             <el-form-item>

web/src/pages/set/Other.vue

@@ -37,7 +37,8 @@
           </el-form-item>
           <el-form-item>
             <el-button type="primary" @click="submitForm('dataSmtp')"
-              >保存</el-button
+            >保存
+            </el-button
             >
             <el-button @click="resetForm('dataSmtp')">重置</el-button>
           </el-form-item>
@@ -97,7 +98,8 @@
           </el-form-item>
           <el-form-item>
             <el-button type="primary" @click="submitForm('dataAuditLog')"
-              >保存</el-button
+            >保存
+            </el-button
             >
             <el-button @click="resetForm('dataAuditLog')">重置</el-button>
           </el-form-item>
@@ -125,7 +127,8 @@
                     :limit="1"
                 >
                   <el-button size="mini" icon="el-icon-plus" slot="trigger"
-                    >证书文件</el-button
+                  >证书文件
+                  </el-button
                   >
                   <el-tooltip
                       class="item"
@@ -145,7 +148,8 @@
                     :limit="1"
                 >
                   <el-button size="mini" icon="el-icon-plus" slot="trigger"
-                    >私钥文件</el-button
+                  >私钥文件
+                  </el-button
                   >
                   <el-tooltip
                       class="item"
@@ -163,7 +167,8 @@
                     icon="el-icon-upload"
                     type="primary"
                     @click="submitForm('customCert')"
-                  >上传</el-button
+                >上传
+                </el-button
                 >
               </el-form-item>
             </el-form>
@@ -214,7 +219,8 @@
               </el-form-item>
               <el-form-item>
                 <el-button type="primary" @click="submitForm('letsCert')"
-                  >申请</el-button
+                >申请
+                </el-button
                 >
                 <el-button @click="resetForm('letsCert')">重置</el-button>
               </el-form-item>
@@ -227,7 +233,7 @@
             :model="dataOther"
             ref="dataOther"
             :rules="rules"
-          label-width="100px"
+            label-width="130px"
             class="tab-one"
         >
           <el-form-item label="vpn对外地址" prop="link_addr">
@@ -245,6 +251,14 @@
             </el-input>
           </el-form-item>
 
+          <el-form-item label="自定义首页状态码" prop="homecode">
+            <el-input-number
+                v-model="dataOther.homecode"
+                :min="0"
+                :max="1000"
+            ></el-input-number>
+          </el-form-item>
+
           <el-form-item label="自定义首页" prop="homeindex">
             <el-input
                 type="textarea"
@@ -253,12 +267,12 @@
                 v-model="dataOther.homeindex"
             >
             </el-input>
-            <el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
+            <el-tooltip content="自定义内容可以参考 index_template 目录下的文件" placement="top">
               <i class="el-icon-question"></i>
             </el-tooltip>
           </el-form-item>
 
-          <el-form-item label="账户开通邮件" prop="account_mail">
+          <el-form-item label="账户开通邮件模板" prop="account_mail">
             <el-input
                 type="textarea"
                 :rows="10"
@@ -279,7 +293,8 @@
 
           <el-form-item>
             <el-button type="primary" @click="submitForm('dataOther')"
-              >保存</el-button
+            >保存
+            </el-button
             >
             <el-button @click="resetForm('dataOther')">重置</el-button>
           </el-form-item>
@@ -324,19 +339,19 @@ export default {
           authToken: "",
         },
       },
-      customCert: { cert: "", key: "" },
+      customCert: {cert: "", key: ""},
       dataOther: {},
       rules: {
-        host: { required: true, message: "请输入服务器地址", trigger: "blur" },
+        host: {required: true, message: "请输入服务器地址", trigger: "blur"},
         port: [
-          { required: true, message: "请输入服务器端口", trigger: "blur" },
+          {required: true, message: "请输入服务器端口", trigger: "blur"},
           {
             type: "number",
             message: "请输入正确的服务器端口",
             trigger: ["blur", "change"],
           },
         ],
-        issuer: { required: true, message: "请输入系统名称", trigger: "blur" },
+        issuer: {required: true, message: "请输入系统名称", trigger: "blur"},
         domain: {
           required: true,
           message: "请输入需要申请证书的域名",
@@ -347,7 +362,7 @@ export default {
           message: "请输入申请证书的邮箱地址",
           trigger: "blur",
         },
-        name: { required: true, message: "请选择域名服务商", trigger: "blur" },
+        name: {required: true, message: "请选择域名服务商", trigger: "blur"},
       },
       certUpload: "/set/other/customcert",
       dnsProvider: {