hydroxide-push/cmd/hydroxide/hydroxide.go

package main

import (
	"bufio"
	"flag"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	imapmove "github.com/emersion/go-imap-move"
	imapspacialuse "github.com/emersion/go-imap-specialuse"
	imapserver "github.com/emersion/go-imap/server"
	"github.com/emersion/go-smtp"
	"github.com/howeyc/gopass"
	"golang.org/x/crypto/openpgp"
	"golang.org/x/crypto/openpgp/armor"

	"github.com/emersion/hydroxide/auth"
	"github.com/emersion/hydroxide/carddav"
	"github.com/emersion/hydroxide/events"
	imapbackend "github.com/emersion/hydroxide/imap"
	"github.com/emersion/hydroxide/protonmail"
	smtpbackend "github.com/emersion/hydroxide/smtp"
)

func newClient() *protonmail.Client {
	return &protonmail.Client{
		RootURL:      "https://dev.protonmail.com/api",
		AppVersion:   "Web_3.15.34",
		ClientID:     "Web",
		ClientSecret: "4957cc9a2e0a2a49d02475c9d013478d",
	}
}

func main() {
	flag.Parse()

	cmd := flag.Arg(0)
	switch cmd {
	case "auth":
		username := flag.Arg(1)
		if username == "" {
			log.Fatal("usage: hydroxide auth <username>")
		}

		c := newClient()

		var a *protonmail.Auth
		/*if cachedAuth, ok := auths[username]; ok {
			var err error
			a, err = c.AuthRefresh(a)
			if err != nil {
				// TODO: handle expired token error
				log.Fatal(err)
			}
		}*/

		var loginPassword string
		if a == nil {
			fmt.Printf("Password: ")
			if pass, err := gopass.GetPasswd(); err != nil {
				log.Fatal(err)
			} else {
				loginPassword = string(pass)
			}

			authInfo, err := c.AuthInfo(username)
			if err != nil {
				log.Fatal(err)
			}

			var twoFactorCode string
			if authInfo.TwoFactor == 1 {
				scanner := bufio.NewScanner(os.Stdin)
				fmt.Printf("2FA code: ")
				scanner.Scan()
				twoFactorCode = scanner.Text()
			}

			a, err = c.Auth(username, loginPassword, twoFactorCode, authInfo)
			if err != nil {
				log.Fatal(err)
			}
		}

		var mailboxPassword string
		if a.PasswordMode == protonmail.PasswordSingle {
			mailboxPassword = loginPassword
		}
		if mailboxPassword == "" {
			if a.PasswordMode == protonmail.PasswordTwo {
				fmt.Printf("Mailbox password: ")
			} else {
				fmt.Printf("Password: ")
			}
			if pass, err := gopass.GetPasswd(); err != nil {
				log.Fatal(err)
			} else {
				mailboxPassword = string(pass)
			}
		}

		_, err := c.Unlock(a, mailboxPassword)
		if err != nil {
			log.Fatal(err)
		}

		secretKey, bridgePassword, err := auth.GeneratePassword()
		if err != nil {
			log.Fatal(err)
		}

		err = auth.EncryptAndSave(&auth.CachedAuth{
			*a,
			loginPassword,
			mailboxPassword,
		}, username, secretKey)
		if err != nil {
			log.Fatal(err)
		}

		fmt.Println("Bridge password:", bridgePassword)
	case "status":
		usernames, err := auth.ListUsernames()
		if err != nil {
			log.Fatal(err)
		}

		if len(usernames) == 0 {
			fmt.Printf("No logged in user.\n")
		} else {
			fmt.Printf("%v logged in user(s):\n", len(usernames))
			for _, u := range usernames {
				fmt.Printf("- %v\n", u)
			}
		}
	case "export-secret-keys":
		username := flag.Arg(1)
		if username == "" {
			log.Fatal("usage: hydroxide export-secret-keys <username>")
		}

		var bridgePassword string
		fmt.Printf("Bridge password: ")
		if pass, err := gopass.GetPasswd(); err != nil {
			log.Fatal(err)
		} else {
			bridgePassword = string(pass)
		}

		_, privateKeys, err := auth.NewManager(newClient).Auth(username, bridgePassword)
		if err != nil {
			log.Fatal(err)
		}

		wc, err := armor.Encode(os.Stdout, openpgp.PrivateKeyType, nil)
		if err != nil {
			log.Fatal(err)
		}

		for _, key := range privateKeys {
			if err := key.SerializePrivate(wc, nil); err != nil {
				log.Fatal(err)
			}
		}

		if err := wc.Close(); err != nil {
			log.Fatal(err)
		}
	case "smtp":
		port := os.Getenv("PORT")
		if port == "" {
			port = "1025"
		}

		sessions := auth.NewManager(newClient)

		be := smtpbackend.New(sessions)
		s := smtp.NewServer(be)
		s.Addr = "127.0.0.1:" + port
		s.Domain = "localhost"     // TODO: make this configurable
		s.AllowInsecureAuth = true // TODO: remove this
		//s.Debug = os.Stdout

		log.Println("SMTP server listening on", s.Addr)
		log.Fatal(s.ListenAndServe())
	case "imap":
		port := os.Getenv("PORT")
		if port == "" {
			port = "1143"
		}

		sessions := auth.NewManager(newClient)
		eventsManager := events.NewManager()

		be := imapbackend.New(sessions, eventsManager)
		s := imapserver.New(be)
		s.Addr = "127.0.0.1:" + port
		s.AllowInsecureAuth = true // TODO: remove this
		//s.Debug = os.Stdout
		s.Enable(imapspacialuse.NewExtension())
		s.Enable(imapmove.NewExtension())

		log.Println("IMAP server listening on", s.Addr)
		log.Fatal(s.ListenAndServe())
	case "carddav":
		port := os.Getenv("PORT")
		if port == "" {
			port = "8080"
		}

		sessions := auth.NewManager(newClient)
		eventsManager := events.NewManager()
		handlers := make(map[string]http.Handler)

		s := &http.Server{
			Addr: "127.0.0.1:" + port,
			Handler: http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
				resp.Header().Set("WWW-Authenticate", "Basic")

				username, password, ok := req.BasicAuth()
				if !ok {
					resp.WriteHeader(http.StatusUnauthorized)
					io.WriteString(resp, "Credentials are required")
					return
				}

				c, privateKeys, err := sessions.Auth(username, password)
				if err != nil {
					if err == auth.ErrUnauthorized {
						resp.WriteHeader(http.StatusUnauthorized)
					} else {
						resp.WriteHeader(http.StatusInternalServerError)
					}
					io.WriteString(resp, err.Error())
					return
				}

				h, ok := handlers[username]
				if !ok {
					ch := make(chan *protonmail.Event)
					eventsManager.Register(c, username, ch, nil)
					h = carddav.NewHandler(c, privateKeys, ch)

					handlers[username] = h
				}

				h.ServeHTTP(resp, req)
			}),
		}

		log.Println("CardDAV server listening on", s.Addr)
		log.Fatal(s.ListenAndServe())
	default:
		log.Println("usage: hydroxide smtp")
		log.Println("usage: hydroxide imap")
		log.Println("usage: hydroxide carddav")
		log.Println("usage: hydroxide auth <username>")
		log.Println("usage: hydroxide export-secret-keys <username>")
		log.Println("usage: hydroxide status")
		if cmd != "help" {
			log.Fatal("Unrecognized command")
		}
	}
}
Add authentication support 2017-08-22 01:04:16 +03:00			`package main`

			`import (`
			`"bufio"`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`"flag"`
Add authentication support 2017-08-22 01:04:16 +03:00			`"fmt"`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`"io"`
Add authentication support 2017-08-22 01:04:16 +03:00			`"log"`
Add PoC CardDAV server 2017-09-03 21:11:01 +03:00			`"net/http"`
Add authentication support 2017-08-22 01:04:16 +03:00			`"os"`

imap: enable MOVE extension 2018-01-12 21:01:08 +02:00			`imapmove "github.com/emersion/go-imap-move"`
imap: implement basic User.ListMailboxes and User.GetMailbox 2017-12-03 17:05:24 +02:00			`imapspacialuse "github.com/emersion/go-imap-specialuse"`
go fmt 2018-10-21 13:15:20 +03:00			`imapserver "github.com/emersion/go-imap/server"`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00			`"github.com/emersion/go-smtp"`
cmd/hydroxide: hide password when typing Fixes #7 2017-12-03 13:51:12 +02:00			`"github.com/howeyc/gopass"`
cmd: add export-secret-keys 2019-04-23 00:03:20 +03:00			`"golang.org/x/crypto/openpgp"`
			`"golang.org/x/crypto/openpgp/armor"`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`"github.com/emersion/hydroxide/auth"`
Add PoC CardDAV server 2017-09-03 21:11:01 +03:00			`"github.com/emersion/hydroxide/carddav"`
events: add event manager 2018-01-11 19:17:11 +02:00			`"github.com/emersion/hydroxide/events"`
Spin up imap server skeleton 2017-12-03 15:58:24 +02:00			`imapbackend "github.com/emersion/hydroxide/imap"`
go fmt 2018-10-21 13:15:20 +03:00			`"github.com/emersion/hydroxide/protonmail"`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00			`smtpbackend "github.com/emersion/hydroxide/smtp"`
Add authentication support 2017-08-22 01:04:16 +03:00			`)`

Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`func newClient() *protonmail.Client {`
			`return &protonmail.Client{`
go fmt 2017-08-22 11:16:20 +03:00			`RootURL: "https://dev.protonmail.com/api",`
cmd/hydroxide: bump AppVersion 2019-05-12 21:50:02 +03:00			`AppVersion: "Web_3.15.34",`
go fmt 2017-08-22 11:16:20 +03:00			`ClientID: "Web",`
Add authentication support 2017-08-22 01:04:16 +03:00			`ClientSecret: "4957cc9a2e0a2a49d02475c9d013478d",`
			`}`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`}`
Add authentication support 2017-08-22 01:04:16 +03:00
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`func main() {`
			`flag.Parse()`

cmd: improve usage string 2019-04-23 00:06:49 +03:00			`cmd := flag.Arg(0)`
			`switch cmd {`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`case "auth":`
			`username := flag.Arg(1)`
cmd: add export-secret-keys 2019-04-23 00:03:20 +03:00			`if username == "" {`
			`log.Fatal("usage: hydroxide auth <username>")`
			`}`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00
			`c := newClient()`

auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`var a *protonmail.Auth`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`/*if cachedAuth, ok := auths[username]; ok {`
			`var err error`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`a, err = c.AuthRefresh(a)`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`if err != nil {`
			`// TODO: handle expired token error`
			`log.Fatal(err)`
			`}`
			`}*/`

			`var loginPassword string`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`if a == nil {`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`fmt.Printf("Password: ")`
cmd/hydroxide: hide password when typing Fixes #7 2017-12-03 13:51:12 +02:00			`if pass, err := gopass.GetPasswd(); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`loginPassword = string(pass)`
			`}`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00
			`authInfo, err := c.AuthInfo(username)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`var twoFactorCode string`
			`if authInfo.TwoFactor == 1 {`
cmd/hydroxide: hide password when typing Fixes #7 2017-12-03 13:51:12 +02:00			`scanner := bufio.NewScanner(os.Stdin)`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`fmt.Printf("2FA code: ")`
			`scanner.Scan()`
			`twoFactorCode = scanner.Text()`
			`}`

auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`a, err = c.Auth(username, loginPassword, twoFactorCode, authInfo)`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
Fix Client.AuthRefresh 2017-08-22 13:07:31 +03:00			`}`
Add Client.AuthRefresh 2017-08-22 11:51:48 +03:00
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`var mailboxPassword string`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`if a.PasswordMode == protonmail.PasswordSingle {`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`mailboxPassword = loginPassword`
			`}`
			`if mailboxPassword == "" {`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`if a.PasswordMode == protonmail.PasswordTwo {`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`fmt.Printf("Mailbox password: ")`
			`} else {`
			`fmt.Printf("Password: ")`
			`}`
cmd/hydroxide: hide password when typing Fixes #7 2017-12-03 13:51:12 +02:00			`if pass, err := gopass.GetPasswd(); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`mailboxPassword = string(pass)`
			`}`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`}`
Add authentication support 2017-08-22 01:04:16 +03:00
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`_, err := c.Unlock(a, mailboxPassword)`
Fix Client.AuthRefresh 2017-08-22 13:07:31 +03:00			`if err != nil {`
			`log.Fatal(err)`
			`}`

auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`secretKey, bridgePassword, err := auth.GeneratePassword()`
			`if err != nil {`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`log.Fatal(err)`
Fix Client.AuthRefresh 2017-08-22 13:07:31 +03:00			`}`

auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`err = auth.EncryptAndSave(&auth.CachedAuth{`
			`*a,`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`loginPassword,`
			`mailboxPassword,`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}, username, secretKey)`
Fix Client.AuthRefresh 2017-08-22 13:07:31 +03:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
Add Auth, add computeKeyPassword 2017-08-22 10:41:47 +03:00
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`fmt.Println("Bridge password:", bridgePassword)`
Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`case "status":`
			`usernames, err := auth.ListUsernames()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`if len(usernames) == 0 {`
			`fmt.Printf("No logged in user.\n")`
			`} else {`
			`fmt.Printf("%v logged in user(s):\n", len(usernames))`
			`for _, u := range usernames {`
			`fmt.Printf("- %v\n", u)`
			`}`
			`}`
cmd: add export-secret-keys 2019-04-23 00:03:20 +03:00			`case "export-secret-keys":`
			`username := flag.Arg(1)`
			`if username == "" {`
			`log.Fatal("usage: hydroxide export-secret-keys <username>")`
			`}`

			`var bridgePassword string`
			`fmt.Printf("Bridge password: ")`
			`if pass, err := gopass.GetPasswd(); err != nil {`
			`log.Fatal(err)`
			`} else {`
			`bridgePassword = string(pass)`
			`}`

			`_, privateKeys, err := auth.NewManager(newClient).Auth(username, bridgePassword)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`wc, err := armor.Encode(os.Stdout, openpgp.PrivateKeyType, nil)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`for _, key := range privateKeys {`
			`if err := key.SerializePrivate(wc, nil); err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

			`if err := wc.Close(); err != nil {`
			`log.Fatal(err)`
			`}`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00			`case "smtp":`
			`port := os.Getenv("PORT")`
			`if port == "" {`
Spin up imap server skeleton 2017-12-03 15:58:24 +02:00			`port = "1025"`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00			`}`

			`sessions := auth.NewManager(newClient)`

			`be := smtpbackend.New(sessions)`
			`s := smtp.NewServer(be)`
smtp: upload attachments 2017-12-03 12:55:59 +02:00			`s.Addr = "127.0.0.1:" + port`
			`s.Domain = "localhost" // TODO: make this configurable`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00			`s.AllowInsecureAuth = true // TODO: remove this`
smtp: fix sending message to plaintext and encrypted recipients 2017-12-12 14:46:22 +02:00			`//s.Debug = os.Stdout`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00
cmd/hdyroxide: less confusing messages when starting servers In theory it's a lie to say servers are listening, but it's less confusing. 2019-06-09 19:28:15 +03:00			`log.Println("SMTP server listening on", s.Addr)`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00			`log.Fatal(s.ListenAndServe())`
Spin up imap server skeleton 2017-12-03 15:58:24 +02:00			`case "imap":`
			`port := os.Getenv("PORT")`
			`if port == "" {`
			`port = "1143"`
			`}`

			`sessions := auth.NewManager(newClient)`
imap: listen for events 2018-01-12 14:20:17 +02:00			`eventsManager := events.NewManager()`
Spin up imap server skeleton 2017-12-03 15:58:24 +02:00
imap: listen for events 2018-01-12 14:20:17 +02:00			`be := imapbackend.New(sessions, eventsManager)`
Spin up imap server skeleton 2017-12-03 15:58:24 +02:00			`s := imapserver.New(be)`
			`s.Addr = "127.0.0.1:" + port`
			`s.AllowInsecureAuth = true // TODO: remove this`
imap: add commented server debug 2017-12-12 14:50:37 +02:00			`//s.Debug = os.Stdout`
imap: implement basic User.ListMailboxes and User.GetMailbox 2017-12-03 17:05:24 +02:00			`s.Enable(imapspacialuse.NewExtension())`
imap: enable MOVE extension 2018-01-12 21:01:08 +02:00			`s.Enable(imapmove.NewExtension())`
Spin up imap server skeleton 2017-12-03 15:58:24 +02:00
cmd/hdyroxide: less confusing messages when starting servers In theory it's a lie to say servers are listening, but it's less confusing. 2019-06-09 19:28:15 +03:00			`log.Println("IMAP server listening on", s.Addr)`
Spin up imap server skeleton 2017-12-03 15:58:24 +02:00			`log.Fatal(s.ListenAndServe())`
Sending plaintext messages works 2017-12-02 17:23:06 +02:00			`case "carddav":`
Add support for PORT env variable 2017-09-09 17:13:26 +03:00			`port := os.Getenv("PORT")`
			`if port == "" {`
			`port = "8080"`
			`}`

auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`sessions := auth.NewManager(newClient)`
imap: listen for events 2018-01-12 14:20:17 +02:00			`eventsManager := events.NewManager()`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`handlers := make(map[string]http.Handler)`
Add Client.AuthRefresh 2017-08-22 11:51:48 +03:00
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`s := &http.Server{`
go fmt 2017-09-13 12:43:12 +03:00			`Addr: "127.0.0.1:" + port,`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`Handler: http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {`
			`resp.Header().Set("WWW-Authenticate", "Basic")`
Add Client.AuthRefresh 2017-08-22 11:51:48 +03:00
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`username, password, ok := req.BasicAuth()`
			`if !ok {`
			`resp.WriteHeader(http.StatusUnauthorized)`
cmd/hydroxide: print errors 2017-09-10 13:49:01 +03:00			`io.WriteString(resp, "Credentials are required")`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`return`
			`}`
Add PoC CardDAV server 2017-09-03 21:11:01 +03:00
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`c, privateKeys, err := sessions.Auth(username, password)`
			`if err != nil {`
			`if err == auth.ErrUnauthorized {`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`resp.WriteHeader(http.StatusUnauthorized)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`} else {`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`resp.WriteHeader(http.StatusInternalServerError)`
			`}`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`io.WriteString(resp, err.Error())`
			`return`
			`}`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`h, ok := handlers[username]`
			`if !ok {`
events: add event manager 2018-01-11 19:17:11 +02:00			`ch := make(chan *protonmail.Event)`
imap: listen for events 2018-01-12 14:20:17 +02:00			`eventsManager.Register(c, username, ch, nil)`
events: add event manager 2018-01-11 19:17:11 +02:00			`h = carddav.NewHandler(c, privateKeys, ch)`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`handlers[username] = h`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`}`

			`h.ServeHTTP(resp, req)`
			`}),`
			`}`

cmd/hdyroxide: less confusing messages when starting servers In theory it's a lie to say servers are listening, but it's less confusing. 2019-06-09 19:28:15 +03:00			`log.Println("CardDAV server listening on", s.Addr)`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`log.Fatal(s.ListenAndServe())`
			`default:`
cmd: improve usage string 2019-04-23 00:06:49 +03:00			`log.Println("usage: hydroxide smtp")`
cmd/hdyroxide: less confusing messages when starting servers In theory it's a lie to say servers are listening, but it's less confusing. 2019-06-09 19:28:15 +03:00			`log.Println("usage: hydroxide imap")`
			`log.Println("usage: hydroxide carddav")`
cmd: improve usage string 2019-04-23 00:06:49 +03:00			`log.Println("usage: hydroxide auth <username>")`
			`log.Println("usage: hydroxide export-secret-keys <username>")`
			`log.Println("usage: hydroxide status")`
			`if cmd != "help" {`
			`log.Fatal("Unrecognized command")`
			`}`
Add authentication, fixes #2 2017-09-09 16:37:03 +03:00			`}`
Add authentication support 2017-08-22 01:04:16 +03:00			`}`