setup: adjust card width

use a container to kinda fix the max-width. Tried this on admin but it messed too much up to bother (the accounts table specifically doesn't like it).
setup: add note about changed url
2026-01-19 09:07:44 +01:00 · 2025-05-14 21:35:08 +01:00 · 2025-05-14 21:16:52 +01:00 · 2025-05-14 21:15:55 +01:00 · 2025-05-14 21:11:44 +01:00 · 2025-05-14 20:23:16 +01:00
356 changed files with 56243 additions and 10919 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,157 +0,0 @@
---
-name: jfa-go
-kind: pipeline
-type: docker
-
-steps:
-    - name: fetch
-      image: docker:git
-      commands:
-          - git fetch --tags
-    - name: release
-      image: golang:latest
-      environment:
-          BUILDRONE_KEY:
-              from_secret: BUILDRONE_KEY
-          GITHUB_TOKEN:
-              from_secret: github_token
-      commands:
-        - apt-get update -y
-        - apt-get install build-essential python3-pip curl software-properties-common sed upx -y
-        - (curl -sL https://deb.nodesource.com/setup_14.x | bash -)
-        - apt-get install nodejs
-        - curl -sL https://git.io/goreleaser > ../goreleaser
-        - chmod +x ../goreleaser
-        - ./scripts/version.sh ../goreleaser
-        - wget https://builds.hrfee.pw/upload.py -P ../
-        - pip3 install requests
-        - bash -c 'python3 ../upload.py https://builds.hrfee.pw hrfee jfa-go --tag internal=true'
-trigger:
-    event:
-        - tag
---
-name: docker-buildx
-kind: pipeline
-type: docker
-
-steps:
-    - name: build-deploy
-      image: appleboy/drone-ssh
-      volumes:
-          - name: ssh_key
-            path: /root/drone_rsa
-      settings:
-          host:
-              from_secret: ssh2_host
-          username:
-              from_secret: ssh2_username
-          port:
-              from_secret: ssh2_port
-          volumes:
-              - /root/.ssh/docker-build:/root/drone_rsa
-          key_path: /root/drone_rsa
-          command_timeout: 50m
-          script:
-              - /mnt/buildx/jfa-go/build.sh stable
-              - wget https://builds.hrfee.pw/upload.py -O /mnt/buildx/jfa-go/jfa-go/upload.py
-              - pip3 install requests
-              - bash -c 'cd /mnt/buildx/jfa-go/jfa-go && BUILDRONE_KEY=$(cat /mnt/buildx/jfa-go/key) python3 upload.py https://builds.hrfee.pw hrfee jfa-go --tag docker-stable=true'
-              - rm -f /mnt/buildx/jfa-go/jfa-go/upload.py
-trigger:
-    event:
-        - tag
-volumes:
-    - name: ssh_key
-      host:
-          path: /root/.ssh/docker-build
---
-name: jfa-go-git
-kind: pipeline
-type: docker
-
-steps:
-    - name: build
-      image: golang:latest
-      commands:
-        - apt-get update -y
-        - apt-get install build-essential python3-pip curl software-properties-common sed upx -y
-        - (curl -sL https://deb.nodesource.com/setup_14.x | bash -)
-        - apt-get install nodejs
-        - curl -sL https://git.io/goreleaser > goreleaser
-        - chmod +x goreleaser
-        - ./scripts/version.sh ./goreleaser --snapshot --skip-publish --rm-dist
-        - wget https://builds.hrfee.pw/upload.py
-        - pip3 install requests
-        - bash -c 'python3 upload.py https://builds.hrfee.pw hrfee jfa-go --upload ./dist/*.tar.gz --tag internal-git=true'
-      environment:
-          BUILDRONE_KEY:
-              from_secret: BUILDRONE_KEY
-
-trigger:
-    branch:
-        - main
-        - go1.16
-    event:
-        exclude:
-            - pull_request
-
---
-name: docker-buildx-unstable
-kind: pipeline
-type: docker
-
-steps:
-    - name: build-deploy
-      image: appleboy/drone-ssh
-      volumes:
-          - name: ssh_key
-            path: /root/drone_rsa
-      settings:
-          host:
-              from_secret: ssh2_host
-          username:
-              from_secret: ssh2_username
-          port:
-              from_secret: ssh2_port
-          volumes:
-              - /root/.ssh/docker-build:/root/drone_rsa
-          key_path: /root/drone_rsa
-          command_timeout: 50m
-          script:
-              - /mnt/buildx/jfa-go/build.sh
-              - wget https://builds.hrfee.pw/upload.py -O /mnt/buildx/jfa-go/jfa-go/upload.py
-              - pip3 install requests
-              - bash -c 'cd /mnt/buildx/jfa-go/jfa-go && BUILDRONE_KEY=$(cat /mnt/buildx/jfa-go/key) python3 upload.py https://builds.hrfee.pw hrfee jfa-go --tag docker-unstable=true'
-              - rm -f /mnt/buildx/jfa-go/jfa-go/upload.py
-trigger:
-    branch:
-        - main
-    event:
-        exclude:
-            - pull_request
-
-volumes:
-    - name: ssh_key
-      host:
-          path: /root/.ssh/docker-build
---
-name: jfa-go-pr
-kind: pipeline
-type: docker
-
-steps:
-    - name: build
-      image: golang:latest
-      commands:
-        - apt-get update -y
-        - apt-get install build-essential python3-pip curl software-properties-common sed upx -y
-        - (curl -sL https://deb.nodesource.com/setup_14.x | bash -)
-        - apt-get install nodejs
-        - curl -sL https://git.io/goreleaser > goreleaser
-        - chmod +x goreleaser
-        - ./scripts/version.sh ./goreleaser --snapshot --skip-publish --rm-dist
-
-trigger:
-    event:
-        include:
-            - pull_request
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,7 +7,7 @@ assignees: ''

 ---

-#### Read the [FAQ](https://github.com/hrfee/jfa-go/wiki/FAQ) first!
+#### Read the [FAQ](https://wiki.jfa-go.com/docs/faq/) first!

 **Describe the bug**

@@ -19,7 +19,10 @@ What to do to reproduce the problem.

 **Logs**

-When you notice the problem, check the output of `jfa-go`. If the problem is not obvious (e.g a panic (red text) or 'ERROR' log), re-run jfa-go with the `-debug` argument and reproduce the problem. You should then take a screenshot of the output, or paste it here, preferably between \`\`\` tags (e.g \`\`\``Log here`\`\`\`). Remember to censor any personal information.
+**If you're using a build with a tray icon, right-click on it and press "Open logs" to access your logs.**
+
+When you notice the problem, check the output of `jfa-go` or get the logs by pressing the "Logs" button in the Settings tab. If the problem is not obvious (e.g a panic (red text) or 'ERROR' log), re-run jfa-go with the `-debug` argument and reproduce the problem. You should then take a screenshot of the output, or paste it here, preferably between \`\`\` tags (e.g \`\`\``Log here`\`\`\`). Remember to censor any personal information.
+

 If nothing catches your eye in the log, access the admin page via your browser, go into the console (Right click > Inspect Element > Console), refresh, reproduce the problem then paste the output here in the same way as above.

--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,7 @@
 node_modules/
+site/node_modules/
+site/out/
+site/tempts/
 mail/*.html
 dist/
 build/
@@ -15,3 +18,12 @@ server.crt
 instructions-debian.txt
 cl.md
 ./telegram/
+mautrix/
+tempts/
+matacc.txt
+scripts/langmover/lang
+scripts/langmover/lang2
+scripts/langmover/out
+tinyproxy.conf
+static/banner.svg
+start.sh
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+version: 2
 project_name: jfa-go
 release:
    github:
@@ -6,54 +8,182 @@ release:
    name_template: "v{{.Version}}"
 before:
  hooks:
-    - go mod download
-    - rm -rf data/web
-    - mkdir -p data
-    - cp -r static data/web
-    - npm install
-    - npm install esbuild
-    - mkdir -p data/web/css
-    - npx esbuild --bundle css/base.css --outfile=./data/web/css/bundle.css --external:remixicon.css --minify
-    - cp node_modules/remixicon/fonts/remixicon.css node_modules/remixicon/fonts/remixicon.woff2 data/web/css/
-    - cp -r html data/
-    - cp -r lang data/
-    - cp LICENSE data/
-    - python3 scripts/enumerate_config.py -i config/config-base.json -o data/config-base.json
-    - python3 scripts/generate_ini.py -i config/config-base.json -o data/config-default.ini
-    - python3 scripts/compile_mjml.py -o data/
-    - npx esbuild --bundle ts/admin.ts --outfile=./data/web/js/admin.js --minify
-    - npx esbuild --bundle ts/pwr.ts --outfile=./data/web/js/pwr.js --minify
-    - npx esbuild --bundle ts/form.ts --outfile=./data/web/js/form.js --minify
-    - npx esbuild --bundle ts/setup.ts --outfile=./data/web/js/setup.js --minify
-    - go get -u github.com/swaggo/swag/cmd/swag
-    - swag init -g main.go
+    - npm i
+    - make precompile
 builds:
-    - dir: ./
-      env:
-        - CGO_ENABLED=0
+    - id: notray
+      dir: ./
+      flags:
+        - -tags={{ .Env.JFA_GO_TAG }}
      ldflags:
-        - -s -w -X main.version={{.Env.JFA_GO_VERSION}} -X main.commit={{.ShortCommit}} -X main.updater=binary
+        - -X main.version={{.Env.JFA_GO_VERSION}} -X main.commit={{.ShortCommit}} -X main.updater={{.Env.JFA_GO_UPDATER}} {{.Env.JFA_GO_STRIP}} -X main.cssVersion={{.Env.JFA_GO_CSS_VERSION}} -X main.buildTimeUnix={{.Env.JFA_GO_BUILD_TIME}} -X main.builtBy="{{.Env.JFA_GO_BUILT_BY}}"
      goos:
        - linux
-        - windows
        - darwin
+        - windows
      goarch:
-        - amd64
        - arm
        - arm64
+        - amd64
+    - id: notray-e2ee
+      dir: ./
+      env:
+        - CGO_ENABLED=1
+        - CC={{ if eq .Arch "amd64" }}x86_64{{ else if eq .Arch "arm64" }}aarch64{{ else }}{{ .Arch }}{{ end }}-linux-gnu{{ if eq .Arch "arm" }}eabihf{{ end }}-gcc
+        - CXX={{ if eq .Arch "amd64" }}x86_64{{ else if eq .Arch "arm64" }}aarch64{{ else }}{{ .Arch }}{{ end }}-linux-gnu{{ if eq .Arch "arm" }}eabihf{{ end }}-gcc
+        - PKG_CONFIG_PATH=/usr/lib/{{ if eq .Arch "amd64" }}x86_64{{ else if eq .Arch "arm64" }}aarch64{{ else }}{{ .Arch }}{{ end }}-linux-gnu{{ if eq .Arch "arm" }}eabihf{{ end }}/pkgconfig:$PKG_CONFIG_PATH
+        - GOARM={{ if eq .Arch "arm" }}7{{ end }}
+      flags:
+        - -tags=e2ee,{{ .Env.JFA_GO_TAG }}
+      ldflags:
+        - -X main.version={{.Env.JFA_GO_VERSION}} -X main.commit={{.ShortCommit}} -X main.updater={{.Env.JFA_GO_UPDATER}} {{.Env.JFA_GO_STRIP}} -X main.cssVersion={{.Env.JFA_GO_CSS_VERSION}} -X main.buildTimeUnix={{.Env.JFA_GO_BUILD_TIME}} -X main.builtBy="{{.Env.JFA_GO_BUILT_BY}}"
+      goos:
+        - linux
+      goarch:
+        - arm
+        - arm64
+        - amd64
+    - id: windows-tray
+      dir: ./
+      env:
+        - CGO_ENABLED=1
+        - CC=x86_64-w64-mingw32-gcc
+        - CXX=x86_64-w64-mingw32-g++
+      flags:
+        - -tags=tray,{{ .Env.JFA_GO_TAG }}
+      ldflags:
+        - -X main.version={{.Env.JFA_GO_VERSION}} -X main.commit={{.ShortCommit}} -X main.updater={{.Env.JFA_GO_UPDATER}} {{.Env.JFA_GO_STRIP}} -X main.cssVersion={{.Env.JFA_GO_CSS_VERSION}} -X main.buildTimeUnix={{.Env.JFA_GO_BUILD_TIME}} -X main.builtBy="{{.Env.JFA_GO_BUILT_BY}}" -H=windowsgui
+      goos:
+        - windows
+      goarch:
+        - amd64
+    - id: linux-tray
+      dir: ./
+      env:
+        - CGO_ENABLED=1
+        - CC=x86_64-linux-gnu-gcc
+        - CXX=x86_64-linux-gnu-gcc
+        - PKG_CONFIG_PATH=/usr/lib/{{ if eq .Arch "amd64" }}x86_64{{ else if eq .Arch "arm64" }}aarch64{{ else }}{{ .Arch }}{{ end }}-linux-gnu{{ if eq .Arch "arm" }}eabihf{{ end }}/pkgconfig:$PKG_CONFIG_PATH
+      flags:
+        - -tags=tray,e2ee,{{ .Env.JFA_GO_TAG }}
+      ldflags:
+        - -X main.version={{.Env.JFA_GO_VERSION}} -X main.commit={{.ShortCommit}} -X main.updater={{.Env.JFA_GO_UPDATER}} {{.Env.JFA_GO_STRIP}} -X main.cssVersion={{.Env.JFA_GO_CSS_VERSION}} -X main.buildTimeUnix={{.Env.JFA_GO_BUILD_TIME}} -X main.builtBy="{{.Env.JFA_GO_BUILT_BY}}"
+      goos:
+        - linux
+      goarch:
+        - amd64
 archives:
-  - replacements:
-        darwin: macOS
-        linux: Linux
-        windows: Windows
-        amd64: x86_64
+  - id: windows-tray
+    ids:
+        - windows-tray
+    formats: [ "zip" ]
+    name_template: >-
+      {{ .ProjectName }}_{{ .Version }}_TrayIcon_
+      {{- if eq .Os "darwin" }}macOS
+      {{- else }}{{- title .Os }}{{ end }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else }}{{ .Arch }}{{ end }}
+  - id: linux-tray
+    ids:
+        - linux-tray
+    formats: [ "zip" ]
+    name_template: >-
+      {{ .ProjectName }}_{{ .Version }}_TrayIcon_
+      {{- if eq .Os "darwin" }}macOS
+      {{- else }}{{- title .Os }}{{ end }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else }}{{ .Arch }}{{ end }}
+  - id: notray
+    ids:
+        - notray
+    formats: [ "zip" ]
+    name_template: >-
+      {{ .ProjectName }}_{{ .Version }}_
+      {{- if eq .Os "darwin" }}macOS
+      {{- else }}{{- title .Os }}{{ end }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else }}{{ .Arch }}{{ end }}
+  - id: notray-e2ee
+    ids:
+        - notray-e2ee
+    formats: [ "zip" ]
+    name_template: >-
+      {{ .ProjectName }}_{{ .Version }}_MatrixE2EE_
+      {{- if eq .Os "darwin" }}macOS
+      {{- else }}{{- title .Os }}{{ end }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else }}{{ .Arch }}{{ end }}
 checksum:
    name_template: 'checksums.txt'
 snapshot:
-    name_template: "git-{{.ShortCommit}}"
+    version_template: "0.0.0-{{ .Env.JFA_GO_NFPM_EPOCH }}"
 changelog:
    sort: asc
    filters:
        exclude:
            - '^docs:'
            - '^test:'
+nfpms:
+  - id: notray
+    file_name_template: '{{ .ProjectName }}{{ if .IsSnapshot }}-git{{ end }}_{{ .Arch }}_{{ if .IsSnapshot }}{{ .ShortCommit }}{{ else }}v{{ .Version }}{{ end }}'
+    package_name: jfa-go
+    homepage: https://github.com/hrfee/jfa-go
+    description: A web app for managing users on Jellyfin
+    maintainer: Harvey Tindall <hrfee@hrfee.dev>
+    license: MIT
+    vendor: hrfee.dev
+    version_metadata: git
+    ids:
+      - notray-e2ee
+    contents:
+      - src: ./LICENSE
+        dst: /usr/share/licenses/jfa-go
+    formats:
+      - apk
+      - deb
+      - rpm
+    overrides:
+        deb:
+            dependencies:
+                - libolm-dev
+        rpm:
+            dependencies:
+                - libolm 
+        apk:
+            dependencies:
+                - olm
+  - id: tray
+    file_name_template: '{{ .ProjectName }}{{ if .IsSnapshot }}-git{{ end }}_TrayIcon_{{ .Arch }}_{{ if .IsSnapshot }}{{ .ShortCommit }}{{ else }}v{{ .Version }}{{ end }}'
+    package_name: jfa-go-tray
+    homepage: https://github.com/hrfee/jfa-go
+    description: A web app for managing users on Jellyfin
+    maintainer: Harvey Tindall <hrfee@hrfee.dev>
+    license: MIT
+    vendor: hrfee.dev
+    version_metadata: git
+    ids:
+      - linux-tray
+    contents:
+      - src: ./LICENSE
+        dst: /usr/share/licenses/jfa-go
+    formats:
+      - apk
+      - deb
+      - rpm
+    overrides:
+        deb:
+            conflicts:
+                - jfa-go
+            replaces:
+                - jfa-go
+            dependencies:
+                - libayatana-appindicator
+                - libolm-dev
+        rpm:
+            dependencies:
+                - libappindicator-gtk3
+                - libolm 
+        apk:
+            dependencies:
+                - libayatana-appindicator
+                - olm
--- a/.woodpecker/git-binary.yaml
+++ b/.woodpecker/git-binary.yaml
@@ -0,0 +1,51 @@
+when:
+  - event: push
+    branch: main
+  #  - evaluate: 'CI_PIPELINE_EVENT != "PULL_REQUEST" && CI_COMMIT_BRANCH == CI_REPO_DEFAULT_BRANCH'
+
+clone:
+    git:
+        image: woodpeckerci/plugin-git
+        settings:
+            tags: true
+            partial: false
+            depth: 0
+
+steps:
+  - name: build
+    image: docker.io/hrfee/jfa-go-build-docker:latest
+    environment:
+        JFA_GO_SNAPSHOT: y
+        JFA_GO_BUILT_BY:
+            from_secret: BUILT_BY
+    commands:
+      - curl -sfL https://goreleaser.com/static/run > goreleaser
+      - chmod +x goreleaser
+      - ./scripts/version.sh ./goreleaser --snapshot --skip=publish --clean
+  - name: redoc
+    image: docker.io/hrfee/jfa-go-build-docker:latest
+    environment:
+        REDOC_SSH_ID:
+            from_secret: REDOC_SSH_ID
+    commands:
+      - sh -c "echo \"$REDOC_SSH_ID\" > /tmp/id_redoc && chmod 600 /tmp/id_redoc"
+      - bash -c 'sftp -P 3625 -i /tmp/id_redoc -o StrictHostKeyChecking=no redoc@api.jfa-go.com:/home/redoc <<< $"put docs/swagger.json jfa-go.json"'
+  - name: deb-repo
+    image: docker.io/hrfee/jfa-go-build-docker:latest
+    environment:
+        REPO_SSH_ID:
+            from_secret: REPO_SSH_ID
+    commands:
+      - sh -c "echo \"$REPO_SSH_ID\" > /tmp/id_repo && chmod 600 /tmp/id_repo"
+      - bash -c 'sftp -P 2022 -i /tmp/id_repo -o StrictHostKeyChecking=no root@apt.hrfee.dev:/repo/incoming <<< $"put dist/*.deb"'
+      - bash -c 'ssh -i /tmp/id_repo root@apt.hrfee.dev -p 2022 "repo-process-deb trusty-unstable"'
+      - bash -c 'ssh -i /tmp/id_repo root@apt.hrfee.dev -p 2022 "repo-process-deb trusty"'
+      - bash -c 'ssh -i /tmp/id_repo root@apt.hrfee.dev -p 2022 "rm -f /repo/incoming/*.deb"'
+  - name: buildrone
+    image: docker.io/hrfee/jfa-go-build-docker:latest
+    environment:
+        BUILDRONE_KEY:
+            from_secret: BUILDRONE_KEY
+    commands:
+      - wget https://builds.hrfee.pw/upload.py
+      - bash -c 'python3 upload.py https://builds.hrfee.pw hrfee jfa-go --upload ./dist/*.zip ./dist/*.rpm ./dist/*.apk --tag internal-git=true'
--- a/.woodpecker/git-docker.yaml
+++ b/.woodpecker/git-docker.yaml
@@ -0,0 +1,29 @@
+when:
+  - event: push
+    branch: main
+
+steps:
+  - name: build
+    image: docker.io/woodpeckerci/plugin-docker-buildx
+    secrets: [ BUILT_BY ]
+    settings:
+        username:
+            from_secret: DOCKER_USERNAME
+        password:
+            from_secret: DOCKER_TOKEN
+        repo: docker.io/hrfee/jfa-go
+        tags: unstable
+        registry: docker.io
+        platforms: linux/amd64,linux/arm64,linux/arm/v7
+        build_args:
+          - BUILT_BY: $BUILT_BY
+  - name: buildrone
+    image: docker.io/python
+    environment:
+        BUILDRONE_KEY:
+            from_secret: BUILDRONE_KEY
+    commands:
+      - wget https://builds.hrfee.pw/upload.py
+      - pip install requests
+      - python upload.py https://builds.hrfee.pw hrfee jfa-go --tag docker-unstable=true
+
--- a/.woodpecker/stable-binary.yaml
+++ b/.woodpecker/stable-binary.yaml
@@ -0,0 +1,41 @@
+when:
+  - event: tag
+    branch: main
+
+clone:
+    git:
+        image: woodpeckerci/plugin-git
+        settings:
+            tags: true
+            partial: false
+            depth: 0
+
+steps:
+  - name: build
+    image: docker.io/hrfee/jfa-go-build-docker:latest
+    environment:
+        JFA_GO_BUILT_BY:
+            from_secret: BUILT_BY
+    commands:
+      - curl -sfL https://goreleaser.com/static/run > ../goreleaser
+      - chmod +x ../goreleaser
+      - ./scripts/version.sh ../goreleaser
+  - name: deb-repo
+    image: docker.io/hrfee/jfa-go-build-docker:latest
+    environment:
+        REPO_SSH_ID:
+            from_secret: REPO_SSH_ID
+    commands:
+      - sh -c "echo \"$REPO_SSH_ID\" > /tmp/id_repo && chmod 600 /tmp/id_repo"
+      - bash -c 'sftp -P 2022 -i /tmp/id_repo -o StrictHostKeyChecking=no root@apt.hrfee.dev:/repo/incoming <<< $"put dist/*.deb"'
+      - bash -c 'ssh -i /tmp/id_repo root@apt.hrfee.dev -p 2022 "repo-process-deb trusty"'
+      - bash -c 'ssh -i /tmp/id_repo root@apt.hrfee.dev -p 2022 "repo-process-deb trusty-unstable"'
+      - bash -c 'ssh -i /tmp/id_repo root@apt.hrfee.dev -p 2022 "rm -f /repo/incoming/*.deb"'
+  - name: buildrone
+    image: docker.io/hrfee/jfa-go-build-docker:latest
+    environment:
+        BUILDRONE_KEY:
+            from_secret: BUILDRONE_KEY
+    commands:
+      - wget https://builds.hrfee.pw/upload.py
+      - bash -c 'python3 upload.py https://builds.hrfee.pw hrfee jfa-go --tag internal=true'
--- a/.woodpecker/stable-docker.yaml
+++ b/.woodpecker/stable-docker.yaml
@@ -0,0 +1,29 @@
+when:
+  - event: tag
+    branch: main
+
+steps:
+  - name: build
+    image: docker.io/woodpeckerci/plugin-docker-buildx
+    secrets: [ BUILT_BY ]
+    settings:
+        username:
+            from_secret: DOCKER_USERNAME
+        password:
+            from_secret: DOCKER_TOKEN
+        repo: docker.io/hrfee/jfa-go
+        tags: latest
+        registry: docker.io
+        platforms: linux/amd64,linux/arm64,linux/arm/v7
+        build_args:
+          - BUILT_BY: $BUILT_BY
+  - name: buildrone
+    image: docker.io/python
+    environment:
+        BUILDRONE_KEY:
+            from_secret: BUILDRONE_KEY
+    commands:
+      - wget https://builds.hrfee.pw/upload.py
+      - pip install requests
+      - python upload.py https://builds.hrfee.pw hrfee jfa-go --tag docker-stable=true
+
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,15 +1,7 @@
-#### Code
-I use 4 spaces for indentation. Go should ideally be formatted with `goimports` and/or `gofmt`. I don't use a formatter on typescript, so don't worry about that.
+---
+title: "Building/Contributing for developers"
+date: 2021-07-25T00:33:36+01:00
+draft: false
+---

-#### Compiling
-
-Prefix each of these with `make DEBUG=on INTERNAL=off `:
-* `all` will download deps and build everything. The executable and data will be placed in `build`. This is only necessary the first time.
-* `compile` will only compile go code into the `build/jfa-go` executable.
-* `typescript` will compile typescript w/ sourcemaps into `build/data/web/js`.
-* `bundle-css` will bundle CSS and place it in `build/data/web/css`.
-* `configuration` will generate the `config-base.json` (used to render settings in the web ui) and `config-default.ini` and put them in `build/data`.
-* `email` will compile email mjml, and copy the text versions in to `build/data`.
-* `copy` will copy iconography, html, language files and static data into `build/data`.
-
-See the [wiki](https://github.com/hrfee/jfa-go/wiki/Build) for more info.
+[See the wiki page](https://wiki.jfa-go.com/docs/dev/).
--- a/32
+++ b/32
@@ -1,30 +1,26 @@
-FROM --platform=$BUILDPLATFORM golang:latest AS support
+# Use this instead if hrfee/jfa-go-build-docker doesn't support your architecture
+# FROM --platform=$BUILDPLATFORM golang:latest AS support
+FROM --platform=$BUILDPLATFORM docker.io/hrfee/jfa-go-build-docker:latest AS support
+# FROM --platform=$BUILDPLATFORM jfa-go-bd AS support
+ARG BUILT_BY
+ENV JFA_GO_BUILT_BY=$BUILT_BY

 COPY . /opt/build

-RUN apt-get update -y \
-    && apt-get install build-essential python3-pip curl software-properties-common sed -y \
-    && (curl -sL https://deb.nodesource.com/setup_14.x | bash -) \
-    && apt-get install nodejs \
-    && (cd /opt/build; make configuration npm email typescript bundle-css swagger copy INTERNAL=off GOESBUILD=on) \
-    && sed -i 's#id="password_resets-watch_directory" placeholder="/config/jellyfin"#id="password_resets-watch_directory" value="/jf" disabled#g' /opt/build/build/data/html/setup.html
+# RUN curl -sfL https://goreleaser.com/static/run > /goreleaser && chmod +x /goreleaser
+RUN cd /opt/build; INTERNAL=off UPDATER=docker ./scripts/version.sh /goreleaser build --snapshot --skip=validate --clean --id notray-e2ee
+RUN mv /opt/build/dist/*_linux_arm_6 /opt/build/dist/placeholder_linux_arm
+RUN sed -i 's#id="password_resets-watch_directory" placeholder="/config/jellyfin"#id="password_resets-watch_directory" value="/jf" disabled#g' /opt/build/build/data/html/setup.html

-
-FROM --platform=$BUILDPLATFORM golang:latest AS build
+FROM golang:bookworm AS final
 ARG TARGETARCH
-ENV GOARCH=$TARGETARCH

-COPY --from=support /opt/build /opt/build
+COPY --from=support /opt/build/dist/*_linux_${TARGETARCH}* /opt/jfa-go
+COPY --from=support /opt/build/build/data /opt/jfa-go/data

-RUN (cd /opt/build; make compile INTERNAL=off UPDATER=docker)
-
-FROM golang:latest
-
-COPY --from=build /opt/build/build /opt/jfa-go
+RUN apt-get update -y && apt-get install libolm-dev -y

 EXPOSE 8056
 EXPOSE 8057

 CMD [ "/opt/jfa-go/jfa-go", "-data", "/data" ]
-
-
--- a/5
+++ b/5
@@ -1,6 +1,8 @@
+---jfa-go---
+
 MIT License

-Copyright (c) 2021 Harvey Tindall
+Copyright (c) 2023 Harvey Tindall

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -19,3 +21,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+
--- a/233
+++ b/233
@@ -1,3 +1,6 @@
+.PHONY: configuration email typescript swagger copy compile compress inline-css variants-html install clean npm config-description config-default precompile
+.DEFAULT_GOAL := all
+
 GOESBUILD ?= off
 ifeq ($(GOESBUILD), on)
 	ESBUILD := esbuild
@@ -6,96 +9,197 @@ else
 endif
 GOBINARY ?= go

+CSSVERSION ?= v3
+CSS_BUNDLE = $(DATA)/web/css/$(CSSVERSION)bundle.css
+
 VERSION ?= $(shell git describe --exact-match HEAD 2> /dev/null || echo vgit)
 VERSION := $(shell echo $(VERSION) | sed 's/v//g')
 COMMIT ?= $(shell git rev-parse --short HEAD || echo unknown)
+BUILDTIME ?= $(shell date +%s)

 UPDATER ?= off
-LDFLAGS := -X main.version=$(VERSION) -X main.commit=$(COMMIT)
+LDFLAGS := -X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.cssVersion=$(CSSVERSION) -X main.buildTimeUnix=$(BUILDTIME) $(if $(BUILTBY),-X 'main.builtBy=$(BUILTBY)',)
 ifeq ($(UPDATER), on)
 	LDFLAGS := $(LDFLAGS) -X main.updater=binary
 else ifneq ($(UPDATER), off)
 	LDFLAGS := $(LDFLAGS) -X main.updater=$(UPDATER)
 endif

+
+
 INTERNAL ?= on
+TRAY ?= off
+E2EE ?= on
+TAGS := -tags "
+
 ifeq ($(INTERNAL), on)
-	TAGS :=
 	DATA := data
+	COMPDEPS := $(BUILDDEPS)
 else
 	DATA := build/data
-	TAGS := -tags external
+	TAGS := $(TAGS) external
+	COMPDEPS :=
+endif
+
+ifeq ($(TRAY), on)
+	TAGS := $(TAGS) tray
+endif
+
+ifeq ($(E2EE), on)
+	TAGS := $(TAGS) e2ee
+endif
+
+TAGS := $(TAGS)"
+
+OS := $(shell go env GOOS)
+ifeq ($(TRAY)$(OS), onwindows)
+	LDFLAGS := $(LDFLAGS) -H=windowsgui
 endif

 DEBUG ?= off
 ifeq ($(DEBUG), on)
-	LDFLAGS := -s -w $(LDFLAGS)
 	SOURCEMAP := --sourcemap
-	TYPECHECK := tsc -noEmit --project ts/tsconfig.json
+	MINIFY := 
+	TYPECHECK := npx tsc -noEmit --project ts/tsconfig.json
 	# jank
-	COPYTS := rm -r $(DATA)/web/js/ts; cp -r ts $(DATA)/web/js
+	COPYTS := rm -r $(DATA)/web/js/ts; cp -r tempts $(DATA)/web/js/ts
+	UNCSS := cp $(CSS_BUNDLE) $(DATA)/bundle.css
+	# TAILWIND := --content ""
 else
+	LDFLAGS := -s -w $(LDFLAGS)
 	SOURCEMAP :=
+	MINIFY := --minify
 	COPYTS :=
 	TYPECHECK :=
+	UNCSS := npx tailwindcss -i $(CSS_BUNDLE) -o $(DATA)/bundle.css --content "html/crash.html"
+	# UNCSS := npx uncss $(DATA)/crash.html --csspath web/css --output $(DATA)/bundle.css
+	TAILWIND :=
 endif

-npm:
-	$(info installing npm dependencies)
-	npm install
-	@if [ "$(GOESBUILD)" = "off" ]; then\
-		npm install esbuild;\
-	else\
-		go get -u github.com/evanw/esbuild/cmd/esbuild;\
-	fi
+RACE ?= off
+ifeq ($(RACE), on)
+	RACEDETECTOR := -race
+else
+	RACEDETECTOR :=
+endif

-configuration:
-	$(info Fixing config-base)
-	-mkdir -p $(DATA)
-	python3 scripts/enumerate_config.py -i config/config-base.json -o $(DATA)/config-base.json
+ifeq (, $(shell which esbuild))
+	ESBUILDINSTALL := go install github.com/evanw/esbuild/cmd/esbuild@latest
+else
+	ESBUILDINSTALL :=
+endif
+
+ifeq ($(GOESBUILD), on)
+	NPMIGNOREOPTIONAL := --no-optional
+	NPMOPTS := $(NPMIGNOREOPTIONAL); $(ESBUILDINSTALL)
+else
+	NPMOPTS :=
+endif
+
+ifeq (, $(shell which swag))
+	SWAGINSTALL := $(GOBINARY) install github.com/swaggo/swag/cmd/swag@latest
+else
+	SWAGINSTALL :=
+endif
+
+CONFIG_BASE = config/config-base.yaml
+
+# CONFIG_DESCRIPTION = $(DATA)/config-base.json
+CONFIG_DEFAULT = $(DATA)/config-default.ini
+# $(CONFIG_DESCRIPTION) &: $(CONFIG_BASE)
+# 	$(info Fixing config-base)
+# 	-mkdir -p $(DATA)
+
+$(DATA):
+	mkdir -p $(DATA)/web/js
+	mkdir -p $(DATA)/web/css
+
+$(CONFIG_DEFAULT): $(CONFIG_BASE)
 	$(info Generating config-default.ini)
-	python3 scripts/generate_ini.py -i config/config-base.json -o $(DATA)/config-default.ini
+	go run scripts/ini/main.go -in $(CONFIG_BASE) -out $(DATA)/config-default.ini

-email:
+configuration: $(CONFIG_DEFAULT)
+
+EMAIL_SRC = $(wildcard mail/*)
+EMAIL_TARGET = $(DATA)/confirmation.html
+$(EMAIL_TARGET): $(EMAIL_SRC)
 	$(info Generating email html)
-	python3 scripts/compile_mjml.py -o $(DATA)/
+	npx mjml mail/*.mjml -o $(DATA)/
+	$(info Copying plaintext mail)
+	cp mail/*.txt $(DATA)/

-typescript:
+TYPESCRIPT_FULLSRC = $(shell find ts/ -type f -name "*.ts")
+TYPESCRIPT_SRC = $(wildcard ts/*.ts)
+TYPESCRIPT_TEMPSRC = $(TYPESCRIPT_SRC:ts/%=tempts/%)
+# TYPESCRIPT_TARGET = $(patsubst %.ts,%.js,$(subst tempts/,./$(DATA)/web/js/,$(TYPESCRIPT_TEMPSRC)))
+TYPESCRIPT_TARGET = $(DATA)/web/js/admin.js
+$(TYPESCRIPT_TARGET): $(TYPESCRIPT_FULLSRC) ts/tsconfig.json
 	$(TYPECHECK)
+	rm -rf tempts
+	cp -r ts tempts
+	$(adding dark variants to typescript)
+	scripts/dark-variant.sh tempts
+	scripts/dark-variant.sh tempts/modules
 	$(info compiling typescript)
-	-mkdir -p $(DATA)/web/js
-	-$(ESBUILD) --bundle ts/admin.ts $(SOURCEMAP) --outfile=./$(DATA)/web/js/admin.js --minify
-	-$(ESBUILD) --bundle ts/pwr.ts $(SOURCEMAP) --outfile=./$(DATA)/web/js/pwr.js --minify
-	-$(ESBUILD) --bundle ts/form.ts $(SOURCEMAP) --outfile=./$(DATA)/web/js/form.js --minify
-	-$(ESBUILD) --bundle ts/setup.ts $(SOURCEMAP) --outfile=./$(DATA)/web/js/setup.js --minify
+	$(foreach tempsrc,$(TYPESCRIPT_TEMPSRC),$(ESBUILD) --target=es6 --bundle $(tempsrc) $(SOURCEMAP) --outfile=$(patsubst %.ts,%.js,$(subst tempts/,./$(DATA)/web/js/,$(tempsrc))) $(MINIFY);)
 	$(COPYTS)

-swagger:
-	$(GOBINARY) get github.com/swaggo/swag/cmd/swag
+SWAGGER_SRC = $(wildcard api*.go) $(wildcard *auth.go) views.go
+SWAGGER_TARGET = docs/docs.go
+$(SWAGGER_TARGET): $(SWAGGER_SRC)
+	$(SWAGINSTALL)
 	swag init -g main.go

-compile:
-	$(info Downloading deps)
-	$(GOBINARY) mod download
-	$(info Building)
-	mkdir -p build
-	CGO_ENABLED=0 $(GOBINARY) build -ldflags="-s -w $(LDFLAGS)" $(TAGS) -o build/jfa-go
-
-compress:
-	upx --lzma build/jfa-go
-
-bundle-css:
-	-mkdir -p $(DATA)/web/css
-	$(info bundling css)
-	$(ESBUILD) --bundle css/base.css --outfile=$(DATA)/web/css/bundle.css --external:remixicon.css --minify
-
-copy:
-	$(info copying fonts)
-	cp -r node_modules/remixicon/fonts/remixicon.css node_modules/remixicon/fonts/remixicon.woff2 $(DATA)/web/css/
+VARIANTS_SRC = $(wildcard html/*.html)
+VARIANTS_TARGET = $(DATA)/html/admin.html
+$(VARIANTS_TARGET): $(VARIANTS_SRC)
 	$(info copying html)
 	cp -r html $(DATA)/
+	$(info adding dark variants to html)
+	node scripts/missing-colors.js html $(DATA)/html
+
+ICON_SRC = node_modules/remixicon/fonts/remixicon.css node_modules/remixicon/fonts/remixicon.woff2
+ICON_TARGET = $(ICON_SRC:node_modules/remixicon/fonts/%=$(DATA)/web/css/%)
+CSS_SRC = $(wildcard css/*.css)
+CSS_TARGET = $(DATA)/web/css/part-bundle.css
+CSS_FULLTARGET = $(CSS_BUNDLE)
+ALL_CSS_SRC = $(ICON_SRC) $(CSS_SRC)
+ALL_CSS_TARGET = $(ICON_TARGET)
+
+$(CSS_FULLTARGET): $(TYPESCRIPT_TARGET) $(VARIANTS_TARGET) $(ALL_CSS_SRC) $(wildcard html/*.html)
+	$(info copying fonts)
+	cp -r node_modules/remixicon/fonts/remixicon.css node_modules/remixicon/fonts/remixicon.woff2 $(DATA)/web/css/
+	$(info bundling css)
+	rm -f $(CSS_TARGET) $(CSS_FULLTARGET)
+	$(ESBUILD) --bundle css/base.css --outfile=$(CSS_TARGET) --external:remixicon.css --external:../fonts/hanken* --minify
+
+	npx tailwindcss -i $(CSS_TARGET) -o $(CSS_FULLTARGET) $(TAILWIND)
+	rm $(CSS_TARGET)
+	# mv $(CSS_BUNDLE) $(DATA)/web/css/$(CSSVERSION)bundle.css
+	# npx postcss -o $(CSS_TARGET) $(CSS_TARGET)
+
+INLINE_SRC = html/crash.html
+INLINE_TARGET = $(DATA)/crash.html
+$(INLINE_TARGET): $(CSS_FULLTARGET) $(INLINE_SRC)
+	cp html/crash.html $(DATA)/crash.html
+	$(UNCSS) # generates $(DATA)/bundle.css for us
+	node scripts/inline.js root $(DATA) $(DATA)/crash.html $(DATA)/crash.html
+	rm $(DATA)/bundle.css
+
+LANG_SRC = $(shell find ./lang)
+LANG_TARGET = $(LANG_SRC:lang/%=$(DATA)/lang/%)
+STATIC_SRC = $(wildcard static/*)
+STATIC_TARGET = $(STATIC_SRC:static/%=$(DATA)/web/%)
+COPY_SRC = images/banner.svg jfa-go.service LICENSE $(LANG_SRC) $(STATIC_SRC)
+COPY_TARGET = $(DATA)/jfa-go.service
+# $(DATA)/LICENSE $(LANG_TARGET) $(STATIC_TARGET) $(DATA)/web/css/$(CSSVERSION)bundle.css
+$(COPY_TARGET): $(INLINE_TARGET) $(STATIC_SRC) $(LANG_SRC) $(CONFIG_BASE)
+	$(info copying $(CONFIG_BASE))
+	cp $(CONFIG_BASE) $(DATA)/
+	$(info copying crash page)
+	cp $(DATA)/crash.html $(DATA)/html/
 	$(info copying static data)
-	-mkdir -p $(DATA)/web
+	cp images/banner.svg static/banner.svg
 	cp -r static/* $(DATA)/web/
 	$(info copying systemd service)
 	cp jfa-go.service $(DATA)/
@@ -103,14 +207,27 @@ copy:
 	cp -r lang $(DATA)/
 	cp LICENSE $(DATA)/

-# internal-files:
-# 	python3 scripts/embed.py internal
-# 
-# external-files:
-# 	python3 scripts/embed.py external
-# 	-mkdir -p build
-# 	$(info copying internal data into build/)
-# 	cp -r data build/
+BUILDDEPS := $(DATA) $(CONFIG_DEFAULT) $(EMAIL_TARGET) $(COPY_TARGET) $(SWAGGER_TARGET) $(INLINE_TARGET) $(CSS_FULLTARGET) $(TYPESCRIPT_TARGET) 
+precompile: $(BUILDDEPS)
+
+COMPDEPS =
+ifeq ($(INTERNAL), on)
+	COMPDEPS = $(BUILDDEPS)
+endif
+
+GO_SRC = $(shell find ./ -name "*.go")
+GO_TARGET = build/jfa-go 
+$(GO_TARGET): $(COMPDEPS) $(SWAGGER_TARGET) $(GO_SRC) go.mod go.sum
+	$(info Downloading deps)
+	$(GOBINARY) mod download
+	$(info Building)
+	mkdir -p build
+	$(GOBINARY) build $(RACEDETECTOR) -ldflags="$(LDFLAGS)" $(TAGS) -o $(GO_TARGET)
+
+all: $(BUILDDEPS) $(GO_TARGET)
+
+compress:
+	upx --lzma $(GO_TARGET)

 install:
 	cp -r build $(DESTDIR)/jfa-go
@@ -122,4 +239,6 @@ clean:
 	-rm docs/docs.go docs/swagger.json docs/swagger.yaml
 	go clean

-all: configuration npm email typescript bundle-css swagger copy compile
+npm:
+	$(info installing npm dependencies)
+	npm install $(NPMOPTS)
--- a/README.md
+++ b/README.md
@@ -1,30 +1,47 @@
 ![jfa-go](images/banner.svg)
-[![Build Status](https://drone.hrfee.dev/api/badges/hrfee/jfa-go/status.svg?ref=refs/heads/main)](https://drone.hrfee.dev/hrfee/jfa-go)
+[![Build Status](https://ci.hrfee.dev/api/badges/3/status.svg)](https://ci.hrfee.dev/repos/3)
 [![Docker Hub](https://img.shields.io/docker/pulls/hrfee/jfa-go?label=docker)](https://hub.docker.com/r/hrfee/jfa-go)
-[![Translation status](https://weblate.hrfee.pw/widgets/jfa-go/-/svg-badge.svg)](https://weblate.hrfee.pw/engage/jfa-go/)
+[![Translation status](https://weblate.jfa-go.com/widgets/jfa-go/-/svg-badge.svg)](https://weblate.jfa-go.com/engage/jfa-go/)
+[![Docs/Wiki](https://img.shields.io/static/v1?label=documentation&message=jfa-go.com&color=informational)](https://wiki.jfa-go.com)
+[![Discord](https://img.shields.io/discord/922842034170122321?color=%235865F2&label=discord)](https://discord.com/invite/MrtvuQmyhP)

 ##### Downloads:
-##### [dockerhub](https://hub.docker.com/r/hrfee/jfa-go) | [stable](https://github.com/hrfee/jfa-go/releases) | [nightly](https://builds.hrfee.pw/view/hrfee/jfa-go) | [aur stable](https://aur.archlinux.org/packages/jfa-go) | [aur binary](https://aur.archlinux.org/packages/jfa-go-bin) | [aur nightly](https://aur.archlinux.org/packages/jfa-go-git)
+##### [docker](#docker) | [debian/ubuntu](#debian) | [arch (aur)](#aur) | [other platforms](#other-platforms)
+
 ---
-jfa-go is a user management app for [Jellyfin](https://github.com/jellyfin/jellyfin) (and now [Emby](https://emby.media/)) that provides invite-based account creation as well as other features that make one's instance much easier to manage.
+##  Project Status: Active-ish
+Studies mean I can't work on this project a lot outside of breaks, however I hope i'll be able to fit in general support and things like bug fixes into my time. New features and such will likely come in short bursts throughout the year (if they do at all).
+
+#### Does/Will it still work?
+jfa-go currently works on Jellyfin 10.9.8, the latest version as of 31/07/2024. I should be able to maintain compatability in the future, unless any big changes occur.
+
+#### Alternatives
+If you want a bit more of a guarantee of support, I've seen these projects mentioned although haven't tried them myself.
+
+* [Wizarr](https://github.com/Wizarrrr/wizarr) focuses on invites, and also includes some Discord & Ombi integration.
+* [Jellyseerr](https://github.com/Fallenbagel/jellyseerr) is a fork of Overseerr which can manage users and mainly acts as an Ombi alternative.
+  * [jfa-go now integrates with Jellyseerr, much like Ombi, but better.](https://github.com/hrfee/jfa-go/pull/351)
+* [Organizr](https://github.com/causefx/Organizr) doesn't focus on Jellyfin, but allows putting self-hosted services into "tabs" on a central page, and allows creating users, which lets one control who can access what.
+---
+jfa-go is a user management app for [Jellyfin](https://github.com/jellyfin/jellyfin) (and [Emby](https://emby.media/) as 2nd class) that provides invite-based account creation as well as other features that make one's instance much easier to manage.

 #### Features
-* 🧑 Invite based account creation: Sends invites to your friends or family, and let them choose their own username and password without relying on you.
-    * Send invites via a link and/or email
+* 🧑 Invite based account creation: Send invites to your friends or family, and let them choose their own username and password without relying on you.
+    * Send invites via a link and/or email, discord, telegram or matrix
    * Granular control over invites: Validity period as well as number of uses can be specified.
    * Account profiles: Assign settings profiles to invites so new users have your predefined permissions, homescreen layout, etc. applied to their account on creation.
    * Password validation: Ensure users choose a strong password.
+    * CAPTCHAs and contact method verificatoin can be enabled to avoid bots.
 * ⌛ User expiry: Specify a validity period, and new users accounts will be disabled/deleted after it. The period can be manually extended too.
-* 🔗 Ombi Integration: Automatically creates Ombi accounts for new users using their email address and login details, and your own defined set of permissions.
-* Account management: Apply settings to your users individually or en masse, and delete users, optionally sending them an email notification with a reason.
-* Telegram Integration: Verify users via telegram, and send Password Resets, Announcements, etc. through it.
-* 📨 Email storage: Add your existing users email addresses through the UI, and jfa-go will ask new users for them on account creation.
-    * Email addresses can optionally be used instead of usernames
-* 🔑 Password resets: When users forget their passwords and request a change in Jellyfin, jfa-go reads the PIN from the created file and sends it straight to the user via email/telegram.
-* Notifications: Get notified when someone creates an account, or an invite expires.
+* 🔗 Ombi/Jellyseerr Integration: Automatically creates and synchronizes details for new accounts. Supports setting permissions with the Profiles feature. **Ombi integration use is risky, see [wiki](https://wiki.jfa-go.com/docs/ombi/)**.
+* Account management: Bulk or individually; apply settings, delete, disable/enable, send messages and much more.
 * 📣 Announcements: Bulk message your users with announcements about your server.
-* Authentication via Jellyfin: Instead of using separate credentials for jfa-go and Jellyfin, jfa-go can use it as the authentication provider.
-    * Enables the usage of jfa-go by multiple people
+* Telegram/Discord/Matrix Integration: Verify users via a chat bot, and send Password Resets, Announcements, etc. through it.
+* "My Account" Page: Allows users to reset their password, manage contact details, view their account expiry date, and send referrals. Can be customized with markdown.
+* Referrals: Users can be given special invites to send to their friends and families, similar to some invite-only services like Bluesky.
+* 🔑 Password resets: When users forget their passwords and request a change in Jellyfin, jfa-go reads the PIN from the created file and sends it straight to them via email/telegram.
+  * Can also be done through the "My Account" page if enabled.
+* Admin Notifications: Get notified when someone creates an account, or an invite expires.
 * 🌓 Customizations
    * Customize emails with variables and markdown
    * Specify contact and help messages to appear in emails and pages
@@ -32,31 +49,64 @@ jfa-go is a user management app for [Jellyfin](https://github.com/jellyfin/jelly

 #### Interface
 <p align="center">
-    <img src="images/demo.gif" width="100%"></img>
-</p>
-
-<p align="center">
-    <img src="images/invites.png" width="31%" style="margin-left: 1.5%;" alt="Invites tab"></img>
-    <img src="images/accounts.png" width="31%" style="margin-right: 1.5%;" alt="Accounts tab"></img> 
-    <img src="images/create.png" width="31%" style="margin-right: 1.5%;" alt="Accounts creation"></img> 
+    <img src="images/invites.png" width="47%" style="margin-left: 1.5%;" align="top" alt="Invites tab"></img>
+    <img src="images/create.png" width="47%" style="margin-right: 1.5%;" align="top" alt="Accounts creation"></img> 
+    <img src="images/myaccount.png" width="47%" style="margin-left: 1.5%; margin-top: 1rem;" align="top" alt="My Account Page"></img>
+    <img src="images/accounts.png" width="47%" style="margin-right: 1.5%; margin-top: 1rem;" align="top" alt="Accounts tab"></img> 
 </p>

 #### Install

-The [Docker](https://hub.docker.com/r/hrfee/jfa-go) image is your best bet.
+**Note**: `TrayIcon` builds include a tray icon to start/stop/restart, and an option to automatically start when you log-in to your computer. For Linux users, these builds depend on the `libappindicator3-1`/`libappindicator-gtk3`/`libappindicator` package for Debian/Ubuntu, Fedora, and Alpine respectively.
+
+`MatrixE2EE` builds (and Linux `TrayIcon` builds) include support for end-to-end encryption for the Matrix bot, but require the `libolm(-dev)` dependency. `.deb/.rpm/.apk` packages list this dependency, and docker images include it.
+
+##### [Docker](https://hub.docker.com/r/hrfee/jfa-go)
 ```sh
 docker create \
             --name "jfa-go" \ # Whatever you want to name it
             -p 8056:8056 \
            # -p 8057:8057 if using tls
             -v /path/to/.config/jfa-go:/data \ # Path to wherever you want to store the config file and other data
-             -v /path/to/jellyfin:/jf \ # Path to Jellyfin config directory, ignore if using Emby
+             -v /path/to/jellyfin:/jf \ # Only needed for password resets through Jellyfin, ignore if not using or using Emby
             -v /etc/localtime:/etc/localtime:ro \ # Makes sure time is correct
             hrfee/jfa-go # hrfee/jfa-go:unstable for latest build from git
 ```
-Available on the AUR as [jfa-go](https://aur.archlinux.org/packages/jfa-go/), [jfa-go-bin](https://aur.archlinux.org/packages/jfa-go) or [jfa-go-git](https://aur.archlinux.org/packages/jfa-go-git/).

-For other platforms, grab an archive from the release section for your platform (or nightly builds [here](https://builds.hrfee.dev/view/hrfee/jfa-go)), and extract the `jfa-go` executable to somewhere useful.
+##### [Debian/Ubuntu](https://apt.hrfee.dev)
+```sh
+sudo apt-get update && sudo apt-get install curl apt-transport-https gnupg
+curl https://apt.hrfee.dev/hrfee.pubkey.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/apt.hrfee.dev.gpg
+
+# For stable releases
+echo "deb https://apt.hrfee.dev trusty main" | sudo tee /etc/apt/sources.list.d/hrfee.list
+# ------
+# For unstable releases
+echo "deb https://apt.hrfee.dev trusty-unstable main" | sudo tee /etc/apt/sources.list.d/hrfee.list
+# ------
+
+sudo apt-get update
+
+# For servers
+sudo apt-get install jfa-go
+# ------
+# For desktops/servers with GUI (may pull in lots of dependencies)
+sudo apt-get install jfa-go-tray
+# ------
+```
+
+##### Arch
+Available on the AUR as:
+* [jfa-go](https://aur.archlinux.org/packages/jfa-go/) (stable)
+* [jfa-go-bin](https://aur.archlinux.org/packages/jfa-go) (pre-compiled, stable)
+* [jfa-go-git](https://aur.archlinux.org/packages/jfa-go-git/) (nightly)
+
+##### Other platforms
+Download precompiled binaries from:
+ * [The releases section](https://github.com/hrfee/jfa-go/releases) (stable)
+ * [dl.jfa-go.com](https://dl.jfa-go.com) (nightly)
+
+unzip the `jfa-go`/`jfa-go.exe` executable to somewhere useful.
 * For \*nix/macOS users, `chmod +x jfa-go` then place it somewhere in your PATH like `/usr/bin`.

 Run the executable to start.
@@ -65,23 +115,36 @@ Run the executable to start.
 #### Build from source
 If you're using docker, a Dockerfile is provided that builds from source.

-Otherwise, full build instructions can be found [here](https://github.com/hrfee/jfa-go/wiki/Build).
+Otherwise, full build instructions can be found [here](https://wiki.jfa-go.com/docs/build/).

 #### Usage
 Simply run `jfa-go` to start the application. A setup wizard will start on `localhost:8056` (or your own specified address). Upon completion, refresh the page.

 ```
-Usage of ./jfa-go:
-  -config string
-    	alternate path to config file. (default "~/.config/jfa-go/config.ini")
-  -data string
-    	alternate path to data directory. (default "~/.config/jfa-go")
+Usage of jfa-go:
+  start
+	start jfa-go as a daemon and run in the background.
+  stop
+	stop a daemonized instance of jfa-go.
+  systemd
+	generate a systemd .service file.
+
+  -config, -c string
+    	alternate path to config file. (default "/home/hrfee/.config/jfa-go/config.ini")
+  -data, -d string
+    	alternate path to data directory. (default "/home/hrfee/.config/jfa-go")
  -debug
-    	Enables debug logging and exposes pprof.
+    	Enables debug logging.
+  -help, -h
+    	prints this message.
  -host string
    	alternate address to host web ui on.
-  -port int
+  -port, -p int
    	alternate port to host web ui on.
+  -pprof
+    	Exposes pprof profiler on /debug/pprof.
+  -restore string
+    	path to database backup to restore.
  -swagger
    	Enable swagger at /swagger/index.html
 ```
@@ -89,19 +152,15 @@ Usage of ./jfa-go:
 #### Systemd
 jfa-go does not run as a daemon by default. Run `jfa-go systemd` to create a systemd `.service` file in your current directory, which you can copy into `~/.config/systemd/user` or somewhere else.

---
-
-If you're switching from jellyfin-accounts, copy your existing `~/.jf-accounts` to:
-
-* `XDG_CONFIG_DIR/jfa-go` (usually ~/.config/jfa-go) on \*nix systems, 
-* `%AppData%/jfa-go` on Windows,
-* `~/Library/Application Support/jfa-go` on macOS.
-
-(or specify config/data path  with `-config/-data` respectively.)

 #### Contributing
-See [CONTRIBUTING.md](https://github.com/hrfee/jfa-go/blob/main/CONTRIBUTING.md).
+See [the wiki page](https://wiki.jfa-go.com/docs/dev/).
 ##### Translation
-[![Translation status](https://weblate.hrfee.pw/widgets/jfa-go/-/multi-auto.svg)](https://weblate.hrfee.pw/engage/jfa-go/)
+[![Translation status](https://weblate.jfa-go.com/widgets/jfa-go/-/multi-auto.svg)](https://weblate.jfa-go.com/engage/jfa-go/)

-For translations, use the weblate instance [here](https://weblate.hrfee.pw/engage/jfa-go/). You can login with github.
+For translations, use the weblate instance [here](https://weblate.jfa-go.com/engage/jfa-go/). You can login with github.
+
+#### Sponsors
+Big thanks to those who sponsor me. You can see them below:
+
+[<img src="https://sponsors-endpoint.hrfee.pw/sponsor/avatar/0" width="35">](https://sponsors-endpoint.hrfee.pw/sponsor/profile/0)
--- a/api-activities.go
+++ b/api-activities.go
@@ -0,0 +1,188 @@
+package main
+
+import (
+	"github.com/gin-gonic/gin"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/timshannon/badgerhold/v4"
+)
+
+func stringToActivityType(v string) ActivityType {
+	switch v {
+	case "creation":
+		return ActivityCreation
+	case "deletion":
+		return ActivityDeletion
+	case "disabled":
+		return ActivityDisabled
+	case "enabled":
+		return ActivityEnabled
+	case "contactLinked":
+		return ActivityContactLinked
+	case "contactUnlinked":
+		return ActivityContactUnlinked
+	case "changePassword":
+		return ActivityChangePassword
+	case "resetPassword":
+		return ActivityResetPassword
+	case "createInvite":
+		return ActivityCreateInvite
+	case "deleteInvite":
+		return ActivityDeleteInvite
+	}
+	return ActivityUnknown
+}
+
+func activityTypeToString(v ActivityType) string {
+	switch v {
+	case ActivityCreation:
+		return "creation"
+	case ActivityDeletion:
+		return "deletion"
+	case ActivityDisabled:
+		return "disabled"
+	case ActivityEnabled:
+		return "enabled"
+	case ActivityContactLinked:
+		return "contactLinked"
+	case ActivityContactUnlinked:
+		return "contactUnlinked"
+	case ActivityChangePassword:
+		return "changePassword"
+	case ActivityResetPassword:
+		return "resetPassword"
+	case ActivityCreateInvite:
+		return "createInvite"
+	case ActivityDeleteInvite:
+		return "deleteInvite"
+	}
+	return "unknown"
+}
+
+func stringToActivitySource(v string) ActivitySource {
+	switch v {
+	case "user":
+		return ActivityUser
+	case "admin":
+		return ActivityAdmin
+	case "anon":
+		return ActivityAnon
+	case "daemon":
+		return ActivityDaemon
+	}
+	return ActivityAnon
+}
+
+func activitySourceToString(v ActivitySource) string {
+	switch v {
+	case ActivityUser:
+		return "user"
+	case ActivityAdmin:
+		return "admin"
+	case ActivityAnon:
+		return "anon"
+	case ActivityDaemon:
+		return "daemon"
+	}
+	return "anon"
+}
+
+// @Summary Get the requested set of activities, Paginated, filtered and sorted. Is a POST because of some issues I was having, ideally should be a GET.
+// @Produce json
+// @Param GetActivitiesDTO body GetActivitiesDTO true "search parameters"
+// @Success 200 {object} GetActivitiesRespDTO
+// @Router /activity [post]
+// @Security Bearer
+// @tags Activity
+func (app *appContext) GetActivities(gc *gin.Context) {
+	req := GetActivitiesDTO{}
+	gc.BindJSON(&req)
+	query := &badgerhold.Query{}
+	activityTypes := make([]interface{}, len(req.Type))
+	for i, v := range req.Type {
+		activityTypes[i] = stringToActivityType(v)
+	}
+	if len(activityTypes) != 0 {
+		query = badgerhold.Where("Type").In(activityTypes...)
+	}
+
+	if !req.Ascending {
+		query = query.Reverse()
+	}
+
+	query = query.SortBy("Time")
+
+	if req.Limit == 0 {
+		req.Limit = 10
+	}
+
+	query = query.Skip(req.Page * req.Limit).Limit(req.Limit)
+
+	var results []Activity
+	err := app.storage.db.Find(&results, query)
+
+	if err != nil {
+		app.err.Printf(lm.FailedDBReadActivities, err)
+	}
+
+	resp := GetActivitiesRespDTO{
+		Activities: make([]ActivityDTO, len(results)),
+		LastPage:   len(results) != req.Limit,
+	}
+
+	for i, act := range results {
+		resp.Activities[i] = ActivityDTO{
+			ID:         act.ID,
+			Type:       activityTypeToString(act.Type),
+			UserID:     act.UserID,
+			SourceType: activitySourceToString(act.SourceType),
+			Source:     act.Source,
+			InviteCode: act.InviteCode,
+			Value:      act.Value,
+			Time:       act.Time.Unix(),
+			IP:         act.IP,
+		}
+		if act.Type == ActivityDeletion || act.Type == ActivityCreation {
+			resp.Activities[i].Username = act.Value
+			resp.Activities[i].Value = ""
+		} else if user, err := app.jf.UserByID(act.UserID, false); err == nil {
+			resp.Activities[i].Username = user.Name
+		}
+
+		if (act.SourceType == ActivityUser || act.SourceType == ActivityAdmin) && act.Source != "" {
+			user, err := app.jf.UserByID(act.Source, false)
+			if err == nil {
+				resp.Activities[i].SourceUsername = user.Name
+			}
+		}
+	}
+
+	gc.JSON(200, resp)
+}
+
+// @Summary Delete the activity with the given ID. No-op if non-existent, always succeeds.
+// @Produce json
+// @Param id path string true "ID of activity to delete"
+// @Success 200 {object} boolResponse
+// @Router /activity/{id} [delete]
+// @Security Bearer
+// @tags Activity
+func (app *appContext) DeleteActivity(gc *gin.Context) {
+	app.storage.DeleteActivityKey(gc.Param("id"))
+	respondBool(200, true, gc)
+}
+
+// @Summary Returns the total number of activities stored in the database.
+// @Produce json
+// @Success 200 {object} GetActivityCountDTO
+// @Router /activity/count [get]
+// @Security Bearer
+// @tags Activity
+func (app *appContext) GetActivityCount(gc *gin.Context) {
+	resp := GetActivityCountDTO{}
+	var err error
+	resp.Count, err = app.storage.db.Count(&Activity{}, &badgerhold.Query{})
+	if err != nil {
+		resp.Count = 0
+	}
+	gc.JSON(200, resp)
+}
--- a/api-backups.go
+++ b/api-backups.go
@@ -0,0 +1,118 @@
+package main
+
+import (
+	"os"
+	"path/filepath"
+	"sort"
+
+	"github.com/gin-gonic/gin"
+	lm "github.com/hrfee/jfa-go/logmessages"
+)
+
+// @Summary Creates a backup of the database.
+// @Router /backups [post]
+// @Success 200 {object} CreateBackupDTO
+// @Security Bearer
+// @tags Backups
+func (app *appContext) CreateBackup(gc *gin.Context) {
+	backup := app.makeBackup()
+	gc.JSON(200, backup)
+}
+
+// @Summary Download a specific backup file. Requires auth, so can't be accessed plainly in the browser.
+// @Param fname path string true "backup filename"
+// @Router /backups/{fname} [get]
+// @Produce octet-stream
+// @Produce json
+// @Success 200 {body} file
+// @Failure 400 {object} boolResponse
+// @Security Bearer
+// @tags Backups
+func (app *appContext) GetBackup(gc *gin.Context) {
+	fname := gc.Param("fname")
+	// Hopefully this is enough to ensure the path isn't malicious. Hidden behind bearer auth anyway so shouldn't matter too much I guess.
+	b := Backup{}
+	err := b.FromString(fname)
+	if err != nil || b.Date.IsZero() {
+		app.debug.Printf(lm.IgnoreInvalidFilename, fname, err)
+		respondBool(400, false, gc)
+		return
+	}
+	path := app.config.Section("backups").Key("path").String()
+	fullpath := filepath.Join(path, fname)
+	gc.FileAttachment(fullpath, fname)
+}
+
+// @Summary Get a list of backups.
+// @Router /backups [get]
+// @Produce json
+// @Success 200 {object} GetBackupsDTO
+// @Security Bearer
+// @tags Backups
+func (app *appContext) GetBackups(gc *gin.Context) {
+	path := app.config.Section("backups").Key("path").String()
+	backups := app.getBackups()
+	sort.Sort(backups)
+	resp := GetBackupsDTO{}
+	resp.Backups = make([]CreateBackupDTO, backups.count)
+
+	for i, item := range backups.files[:backups.count] {
+		resp.Backups[i].Name = item.Name()
+		fullpath := filepath.Join(path, item.Name())
+		resp.Backups[i].Path = fullpath
+		resp.Backups[i].Date = backups.info[i].Date.Unix()
+		resp.Backups[i].Commit = backups.info[i].Commit
+		fstat, err := os.Stat(fullpath)
+		if err == nil {
+			resp.Backups[i].Size = fileSize(fstat.Size())
+		}
+	}
+	gc.JSON(200, resp)
+}
+
+// @Summary Restore a backup file stored locally to the server.
+// @Param fname path string true "backup filename"
+// @Router /backups/restore/{fname} [post]
+// @Produce json
+// @Failure 400 {object} boolResponse
+// @Security Bearer
+// @tags Backups
+func (app *appContext) RestoreLocalBackup(gc *gin.Context) {
+	fname := gc.Param("fname")
+	// Hopefully this is enough to ensure the path isn't malicious. Hidden behind bearer auth anyway so shouldn't matter too much I guess.
+	b := Backup{}
+	err := b.FromString(fname)
+	if err != nil || b.Date.IsZero() {
+		app.debug.Printf(lm.IgnoreInvalidFilename, fname, err)
+		respondBool(400, false, gc)
+		return
+	}
+	path := app.config.Section("backups").Key("path").String()
+	fullpath := filepath.Join(path, fname)
+	LOADBAK = fullpath
+	app.restart(gc)
+}
+
+// @Summary Restore a backup file uploaded by the user.
+// @Param file formData file true ".bak file"
+// @Router /backups/restore [post]
+// @Produce json
+// @Failure 400 {object} boolResponse
+// @Security Bearer
+// @tags Backups
+func (app *appContext) RestoreBackup(gc *gin.Context) {
+	file, err := gc.FormFile("backups-file")
+	if err != nil {
+		app.err.Printf(lm.FailedGetUpload, err)
+		respondBool(400, false, gc)
+		return
+	}
+	app.debug.Printf(lm.GetUpload, file.Filename)
+	path := app.config.Section("backups").Key("path").String()
+	b := Backup{Upload: true}
+	fullpath := filepath.Join(path, b.String())
+	gc.SaveUploadedFile(file, fullpath)
+	app.debug.Printf(lm.Write, fullpath)
+	LOADBAK = fullpath
+	app.restart(gc)
+}
--- a/api-invites.go
+++ b/api-invites.go
@@ -0,0 +1,449 @@
+package main
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/itchyny/timefmt-go"
+	"github.com/lithammer/shortuuid/v3"
+)
+
+const (
+	CAPTCHA_VALIDITY = 20 * 60 // Seconds
+)
+
+// GenerateInviteCode generates an invite code in the correct format.
+func GenerateInviteCode() string {
+	// make sure code doesn't begin with number
+	inviteCode := shortuuid.New()
+	_, err := strconv.Atoi(string(inviteCode[0]))
+	for err == nil {
+		inviteCode = shortuuid.New()
+		_, err = strconv.Atoi(string(inviteCode[0]))
+	}
+	return inviteCode
+}
+
+// checkInvites performs general housekeeping on invites, i.e. deleting expired ones and cleaning captcha data.
+func (app *appContext) checkInvites() {
+	currentTime := time.Now()
+	for _, data := range app.storage.GetInvites() {
+		captchas := data.Captchas
+		captchasExpired := false
+		for key, capt := range data.Captchas {
+			if time.Now().After(capt.Generated.Add(CAPTCHA_VALIDITY * time.Second)) {
+				delete(captchas, key)
+				captchasExpired = true
+			}
+		}
+		if captchasExpired {
+			data.Captchas = captchas
+			app.storage.SetInvitesKey(data.Code, data)
+		}
+
+		if data.IsReferral && (!data.UseReferralExpiry || data.ReferrerJellyfinID == "") {
+			continue
+		}
+		expiry := data.ValidTill
+		if !currentTime.After(expiry) {
+			continue
+		}
+		app.deleteExpiredInvite(data)
+	}
+}
+
+// checkInvite checks the validity of a specific invite, optionally removing it if invalid(ated).
+func (app *appContext) checkInvite(code string, used bool, username string) bool {
+	currentTime := time.Now()
+	inv, match := app.storage.GetInvitesKey(code)
+	if !match {
+		return false
+	}
+	expiry := inv.ValidTill
+	if currentTime.After(expiry) {
+		app.deleteExpiredInvite(inv)
+		match = false
+	} else if used {
+		del := false
+		newInv := inv
+		if newInv.RemainingUses == 1 {
+			del = true
+			app.storage.DeleteInvitesKey(code)
+			app.storage.SetActivityKey(shortuuid.New(), Activity{
+				Type:       ActivityDeleteInvite,
+				SourceType: ActivityDaemon,
+				InviteCode: code,
+				Value:      inv.Label,
+				Time:       time.Now(),
+			}, nil, false)
+		} else if newInv.RemainingUses != 0 {
+			// 0 means infinite i guess?
+			newInv.RemainingUses--
+		}
+		newInv.UsedBy = append(newInv.UsedBy, []string{username, strconv.FormatInt(currentTime.Unix(), 10)})
+		if !del {
+			app.storage.SetInvitesKey(code, newInv)
+		}
+	}
+	return match
+}
+
+func (app *appContext) deleteExpiredInvite(data Invite) {
+	app.debug.Printf(lm.DeleteOldInvite, data.Code)
+
+	// Disable referrals for the user if UseReferralExpiry is enabled, so no new ones are made.
+	if data.IsReferral && data.UseReferralExpiry && data.ReferrerJellyfinID != "" {
+		user, ok := app.storage.GetEmailsKey(data.ReferrerJellyfinID)
+		if ok {
+			user.ReferralTemplateKey = ""
+			app.storage.SetEmailsKey(data.ReferrerJellyfinID, user)
+		}
+	}
+	wait := app.sendAdminExpiryNotification(data)
+	app.storage.DeleteInvitesKey(data.Code)
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityDeleteInvite,
+		SourceType: ActivityDaemon,
+		InviteCode: data.Code,
+		Value:      data.Label,
+		Time:       time.Now(),
+	}, nil, false)
+
+	if wait != nil {
+		wait.Wait()
+	}
+}
+
+func (app *appContext) sendAdminExpiryNotification(data Invite) *sync.WaitGroup {
+	notify := data.Notify
+	if !emailEnabled || !app.config.Section("notifications").Key("enabled").MustBool(false) || len(notify) != 0 {
+		return nil
+	}
+	var wait sync.WaitGroup
+	for address, settings := range notify {
+		if !settings["notify-expiry"] {
+			continue
+		}
+		wait.Add(1)
+		go func(addr string) {
+			defer wait.Done()
+			msg, err := app.email.constructExpiry(data.Code, data, app, false)
+			if err != nil {
+				app.err.Printf(lm.FailedConstructExpiryAdmin, data.Code, err)
+			} else {
+				// Check whether notify "address" is an email address or Jellyfin ID
+				if strings.Contains(addr, "@") {
+					err = app.email.send(msg, addr)
+				} else {
+					err = app.sendByID(msg, addr)
+				}
+				if err != nil {
+					app.err.Printf(lm.FailedSendExpiryAdmin, data.Code, addr, err)
+				} else {
+					app.info.Printf(lm.SentExpiryAdmin, data.Code, addr)
+				}
+			}
+		}(address)
+	}
+	return &wait
+}
+
+// @Summary Create a new invite.
+// @Produce json
+// @Param generateInviteDTO body generateInviteDTO true "New invite request object"
+// @Success 200 {object} boolResponse
+// @Router /invites [post]
+// @Security Bearer
+// @tags Invites
+func (app *appContext) GenerateInvite(gc *gin.Context) {
+	var req generateInviteDTO
+	app.debug.Println(lm.GenerateInvite)
+	gc.BindJSON(&req)
+	currentTime := time.Now()
+	validTill := currentTime.AddDate(0, req.Months, req.Days)
+	validTill = validTill.Add(time.Hour*time.Duration(req.Hours) + time.Minute*time.Duration(req.Minutes))
+	var invite Invite
+	invite.Code = GenerateInviteCode()
+	if req.Label != "" {
+		invite.Label = req.Label
+	}
+	if req.UserLabel != "" {
+		invite.UserLabel = req.UserLabel
+	}
+	invite.Created = currentTime
+	if req.MultipleUses {
+		if req.NoLimit {
+			invite.NoLimit = true
+		} else {
+			invite.RemainingUses = req.RemainingUses
+		}
+	} else {
+		invite.RemainingUses = 1
+	}
+	invite.UserExpiry = req.UserExpiry
+	if invite.UserExpiry {
+		invite.UserMonths = req.UserMonths
+		invite.UserDays = req.UserDays
+		invite.UserHours = req.UserHours
+		invite.UserMinutes = req.UserMinutes
+	}
+	invite.ValidTill = validTill
+	if req.SendTo != "" && app.config.Section("invite_emails").Key("enabled").MustBool(false) {
+		addressValid := false
+		discord := ""
+		if discordEnabled && (!strings.Contains(req.SendTo, "@") || strings.HasPrefix(req.SendTo, "@")) {
+			users := app.discord.GetUsers(req.SendTo)
+			if len(users) == 0 {
+				invite.SendTo = fmt.Sprintf(lm.FailedSendToTooltipNoUser, req.SendTo)
+			} else if len(users) > 1 {
+				invite.SendTo = fmt.Sprintf(lm.FailedSendToTooltipMultiUser, req.SendTo)
+			} else {
+				invite.SendTo = req.SendTo
+				addressValid = true
+				discord = users[0].User.ID
+			}
+		} else if emailEnabled {
+			addressValid = true
+			invite.SendTo = req.SendTo
+		}
+		if addressValid {
+			msg, err := app.email.constructInvite(invite.Code, invite, app, false)
+			if err != nil {
+				// Slight misuse of the template
+				invite.SendTo = fmt.Sprintf(lm.FailedConstructInviteMessage, req.SendTo, err)
+
+				app.err.Printf(lm.FailedConstructInviteMessage, invite.Code, err)
+			} else {
+				var err error
+				if discord != "" {
+					err = app.discord.SendDM(msg, discord)
+				} else {
+					err = app.email.send(msg, req.SendTo)
+				}
+				if err != nil {
+					invite.SendTo = fmt.Sprintf(lm.FailedSendInviteMessage, invite.Code, req.SendTo, err)
+					app.err.Println(invite.SendTo)
+				} else {
+					app.info.Printf(lm.SentInviteMessage, invite.Code, req.SendTo)
+				}
+			}
+		}
+	}
+	if req.Profile != "" {
+		if _, ok := app.storage.GetProfileKey(req.Profile); ok {
+			invite.Profile = req.Profile
+		} else {
+			invite.Profile = "Default"
+		}
+	}
+	app.storage.SetInvitesKey(invite.Code, invite)
+
+	// Record activity
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityCreateInvite,
+		UserID:     "",
+		SourceType: ActivityAdmin,
+		Source:     gc.GetString("jfId"),
+		InviteCode: invite.Code,
+		Value:      invite.Label,
+		Time:       time.Now(),
+	}, gc, false)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary Get invites.
+// @Produce json
+// @Success 200 {object} getInvitesDTO
+// @Router /invites [get]
+// @Security Bearer
+// @tags Invites
+func (app *appContext) GetInvites(gc *gin.Context) {
+	currentTime := time.Now()
+	app.checkInvites()
+	var invites []inviteDTO
+	for _, inv := range app.storage.GetInvites() {
+		if inv.IsReferral {
+			continue
+		}
+		years, months, days, hours, minutes, _ := timeDiff(inv.ValidTill, currentTime)
+		months += years * 12
+		invite := inviteDTO{
+			Code:        inv.Code,
+			Months:      months,
+			Days:        days,
+			Hours:       hours,
+			Minutes:     minutes,
+			UserExpiry:  inv.UserExpiry,
+			UserMonths:  inv.UserMonths,
+			UserDays:    inv.UserDays,
+			UserHours:   inv.UserHours,
+			UserMinutes: inv.UserMinutes,
+			Created:     inv.Created.Unix(),
+			Profile:     inv.Profile,
+			NoLimit:     inv.NoLimit,
+			Label:       inv.Label,
+			UserLabel:   inv.UserLabel,
+		}
+		if len(inv.UsedBy) != 0 {
+			invite.UsedBy = map[string]int64{}
+			for _, pair := range inv.UsedBy {
+				// These used to be stored formatted instead of as a unix timestamp.
+				unix, err := strconv.ParseInt(pair[1], 10, 64)
+				if err != nil {
+					date, err := timefmt.Parse(pair[1], app.datePattern+" "+app.timePattern)
+					if err != nil {
+						app.err.Printf(lm.FailedParseTime, err)
+					}
+					unix = date.Unix()
+				}
+				invite.UsedBy[pair[0]] = unix
+			}
+		}
+		invite.RemainingUses = 1
+		if inv.RemainingUses != 0 {
+			invite.RemainingUses = inv.RemainingUses
+		}
+		if inv.SendTo != "" {
+			invite.SendTo = inv.SendTo
+		}
+		if len(inv.Notify) != 0 {
+			var addressOrID string
+			if app.config.Section("ui").Key("jellyfin_login").MustBool(false) {
+				addressOrID = gc.GetString("jfId")
+			} else {
+				addressOrID = app.config.Section("ui").Key("email").String()
+			}
+			if _, ok := inv.Notify[addressOrID]; ok {
+				if _, ok = inv.Notify[addressOrID]["notify-expiry"]; ok {
+					invite.NotifyExpiry = inv.Notify[addressOrID]["notify-expiry"]
+				}
+				if _, ok = inv.Notify[addressOrID]["notify-creation"]; ok {
+					invite.NotifyCreation = inv.Notify[addressOrID]["notify-creation"]
+				}
+			}
+		}
+		invites = append(invites, invite)
+	}
+	resp := getInvitesDTO{
+		Invites: invites,
+	}
+	gc.JSON(200, resp)
+}
+
+// @Summary Set profile for an invite
+// @Produce json
+// @Param inviteProfileDTO body inviteProfileDTO true "Invite profile object"
+// @Success 200 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /invites/profile [post]
+// @Security Bearer
+// @tags Invites
+func (app *appContext) SetProfile(gc *gin.Context) {
+	var req inviteProfileDTO
+	gc.BindJSON(&req)
+	// "" means "Don't apply profile"
+	if _, ok := app.storage.GetProfileKey(req.Profile); !ok && req.Profile != "" {
+		app.err.Printf(lm.FailedGetProfile, req.Profile)
+		respond(500, "Profile not found", gc)
+		return
+	}
+	inv, _ := app.storage.GetInvitesKey(req.Invite)
+	inv.Profile = req.Profile
+	app.storage.SetInvitesKey(req.Invite, inv)
+	respondBool(200, true, gc)
+}
+
+// @Summary Set notification preferences for an invite.
+// @Produce json
+// @Param setNotifyDTO body setNotifyDTO true "Map of invite codes to notification settings objects"
+// @Success 200
+// @Failure 400 {object} stringResponse
+// @Failure 500 {object} stringResponse
+// @Router /invites/notify [post]
+// @Security Bearer
+// @tags Other
+func (app *appContext) SetNotify(gc *gin.Context) {
+	var req map[string]map[string]bool
+	gc.BindJSON(&req)
+	changed := false
+	for code, settings := range req {
+		invite, ok := app.storage.GetInvitesKey(code)
+		if !ok {
+			msg := fmt.Sprintf(lm.InvalidInviteCode, code)
+			app.err.Println(msg)
+			respond(400, msg, gc)
+			return
+		}
+		var address string
+		jellyfinLogin := app.config.Section("ui").Key("jellyfin_login").MustBool(false)
+		if jellyfinLogin {
+			var addressAvailable bool = app.getAddressOrName(gc.GetString("jfId")) != ""
+			if !addressAvailable {
+				app.err.Printf(lm.FailedGetContactMethod, gc.GetString("jfId"))
+				respond(500, fmt.Sprintf(lm.FailedGetContactMethod, "admin"), gc)
+				return
+			}
+			address = gc.GetString("jfId")
+		} else {
+			address = app.config.Section("ui").Key("email").String()
+		}
+		if invite.Notify == nil {
+			invite.Notify = map[string]map[string]bool{}
+		}
+		if _, ok := invite.Notify[address]; !ok {
+			invite.Notify[address] = map[string]bool{}
+		} /*else {
+		if _, ok := invite.Notify[address]["notify-expiry"]; !ok {
+		*/
+		for _, notifyType := range []string{"notify-expiry", "notify-creation"} {
+			if _, ok := settings[notifyType]; ok && invite.Notify[address][notifyType] != settings[notifyType] {
+				invite.Notify[address][notifyType] = settings[notifyType]
+				app.debug.Printf(lm.SetAdminNotify, notifyType, settings[notifyType], address)
+				changed = true
+			}
+		}
+		if changed {
+			app.storage.SetInvitesKey(code, invite)
+		}
+	}
+}
+
+// @Summary Delete an invite.
+// @Produce json
+// @Param deleteInviteDTO body deleteInviteDTO true "Delete invite object"
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} stringResponse
+// @Router /invites [delete]
+// @Security Bearer
+// @tags Invites
+func (app *appContext) DeleteInvite(gc *gin.Context) {
+	var req deleteInviteDTO
+	gc.BindJSON(&req)
+	inv, ok := app.storage.GetInvitesKey(req.Code)
+	if ok {
+		app.storage.DeleteInvitesKey(req.Code)
+
+		// Record activity
+		app.storage.SetActivityKey(shortuuid.New(), Activity{
+			Type:       ActivityDeleteInvite,
+			SourceType: ActivityAdmin,
+			Source:     gc.GetString("jfId"),
+			InviteCode: req.Code,
+			Value:      inv.Label,
+			Time:       time.Now(),
+		}, gc, false)
+
+		app.info.Printf(lm.DeleteInvite, req.Code)
+		respondBool(200, true, gc)
+		return
+	}
+	app.err.Printf(lm.FailedDeleteInvite, req.Code, "invalid code")
+	respond(400, "Code doesn't exist", gc)
+}
--- a/api-jellyseerr.go
+++ b/api-jellyseerr.go
@@ -0,0 +1,165 @@
+package main
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/hrfee/jfa-go/jellyseerr"
+	lm "github.com/hrfee/jfa-go/logmessages"
+)
+
+// @Summary Get a list of Jellyseerr users.
+// @Produce json
+// @Success 200 {object} ombiUsersDTO
+// @Failure 500 {object} stringResponse
+// @Router /jellyseerr/users [get]
+// @Security Bearer
+// @tags Jellyseerr
+func (app *appContext) JellyseerrUsers(gc *gin.Context) {
+	users, err := app.js.GetUsers()
+	if err != nil {
+		app.err.Printf(lm.FailedGetUsers, lm.Jellyseerr, err)
+		respond(500, "Couldn't get users", gc)
+		return
+	}
+	userlist := make([]ombiUser, len(users))
+	i := 0
+	for _, u := range users {
+		userlist[i] = ombiUser{
+			Name: u.Name(),
+			ID:   strconv.FormatInt(u.ID, 10),
+		}
+		i++
+	}
+	gc.JSON(200, ombiUsersDTO{Users: userlist})
+}
+
+// @Summary Store Jellyseerr user template in an existing profile.
+// @Produce json
+// @Param id path string true "Jellyseerr ID of user to source from"
+// @Param profile path string true "Name of profile to store in"
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /profiles/jellyseerr/{profile}/{id} [post]
+// @Security Bearer
+// @tags Jellyseerr
+func (app *appContext) SetJellyseerrProfile(gc *gin.Context) {
+	jellyseerrID, err := strconv.ParseInt(gc.Param("id"), 10, 64)
+	if err != nil {
+		respondBool(400, false, gc)
+		return
+	}
+	escapedProfileName := gc.Param("profile")
+	profileName, _ := url.QueryUnescape(escapedProfileName)
+	profile, ok := app.storage.GetProfileKey(profileName)
+	if !ok {
+		respondBool(400, false, gc)
+		return
+	}
+	u, err := app.js.UserByID(jellyseerrID)
+	if err != nil {
+		app.err.Printf(lm.FailedGetUsers, lm.Jellyseerr, err)
+		respond(500, "Couldn't get user", gc)
+		return
+	}
+	profile.Jellyseerr.User = u.UserTemplate
+	n, err := app.js.GetNotificationPreferencesByID(jellyseerrID)
+	if err != nil {
+		app.err.Printf(lm.FailedGetJellyseerrNotificationPrefs, gc.Param("id"), err)
+		respond(500, "Couldn't get user notification prefs", gc)
+		return
+	}
+	profile.Jellyseerr.Notifications = n.NotificationsTemplate
+	profile.Jellyseerr.Enabled = true
+	app.storage.SetProfileKey(profileName, profile)
+	respondBool(204, true, gc)
+}
+
+// @Summary Remove jellyseerr user template from a profile.
+// @Produce json
+// @Param profile path string true "Name of profile to store in"
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /profiles/jellyseerr/{profile} [delete]
+// @Security Bearer
+// @tags Jellyseerr
+func (app *appContext) DeleteJellyseerrProfile(gc *gin.Context) {
+	escapedProfileName := gc.Param("profile")
+	profileName, _ := url.QueryUnescape(escapedProfileName)
+	profile, ok := app.storage.GetProfileKey(profileName)
+	if !ok {
+		respondBool(400, false, gc)
+		return
+	}
+	profile.Jellyseerr.Enabled = false
+	app.storage.SetProfileKey(profileName, profile)
+	respondBool(204, true, gc)
+}
+
+type JellyseerrWrapper struct {
+	*jellyseerr.Jellyseerr
+}
+
+func (js *JellyseerrWrapper) ImportUser(jellyfinID string, req newUserDTO, profile Profile) (err error, ok bool) {
+	// Gets existing user (not possible) or imports the given user.
+	_, err = js.MustGetUser(jellyfinID)
+	if err != nil {
+		return
+	}
+	ok = true
+	err = js.ApplyTemplateToUser(jellyfinID, profile.Jellyseerr.User)
+	if err != nil {
+		err = fmt.Errorf(lm.FailedApplyTemplate, "user", lm.Jellyseerr, jellyfinID, err)
+		return
+	}
+	err = js.ApplyNotificationsTemplateToUser(jellyfinID, profile.Jellyseerr.Notifications)
+	if err != nil {
+		err = fmt.Errorf(lm.FailedApplyTemplate, "notifications", lm.Jellyseerr, jellyfinID, err)
+		return
+	}
+	return
+}
+
+func (js *JellyseerrWrapper) AddContactMethods(jellyfinID string, req newUserDTO, discord *DiscordUser, telegram *TelegramUser) (err error) {
+	_, err = js.MustGetUser(jellyfinID)
+	if err != nil {
+		return
+	}
+	contactMethods := map[jellyseerr.NotificationsField]any{}
+	if emailEnabled {
+		err = js.ModifyMainUserSettings(jellyfinID, jellyseerr.MainUserSettings{Email: req.Email})
+		if err != nil {
+			// FIXME: This is a little ugly, considering all other errors are unformatted
+			err = fmt.Errorf(lm.FailedSetEmailAddress, lm.Jellyseerr, jellyfinID, err)
+			return
+		} else {
+			contactMethods[jellyseerr.FieldEmailEnabled] = req.EmailContact
+		}
+	}
+	if discordEnabled && discord != nil {
+		contactMethods[jellyseerr.FieldDiscord] = discord.ID
+		contactMethods[jellyseerr.FieldDiscordEnabled] = req.DiscordContact
+	}
+	if telegramEnabled && discord != nil {
+		contactMethods[jellyseerr.FieldTelegram] = telegram.ChatID
+		contactMethods[jellyseerr.FieldTelegramEnabled] = req.TelegramContact
+	}
+	if len(contactMethods) > 0 {
+		err = js.ModifyNotifications(jellyfinID, contactMethods)
+		if err != nil {
+			// app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+			return
+		}
+	}
+	return
+}
+
+func (js *JellyseerrWrapper) Name() string { return lm.Jellyseerr }
+
+func (js *JellyseerrWrapper) Enabled(app *appContext, profile *Profile) bool {
+	return profile != nil && profile.Jellyseerr.Enabled && app.config.Section("jellyseerr").Key("enabled").MustBool(false)
+}
--- a/api-messages.go
+++ b/api-messages.go
@@ -0,0 +1,803 @@
+package main
+
+import (
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/hrfee/jfa-go/jellyseerr"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/lithammer/shortuuid/v3"
+	"gopkg.in/ini.v1"
+)
+
+// @Summary Get a list of email names and IDs.
+// @Produce json
+// @Param lang query string false "Language for email titles."
+// @Success 200 {object} emailListDTO
+// @Router /config/emails [get]
+// @Security Bearer
+// @tags Configuration
+func (app *appContext) GetCustomContent(gc *gin.Context) {
+	lang := gc.Query("lang")
+	if _, ok := app.storage.lang.Email[lang]; !ok {
+		lang = app.storage.lang.chosenEmailLang
+	}
+	adminLang := lang
+	if _, ok := app.storage.lang.Admin[lang]; !ok {
+		adminLang = app.storage.lang.chosenAdminLang
+	}
+	list := emailListDTO{
+		"UserCreated":        {Name: app.storage.lang.Email[lang].UserCreated["name"], Enabled: app.storage.MustGetCustomContentKey("UserCreated").Enabled},
+		"InviteExpiry":       {Name: app.storage.lang.Email[lang].InviteExpiry["name"], Enabled: app.storage.MustGetCustomContentKey("InviteExpiry").Enabled},
+		"PasswordReset":      {Name: app.storage.lang.Email[lang].PasswordReset["name"], Enabled: app.storage.MustGetCustomContentKey("PasswordReset").Enabled},
+		"UserDeleted":        {Name: app.storage.lang.Email[lang].UserDeleted["name"], Enabled: app.storage.MustGetCustomContentKey("UserDeleted").Enabled},
+		"UserDisabled":       {Name: app.storage.lang.Email[lang].UserDisabled["name"], Enabled: app.storage.MustGetCustomContentKey("UserDisabled").Enabled},
+		"UserEnabled":        {Name: app.storage.lang.Email[lang].UserEnabled["name"], Enabled: app.storage.MustGetCustomContentKey("UserEnabled").Enabled},
+		"UserExpiryAdjusted": {Name: app.storage.lang.Email[lang].UserExpiryAdjusted["name"], Enabled: app.storage.MustGetCustomContentKey("UserExpiryAdjusted").Enabled},
+		"InviteEmail":        {Name: app.storage.lang.Email[lang].InviteEmail["name"], Enabled: app.storage.MustGetCustomContentKey("InviteEmail").Enabled},
+		"WelcomeEmail":       {Name: app.storage.lang.Email[lang].WelcomeEmail["name"], Enabled: app.storage.MustGetCustomContentKey("WelcomeEmail").Enabled},
+		"EmailConfirmation":  {Name: app.storage.lang.Email[lang].EmailConfirmation["name"], Enabled: app.storage.MustGetCustomContentKey("EmailConfirmation").Enabled},
+		"UserExpired":        {Name: app.storage.lang.Email[lang].UserExpired["name"], Enabled: app.storage.MustGetCustomContentKey("UserExpired").Enabled},
+		"UserLogin":          {Name: app.storage.lang.Admin[adminLang].Strings["userPageLogin"], Enabled: app.storage.MustGetCustomContentKey("UserLogin").Enabled},
+		"UserPage":           {Name: app.storage.lang.Admin[adminLang].Strings["userPagePage"], Enabled: app.storage.MustGetCustomContentKey("UserPage").Enabled},
+		"PostSignupCard":     {Name: app.storage.lang.Admin[adminLang].Strings["postSignupCard"], Enabled: app.storage.MustGetCustomContentKey("PostSignupCard").Enabled, Description: app.storage.lang.Admin[adminLang].Strings["postSignupCardDescription"]},
+	}
+
+	filter := gc.Query("filter")
+	if filter == "user" {
+		list = emailListDTO{"UserLogin": list["UserLogin"], "UserPage": list["UserPage"]}
+	} else {
+		delete(list, "UserLogin")
+		delete(list, "UserPage")
+	}
+
+	gc.JSON(200, list)
+}
+
+// @Summary Sets the corresponding custom content.
+// @Produce json
+// @Param CustomContent body CustomContent true "Content = email (in markdown)."
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param id path string true "ID of content"
+// @Router /config/emails/{id} [post]
+// @Security Bearer
+// @tags Configuration
+func (app *appContext) SetCustomMessage(gc *gin.Context) {
+	var req CustomContent
+	gc.BindJSON(&req)
+	id := gc.Param("id")
+	if req.Content == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	message, ok := app.storage.GetCustomContentKey(id)
+	if !ok {
+		respondBool(400, false, gc)
+		return
+	}
+	message.Content = req.Content
+	message.Enabled = true
+	app.storage.SetCustomContentKey(id, message)
+	respondBool(200, true, gc)
+}
+
+// @Summary Enable/Disable custom content.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param enable/disable path string true "enable/disable"
+// @Param id path string true "ID of email"
+// @Router /config/emails/{id}/state/{enable/disable} [post]
+// @Security Bearer
+// @tags Configuration
+func (app *appContext) SetCustomMessageState(gc *gin.Context) {
+	id := gc.Param("id")
+	s := gc.Param("state")
+	enabled := false
+	if s == "enable" {
+		enabled = true
+	} else if s != "disable" {
+		respondBool(400, false, gc)
+	}
+	message, ok := app.storage.GetCustomContentKey(id)
+	if !ok {
+		respondBool(400, false, gc)
+		return
+	}
+	message.Enabled = enabled
+	app.storage.SetCustomContentKey(id, message)
+	respondBool(200, true, gc)
+}
+
+// @Summary Returns the custom content/message (generating it if not set) and list of used variables in it.
+// @Produce json
+// @Success 200 {object} customEmailDTO
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param id path string true "ID of email"
+// @Router /config/emails/{id} [get]
+// @Security Bearer
+// @tags Configuration
+func (app *appContext) GetCustomMessageTemplate(gc *gin.Context) {
+	lang := app.storage.lang.chosenEmailLang
+	id := gc.Param("id")
+	var content string
+	var err error
+	var msg *Message
+	var variables []string
+	var conditionals []string
+	var values map[string]interface{}
+	username := app.storage.lang.Email[lang].Strings.get("username")
+	emailAddress := app.storage.lang.Email[lang].Strings.get("emailAddress")
+	customMessage, ok := app.storage.GetCustomContentKey(id)
+	if !ok && id != "Announcement" {
+		app.err.Printf(lm.FailedGetCustomMessage, id)
+		respondBool(400, false, gc)
+		return
+	}
+	if id == "WelcomeEmail" {
+		conditionals = []string{"{yourAccountWillExpire}"}
+		customMessage.Conditionals = conditionals
+	} else if id == "UserPage" {
+		variables = []string{"{username}"}
+		customMessage.Variables = variables
+	} else if id == "UserLogin" {
+		variables = []string{}
+		customMessage.Variables = variables
+	} else if id == "PostSignupCard" {
+		variables = []string{"{username}", "{myAccountURL}"}
+		customMessage.Variables = variables
+	}
+
+	content = customMessage.Content
+	noContent := content == ""
+	if !noContent {
+		variables = customMessage.Variables
+	}
+	switch id {
+	case "Announcement":
+		// Just send the email html
+		content = ""
+	case "UserCreated":
+		if noContent {
+			msg, err = app.email.constructCreated("", "", "", Invite{}, app, true)
+		}
+		values = app.email.createdValues("xxxxxx", username, emailAddress, Invite{}, app, false)
+	case "InviteExpiry":
+		if noContent {
+			msg, err = app.email.constructExpiry("", Invite{}, app, true)
+		}
+		values = app.email.expiryValues("xxxxxx", Invite{}, app, false)
+	case "PasswordReset":
+		if noContent {
+			msg, err = app.email.constructReset(PasswordReset{}, app, true)
+		}
+		values = app.email.resetValues(PasswordReset{Pin: "12-34-56", Username: username}, app, false)
+	case "UserDeleted":
+		if noContent {
+			msg, err = app.email.constructDeleted("", app, true)
+		}
+		values = app.email.deletedValues(app.storage.lang.Email[lang].Strings.get("reason"), app, false)
+	case "UserDisabled":
+		if noContent {
+			msg, err = app.email.constructDisabled("", app, true)
+		}
+		values = app.email.deletedValues(app.storage.lang.Email[lang].Strings.get("reason"), app, false)
+	case "UserEnabled":
+		if noContent {
+			msg, err = app.email.constructEnabled("", app, true)
+		}
+		values = app.email.deletedValues(app.storage.lang.Email[lang].Strings.get("reason"), app, false)
+	case "UserExpiryAdjusted":
+		if noContent {
+			msg, err = app.email.constructExpiryAdjusted("", time.Time{}, "", app, true)
+		}
+		values = app.email.expiryAdjustedValues(username, time.Now(), app.storage.lang.Email[lang].Strings.get("reason"), app, false, true)
+	case "InviteEmail":
+		if noContent {
+			msg, err = app.email.constructInvite("", Invite{}, app, true)
+		}
+		values = app.email.inviteValues("xxxxxx", Invite{}, app, false)
+	case "WelcomeEmail":
+		if noContent {
+			msg, err = app.email.constructWelcome("", time.Time{}, app, true)
+		}
+		values = app.email.welcomeValues(username, time.Now(), app, false, true)
+	case "EmailConfirmation":
+		if noContent {
+			msg, err = app.email.constructConfirmation("", "", "", app, true)
+		}
+		values = app.email.confirmationValues("xxxxxx", username, "xxxxxx", app, false)
+	case "UserExpired":
+		if noContent {
+			msg, err = app.email.constructUserExpired(app, true)
+		}
+		values = app.email.userExpiredValues(app, false)
+	case "UserLogin", "UserPage", "PostSignupCard":
+		values = map[string]interface{}{}
+	}
+	if err != nil {
+		respondBool(500, false, gc)
+		return
+	}
+	if noContent && id != "Announcement" && id != "UserPage" && id != "UserLogin" && id != "PostSignupCard" {
+		content = msg.Text
+		variables = make([]string, strings.Count(content, "{"))
+		i := 0
+		found := false
+		buf := ""
+		for _, c := range content {
+			if !found && c != '{' && c != '}' {
+				continue
+			}
+			found = true
+			buf += string(c)
+			if c == '}' {
+				found = false
+				variables[i] = buf
+				buf = ""
+				i++
+			}
+		}
+		customMessage.Variables = variables
+	}
+	if variables == nil {
+		variables = []string{}
+	}
+	app.storage.SetCustomContentKey(id, customMessage)
+	var mail *Message
+	if id != "UserLogin" && id != "UserPage" && id != "PostSignupCard" {
+		mail, err = app.email.constructTemplate("", "<div class=\"preview-content\"></div>", app)
+		if err != nil {
+			respondBool(500, false, gc)
+			return
+		}
+	} else if id == "PostSignupCard" {
+		// Jankiness follows.
+		// Source content from "Success Message" setting.
+		if noContent {
+			content = "# " + app.storage.lang.User[app.storage.lang.chosenUserLang].Strings.get("successHeader") + "\n" + app.config.Section("ui").Key("success_message").String()
+			if app.config.Section("user_page").Key("enabled").MustBool(false) {
+				content += "\n\n<br>\n" + app.storage.lang.User[app.storage.lang.chosenUserLang].Strings.template("userPageSuccessMessage", tmpl{
+					"myAccount": "[" + app.storage.lang.User[app.storage.lang.chosenUserLang].Strings.get("myAccount") + "]({myAccountURL})",
+				})
+			}
+		}
+		mail = &Message{
+			HTML: "<div class=\"card ~neutral dark:~d_neutral @low\"><div class=\"preview-content\"></div><br><button class=\"button ~urge dark:~d_urge @low full-width center supra submit\">" + app.storage.lang.User[app.storage.lang.chosenUserLang].Strings.get("continue") + "</a></div>",
+		}
+		mail.Markdown = mail.HTML
+	} else {
+		mail = &Message{
+			HTML: "<div class=\"card ~neutral dark:~d_neutral @low preview-content\"></div>",
+		}
+		mail.Markdown = mail.HTML
+	}
+	gc.JSON(200, customEmailDTO{Content: content, Variables: variables, Conditionals: conditionals, Values: values, HTML: mail.HTML, Plaintext: mail.Text})
+}
+
+// @Summary Returns a new Telegram verification PIN, and the bot username.
+// @Produce json
+// @Success 200 {object} telegramPinDTO
+// @Router /telegram/pin [get]
+// @Security Bearer
+// @tags Other
+func (app *appContext) TelegramGetPin(gc *gin.Context) {
+	gc.JSON(200, telegramPinDTO{
+		Token:    app.telegram.NewAuthToken(),
+		Username: app.telegram.username,
+	})
+}
+
+// @Summary Link a Jellyfin & Telegram user together via a verification PIN.
+// @Produce json
+// @Param telegramSetDTO body telegramSetDTO true "Token and user's Jellyfin ID."
+// @Success 200 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Router /users/telegram [post]
+// @Security Bearer
+// @tags Other
+func (app *appContext) TelegramAddUser(gc *gin.Context) {
+	var req telegramSetDTO
+	gc.BindJSON(&req)
+	if req.Token == "" || req.ID == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	tgToken, ok := app.telegram.TokenVerified(req.Token)
+	app.telegram.DeleteVerifiedToken(req.Token)
+	if !ok {
+		respondBool(500, false, gc)
+		return
+	}
+	tgUser := TelegramUser{
+		ChatID:   tgToken.ChatID,
+		Username: tgToken.Username,
+		Contact:  true,
+	}
+	if lang, ok := app.telegram.languages[tgToken.ChatID]; ok {
+		tgUser.Lang = lang
+	}
+	app.storage.SetTelegramKey(req.ID, tgUser)
+
+	if err := app.js.ModifyNotifications(gc.GetString("jfId"), map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldTelegram:        tgUser.ChatID,
+		jellyseerr.FieldTelegramEnabled: tgUser.Contact,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	linkExistingOmbiDiscordTelegram(app)
+	respondBool(200, true, gc)
+}
+
+// @Summary Sets whether to notify a user through telegram/discord/matrix/email or not.
+// @Produce json
+// @Param SetContactMethodsDTO body SetContactMethodsDTO true "User's Jellyfin ID and whether or not to notify then through Telegram."
+// @Success 200 {object} boolResponse
+// @Success 400 {object} boolResponse
+// @Success 500 {object} boolResponse
+// @Router /users/contact [post]
+// @Security Bearer
+// @tags Other
+func (app *appContext) SetContactMethods(gc *gin.Context) {
+	var req SetContactMethodsDTO
+	gc.BindJSON(&req)
+	if req.ID == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	app.setContactMethods(req, gc)
+}
+
+func (app *appContext) setContactMethods(req SetContactMethodsDTO, gc *gin.Context) {
+	jsPrefs := map[jellyseerr.NotificationsField]any{}
+	if tgUser, ok := app.storage.GetTelegramKey(req.ID); ok {
+		change := tgUser.Contact != req.Telegram
+		tgUser.Contact = req.Telegram
+		app.storage.SetTelegramKey(req.ID, tgUser)
+		if change {
+			app.debug.Printf(lm.SetContactPrefForService, lm.Telegram, tgUser.Username, req.Telegram)
+			jsPrefs[jellyseerr.FieldTelegramEnabled] = req.Telegram
+		}
+	}
+	if dcUser, ok := app.storage.GetDiscordKey(req.ID); ok {
+		change := dcUser.Contact != req.Discord
+		dcUser.Contact = req.Discord
+		app.storage.SetDiscordKey(req.ID, dcUser)
+		if change {
+			app.debug.Printf(lm.SetContactPrefForService, lm.Discord, dcUser.Username, req.Discord)
+			jsPrefs[jellyseerr.FieldDiscordEnabled] = req.Discord
+		}
+	}
+	if mxUser, ok := app.storage.GetMatrixKey(req.ID); ok {
+		change := mxUser.Contact != req.Matrix
+		mxUser.Contact = req.Matrix
+		app.storage.SetMatrixKey(req.ID, mxUser)
+		if change {
+			app.debug.Printf(lm.SetContactPrefForService, lm.Matrix, mxUser.UserID, req.Matrix)
+		}
+	}
+	if email, ok := app.storage.GetEmailsKey(req.ID); ok {
+		change := email.Contact != req.Email
+		email.Contact = req.Email
+		app.storage.SetEmailsKey(req.ID, email)
+		if change {
+			app.debug.Printf(lm.SetContactPrefForService, lm.Email, email.Addr, req.Email)
+			jsPrefs[jellyseerr.FieldEmailEnabled] = req.Email
+		}
+	}
+	if app.config.Section("jellyseerr").Key("enabled").MustBool(false) {
+		err := app.js.ModifyNotifications(req.ID, jsPrefs)
+		if err != nil {
+			app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+		}
+	}
+	respondBool(200, true, gc)
+}
+
+// @Summary Returns true/false on whether or not a telegram PIN was verified. Requires bearer auth.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Param pin path string true "PIN code to check"
+// @Router /telegram/verified/{pin} [get]
+// @Security Bearer
+// @tags Other
+func (app *appContext) TelegramVerified(gc *gin.Context) {
+	pin := gc.Param("pin")
+	_, ok := app.telegram.TokenVerified(pin)
+	respondBool(200, ok, gc)
+}
+
+// @Summary Returns true/false on whether or not a telegram PIN was verified. Requires invite code. NOTE: "/invite" might have been changed in Settings > URL Paths.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Success 401 {object} boolResponse
+// @Param pin path string true "PIN code to check"
+// @Param invCode path string true "invite Code"
+// @Router /invite/{invCode}/telegram/verified/{pin} [get]
+// @tags Other
+func (app *appContext) TelegramVerifiedInvite(gc *gin.Context) {
+	code := gc.Param("invCode")
+	if _, ok := app.storage.GetInvitesKey(code); !ok {
+		respondBool(401, false, gc)
+		return
+	}
+	pin := gc.Param("pin")
+	token, ok := app.telegram.TokenVerified(pin)
+	if ok && app.config.Section("telegram").Key("require_unique").MustBool(false) && app.telegram.UserExists(token.Username) {
+		app.discord.DeleteVerifiedToken(pin)
+		respondBool(400, false, gc)
+		return
+	}
+	respondBool(200, ok, gc)
+}
+
+// @Summary Returns true/false on whether or not a discord PIN was verified. Requires invite code. NOTE: "/invite" might have been changed in Settings > URL Paths.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Param pin path string true "PIN code to check"
+// @Param invCode path string true "invite Code"
+// @Router /invite/{invCode}/discord/verified/{pin} [get]
+// @tags Other
+func (app *appContext) DiscordVerifiedInvite(gc *gin.Context) {
+	code := gc.Param("invCode")
+	if _, ok := app.storage.GetInvitesKey(code); !ok {
+		respondBool(401, false, gc)
+		return
+	}
+	pin := gc.Param("pin")
+	user, ok := app.discord.UserVerified(pin)
+	if ok && app.config.Section("discord").Key("require_unique").MustBool(false) && app.discord.UserExists(user.MethodID().(string)) {
+		delete(app.discord.verifiedTokens, pin)
+		respondBool(400, false, gc)
+		return
+	}
+	respondBool(200, ok, gc)
+}
+
+// @Summary Returns a 10-minute, one-use Discord server invite. NOTE: "/invite" might have been changed in Settings > URL Paths.
+// @Produce json
+// @Success 200 {object} DiscordInviteDTO
+// @Failure 400 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param invCode path string true "invite Code"
+// @Router /invite/{invCode}/discord/invite [get]
+// @tags Other
+func (app *appContext) DiscordServerInvite(gc *gin.Context) {
+	if app.discord.InviteChannel.Name == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	code := gc.Param("invCode")
+	if _, ok := app.storage.GetInvitesKey(code); !ok {
+		respondBool(401, false, gc)
+		return
+	}
+	invURL, iconURL := app.discord.NewTempInvite(10*60, 1)
+	if invURL == "" {
+		respondBool(500, false, gc)
+		return
+	}
+	gc.JSON(200, DiscordInviteDTO{invURL, iconURL})
+}
+
+// @Summary Generate and send a new PIN to a specified Matrix user. NOTE: "/invite" might have been changed in Settings > URL Paths.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} stringResponse
+// @Failure 401 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param invCode path string true "invite Code"
+// @Param MatrixSendPINDTO body MatrixSendPINDTO true "User's Matrix ID."
+// @Router /invite/{invCode}/matrix/user [post]
+// @tags Other
+func (app *appContext) MatrixSendPIN(gc *gin.Context) {
+	code := gc.Param("invCode")
+	if _, ok := app.storage.GetInvitesKey(code); !ok {
+		respondBool(401, false, gc)
+		return
+	}
+	var req MatrixSendPINDTO
+	gc.BindJSON(&req)
+	if req.UserID == "" {
+		respond(400, "errorNoUserID", gc)
+		return
+	}
+	if app.config.Section("matrix").Key("require_unique").MustBool(false) {
+		for _, u := range app.storage.GetMatrix() {
+			if req.UserID == u.UserID {
+				respondBool(400, false, gc)
+				return
+			}
+		}
+	}
+
+	ok := app.matrix.SendStart(req.UserID)
+	if !ok {
+		respondBool(500, false, gc)
+		return
+	}
+	respondBool(200, true, gc)
+}
+
+// @Summary Check whether a matrix PIN is valid, and mark the token as verified if so. Requires invite code. NOTE: "/invite" might have been changed in Settings > URL Paths.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Param pin path string true "PIN code to check"
+// @Param invCode path string true "invite Code"
+// @Param userID path string true "Matrix User ID"
+// @Router /invite/{invCode}/matrix/verified/{userID}/{pin} [get]
+// @tags Other
+func (app *appContext) MatrixCheckPIN(gc *gin.Context) {
+	code := gc.Param("invCode")
+	if _, ok := app.storage.GetInvitesKey(code); !ok {
+		app.debug.Printf(lm.InvalidInviteCode, code)
+		respondBool(401, false, gc)
+		return
+	}
+	userID := gc.Param("userID")
+	pin := gc.Param("pin")
+	user, ok := app.matrix.tokens[pin]
+	if !ok {
+		app.debug.Printf(lm.InvalidPIN, pin)
+		respondBool(200, false, gc)
+		return
+	}
+	if user.User.UserID != userID {
+		app.debug.Printf(lm.UnauthorizedPIN, pin)
+		respondBool(200, false, gc)
+		return
+	}
+	user.Verified = true
+	app.matrix.tokens[pin] = user
+	respondBool(200, true, gc)
+}
+
+// @Summary Generates a Matrix access token from a username and password.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} stringResponse
+// @Failure 401 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param MatrixLoginDTO body MatrixLoginDTO true "Username & password."
+// @Router /matrix/login [post]
+// @Security Bearer
+// @tags Other
+func (app *appContext) MatrixLogin(gc *gin.Context) {
+	var req MatrixLoginDTO
+	gc.BindJSON(&req)
+	if req.Username == "" || req.Password == "" {
+		respond(400, "errorLoginBlank", gc)
+		return
+	}
+	token, err := app.matrix.generateAccessToken(req.Homeserver, req.Username, req.Password)
+	if err != nil {
+		app.err.Printf(lm.FailedGenerateToken, err)
+		respond(401, "Unauthorized", gc)
+		return
+	}
+	tempConfig, _ := ini.ShadowLoad(app.configPath)
+	matrix := tempConfig.Section("matrix")
+	matrix.Key("enabled").SetValue("true")
+	matrix.Key("homeserver").SetValue(req.Homeserver)
+	matrix.Key("token").SetValue(token)
+	matrix.Key("user_id").SetValue(req.Username)
+	if err := tempConfig.SaveTo(app.configPath); err != nil {
+		app.err.Printf(lm.FailedWriting, app.configPath, err)
+		respondBool(500, false, gc)
+		return
+	}
+	respondBool(200, true, gc)
+}
+
+// @Summary Links a Matrix user to a Jellyfin account via user IDs. Notifications are turned on by default.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param MatrixConnectUserDTO body MatrixConnectUserDTO true "User's Jellyfin ID & Matrix user ID."
+// @Router /users/matrix [post]
+// @Security Bearer
+// @tags Other
+func (app *appContext) MatrixConnect(gc *gin.Context) {
+	var req MatrixConnectUserDTO
+	gc.BindJSON(&req)
+	if app.storage.GetMatrix() == nil {
+		app.storage.deprecatedMatrix = matrixStore{}
+	}
+	roomID, err := app.matrix.CreateRoom(req.UserID)
+	if err != nil {
+		app.err.Printf(lm.FailedCreateRoom, err)
+		respondBool(500, false, gc)
+		return
+	}
+	app.storage.SetMatrixKey(req.JellyfinID, MatrixUser{
+		UserID:  req.UserID,
+		RoomID:  string(roomID),
+		Lang:    "en-us",
+		Contact: true,
+	})
+	respondBool(200, true, gc)
+}
+
+// @Summary Returns a list of matching users from a Discord guild, given a username (discriminator optional).
+// @Produce json
+// @Success 200 {object} DiscordUsersDTO
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param username path string true "username to search."
+// @Router /users/discord/{username} [get]
+// @Security Bearer
+// @tags Other
+func (app *appContext) DiscordGetUsers(gc *gin.Context) {
+	name := gc.Param("username")
+	if name == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	users := app.discord.GetUsers(name)
+	resp := DiscordUsersDTO{Users: make([]DiscordUserDTO, len(users))}
+	for i, u := range users {
+		resp.Users[i] = DiscordUserDTO{
+			Name:      RenderDiscordUsername(u.User),
+			ID:        u.User.ID,
+			AvatarURL: u.User.AvatarURL("32"),
+		}
+	}
+	gc.JSON(200, resp)
+}
+
+// @Summary Links a Discord account to a Jellyfin account via user IDs. Notifications are turned on by default.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param DiscordConnectUserDTO body DiscordConnectUserDTO true "User's Jellyfin ID & Discord ID."
+// @Router /users/discord [post]
+// @Security Bearer
+// @tags Other
+func (app *appContext) DiscordConnect(gc *gin.Context) {
+	var req DiscordConnectUserDTO
+	gc.BindJSON(&req)
+	if req.JellyfinID == "" || req.DiscordID == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	user, ok := app.discord.NewUser(req.DiscordID)
+	if !ok {
+		respondBool(500, false, gc)
+		return
+	}
+
+	app.storage.SetDiscordKey(req.JellyfinID, user)
+
+	if err := app.js.ModifyNotifications(req.JellyfinID, map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldDiscord:        req.DiscordID,
+		jellyseerr.FieldDiscordEnabled: true,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactLinked,
+		UserID:     req.JellyfinID,
+		SourceType: ActivityAdmin,
+		Source:     gc.GetString("jfId"),
+		Value:      "discord",
+		Time:       time.Now(),
+	}, gc, false)
+
+	linkExistingOmbiDiscordTelegram(app)
+	respondBool(200, true, gc)
+}
+
+// @Summary unlink a Discord account from a Jellyfin user. Always succeeds.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Param forUserDTO body forUserDTO true "User's Jellyfin ID."
+// @Router /users/discord [delete]
+// @Security Bearer
+// @Tags Users
+func (app *appContext) UnlinkDiscord(gc *gin.Context) {
+	var req forUserDTO
+	gc.BindJSON(&req)
+	/* user, status, err := app.jf.UserByID(req.ID, false)
+	if req.ID == "" || status != 200 || err != nil {
+		respond(400, "User not found", gc)
+		return
+	} */
+	app.storage.DeleteDiscordKey(req.ID)
+
+	// May not actually remove Discord ID, but should disable interaction.
+	if err := app.js.ModifyNotifications(gc.GetString("jfId"), map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldDiscord:        jellyseerr.BogusIdentifier,
+		jellyseerr.FieldDiscordEnabled: false,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactUnlinked,
+		UserID:     req.ID,
+		SourceType: ActivityAdmin,
+		Source:     gc.GetString("jfId"),
+		Value:      "discord",
+		Time:       time.Now(),
+	}, gc, false)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary unlink a Telegram account from a Jellyfin user. Always succeeds.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Param forUserDTO body forUserDTO true "User's Jellyfin ID."
+// @Router /users/telegram [delete]
+// @Security Bearer
+// @Tags Users
+func (app *appContext) UnlinkTelegram(gc *gin.Context) {
+	var req forUserDTO
+	gc.BindJSON(&req)
+	/* user, status, err := app.jf.UserByID(req.ID, false)
+	if req.ID == "" || status != 200 || err != nil {
+		respond(400, "User not found", gc)
+		return
+	} */
+	app.storage.DeleteTelegramKey(req.ID)
+
+	if err := app.js.ModifyNotifications(gc.GetString("jfId"), map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldTelegram:        jellyseerr.BogusIdentifier,
+		jellyseerr.FieldTelegramEnabled: false,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactUnlinked,
+		UserID:     req.ID,
+		SourceType: ActivityAdmin,
+		Source:     gc.GetString("jfId"),
+		Value:      "telegram",
+		Time:       time.Now(),
+	}, gc, false)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary unlink a Matrix account from a Jellyfin user. Always succeeds.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Param forUserDTO body forUserDTO true "User's Jellyfin ID."
+// @Router /users/matrix [delete]
+// @Security Bearer
+// @Tags Users
+func (app *appContext) UnlinkMatrix(gc *gin.Context) {
+	var req forUserDTO
+	gc.BindJSON(&req)
+	/* user, status, err := app.jf.UserByID(req.ID, false)
+	if req.ID == "" || status != 200 || err != nil {
+		respond(400, "User not found", gc)
+		return
+	} */
+	app.storage.DeleteMatrixKey(req.ID)
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactUnlinked,
+		UserID:     req.ID,
+		SourceType: ActivityAdmin,
+		Source:     gc.GetString("jfId"),
+		Value:      "matrix",
+		Time:       time.Now(),
+	}, gc, false)
+
+	respondBool(200, true, gc)
+}
--- a/api-ombi.go
+++ b/api-ombi.go
@@ -0,0 +1,223 @@
+package main
+
+import (
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/hrfee/jfa-go/common"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/hrfee/jfa-go/ombi"
+	"github.com/hrfee/mediabrowser"
+)
+
+func (app *appContext) getOmbiUser(jfID string) (map[string]interface{}, error) {
+	jfUser, err := app.jf.UserByID(jfID, false)
+	if err != nil {
+		return nil, err
+	}
+	username := jfUser.Name
+	email := ""
+	if e, ok := app.storage.GetEmailsKey(jfID); ok {
+		email = e.Addr
+	}
+	user, err := app.ombi.getUser(username, email)
+	return user, err
+}
+
+func (ombi *OmbiWrapper) getUser(username string, email string) (map[string]interface{}, error) {
+	ombiUsers, err := ombi.GetUsers()
+	if err != nil {
+		return nil, err
+	}
+	for _, ombiUser := range ombiUsers {
+		ombiAddr := ""
+		if a, ok := ombiUser["emailAddress"]; ok && a != nil {
+			ombiAddr = a.(string)
+		}
+		if ombiUser["userName"].(string) == username || (ombiAddr == email && email != "") {
+			return ombiUser, err
+		}
+	}
+	// Gets a generic "not found" type error
+	return nil, common.GenericErr(404, err)
+}
+
+// Returns a user with the given name who has been imported from Jellyfin/Emby by Ombi
+func (ombi *OmbiWrapper) getImportedUser(name string) (map[string]interface{}, error) {
+	// Ombi User Types: 3/4 = Emby, 5 = Jellyfin
+	ombiUsers, err := ombi.GetUsers()
+	if err != nil {
+		return nil, err
+	}
+	for _, ombiUser := range ombiUsers {
+		if ombiUser["userName"].(string) == name {
+			uType, ok := ombiUser["userType"].(int)
+			if !ok { // Don't know if Ombi somehow allows duplicate usernames
+				continue
+			}
+			if serverType == mediabrowser.JellyfinServer && uType != 5 { // Jellyfin
+				continue
+			} else if uType != 3 && uType != 4 { // Emby
+				continue
+			}
+			return ombiUser, err
+		}
+	}
+	// Gets a generic "not found" type error
+	return nil, common.GenericErr(404, err)
+}
+
+// @Summary Get a list of Ombi users.
+// @Produce json
+// @Success 200 {object} ombiUsersDTO
+// @Failure 500 {object} stringResponse
+// @Router /ombi/users [get]
+// @Security Bearer
+// @tags Ombi
+func (app *appContext) OmbiUsers(gc *gin.Context) {
+	users, err := app.ombi.GetUsers()
+	if err != nil {
+		app.err.Printf(lm.FailedGetUsers, lm.Ombi, err)
+		respond(500, "Couldn't get users", gc)
+		return
+	}
+	userlist := make([]ombiUser, len(users))
+	for i, data := range users {
+		userlist[i] = ombiUser{
+			Name: data["userName"].(string),
+			ID:   data["id"].(string),
+		}
+	}
+	gc.JSON(200, ombiUsersDTO{Users: userlist})
+}
+
+// @Summary Store Ombi user template in an existing profile.
+// @Produce json
+// @Param ombiUser body ombiUser true "User to source settings from"
+// @Param profile path string true "Name of profile to store in"
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /profiles/ombi/{profile} [post]
+// @Security Bearer
+// @tags Ombi
+func (app *appContext) SetOmbiProfile(gc *gin.Context) {
+	var req ombiUser
+	gc.BindJSON(&req)
+	escapedProfileName := gc.Param("profile")
+	profileName, _ := url.QueryUnescape(escapedProfileName)
+	profile, ok := app.storage.GetProfileKey(profileName)
+	if !ok {
+		respondBool(400, false, gc)
+		return
+	}
+	template, err := app.ombi.TemplateByID(req.ID)
+	if err != nil || len(template) == 0 {
+		app.err.Printf(lm.FailedGetUsers, lm.Ombi, err)
+		respond(500, "Couldn't get user", gc)
+		return
+	}
+	profile.Ombi = template
+	app.storage.SetProfileKey(profileName, profile)
+	respondBool(204, true, gc)
+}
+
+// @Summary Remove ombi user template from a profile.
+// @Produce json
+// @Param profile path string true "Name of profile to store in"
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /profiles/ombi/{profile} [delete]
+// @Security Bearer
+// @tags Ombi
+func (app *appContext) DeleteOmbiProfile(gc *gin.Context) {
+	escapedProfileName := gc.Param("profile")
+	profileName, _ := url.QueryUnescape(escapedProfileName)
+	profile, ok := app.storage.GetProfileKey(profileName)
+	if !ok {
+		respondBool(400, false, gc)
+		return
+	}
+	profile.Ombi = nil
+	app.storage.SetProfileKey(profileName, profile)
+	respondBool(204, true, gc)
+}
+
+type OmbiWrapper struct {
+	*ombi.Ombi
+}
+
+func (ombi *OmbiWrapper) applyProfile(user map[string]interface{}, profile map[string]interface{}) (err error) {
+	for k, v := range profile {
+		switch v.(type) {
+		case map[string]interface{}, []interface{}:
+			user[k] = v
+		default:
+			if v != user[k] {
+				user[k] = v
+			}
+		}
+	}
+	err = ombi.ModifyUser(user)
+	return
+}
+
+func (ombi *OmbiWrapper) ImportUser(jellyfinID string, req newUserDTO, profile Profile) (err error, ok bool) {
+	errors, err := ombi.NewUser(req.Username, req.Password, req.Email, profile.Ombi)
+	var ombiUser map[string]interface{}
+	if err != nil {
+		// Check if on the off chance, Ombi's user importer has already added the account.
+		ombiUser, err = ombi.getImportedUser(req.Username)
+		if err == nil {
+			// app.info.Println(lm.Ombi + " " + lm.UserExists)
+			profile.Ombi["password"] = req.Password
+			err = ombi.applyProfile(ombiUser, profile.Ombi)
+			if err != nil {
+				err = fmt.Errorf(lm.FailedApplyProfile, lm.Ombi, req.Username, err)
+			}
+		} else {
+			if len(errors) != 0 {
+				err = fmt.Errorf("%v, %s", err, strings.Join(errors, ", "))
+			}
+			return
+		}
+	}
+	ok = true
+	return
+}
+
+func (ombi *OmbiWrapper) AddContactMethods(jellyfinID string, req newUserDTO, discord *DiscordUser, telegram *TelegramUser) (err error) {
+	var ombiUser map[string]interface{}
+	ombiUser, err = ombi.getUser(req.Username, req.Email)
+	if err != nil {
+		return
+	}
+	if discordEnabled || telegramEnabled {
+		dID := ""
+		tUser := ""
+		if discord != nil {
+			dID = discord.ID
+		}
+		if telegram != nil {
+			tUser = telegram.Username
+		}
+		var resp string
+		resp, err = ombi.SetNotificationPrefs(ombiUser, dID, tUser)
+		if err != nil {
+			if resp != "" {
+				err = fmt.Errorf("%v, %s", err, resp)
+			}
+			return
+		}
+	}
+	return
+}
+
+func (ombi *OmbiWrapper) Name() string { return lm.Ombi }
+
+func (ombi *OmbiWrapper) Enabled(app *appContext, profile *Profile) bool {
+	return profile != nil && profile.Ombi != nil && len(profile.Ombi) != 0 && app.config.Section("ombi").Key("enabled").MustBool(false)
+}
--- a/api-profiles.go
+++ b/api-profiles.go
@@ -0,0 +1,231 @@
+package main
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/timshannon/badgerhold/v4"
+)
+
+// @Summary Get the names of all available profile.
+// @Produce json
+// @Success 200 {object} getProfileNamesDTO
+// @Router /profiles/names [get]
+// @Security Bearer
+// @tags Profiles & Settings
+func (app *appContext) GetProfileNames(gc *gin.Context) {
+	fullProfileList := app.storage.GetProfiles()
+	profiles := make([]string, len(fullProfileList))
+	if len(profiles) != 0 {
+		defaultProfile := app.storage.GetDefaultProfile()
+		profiles[0] = defaultProfile.Name
+		i := 1
+		if len(fullProfileList) > 1 {
+			app.storage.db.ForEach(badgerhold.Where("Name").Ne(profiles[0]), func(p *Profile) error {
+				profiles[i] = p.Name
+				i++
+				return nil
+			})
+		}
+	}
+	resp := getProfileNamesDTO{
+		Profiles: profiles,
+	}
+	gc.JSON(200, resp)
+}
+
+// @Summary Get all available profiles, indexed by their names.
+// @Produce json
+// @Success 200 {object} getProfilesDTO
+// @Router /profiles [get]
+// @Security Bearer
+// @tags Profiles & Settings
+func (app *appContext) GetProfiles(gc *gin.Context) {
+	out := getProfilesDTO{
+		DefaultProfile: app.storage.GetDefaultProfile().Name,
+		Profiles:       map[string]profileDTO{},
+	}
+	referralsEnabled := app.config.Section("user_page").Key("referrals").MustBool(false)
+	baseInv := Invite{}
+	for _, p := range app.storage.GetProfiles() {
+		pdto := profileDTO{
+			Admin:            p.Admin,
+			LibraryAccess:    p.LibraryAccess,
+			FromUser:         p.FromUser,
+			Ombi:             p.Ombi != nil,
+			Jellyseerr:       p.Jellyseerr.Enabled,
+			ReferralsEnabled: false,
+		}
+		if referralsEnabled {
+			err := app.storage.db.Get(p.ReferralTemplateKey, &baseInv)
+			if p.ReferralTemplateKey != "" && err == nil {
+				pdto.ReferralsEnabled = true
+			}
+		}
+		out.Profiles[p.Name] = pdto
+	}
+	gc.JSON(200, out)
+}
+
+// @Summary Set the default profile to use.
+// @Produce json
+// @Param profileChangeDTO body profileChangeDTO true "Default profile object"
+// @Success 200 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /profiles/default [post]
+// @Security Bearer
+// @tags Profiles & Settings
+func (app *appContext) SetDefaultProfile(gc *gin.Context) {
+	req := profileChangeDTO{}
+	gc.BindJSON(&req)
+	app.info.Printf(lm.SetDefaultProfile, req.Name)
+	if _, ok := app.storage.GetProfileKey(req.Name); !ok {
+		msg := fmt.Sprintf(lm.FailedGetProfile, req.Name)
+		app.err.Println(msg)
+		respond(500, msg, gc)
+		return
+	}
+	app.storage.db.ForEach(&badgerhold.Query{}, func(profile *Profile) error {
+		if profile.Name == req.Name {
+			profile.Default = true
+		} else {
+			profile.Default = false
+		}
+		app.storage.SetProfileKey(profile.Name, *profile)
+		return nil
+	})
+	respondBool(200, true, gc)
+}
+
+// @Summary Create a profile based on a Jellyfin user's settings.
+// @Produce json
+// @Param newProfileDTO body newProfileDTO true "New profile object"
+// @Success 200 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /profiles [post]
+// @Security Bearer
+// @tags Profiles & Settings
+func (app *appContext) CreateProfile(gc *gin.Context) {
+	var req newProfileDTO
+	gc.BindJSON(&req)
+	app.jf.CacheExpiry = time.Now()
+	user, err := app.jf.UserByID(req.ID, false)
+	if err != nil {
+		app.err.Printf(lm.FailedGetUsers, lm.Jellyfin, err)
+		respond(500, "Couldn't get user", gc)
+		return
+	}
+	profile := Profile{
+		FromUser:   user.Name,
+		Policy:     user.Policy,
+		Homescreen: req.Homescreen,
+	}
+	app.debug.Printf(lm.CreateProfileFromUser, user.Name)
+	if req.Homescreen {
+		profile.Configuration = user.Configuration
+		profile.Displayprefs, err = app.jf.GetDisplayPreferences(req.ID)
+		if err != nil {
+			app.err.Printf(lm.FailedGetJellyfinDisplayPrefs, req.ID, err)
+			respond(500, "Couldn't get displayprefs", gc)
+			return
+		}
+	}
+	app.storage.SetProfileKey(req.Name, profile)
+	// Refresh discord bots, profile list
+	if discordEnabled {
+		app.discord.UpdateCommands()
+	}
+	respondBool(200, true, gc)
+}
+
+// @Summary Delete an existing profile
+// @Produce json
+// @Param profileChangeDTO body profileChangeDTO true "Delete profile object"
+// @Success 200 {object} boolResponse
+// @Router /profiles [delete]
+// @Security Bearer
+// @tags Profiles & Settings
+func (app *appContext) DeleteProfile(gc *gin.Context) {
+	req := profileChangeDTO{}
+	gc.BindJSON(&req)
+	name := req.Name
+	app.storage.DeleteProfileKey(name)
+	respondBool(200, true, gc)
+}
+
+// @Summary Enable referrals for a profile, sourced from the given invite by its code.
+// @Produce json
+// @Param profile path string true "name of profile to enable referrals for."
+// @Param invite path string true "invite code to create referral template from."
+// @Param useExpiry path string true "with-expiry or none."
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} stringResponse
+// @Failure 500 {object} stringResponse
+// @Router /profiles/referral/{profile}/{invite}/{useExpiry} [post]
+// @Security Bearer
+// @tags Profiles & Settings
+func (app *appContext) EnableReferralForProfile(gc *gin.Context) {
+	profileName := gc.Param("profile")
+	invCode := gc.Param("invite")
+	useExpiry := gc.Param("useExpiry") == "with-expiry"
+	inv, ok := app.storage.GetInvitesKey(invCode)
+	if !ok {
+		respond(400, "Invalid invite code", gc)
+		app.err.Printf(lm.InvalidInviteCode, invCode)
+		return
+	}
+	profile, ok := app.storage.GetProfileKey(profileName)
+	if !ok {
+		respond(400, "Invalid profile", gc)
+		app.err.Printf(lm.FailedGetProfile, profileName)
+		return
+	}
+
+	// Generate new code for referral template
+	inv.Code = GenerateInviteCode()
+	expiryDelta := inv.ValidTill.Sub(inv.Created)
+	inv.Created = time.Now()
+	if useExpiry {
+		inv.ValidTill = inv.Created.Add(expiryDelta)
+	} else {
+		inv.ValidTill = inv.Created.Add(REFERRAL_EXPIRY_DAYS * 24 * time.Hour)
+	}
+	inv.IsReferral = true
+	inv.UseReferralExpiry = useExpiry
+	// Since this is a template for multiple users, ReferrerJellyfinID is not set.
+	// inv.ReferrerJellyfinID = ...
+
+	app.storage.SetInvitesKey(inv.Code, inv)
+
+	profile.ReferralTemplateKey = inv.Code
+
+	app.storage.SetProfileKey(profile.Name, profile)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary Disable referrals for a profile, and removes the referral template. no-op if not enabled.
+// @Produce json
+// @Param profile path string true "name of profile to enable referrals for."
+// @Success 200 {object} boolResponse
+// @Router /profiles/referral/{profile} [delete]
+// @Security Bearer
+// @tags Profiles & Settings
+func (app *appContext) DisableReferralForProfile(gc *gin.Context) {
+	profileName := gc.Param("profile")
+	profile, ok := app.storage.GetProfileKey(profileName)
+	if !ok {
+		respondBool(200, true, gc)
+		return
+	}
+
+	app.storage.DeleteInvitesKey(profile.ReferralTemplateKey)
+
+	profile.ReferralTemplateKey = ""
+
+	app.storage.SetProfileKey(profileName, profile)
+
+	respondBool(200, true, gc)
+}
--- a/api-userpage.go
+++ b/api-userpage.go
@@ -0,0 +1,806 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt"
+	"github.com/hrfee/jfa-go/jellyseerr"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/lithammer/shortuuid/v3"
+	"github.com/timshannon/badgerhold/v4"
+)
+
+const (
+	REFERRAL_EXPIRY_DAYS = 90
+)
+
+// @Summary Returns the logged-in user's Jellyfin ID & Username, and other details.
+// @Produce json
+// @Success 200 {object} MyDetailsDTO
+// @Router /my/details [get]
+// @tags User Page
+func (app *appContext) MyDetails(gc *gin.Context) {
+	resp := MyDetailsDTO{
+		Id: gc.GetString("jfId"),
+	}
+
+	user, err := app.jf.UserByID(resp.Id, false)
+	if err != nil {
+		app.err.Printf(lm.FailedGetUsers, lm.Jellyfin, err)
+		respond(500, "Failed to get user", gc)
+		return
+	}
+	resp.Username = user.Name
+	resp.Admin = user.Policy.IsAdministrator
+	resp.AccountsAdmin = false
+	if !app.config.Section("ui").Key("allow_all").MustBool(false) {
+		adminOnly := app.config.Section("ui").Key("admin_only").MustBool(true)
+		if emailStore, ok := app.storage.GetEmailsKey(resp.Id); ok {
+			resp.AccountsAdmin = emailStore.Admin
+		}
+		resp.AccountsAdmin = resp.AccountsAdmin || (adminOnly && resp.Admin)
+	}
+	resp.Disabled = user.Policy.IsDisabled
+
+	if exp, ok := app.storage.GetUserExpiryKey(user.ID); ok {
+		resp.Expiry = exp.Expiry.Unix()
+	}
+
+	if emailEnabled {
+		resp.Email = &MyDetailsContactMethodsDTO{}
+		if email, ok := app.storage.GetEmailsKey(user.ID); ok && email.Addr != "" {
+			resp.Email.Value = email.Addr
+			resp.Email.Enabled = email.Contact
+		}
+	}
+
+	if discordEnabled {
+		resp.Discord = &MyDetailsContactMethodsDTO{}
+		if discord, ok := app.storage.GetDiscordKey(user.ID); ok {
+			resp.Discord.Value = RenderDiscordUsername(discord)
+			resp.Discord.Enabled = discord.Contact
+		}
+	}
+
+	if telegramEnabled {
+		resp.Telegram = &MyDetailsContactMethodsDTO{}
+		if telegram, ok := app.storage.GetTelegramKey(user.ID); ok {
+			resp.Telegram.Value = telegram.Username
+			resp.Telegram.Enabled = telegram.Contact
+		}
+	}
+
+	if matrixEnabled {
+		resp.Matrix = &MyDetailsContactMethodsDTO{}
+		if matrix, ok := app.storage.GetMatrixKey(user.ID); ok {
+			resp.Matrix.Value = matrix.UserID
+			resp.Matrix.Enabled = matrix.Contact
+		}
+	}
+
+	if app.config.Section("user_page").Key("referrals").MustBool(false) {
+		// 1. Look for existing template bound to this Jellyfin ID
+		//    If one exists, that means its just for us and so we
+		//    can use it directly.
+		inv := Invite{}
+		err := app.storage.db.FindOne(&inv, badgerhold.Where("ReferrerJellyfinID").Eq(resp.Id))
+		if err == nil {
+			resp.HasReferrals = true
+		} else {
+			// 2. Look for a template matching the key found in the user storage
+			//    Since this key is shared between users in a profile, we make a copy.
+			user, ok := app.storage.GetEmailsKey(gc.GetString("jfId"))
+			err = app.storage.db.Get(user.ReferralTemplateKey, &inv)
+			if ok && err == nil {
+				resp.HasReferrals = true
+			}
+		}
+	}
+
+	gc.JSON(200, resp)
+}
+
+// @Summary Sets whether to notify yourself through telegram/discord/matrix/email or not.
+// @Produce json
+// @Param SetContactMethodsDTO body SetContactMethodsDTO true "User's Jellyfin ID and whether or not to notify then through Telegram."
+// @Success 200 {object} boolResponse
+// @Success 400 {object} boolResponse
+// @Success 500 {object} boolResponse
+// @Router /my/contact [post]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) SetMyContactMethods(gc *gin.Context) {
+	var req SetContactMethodsDTO
+	gc.BindJSON(&req)
+	req.ID = gc.GetString("jfId")
+	if req.ID == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	app.setContactMethods(req, gc)
+}
+
+// @Summary Logout by deleting refresh token from cookies.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 500 {object} stringResponse
+// @Router /my/logout [post]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) LogoutUser(gc *gin.Context) {
+	cookie, err := gc.Cookie("user-refresh")
+	if err != nil {
+		msg := fmt.Sprintf(lm.FailedGetCookies, "user-refresh", err)
+		app.debug.Println(msg)
+		respond(500, msg, gc)
+		return
+	}
+	app.invalidTokens = append(app.invalidTokens, cookie)
+	gc.SetCookie("refresh", "invalid", -1, "/my", gc.Request.URL.Hostname(), true, true)
+	respondBool(200, true, gc)
+}
+
+// @Summary confirm an action (e.g. changing an email address.)
+// @Produce json
+// @Param jwt path string true "jwt confirmation code"
+// @Router /my/confirm/{jwt} [post]
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} stringResponse
+// @Failure 404
+// @Success 303
+// @Failure 500 {object} stringResponse
+// @tags User Page
+func (app *appContext) ConfirmMyAction(gc *gin.Context) {
+	app.confirmMyAction(gc, "")
+}
+
+func (app *appContext) confirmMyAction(gc *gin.Context, key string) {
+	var claims jwt.MapClaims
+	var target ConfirmationTarget
+	var id string
+	fail := func() {
+		app.gcHTML(gc, 404, "404.html", OtherPage, gin.H{
+			"contactMessage": app.config.Section("ui").Key("contact_message").String(),
+		})
+	}
+
+	// Validate key
+	if key == "" {
+		key = gc.Param("jwt")
+	}
+	token, err := jwt.Parse(key, checkToken)
+	if err != nil {
+		app.err.Printf(lm.FailedParseJWT, err)
+		fail()
+		// respond(500, "unknownError", gc)
+		return
+	}
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		app.err.Println(lm.FailedCastJWT)
+		fail()
+		// respond(500, "unknownError", gc)
+		return
+	}
+	expiry := time.Unix(int64(claims["exp"].(float64)), 0)
+	if !(ok && token.Valid && claims["type"].(string) == "confirmation" && expiry.After(time.Now())) {
+		app.err.Println(lm.InvalidJWT)
+		fail()
+		// respond(400, "invalidKey", gc)
+		return
+	}
+	target = ConfirmationTarget(int(claims["target"].(float64)))
+	id = claims["id"].(string)
+
+	// Perform an Action
+	if target == NoOp {
+		gc.Redirect(http.StatusSeeOther, PAGES.MyAccount)
+		return
+	} else if target == UserEmailChange {
+		app.modifyEmail(id, claims["email"].(string))
+
+		app.storage.SetActivityKey(shortuuid.New(), Activity{
+			Type:       ActivityContactLinked,
+			UserID:     gc.GetString("jfId"),
+			SourceType: ActivityUser,
+			Source:     gc.GetString("jfId"),
+			Value:      "email",
+			Time:       time.Now(),
+		}, gc, true)
+
+		app.info.Printf(lm.UserEmailAdjusted, gc.GetString("jfId"))
+		gc.Redirect(http.StatusSeeOther, PAGES.MyAccount)
+		return
+	}
+}
+
+// @Summary Modify your email address.
+// @Produce json
+// @Param ModifyMyEmailDTO body ModifyMyEmailDTO true "New email address."
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} stringResponse
+// @Failure 401 {object} stringResponse
+// @Failure 500 {object} stringResponse
+// @Router /my/email [post]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) ModifyMyEmail(gc *gin.Context) {
+	var req ModifyMyEmailDTO
+	gc.BindJSON(&req)
+	if !strings.ContainsRune(req.Email, '@') {
+		respond(400, "Invalid Email Address", gc)
+		return
+	}
+	id := gc.GetString("jfId")
+
+	// We'll use the ConfirmMyAction route to do the work, even if we don't need to confirm the address.
+	claims := jwt.MapClaims{
+		"valid":  true,
+		"id":     id,
+		"email":  req.Email,
+		"type":   "confirmation",
+		"target": UserEmailChange,
+		"exp":    time.Now().Add(time.Hour).Unix(),
+	}
+	tk := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	key, err := tk.SignedString([]byte(os.Getenv("JFA_SECRET")))
+
+	if err != nil {
+		app.err.Printf(lm.FailedSignJWT, err)
+		respond(500, "errorUnknown", gc)
+		return
+	}
+
+	if emailEnabled && app.config.Section("email_confirmation").Key("enabled").MustBool(false) {
+		user, err := app.jf.UserByID(id, false)
+		name := ""
+		if err == nil {
+			name = user.Name
+		}
+		app.debug.Printf(lm.EmailConfirmationRequired, id)
+		respond(401, "confirmEmail", gc)
+		msg, err := app.email.constructConfirmation("", name, key, app, false)
+		if err != nil {
+			app.err.Printf(lm.FailedConstructConfirmationEmail, id, err)
+		} else if err := app.email.send(msg, req.Email); err != nil {
+			app.err.Printf(lm.FailedSendConfirmationEmail, id, req.Email, err)
+		} else {
+			app.err.Printf(lm.SentConfirmationEmail, id, req.Email)
+		}
+		return
+	}
+
+	app.confirmMyAction(gc, key)
+	return
+}
+
+// @Summary Returns a 10-minute, one-use Discord server invite
+// @Produce json
+// @Success 200 {object} DiscordInviteDTO
+// @Failure 400 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param invCode path string true "invite Code"
+// @Router /my/discord/invite [get]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) MyDiscordServerInvite(gc *gin.Context) {
+	if app.discord.InviteChannel.Name == "" {
+		respondBool(400, false, gc)
+		return
+	}
+	invURL, iconURL := app.discord.NewTempInvite(10*60, 1)
+	if invURL == "" {
+		respondBool(500, false, gc)
+		return
+	}
+	gc.JSON(200, DiscordInviteDTO{invURL, iconURL})
+}
+
+// @Summary Returns a linking PIN for discord/telegram
+// @Produce json
+// @Success 200 {object} GetMyPINDTO
+// @Failure 400 {object} stringResponse
+// Param service path string true "discord/telegram"
+// @Router /my/pin/{service} [get]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) GetMyPIN(gc *gin.Context) {
+	service := gc.Param("service")
+	resp := GetMyPINDTO{}
+	switch service {
+	case "discord":
+		resp.PIN = app.discord.NewAssignedAuthToken(gc.GetString("jfId"))
+		break
+	case "telegram":
+		resp.PIN = app.telegram.NewAssignedAuthToken(gc.GetString("jfId"))
+		break
+	default:
+		respond(400, "invalid service", gc)
+		return
+	}
+	gc.JSON(200, resp)
+}
+
+// @Summary Returns true/false on whether or not your discord PIN was verified, and assigns the discord user to you.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Param pin path string true "PIN code to check"
+// @Router /my/discord/verified/{pin} [get]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) MyDiscordVerifiedInvite(gc *gin.Context) {
+	pin := gc.Param("pin")
+	dcUser, ok := app.discord.AssignedUserVerified(pin, gc.GetString("jfId"))
+	app.discord.DeleteVerifiedToken(pin)
+	if !ok {
+		respondBool(200, false, gc)
+		return
+	}
+	if app.config.Section("discord").Key("require_unique").MustBool(false) && app.discord.UserExists(dcUser.ID) {
+		respondBool(400, false, gc)
+		return
+	}
+	existingUser, ok := app.storage.GetDiscordKey(gc.GetString("jfId"))
+	if ok {
+		dcUser.Lang = existingUser.Lang
+		dcUser.Contact = existingUser.Contact
+	}
+	app.storage.SetDiscordKey(gc.GetString("jfId"), dcUser)
+
+	if err := app.js.ModifyNotifications(gc.GetString("jfId"), map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldDiscord:        dcUser.ID,
+		jellyseerr.FieldDiscordEnabled: dcUser.Contact,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactLinked,
+		UserID:     gc.GetString("jfId"),
+		SourceType: ActivityUser,
+		Source:     gc.GetString("jfId"),
+		Value:      "discord",
+		Time:       time.Now(),
+	}, gc, true)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary Returns true/false on whether or not your telegram PIN was verified, and assigns the telegram user to you.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Param pin path string true "PIN code to check"
+// @Router /my/telegram/verified/{pin} [get]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) MyTelegramVerifiedInvite(gc *gin.Context) {
+	pin := gc.Param("pin")
+	token, ok := app.telegram.AssignedTokenVerified(pin, gc.GetString("jfId"))
+	app.telegram.DeleteVerifiedToken(pin)
+	if !ok {
+		respondBool(200, false, gc)
+		return
+	}
+	if app.config.Section("telegram").Key("require_unique").MustBool(false) && app.telegram.UserExists(token.Username) {
+		respondBool(400, false, gc)
+		return
+	}
+	tgUser := TelegramUser{
+		ChatID:   token.ChatID,
+		Username: token.Username,
+		Contact:  true,
+	}
+	if lang, ok := app.telegram.languages[tgUser.ChatID]; ok {
+		tgUser.Lang = lang
+	}
+
+	existingUser, ok := app.storage.GetTelegramKey(gc.GetString("jfId"))
+	if ok {
+		tgUser.Lang = existingUser.Lang
+		tgUser.Contact = existingUser.Contact
+	}
+	app.storage.SetTelegramKey(gc.GetString("jfId"), tgUser)
+
+	if err := app.js.ModifyNotifications(gc.GetString("jfId"), map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldTelegram:        tgUser.ChatID,
+		jellyseerr.FieldTelegramEnabled: tgUser.Contact,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactLinked,
+		UserID:     gc.GetString("jfId"),
+		SourceType: ActivityUser,
+		Source:     gc.GetString("jfId"),
+		Value:      "telegram",
+		Time:       time.Now(),
+	}, gc, true)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary Generate and send a new PIN to your given matrix user.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 400 {object} stringResponse
+// @Failure 401 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Param MatrixSendPINDTO body MatrixSendPINDTO true "User's Matrix ID."
+// @Router /my/matrix/user [post]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) MatrixSendMyPIN(gc *gin.Context) {
+	var req MatrixSendPINDTO
+	gc.BindJSON(&req)
+	if req.UserID == "" {
+		respond(400, "errorNoUserID", gc)
+		return
+	}
+	if app.config.Section("matrix").Key("require_unique").MustBool(false) {
+		for _, u := range app.storage.GetMatrix() {
+			if req.UserID == u.UserID {
+				respondBool(400, false, gc)
+				return
+			}
+		}
+	}
+
+	ok := app.matrix.SendStart(req.UserID)
+	if !ok {
+		respondBool(500, false, gc)
+		return
+	}
+	respondBool(200, true, gc)
+}
+
+// @Summary Check whether your matrix PIN is valid, and link the account to yours if so.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Param pin path string true "PIN code to check"
+// @Param invCode path string true "invite Code"
+// @Param userID path string true "Matrix User ID"
+// @Router /my/matrix/verified/{userID}/{pin} [get]
+// @Security Bearer
+// @tags User Page
+func (app *appContext) MatrixCheckMyPIN(gc *gin.Context) {
+	userID := gc.Param("userID")
+	pin := gc.Param("pin")
+	user, ok := app.matrix.tokens[pin]
+	if !ok {
+		app.debug.Printf(lm.InvalidPIN, pin)
+		respondBool(200, false, gc)
+		return
+	}
+	if user.User.UserID != userID {
+		app.debug.Printf(lm.UnauthorizedPIN, pin)
+		respondBool(200, false, gc)
+		return
+	}
+
+	mxUser := *user.User
+	mxUser.Contact = true
+	existingUser, ok := app.storage.GetMatrixKey(gc.GetString("jfId"))
+	if ok {
+		mxUser.Lang = existingUser.Lang
+		mxUser.Contact = existingUser.Contact
+	}
+
+	app.storage.SetMatrixKey(gc.GetString("jfId"), mxUser)
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactLinked,
+		UserID:     gc.GetString("jfId"),
+		SourceType: ActivityUser,
+		Source:     gc.GetString("jfId"),
+		Value:      "matrix",
+		Time:       time.Now(),
+	}, gc, true)
+
+	delete(app.matrix.tokens, pin)
+	respondBool(200, true, gc)
+}
+
+// @Summary unlink the Discord account from your Jellyfin user. Always succeeds.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Router /my/discord [delete]
+// @Security Bearer
+// @Tags User Page
+func (app *appContext) UnlinkMyDiscord(gc *gin.Context) {
+	app.storage.DeleteDiscordKey(gc.GetString("jfId"))
+
+	if err := app.js.ModifyNotifications(gc.GetString("jfId"), map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldDiscord:        jellyseerr.BogusIdentifier,
+		jellyseerr.FieldDiscordEnabled: false,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactUnlinked,
+		UserID:     gc.GetString("jfId"),
+		SourceType: ActivityUser,
+		Source:     gc.GetString("jfId"),
+		Value:      "discord",
+		Time:       time.Now(),
+	}, gc, true)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary unlink the Telegram account from your Jellyfin user. Always succeeds.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Router /my/telegram [delete]
+// @Security Bearer
+// @Tags User Page
+func (app *appContext) UnlinkMyTelegram(gc *gin.Context) {
+	app.storage.DeleteTelegramKey(gc.GetString("jfId"))
+
+	if err := app.js.ModifyNotifications(gc.GetString("jfId"), map[jellyseerr.NotificationsField]any{
+		jellyseerr.FieldTelegram:        jellyseerr.BogusIdentifier,
+		jellyseerr.FieldTelegramEnabled: false,
+	}); err != nil {
+		app.err.Printf(lm.FailedSyncContactMethods, lm.Jellyseerr, err)
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactUnlinked,
+		UserID:     gc.GetString("jfId"),
+		SourceType: ActivityUser,
+		Source:     gc.GetString("jfId"),
+		Value:      "telegram",
+		Time:       time.Now(),
+	}, gc, true)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary unlink the Matrix account from your Jellyfin user. Always succeeds.
+// @Produce json
+// @Success 200 {object} boolResponse
+// @Router /my/matrix [delete]
+// @Security Bearer
+// @Tags User Page
+func (app *appContext) UnlinkMyMatrix(gc *gin.Context) {
+	app.storage.DeleteMatrixKey(gc.GetString("jfId"))
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityContactUnlinked,
+		UserID:     gc.GetString("jfId"),
+		SourceType: ActivityUser,
+		Source:     gc.GetString("jfId"),
+		Value:      "matrix",
+		Time:       time.Now(),
+	}, gc, true)
+
+	respondBool(200, true, gc)
+}
+
+// @Summary Generate & send a password reset link if the given username/email/contact method exists. Doesn't give you any info about it's success.
+// @Produce json
+// @Param address path string true "address/contact method associated w/ your account."
+// @Success 204 {object} boolResponse
+// @Failure 400 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Router /my/password/reset/{address} [post]
+// @Tags User Page
+func (app *appContext) ResetMyPassword(gc *gin.Context) {
+	// All requests should take 1 second, to make it harder to tell if a success occured or not.
+	timerWait := make(chan bool)
+	cancel := time.AfterFunc(1*time.Second, func() {
+		timerWait <- true
+	})
+	usernameAllowed := app.config.Section("user_page").Key("allow_pwr_username").MustBool(true)
+	emailAllowed := app.config.Section("user_page").Key("allow_pwr_email").MustBool(true)
+	contactMethodAllowed := app.config.Section("user_page").Key("allow_pwr_contact_method").MustBool(true)
+	address := gc.Param("address")
+	if address == "" {
+		cancel.Stop()
+		respondBool(400, false, gc)
+		return
+	}
+	var pwr InternalPWR
+	var err error
+
+	jfUser, ok := app.ReverseUserSearch(address, usernameAllowed, emailAllowed, contactMethodAllowed)
+	if !ok {
+		app.debug.Printf(lm.FailedGetUsers, lm.Jellyfin, "no results")
+
+		for range timerWait {
+			respondBool(204, true, gc)
+			return
+		}
+		return
+	}
+	pwr, err = app.GenInternalReset(jfUser.ID)
+	if err != nil {
+		app.err.Printf(lm.FailedGetUsers, lm.Jellyfin, err)
+		for range timerWait {
+			respondBool(204, true, gc)
+			return
+		}
+		return
+	}
+	if app.internalPWRs == nil {
+		app.internalPWRs = map[string]InternalPWR{}
+	}
+	app.internalPWRs[pwr.PIN] = pwr
+	// FIXME: Send to all contact methods
+	msg, err := app.email.constructReset(
+		PasswordReset{
+			Pin:      pwr.PIN,
+			Username: pwr.Username,
+			Expiry:   pwr.Expiry,
+			Internal: true,
+		}, app, false,
+	)
+	if err != nil {
+		app.err.Printf(lm.FailedConstructPWRMessage, pwr.Username, err)
+		for range timerWait {
+			respondBool(204, true, gc)
+			return
+		}
+		return
+	} else if err := app.sendByID(msg, jfUser.ID); err != nil {
+		app.err.Printf(lm.FailedSendPWRMessage, pwr.Username, "?", err)
+	} else {
+		app.info.Printf(lm.SentPWRMessage, pwr.Username, "?")
+	}
+	for range timerWait {
+		respondBool(204, true, gc)
+		return
+	}
+}
+
+// @Summary Change your password, given the old one and the new one.
+// @Produce json
+// @Param ChangeMyPasswordDTO body ChangeMyPasswordDTO true "User's old & new passwords."
+// @Success 204 {object} boolResponse
+// @Failure 400 {object} PasswordValidation
+// @Failure 401 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Router /my/password [post]
+// @Security Bearer
+// @Tags User Page
+func (app *appContext) ChangeMyPassword(gc *gin.Context) {
+	var req ChangeMyPasswordDTO
+	gc.BindJSON(&req)
+	if req.Old == "" || req.New == "" {
+		respondBool(400, false, gc)
+	}
+	validation := app.validator.validate(req.New)
+	for _, val := range validation {
+		if !val {
+			gc.JSON(400, validation)
+			return
+		}
+	}
+	user, err := app.jf.UserByID(gc.GetString("jfId"), false)
+	if err != nil {
+		app.err.Printf(lm.FailedGetUser, gc.GetString("jfId"), lm.Jellyfin, err)
+		respondBool(500, false, gc)
+		return
+	}
+	// Authenticate as user to confirm old password.
+	user, err = app.authJf.Authenticate(user.Name, req.Old)
+	if err != nil {
+		respondBool(401, false, gc)
+		return
+	}
+	err = app.jf.SetPassword(gc.GetString("jfId"), req.Old, req.New)
+	if err != nil {
+		respondBool(500, false, gc)
+		return
+	}
+
+	app.storage.SetActivityKey(shortuuid.New(), Activity{
+		Type:       ActivityChangePassword,
+		UserID:     user.ID,
+		SourceType: ActivityUser,
+		Source:     user.ID,
+		Time:       time.Now(),
+	}, gc, true)
+
+	if app.config.Section("ombi").Key("enabled").MustBool(false) {
+		func() {
+			ombiUser, err := app.getOmbiUser(gc.GetString("jfId"))
+			if err != nil {
+				app.err.Printf(lm.FailedGetUser, user.Name, lm.Ombi, err)
+				return
+			}
+			ombiUser["password"] = req.New
+			err = app.ombi.ModifyUser(ombiUser)
+			if err != nil {
+				app.err.Printf(lm.FailedChangePassword, lm.Ombi, ombiUser["userName"], err)
+				return
+			}
+			app.debug.Printf(lm.ChangePassword, lm.Ombi, ombiUser["userName"])
+		}()
+	}
+	cookie, err := gc.Cookie("user-refresh")
+	if err == nil {
+		app.invalidTokens = append(app.invalidTokens, cookie)
+		gc.SetCookie("refresh", "invalid", -1, "/my", gc.Request.URL.Hostname(), true, true)
+	} else {
+		app.debug.Printf(lm.FailedGetCookies, "user-refresh", err)
+	}
+	respondBool(204, true, gc)
+}
+
+// @Summary Get or generate a new referral code.
+// @Produce json
+// @Success 200 {object} GetMyReferralRespDTO
+// @Failure 400 {object} boolResponse
+// @Failure 401 {object} boolResponse
+// @Failure 500 {object} boolResponse
+// @Router /my/referral [get]
+// @Security Bearer
+// @Tags User Page
+func (app *appContext) GetMyReferral(gc *gin.Context) {
+	// 1. Look for existing template bound to this Jellyfin ID
+	//    If one exists, that means its just for us and so we
+	//    can use it directly.
+	inv := Invite{}
+	err := app.storage.db.FindOne(&inv, badgerhold.Where("ReferrerJellyfinID").Eq(gc.GetString("jfId")))
+	if err != nil {
+		// 2. Look for a template matching the key found in the user storage
+		//    Since this key is shared between users in a profile, we make a copy.
+		user, ok := app.storage.GetEmailsKey(gc.GetString("jfId"))
+		err = app.storage.db.Get(user.ReferralTemplateKey, &inv)
+		if !ok || err != nil || user.ReferralTemplateKey == "" {
+			app.debug.Printf(lm.FailedGetReferralTemplate, user.ReferralTemplateKey, err)
+			respondBool(400, false, gc)
+			return
+		}
+		inv.Code = GenerateInviteCode()
+		expiryDelta := inv.ValidTill.Sub(inv.Created)
+		inv.Created = time.Now()
+		if inv.UseReferralExpiry {
+			inv.ValidTill = inv.Created.Add(expiryDelta)
+		} else {
+			inv.ValidTill = inv.Created.Add(REFERRAL_EXPIRY_DAYS * 24 * time.Hour)
+		}
+		inv.IsReferral = true
+		inv.ReferrerJellyfinID = gc.GetString("jfId")
+		app.storage.SetInvitesKey(inv.Code, inv)
+	} else if time.Now().After(inv.ValidTill) {
+		// 3. We found an invite for us, but it's expired.
+		//    We delete it from storage, and put it back with a fresh code and expiry.
+		//    If UseReferralExpiry is enabled, we delete it and return nothing.
+		app.storage.DeleteInvitesKey(inv.Code)
+		if inv.UseReferralExpiry {
+			app.debug.Printf(lm.DeleteOldReferral, inv.Code)
+			user, ok := app.storage.GetEmailsKey(gc.GetString("jfId"))
+			if ok {
+				user.ReferralTemplateKey = ""
+				app.storage.SetEmailsKey(gc.GetString("jfId"), user)
+			}
+			app.debug.Printf("Ignoring referral request, expired.")
+			respondBool(400, false, gc)
+			return
+		}
+		app.debug.Printf(lm.RenewOldReferral, inv.Code)
+		inv.Code = GenerateInviteCode()
+		inv.Created = time.Now()
+		inv.ValidTill = inv.Created.Add(REFERRAL_EXPIRY_DAYS * 24 * time.Hour)
+		app.storage.SetInvitesKey(inv.Code, inv)
+	}
+	gc.JSON(200, GetMyReferralRespDTO{
+		Code:          inv.Code,
+		RemainingUses: inv.RemainingUses,
+		NoLimit:       inv.NoLimit,
+		Expiry:        inv.ValidTill.Unix(),
+		UseExpiry:     inv.UseReferralExpiry,
+	})
+}
--- a/api-users.go
+++ b/api-users.go
--- a/api.go
+++ b/api.go
--- a/args.go
+++ b/args.go
@@ -23,6 +23,7 @@ func (app *appContext) loadArgs(firstCall bool) {
 		HOST = flag.String("host", "", "alternate address to host web ui on.")
 		PORT = flag.Int("port", 0, "alternate port to host web ui on.")
 		flag.IntVar(PORT, "p", 0, "SHORTHAND")
+		_LOADBAK = flag.String("restore", "", "path to database backup to restore.")
 		DEBUG = flag.Bool("debug", false, "Enables debug logging.")
 		PPROF = flag.Bool("pprof", false, "Exposes pprof profiler on /debug/pprof.")
 		SWAGGER = flag.Bool("swagger", false, "Enable swagger at /swagger/index.html")
@@ -41,6 +42,9 @@ func (app *appContext) loadArgs(firstCall bool) {
 		if *PPROF {
 			os.Setenv("PPROF", "1")
 		}
+		if *_LOADBAK != "" {
+			LOADBAK = *_LOADBAK
+		}
 	}

 	if os.Getenv("SWAGGER") == "1" {
@@ -75,18 +79,23 @@ func (app *appContext) loadArgs(firstCall bool) {
 	os.Setenv("JFA_DATAPATH", app.dataPath)
 }

-/* Adds start/stop/systemd to help message, and
+/*
+	Adds start/stop/systemd to help message, and
+
 also gets rid of usage for shorthand flags, and merge them with the full-length one.
 implementation is 🤢, will clean this up eventually.
+
 	-h SHORTHAND
 	-help
 		prints this message.
+
 becomes:
+
 	-help, -h
 		prints this message.
 */
 func helpFunc() {
-	fmt.Fprint(os.Stderr, `Usage of jfa-go:
+	fmt.Fprint(stderr, `Usage of jfa-go:
  start
 	start jfa-go as a daemon and run in the background.
  stop
@@ -99,7 +108,7 @@ func helpFunc() {
 	// Write defaults into buffer then remove any shorthands
 	flag.CommandLine.SetOutput(&b)
 	flag.PrintDefaults()
-	flag.CommandLine.SetOutput(os.Stderr)
+	flag.CommandLine.SetOutput(stderr)
 	scanner := bufio.NewScanner(&b)
 	out := ""
 	line := scanner.Text()
@@ -150,5 +159,5 @@ func helpFunc() {
 			lastLine = true
 		}
 	}
-	fmt.Fprint(os.Stderr, out)
+	fmt.Fprint(stderr, out)
 }
--- a/auth.go
+++ b/auth.go
@@ -2,38 +2,66 @@ package main

 import (
 	"encoding/base64"
+	"errors"
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
 	"time"

-	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/hrfee/mediabrowser"
 	"github.com/lithammer/shortuuid/v3"
 )

+const (
+	TOKEN_VALIDITY_SEC         = 20 * 60
+	REFRESH_TOKEN_VALIDITY_SEC = 3600 * 24
+)
+
+func (app *appContext) logIpInfo(gc *gin.Context, user bool, out string) {
+	if (user && LOGIPU) || (!user && LOGIP) {
+		out += fmt.Sprintf(" (ip=%s)", gc.ClientIP())
+	}
+	app.info.Println(out)
+}
+func (app *appContext) logIpDebug(gc *gin.Context, user bool, out string) {
+	if (user && LOGIPU) || (!user && LOGIP) {
+		out += fmt.Sprintf(" (ip=%s)", gc.ClientIP())
+	}
+	app.debug.Println(out)
+}
+func (app *appContext) logIpErr(gc *gin.Context, user bool, out string) {
+	if (user && LOGIPU) || (!user && LOGIP) {
+		out += fmt.Sprintf(" (ip=%s)", gc.ClientIP())
+	}
+	app.err.Println(out)
+}
+
 func (app *appContext) webAuth() gin.HandlerFunc {
 	return app.authenticate
 }

+func (app *appContext) authLog(v any) { app.debug.PrintfCustomLevel(4, lm.FailedAuthRequest, v) }
+
 // CreateToken returns a web token as well as a refresh token, which can be used to obtain new tokens.
-func CreateToken(userId, jfId string) (string, string, error) {
+func CreateToken(userId, jfId string, admin bool) (string, string, error) {
 	var token, refresh string
 	claims := jwt.MapClaims{
 		"valid": true,
 		"id":    userId,
-		"exp":   strconv.FormatInt(time.Now().Add(time.Minute*20).Unix(), 10),
+		"exp":   time.Now().Add(time.Second * TOKEN_VALIDITY_SEC).Unix(),
 		"jfid":  jfId,
+		"admin": admin,
 		"type":  "bearer",
 	}
-
 	tk := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	token, err := tk.SignedString([]byte(os.Getenv("JFA_SECRET")))
 	if err != nil {
 		return "", "", err
 	}
-	claims["exp"] = strconv.FormatInt(time.Now().Add(time.Hour*24).Unix(), 10)
+	claims["exp"] = time.Now().Add(time.Second * REFRESH_TOKEN_VALIDITY_SEC).Unix()
 	claims["type"] = "refresh"
 	tk = jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	refresh, err = tk.SignedString([]byte(os.Getenv("JFA_SECRET")))
@@ -43,50 +71,70 @@ func CreateToken(userId, jfId string) (string, string, error) {
 	return token, refresh, nil
 }

-// Check header for token
-func (app *appContext) authenticate(gc *gin.Context) {
+// Caller should return if this returns false.
+func (app *appContext) decodeValidateAuthHeader(gc *gin.Context) (claims jwt.MapClaims, ok bool) {
+	ok = false
 	header := strings.SplitN(gc.Request.Header.Get("Authorization"), " ", 2)
 	if header[0] != "Bearer" {
-		app.debug.Println("Invalid authorization header")
+		app.authLog(lm.InvalidAuthHeader)
 		respond(401, "Unauthorized", gc)
 		return
 	}
 	token, err := jwt.Parse(string(header[1]), checkToken)
 	if err != nil {
-		app.debug.Printf("Auth denied: %s", err)
+		app.authLog(fmt.Sprintf(lm.FailedParseJWT, err))
 		respond(401, "Unauthorized", gc)
 		return
 	}
-	claims, ok := token.Claims.(jwt.MapClaims)
-	expiryUnix, err := strconv.ParseInt(claims["exp"].(string), 10, 64)
-	if err != nil {
-		app.debug.Printf("Auth denied: %s", err)
+	claims, ok = token.Claims.(jwt.MapClaims)
+	if !ok {
+		app.authLog(lm.FailedCastJWT)
 		respond(401, "Unauthorized", gc)
 		return
 	}
+	expiryUnix := int64(claims["exp"].(float64))
 	expiry := time.Unix(expiryUnix, 0)
 	if !(ok && token.Valid && claims["type"].(string) == "bearer" && expiry.After(time.Now())) {
-		app.debug.Printf("Auth denied: Invalid token")
+		app.authLog(lm.InvalidJWT)
+		// app.debug.Printf("Expiry: %+v, OK: %t, Valid: %t, ClaimType: %s\n", expiry, ok, token.Valid, claims["type"].(string))
+		respond(401, "Unauthorized", gc)
+		ok = false
+		return
+	}
+	ok = true
+	return
+}
+
+// Check header for token
+func (app *appContext) authenticate(gc *gin.Context) {
+	claims, ok := app.decodeValidateAuthHeader(gc)
+	if !ok {
+		return
+	}
+	isAdminToken := claims["admin"].(bool)
+	if !isAdminToken {
+		app.authLog(lm.NonAdminToken)
 		respond(401, "Unauthorized", gc)
 		return
 	}
+
 	userID := claims["id"].(string)
 	jfID := claims["jfid"].(string)
 	match := false
-	for _, user := range app.users {
+	for _, user := range app.adminUsers {
 		if user.UserID == userID {
 			match = true
 			break
 		}
 	}
 	if !match {
-		app.debug.Printf("Couldn't find user ID \"%s\"", userID)
+		app.authLog(fmt.Sprintf(lm.NonAdminUser, userID))
 		respond(401, "Unauthorized", gc)
 		return
 	}
 	gc.Set("jfId", jfID)
 	gc.Set("userId", userID)
-	app.debug.Println("Auth succeeded")
+	gc.Set("userMode", false)
 	gc.Next()
 }

@@ -101,8 +149,45 @@ type getTokenDTO struct {
 	Token string `json:"token" example:"kjsdklsfdkljfsjsdfklsdfkldsfjdfskjsdfjklsdf"` // API token for use with everything else.
 }

+func (app *appContext) decodeValidateLoginHeader(gc *gin.Context, userpage bool) (username, password string, ok bool) {
+	header := strings.SplitN(gc.Request.Header.Get("Authorization"), " ", 2)
+	auth, _ := base64.StdEncoding.DecodeString(header[1])
+	creds := strings.SplitN(string(auth), ":", 2)
+	username = creds[0]
+	password = creds[1]
+	ok = false
+	if username == "" || password == "" {
+		app.logIpDebug(gc, userpage, fmt.Sprintf(lm.FailedAuthRequest, lm.EmptyUserOrPass))
+		respond(401, "Unauthorized", gc)
+		return
+	}
+	ok = true
+	return
+}
+
+func (app *appContext) validateJellyfinCredentials(username, password string, gc *gin.Context, userpage bool) (user mediabrowser.User, ok bool) {
+	ok = false
+	user, err := app.authJf.Authenticate(username, password)
+	if err != nil {
+		if errors.As(err, &mediabrowser.ErrUnauthorized{}) {
+			app.logIpInfo(gc, userpage, fmt.Sprintf(lm.FailedAuthRequest, lm.InvalidUserOrPass))
+			respond(401, "Unauthorized", gc)
+			return
+		} else if errors.As(err, &mediabrowser.ErrForbidden{}) {
+			app.logIpInfo(gc, userpage, fmt.Sprintf(lm.FailedAuthRequest, lm.UserDisabled))
+			respond(403, "yourAccountWasDisabled", gc)
+			return
+		}
+		app.authLog(fmt.Sprintf(lm.FailedAuthJellyfin, app.jf.Server, 0, err))
+		respond(500, "Jellyfin error", gc)
+		return
+	}
+	ok = true
+	return
+}
+
 // @Summary Grabs an API token using username & password.
-// @description Click the lock icon next to this, login with your normal jfa-go credentials. Click 'try it out', then 'execute' and an API Key will be returned, copy it (not including quotes). On any of the other routes, click the lock icon and set the API key as "Bearer `your api key`".
+// @description If viewing docs locally, click the lock icon next to this, login with your normal jfa-go credentials. Click 'try it out', then 'execute' and an API Key will be returned, copy it (not including quotes). On any of the other routes, click the lock icon and set the API key as "Bearer `your api key`".
 // @Produce json
 // @Success 200 {object} getTokenDTO
 // @Failure 401 {object} stringResponse
@@ -110,46 +195,40 @@ type getTokenDTO struct {
 // @tags Auth
 // @Security getTokenAuth
 func (app *appContext) getTokenLogin(gc *gin.Context) {
-	app.info.Println("Token requested (login attempt)")
-	header := strings.SplitN(gc.Request.Header.Get("Authorization"), " ", 2)
-	auth, _ := base64.StdEncoding.DecodeString(header[1])
-	creds := strings.SplitN(string(auth), ":", 2)
-	var userID, jfID string
-	if creds[0] == "" || creds[1] == "" {
-		app.debug.Println("Auth denied: blank username/password")
-		respond(401, "Unauthorized", gc)
+	app.logIpInfo(gc, false, fmt.Sprintf(lm.RequestingToken, lm.TokenLoginAttempt))
+	username, password, ok := app.decodeValidateLoginHeader(gc, false)
+	if !ok {
 		return
 	}
+	var userID, jfID string
 	match := false
-	for _, user := range app.users {
-		if user.Username == creds[0] && user.Password == creds[1] {
+	for _, user := range app.adminUsers {
+		if user.Username == username && user.Password == password {
 			match = true
-			app.debug.Println("Found existing user")
 			userID = user.UserID
 			break
 		}
 	}
 	if !app.jellyfinLogin && !match {
-		app.info.Println("Auth denied: Invalid username/password")
+		app.logIpInfo(gc, false, fmt.Sprintf(lm.FailedAuthRequest, lm.InvalidUserOrPass))
 		respond(401, "Unauthorized", gc)
 		return
 	}
 	if !match {
-		user, status, err := app.authJf.Authenticate(creds[0], creds[1])
-		if status != 200 || err != nil {
-			if status == 401 || status == 400 {
-				app.info.Println("Auth denied: Invalid username/password (Jellyfin)")
-				respond(401, "Unauthorized", gc)
-				return
-			}
-			app.err.Printf("Auth failed: Couldn't authenticate with Jellyfin (%d/%s)", status, err)
-			respond(500, "Jellyfin error", gc)
+		user, ok := app.validateJellyfinCredentials(username, password, gc, false)
+		if !ok {
 			return
 		}
 		jfID = user.ID
-		if app.config.Section("ui").Key("admin_only").MustBool(true) {
-			if !user.Policy.IsAdministrator {
-				app.debug.Printf("Auth denied: Users \"%s\" isn't admin", creds[0])
+		if !app.config.Section("ui").Key("allow_all").MustBool(false) {
+			accountsAdmin := false
+			adminOnly := app.config.Section("ui").Key("admin_only").MustBool(true)
+			if emailStore, ok := app.storage.GetEmailsKey(jfID); ok {
+				accountsAdmin = emailStore.Admin
+			}
+			accountsAdmin = accountsAdmin || (adminOnly && user.Policy.IsAdministrator)
+			if !accountsAdmin {
+				app.authLog(fmt.Sprintf(lm.NonAdminUser, username))
 				respond(401, "Unauthorized", gc)
 				return
 			}
@@ -159,19 +238,57 @@ func (app *appContext) getTokenLogin(gc *gin.Context) {
 		newUser := User{
 			UserID: userID,
 		}
-		app.debug.Printf("Token generated for user \"%s\"", creds[0])
-		app.users = append(app.users, newUser)
+		app.debug.Printf(lm.GenerateToken, username)
+		app.adminUsers = append(app.adminUsers, newUser)
 	}
-	token, refresh, err := CreateToken(userID, jfID)
+	token, refresh, err := CreateToken(userID, jfID, true)
 	if err != nil {
-		app.err.Printf("getToken failed: Couldn't generate token (%s)", err)
+		app.err.Printf(lm.FailedGenerateToken, err)
 		respond(500, "Couldn't generate token", gc)
 		return
 	}
-	gc.SetCookie("refresh", refresh, (3600 * 24), "/", gc.Request.URL.Hostname(), true, true)
+	// host := gc.Request.URL.Hostname()
+	host := app.ExternalDomain
+
+	// Before you think this is broken: the first "true" arg is for "secure", i.e. only HTTPS!
+	gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
 	gc.JSON(200, getTokenDTO{token})
 }

+func (app *appContext) decodeValidateRefreshCookie(gc *gin.Context, cookieName string) (claims jwt.MapClaims, ok bool) {
+	ok = false
+	cookie, err := gc.Cookie(cookieName)
+	if err != nil || cookie == "" {
+		app.authLog(fmt.Sprintf(lm.FailedGetCookies, cookieName, err))
+		respond(400, "Couldn't get token", gc)
+		return
+	}
+	for _, token := range app.invalidTokens {
+		if cookie == token {
+			app.authLog(lm.LocallyInvalidatedJWT)
+			respond(401, lm.InvalidJWT, gc)
+			return
+		}
+	}
+	token, err := jwt.Parse(cookie, checkToken)
+	if err != nil {
+		app.authLog(fmt.Sprintf(lm.FailedParseJWT, err))
+		respond(400, lm.InvalidJWT, gc)
+		return
+	}
+	claims, ok = token.Claims.(jwt.MapClaims)
+	expiryUnix := int64(claims["exp"].(float64))
+	expiry := time.Unix(expiryUnix, 0)
+	if !(ok && token.Valid && claims["type"].(string) == "refresh" && expiry.After(time.Now())) {
+		app.authLog(lm.InvalidJWT)
+		respond(401, lm.InvalidJWT, gc)
+		ok = false
+		return
+	}
+	ok = true
+	return
+}
+
 // @Summary Grabs an API token using a refresh token from cookies.
 // @Produce json
 // @Success 200 {object} getTokenDTO
@@ -179,47 +296,21 @@ func (app *appContext) getTokenLogin(gc *gin.Context) {
 // @Router /token/refresh [get]
 // @tags Auth
 func (app *appContext) getTokenRefresh(gc *gin.Context) {
-	app.debug.Println("Token requested (refresh token)")
-	cookie, err := gc.Cookie("refresh")
-	if err != nil || cookie == "" {
-		app.debug.Printf("getTokenRefresh denied: Couldn't get token: %s", err)
-		respond(400, "Couldn't get token", gc)
-		return
-	}
-	for _, token := range app.invalidTokens {
-		if cookie == token {
-			app.debug.Println("getTokenRefresh: Invalid token")
-			respond(401, "Invalid token", gc)
-			return
-		}
-	}
-	token, err := jwt.Parse(cookie, checkToken)
-	if err != nil {
-		app.debug.Println("getTokenRefresh: Invalid token")
-		respond(400, "Invalid token", gc)
-		return
-	}
-	claims, ok := token.Claims.(jwt.MapClaims)
-	expiryUnix, err := strconv.ParseInt(claims["exp"].(string), 10, 64)
-	if err != nil {
-		app.debug.Printf("getTokenRefresh: Invalid token expiry: %s", err)
-		respond(401, "Invalid token", gc)
-		return
-	}
-	expiry := time.Unix(expiryUnix, 0)
-	if !(ok && token.Valid && claims["type"].(string) == "refresh" && expiry.After(time.Now())) {
-		app.debug.Printf("getTokenRefresh: Invalid token: %s", err)
-		respond(401, "Invalid token", gc)
+	app.logIpInfo(gc, false, fmt.Sprintf(lm.RequestingToken, lm.TokenRefresh))
+	claims, ok := app.decodeValidateRefreshCookie(gc, "refresh")
+	if !ok {
 		return
 	}
 	userID := claims["id"].(string)
 	jfID := claims["jfid"].(string)
-	jwt, refresh, err := CreateToken(userID, jfID)
+	jwt, refresh, err := CreateToken(userID, jfID, true)
 	if err != nil {
-		app.err.Printf("getTokenRefresh failed: Couldn't generate token (%s)", err)
+		app.err.Printf(lm.FailedGenerateToken, err)
 		respond(500, "Couldn't generate token", gc)
 		return
 	}
-	gc.SetCookie("refresh", refresh, (3600 * 24), "/", gc.Request.URL.Hostname(), true, true)
+	// host := gc.Request.URL.Hostname()
+	host := app.ExternalDomain
+	gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true)
 	gc.JSON(200, getTokenDTO{jwt})
 }
--- a/autostart.go
+++ b/autostart.go
@@ -0,0 +1,69 @@
+// +build tray
+
+package main
+
+import (
+	"log"
+	"os"
+	"path/filepath"
+
+	"github.com/emersion/go-autostart"
+	"github.com/getlantern/systray"
+)
+
+type Autostart struct {
+	as       *autostart.App
+	enabled  bool
+	menuitem *systray.MenuItem
+	clicked  chan bool
+}
+
+func NewAutostart(name, displayname, trayName, trayTooltip string) *Autostart {
+	a := &Autostart{
+		as: &autostart.App{
+			Name:        name,
+			DisplayName: displayname,
+		},
+		enabled: true,
+		clicked: make(chan bool),
+	}
+	a.menuitem = systray.AddMenuItemCheckbox(trayName, trayTooltip, a.as.IsEnabled())
+	command := os.Args
+	command[0], _ = filepath.Abs(command[0])
+	// Make sure to replace any relative paths with absolute ones
+	pathArgs := []string{"-d", "-data", "-c", "-config"}
+	for i := 1; i < len(command); i++ {
+		isPath := false
+		for _, p := range pathArgs {
+			if command[i-1] == p {
+				isPath = true
+				break
+			}
+		}
+		if isPath {
+			command[i], _ = filepath.Abs(command[i])
+		}
+	}
+	a.as.Exec = command
+	return a
+}
+
+func (a *Autostart) HandleCheck() {
+	for range a.menuitem.ClickedCh {
+		if !a.menuitem.Checked() {
+			if err := a.as.Enable(); err != nil {
+				log.Printf("Failed to enable autostart on login: %v", err)
+			} else {
+				a.menuitem.Check()
+				log.Printf("Enabled autostart")
+			}
+		} else {
+			if err := a.as.Disable(); err != nil {
+				log.Printf("Failed to disable autostart on login: %v", err)
+			} else {
+				a.menuitem.Uncheck()
+				log.Printf("Disabled autostart")
+			}
+		}
+	}
+}
--- a/backups.go
+++ b/backups.go
@@ -0,0 +1,302 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	lm "github.com/hrfee/jfa-go/logmessages"
+)
+
+const (
+	BACKUP_PREFIX        = "jfa-go-db"
+	BACKUP_COMMIT_PREFIX = "-c-"
+	BACKUP_DATE_PREFIX   = "-d-"
+	BACKUP_UPLOAD_PREFIX = "upload-"
+	BACKUP_DATEFMT       = "2006-01-02T15-04-05"
+	BACKUP_SUFFIX        = ".bak"
+)
+
+type Backup struct {
+	Date   time.Time
+	Commit string
+	Upload bool
+}
+
+func (b Backup) IsZero() bool { return b.Date.IsZero() && b.Commit == "" && b.Upload == false }
+
+func (b Backup) Equals(a Backup) bool {
+	return a.Date.Equal(b.Date) && a.Commit == b.Commit && a.Upload == b.Upload
+}
+
+// Pre 21/03/25 format: "{BACKUP_PREFIX}{date in BACKUP_DATEFMT}{BACKUP_SUFFIX}" = "jfa-go-db-2006-01-02T15-04-05.bak"
+// Post 21/03/25 format: "{BACKUP_PREFIX}-c-{commit}-d-{date in BACKUP_DATEFMT}{BACKUP_SUFFIX}" = "jfa-go-db-c-0b92060-d-2006-01-02T15-04-05.bak"
+
+func (b Backup) String() string {
+	t := b.Date
+	if t.IsZero() {
+		t = time.Now()
+	}
+	out := BACKUP_PREFIX
+	if b.Upload {
+		out = BACKUP_UPLOAD_PREFIX + out
+	}
+	if b.Commit != "" {
+		out += BACKUP_COMMIT_PREFIX + b.Commit
+	}
+	out += BACKUP_DATE_PREFIX + t.Local().Format(BACKUP_DATEFMT) + BACKUP_SUFFIX
+	return out
+}
+
+func (b *Backup) FromString(f string) error {
+	of := f
+	if strings.HasPrefix(f, BACKUP_UPLOAD_PREFIX) {
+		b.Upload = true
+		f = f[len(BACKUP_UPLOAD_PREFIX):]
+	}
+	if !strings.HasPrefix(f, BACKUP_PREFIX) {
+		return fmt.Errorf("file doesn't have correct prefix (\"%s\")", BACKUP_PREFIX)
+	}
+	f = f[len(BACKUP_PREFIX):]
+	if !strings.HasSuffix(f, BACKUP_SUFFIX) {
+		return fmt.Errorf("file doesn't have correct suffix (\"%s\")", BACKUP_SUFFIX)
+	}
+	for range 2 {
+		if strings.HasPrefix(f, BACKUP_COMMIT_PREFIX) {
+			f = f[len(BACKUP_COMMIT_PREFIX):]
+			commitEnd := strings.Index(f, BACKUP_DATE_PREFIX)
+			if commitEnd == -1 {
+				commitEnd = strings.Index(f, BACKUP_SUFFIX)
+			}
+			if commitEnd == -1 {
+				return fmt.Errorf("end of commit (\"%s\" or \"%s\") not found in \"%s\"", BACKUP_DATE_PREFIX, BACKUP_PREFIX, f)
+			}
+			b.Commit = f[:commitEnd]
+			f = f[commitEnd:]
+		} else if strings.HasPrefix(f, BACKUP_DATE_PREFIX) {
+			f = f[len(BACKUP_DATE_PREFIX):]
+			dateEnd := strings.Index(f, BACKUP_COMMIT_PREFIX)
+			if dateEnd == -1 {
+				dateEnd = strings.Index(f, BACKUP_SUFFIX)
+			}
+			if dateEnd == -1 {
+				return fmt.Errorf("end of date (\"%s\" or \"%s\") not found in \"%s\"", BACKUP_COMMIT_PREFIX, BACKUP_PREFIX, f)
+			}
+			t, err := time.Parse(BACKUP_DATEFMT, f[:dateEnd])
+			if err != nil {
+				return err
+			}
+			b.Date = t
+			f = f[dateEnd:]
+		}
+	}
+	if b.Date.IsZero() {
+		return b.FromOldString(of)
+	}
+	return nil
+}
+
+func (b *Backup) FromOldString(f string) error {
+	t, err := time.Parse(BACKUP_DATEFMT, strings.TrimSuffix(strings.TrimPrefix(strings.TrimPrefix(f, BACKUP_UPLOAD_PREFIX), BACKUP_PREFIX+"-"), BACKUP_SUFFIX))
+	if err != nil {
+		return fmt.Errorf(lm.FailedParseTime, err)
+	}
+	b.Date = t
+	return nil
+
+}
+
+type BackupList struct {
+	files []os.DirEntry
+	info  []Backup
+	count int
+}
+
+func (bl BackupList) Len() int { return len(bl.files) }
+func (bl BackupList) Swap(i, j int) {
+	bl.files[i], bl.files[j] = bl.files[j], bl.files[i]
+	bl.info[i], bl.info[j] = bl.info[j], bl.info[i]
+}
+
+func (bl BackupList) Less(i, j int) bool {
+	// Push non-backup files to the end of the array,
+	// Since they didn't have a date parsed.
+	if bl.info[i].Date.IsZero() {
+		return false
+	}
+	if bl.info[j].Date.IsZero() {
+		return true
+	}
+	// Sort by oldest first
+	return bl.info[j].Date.After(bl.info[i].Date)
+}
+
+// Get human-readable file size from f.Size() result.
+// https://programming.guide/go/formatting-byte-size-to-human-readable-format.html
+func fileSize(l int64) string {
+	const unit = 1000
+	if l < unit {
+		return fmt.Sprintf("%dB", l)
+	}
+	div, exp := int64(unit), 0
+	for n := l / unit; n >= unit; n /= unit {
+		div *= unit
+		exp++
+	}
+	return fmt.Sprintf("%.1f%c", float64(l)/float64(div), "KMGTPE"[exp])
+}
+
+func (app *appContext) getBackups() *BackupList {
+	path := app.config.Section("backups").Key("path").String()
+	err := os.MkdirAll(path, 0755)
+	if err != nil {
+		app.err.Printf(lm.FailedCreateDir, path, err)
+		return nil
+	}
+	items, err := os.ReadDir(path)
+	if err != nil {
+		app.err.Printf(lm.FailedReading, path, err)
+		return nil
+	}
+	backups := &BackupList{}
+	backups.files = items
+	backups.info = make([]Backup, len(items))
+	backups.count = 0
+	for i, item := range items {
+		// Even though Backup{} can parse and check validity, still check if the file ends in .bak, we don't need to print an error if a file isn't a .bak.
+		if item.IsDir() || !(strings.HasSuffix(item.Name(), BACKUP_SUFFIX)) {
+			continue
+		}
+		b := Backup{}
+		if err := b.FromString(item.Name()); err != nil {
+			app.debug.Printf(lm.FailedParseBackup, item.Name(), err)
+			continue
+		}
+		backups.info[i] = b
+		backups.count++
+	}
+	return backups
+}
+
+func (app *appContext) makeBackup() (fileDetails CreateBackupDTO) {
+	toKeep := app.config.Section("backups").Key("keep_n_backups").MustInt(20)
+	keepPreviousVersions := app.config.Section("backups").Key("keep_previous_version_backup").MustBool(true)
+
+	b := Backup{Commit: commit}
+	fname := b.String()
+	path := app.config.Section("backups").Key("path").String()
+	backups := app.getBackups()
+	if backups == nil {
+		return
+	}
+	toDelete := backups.count + 1 - toKeep
+	if toDelete > 0 || keepPreviousVersions {
+		sort.Sort(backups)
+	}
+	backupsByCommit := map[string]int{}
+	if keepPreviousVersions {
+		// Count backups by commit
+		for _, b := range backups.info {
+			if b.IsZero() {
+				continue
+			}
+			// If b.Commit is empty, the backup is pre-versions-in-backup-names.
+			// Still use the empty string as a key, considering these as a single version.
+			count, ok := backupsByCommit[b.Commit]
+			if !ok {
+				count = 0
+			}
+			count += 1
+			backupsByCommit[b.Commit] = count
+		}
+		fmt.Printf("remaining:%+v\n", backupsByCommit)
+	}
+	// fmt.Printf("toDelete: %d, backCount: %d, keep: %d, length: %d\n", toDelete, backups.count, toKeep, len(backups.files))
+	if toDelete > 0 && toDelete <= backups.count {
+		for i := range toDelete {
+			backupsRemaining, ok := backupsByCommit[backups.info[i].Commit]
+			app.debug.Println("item", backups.files[i], "remaining", backupsRemaining)
+			if keepPreviousVersions && ok && backupsRemaining <= 1 {
+				continue
+			}
+
+			item := backups.files[i]
+			fullpath := filepath.Join(path, item.Name())
+			err := os.Remove(fullpath)
+			if err != nil {
+				app.err.Printf(lm.FailedDeleteOldBackup, fullpath, err)
+				return
+			}
+			app.debug.Printf(lm.DeleteOldBackup, fullpath)
+			if keepPreviousVersions && ok {
+				backupsRemaining -= 1
+				backupsByCommit[backups.info[i].Commit] = backupsRemaining
+			}
+		}
+	}
+	fullpath := filepath.Join(path, fname)
+	f, err := os.Create(fullpath)
+	if err != nil {
+		app.err.Printf(lm.FailedOpen, fullpath, err)
+		return
+	}
+	defer f.Close()
+	_, err = app.storage.db.Badger().Backup(f, 0)
+	if err != nil {
+		app.err.Printf(lm.FailedCreateBackup, err)
+		return
+	}
+
+	fstat, err := f.Stat()
+	if err != nil {
+		app.err.Printf(lm.FailedStat, fullpath, err)
+		return
+	}
+	fileDetails.Size = fileSize(fstat.Size())
+	fileDetails.Name = fname
+	fileDetails.Path = fullpath
+	app.debug.Printf(lm.CreateBackup, fileDetails)
+	return
+}
+
+func (app *appContext) loadPendingBackup() {
+	if LOADBAK == "" {
+		return
+	}
+	oldPath := filepath.Join(app.dataPath, "db-"+strconv.FormatInt(time.Now().Unix(), 10)+"-pre-"+filepath.Base(LOADBAK))
+	err := os.Rename(app.storage.db_path, oldPath)
+	if err != nil {
+		app.err.Fatalf(lm.FailedMoveOldDB, oldPath, err)
+	}
+	app.info.Printf(lm.MoveOldDB, oldPath)
+
+	app.ConnectDB()
+	defer app.storage.db.Close()
+
+	f, err := os.Open(LOADBAK)
+	if err != nil {
+		app.err.Fatalf(lm.FailedOpen, LOADBAK, err)
+	}
+	err = app.storage.db.Badger().Load(f, 256)
+	f.Close()
+	if err != nil {
+		app.err.Fatalf(lm.FailedRestoreDB, LOADBAK, err)
+	}
+	app.info.Printf(lm.RestoreDB, LOADBAK)
+	LOADBAK = ""
+}
+
+func newBackupDaemon(app *appContext) *GenericDaemon {
+	interval := time.Duration(app.config.Section("backups").Key("every_n_minutes").MustInt(1440)) * time.Minute
+	d := NewGenericDaemon(interval, app,
+		func(app *appContext) {
+			app.makeBackup()
+		},
+	)
+	d.Name("Backup")
+	return d
+}
--- a/backups_test.go
+++ b/backups_test.go
@@ -0,0 +1,57 @@
+package main
+
+import (
+	"testing"
+	"time"
+)
+
+func testBackupParse(f string, a Backup, t *testing.T) {
+	b := Backup{}
+	err := b.FromString(f)
+	if err != nil {
+		t.Fatalf("error: %+v", err)
+	}
+	if !b.Equals(a) {
+		t.Fatalf("not equal: %+v != %+v", b, a)
+	}
+}
+
+func TestBackupParserOld(t *testing.T) {
+	Q1 := BACKUP_PREFIX + "2023-12-21T21-08-00" + BACKUP_SUFFIX
+	A1 := Backup{}
+	A1.Date, _ = time.Parse(BACKUP_DATEFMT, "2023-12-21T21-08-00")
+	testBackupParse(Q1, A1, t)
+}
+func TestBackupParserOldUpload(t *testing.T) {
+	Q2 := BACKUP_UPLOAD_PREFIX + BACKUP_PREFIX + "2023-12-21T21-08-00" + BACKUP_SUFFIX
+	A2 := Backup{
+		Upload: true,
+	}
+	A2.Date, _ = time.Parse(BACKUP_DATEFMT, "2023-12-21T21-08-00")
+	testBackupParse(Q2, A2, t)
+}
+func TestBackupParserUploadDate(t *testing.T) {
+	Q3 := BACKUP_UPLOAD_PREFIX + BACKUP_PREFIX + BACKUP_DATE_PREFIX + "2023-12-21T21-08-00" + BACKUP_SUFFIX
+	A3 := Backup{
+		Upload: true,
+	}
+	A3.Date, _ = time.Parse(BACKUP_DATEFMT, "2023-12-21T21-08-00")
+	testBackupParse(Q3, A3, t)
+}
+func TestBackupParserUploadCommitDate(t *testing.T) {
+	Q4 := BACKUP_UPLOAD_PREFIX + BACKUP_PREFIX + BACKUP_COMMIT_PREFIX + "testcommit" + BACKUP_DATE_PREFIX + "2023-12-21T21-08-00" + BACKUP_SUFFIX
+	A4 := Backup{
+		Commit: "testcommit",
+		Upload: true,
+	}
+	A4.Date, _ = time.Parse(BACKUP_DATEFMT, "2023-12-21T21-08-00")
+	testBackupParse(Q4, A4, t)
+}
+func TestBackupParserDateCommit(t *testing.T) {
+	Q5 := BACKUP_PREFIX + BACKUP_DATE_PREFIX + "2023-12-21T21-08-00" + BACKUP_COMMIT_PREFIX + "testcommit" + BACKUP_SUFFIX
+	A5 := Backup{
+		Commit: "testcommit",
+	}
+	A5.Date, _ = time.Parse(BACKUP_DATEFMT, "2023-12-21T21-08-00")
+	testBackupParse(Q5, A5, t)
+}
--- a/common/common.go
+++ b/common/common.go
@@ -1,8 +1,18 @@
 package common

 import (
+	"bytes"
+	"compress/gzip"
+	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"log"
+	"net/http"
+	"net/url"
+	"strings"
+
+	lm "github.com/hrfee/jfa-go/logmessages"
 )

 // TimeoutHandler recovers from an http timeout or panic.
@@ -12,7 +22,7 @@ type TimeoutHandler func()
 func NewTimeoutHandler(name, addr string, noFail bool) TimeoutHandler {
 	return func() {
 		if r := recover(); r != nil {
-			out := fmt.Sprintf("Failed to authenticate with %s @ %s: Timed out", name, addr)
+			out := fmt.Sprintf(lm.FailedAuth, name, addr, 0, lm.TimedOut)
 			if noFail {
 				log.Print(out)
 			} else {
@@ -21,3 +31,127 @@ func NewTimeoutHandler(name, addr string, noFail bool) TimeoutHandler {
 		}
 	}
 }
+
+// most 404 errors are from UserNotFound, so this generic error doesn't really need any detail.
+type ErrNotFound error
+
+type ErrUnauthorized struct{}
+
+func (err ErrUnauthorized) Error() string {
+	return lm.Unauthorized
+}
+
+type ErrForbidden struct{}
+
+func (err ErrForbidden) Error() string {
+	return lm.Forbidden
+}
+
+var (
+	NotFound ErrNotFound = errors.New(lm.NotFound)
+)
+
+type ErrUnknown struct {
+	code int
+}
+
+func (err ErrUnknown) Error() string {
+	msg := fmt.Sprintf(lm.FailedGenericWithCode, err.code)
+	return msg
+}
+
+// GenericErr returns an error appropriate to the given HTTP status (or actual error, if given).
+func GenericErr(status int, err error) error {
+	if err != nil {
+		return err
+	}
+	switch status {
+	case 200, 204, 201:
+		return nil
+	case 401, 400:
+		return ErrUnauthorized{}
+	case 404:
+		return NotFound
+	case 403:
+		return ErrForbidden{}
+	default:
+		return ErrUnknown{code: status}
+	}
+}
+
+func GenericErrFromResponse(resp *http.Response, err error) error {
+	if resp == nil {
+		return ErrUnknown{code: -2}
+	}
+	return GenericErr(resp.StatusCode, err)
+}
+
+type ConfigurableTransport interface {
+	// SetTransport sets the http.Transport to use for requests. Can be used to set a proxy.
+	SetTransport(t *http.Transport)
+}
+
+// Stripped down-ish version of rough http request function used in most of the API clients.
+func Req(httpClient *http.Client, timeoutHandler TimeoutHandler, mode string, uri string, data any, queryParams url.Values, headers map[string]string, response bool) (string, int, error) {
+	var params []byte
+	if data != nil {
+		params, _ = json.Marshal(data)
+	}
+	if qp := queryParams.Encode(); qp != "" {
+		uri += "?" + qp
+	}
+	var req *http.Request
+	if data != nil {
+		req, _ = http.NewRequest(mode, uri, bytes.NewBuffer(params))
+	} else {
+		req, _ = http.NewRequest(mode, uri, nil)
+	}
+	req.Header.Add("Content-Type", "application/json")
+	for name, value := range headers {
+		req.Header.Add(name, value)
+	}
+	resp, err := httpClient.Do(req)
+	if resp == nil {
+		return "", 0, err
+	}
+	err = GenericErr(resp.StatusCode, err)
+	if timeoutHandler != nil {
+		defer timeoutHandler()
+	}
+	var responseText string
+	defer resp.Body.Close()
+	if response || err != nil {
+		responseText, err = decodeResp(resp)
+		if err != nil {
+			return responseText, resp.StatusCode, err
+		}
+	}
+	if err != nil {
+		var msg any
+		err = json.Unmarshal([]byte(responseText), &msg)
+		if err != nil {
+			return responseText, resp.StatusCode, err
+		}
+		if msg != nil {
+			err = fmt.Errorf("got %d: %+v", resp.StatusCode, msg)
+		}
+		return responseText, resp.StatusCode, err
+	}
+	return responseText, resp.StatusCode, err
+}
+
+func decodeResp(resp *http.Response) (string, error) {
+	var out io.Reader
+	switch resp.Header.Get("Content-Encoding") {
+	case "gzip":
+		out, _ = gzip.NewReader(resp.Body)
+	default:
+		out = resp.Body
+	}
+	buf := new(strings.Builder)
+	_, err := io.Copy(buf, out)
+	if err != nil {
+		return "", err
+	}
+	return buf.String(), nil
+}
--- a/common/config.go
+++ b/common/config.go
@@ -0,0 +1,62 @@
+package common
+
+type SectionMeta struct {
+	Name         string `json:"name" yaml:"name" example:"My Section"` // friendly name of the section
+	Description  string `json:"description" yaml:"description"`
+	Advanced     bool   `json:"advanced,omitempty" yaml:"advanced,omitempty"`
+	Disabled     bool   `json:"disabled,omitempty" yaml:"disabled,omitempty"`
+	DependsTrue  string `json:"depends_true,omitempty" yaml:"depends_true,omitempty"`
+	DependsFalse string `json:"depends_false,omitempty" yaml:"depends_false,omitempty"`
+	WikiLink     string `json:"wiki_link,omitempty" yaml:"wiki_link,omitempty"`
+}
+
+type Option [2]string
+
+type SettingType string
+
+var (
+	BoolType     SettingType = "bool"
+	SelectType   SettingType = "select"
+	TextType     SettingType = "text"
+	PasswordType SettingType = "password"
+	NumberType   SettingType = "number"
+	NoteType     SettingType = "note"
+	EmailType    SettingType = "email"
+	ListType     SettingType = "list"
+)
+
+type Setting struct {
+	Setting         string      `json:"setting" yaml:"setting" example:"my_setting"`
+	Name            string      `json:"name" yaml:"name" example:"My Setting"`
+	Description     string      `json:"description" yaml:"description"`
+	Required        bool        `json:"required" yaml:"required"`
+	RequiresRestart bool        `json:"requires_restart" yaml:"requires_restart"`
+	Advanced        bool        `json:"advanced,omitempty" yaml:"advanced,omitempty"`
+	Type            SettingType `json:"type" yaml:"type"` // Type (string, number, bool, etc.)
+	Value           any         `json:"value" yaml:"value"`
+	Options         []Option    `json:"options,omitempty" yaml:"options,omitempty"`
+	DependsTrue     string      `json:"depends_true,omitempty" yaml:"depends_true,omitempty"`   // If specified, this field is enabled when the specified bool setting is enabled.
+	DependsFalse    string      `json:"depends_false,omitempty" yaml:"depends_false,omitempty"` // If specified, opposite behaviour of DependsTrue.
+	Style           string      `json:"style,omitempty" yaml:"style,omitempty"`
+	Deprecated      bool        `json:"deprecated,omitempty" yaml:"deprecated,omitempty"`
+	WikiLink        string      `json:"wiki_link,omitempty" yaml:"wiki_link,omitempty"`
+}
+
+type Section struct {
+	Section  string      `json:"section" yaml:"section" example:"my_section"`
+	Meta     SectionMeta `json:"meta" yaml:"meta"`
+	Settings []Setting   `json:"settings" yaml:"settings"`
+}
+
+type Config struct {
+	Sections []Section `json:"sections" yaml:"sections"`
+}
+
+func (c *Config) removeSection(section string) {
+	for i, v := range c.Sections {
+		if v.Section == section {
+			c.Sections = append(c.Sections[:i], c.Sections[i+1:]...)
+			break
+		}
+	}
+}
--- a/common/go.mod
+++ b/common/go.mod
@@ -1,3 +1,7 @@
 module github.com/hrfee/jfa-go/common

-go 1.15
+replace github.com/hrfee/jfa-go/logmessages => ../logmessages
+
+go 1.18
+
+require github.com/hrfee/jfa-go/logmessages v0.0.0-20240806200606-6308db495a0a
--- a/config.go
+++ b/config.go
@@ -3,17 +3,27 @@ package main
 import (
 	"fmt"
 	"io/fs"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
+	"time"

+	"github.com/hrfee/jfa-go/common"
+	"github.com/hrfee/jfa-go/easyproxy"
+	lm "github.com/hrfee/jfa-go/logmessages"
 	"gopkg.in/ini.v1"
 )

 var emailEnabled = false
 var messagesEnabled = false
 var telegramEnabled = false
+var discordEnabled = false
+var matrixEnabled = false
+
+// URL subpaths. Ignore the "Current" field.
+var PAGES = PagePaths{}

 func (app *appContext) GetPath(sect, key string) (fs.FS, string) {
 	val := app.config.Section(sect).Key(key).MustString("")
@@ -28,24 +38,70 @@ func (app *appContext) MustSetValue(section, key, val string) {
 	app.config.Section(section).Key(key).SetValue(app.config.Section(section).Key(key).MustString(val))
 }

+func (app *appContext) MustSetURLPath(section, key, val string) {
+	if !strings.HasPrefix(val, "/") && val != "" {
+		val = "/" + val
+	}
+	app.MustSetValue(section, key, val)
+}
+
+func FormatSubpath(path string) string {
+	if path == "/" {
+		return ""
+	}
+	return strings.TrimSuffix(path, "/")
+}
+
 func (app *appContext) loadConfig() error {
 	var err error
-	app.config, err = ini.Load(app.configPath)
+	app.config, err = ini.ShadowLoad(app.configPath)
 	if err != nil {
 		return err
 	}

+	// URLs
+	app.MustSetURLPath("ui", "url_base", "")
+	app.MustSetURLPath("url_paths", "admin", "")
+	app.MustSetURLPath("url_paths", "user_page", "/my/account")
+	app.MustSetURLPath("url_paths", "form", "/invite")
+	PAGES.Base = FormatSubpath(app.config.Section("ui").Key("url_base").String())
+	PAGES.Admin = FormatSubpath(app.config.Section("url_paths").Key("admin").String())
+	PAGES.MyAccount = FormatSubpath(app.config.Section("url_paths").Key("user_page").String())
+	PAGES.Form = FormatSubpath(app.config.Section("url_paths").Key("form").String())
+	if !(app.config.Section("user_page").Key("enabled").MustBool(true)) {
+		PAGES.MyAccount = "disabled"
+	}
+	if PAGES.Base == PAGES.Form || PAGES.Base == "/accounts" || PAGES.Base == "/settings" || PAGES.Base == "/activity" {
+		app.err.Printf(lm.BadURLBase, PAGES.Base)
+	}
+	app.info.Printf(lm.SubpathBlockMessage, PAGES.Base, PAGES.Admin, PAGES.MyAccount, PAGES.Form)
 	app.MustSetValue("jellyfin", "public_server", app.config.Section("jellyfin").Key("server").String())
+	app.MustSetValue("ui", "redirect_url", app.config.Section("jellyfin").Key("public_server").String())

 	for _, key := range app.config.Section("files").Keys() {
 		if name := key.Name(); name != "html_templates" && name != "lang_files" {
 			key.SetValue(key.MustString(filepath.Join(app.dataPath, (key.Name() + ".json"))))
 		}
 	}
-	for _, key := range []string{"user_configuration", "user_displayprefs", "user_profiles", "ombi_template", "invites", "emails", "user_template", "custom_emails", "users", "telegram_users"} {
+	for _, key := range []string{"user_configuration", "user_displayprefs", "user_profiles", "ombi_template", "invites", "emails", "user_template", "custom_emails", "users", "telegram_users", "discord_users", "matrix_users", "announcements", "custom_user_page_content"} {
 		app.config.Section("files").Key(key).SetValue(app.config.Section("files").Key(key).MustString(filepath.Join(app.dataPath, (key + ".json"))))
 	}
-	app.URLBase = strings.TrimSuffix(app.config.Section("ui").Key("url_base").MustString(""), "/")
+	for _, key := range []string{"matrix_sql"} {
+		app.config.Section("files").Key(key).SetValue(app.config.Section("files").Key(key).MustString(filepath.Join(app.dataPath, (key + ".db"))))
+	}
+
+	app.ExternalURI = strings.TrimSuffix(strings.TrimSuffix(app.config.Section("ui").Key("jfa_url").MustString(""), "/invite"), "/")
+	if !strings.HasSuffix(app.ExternalURI, PAGES.Base) {
+		app.err.Println(lm.NoURLSuffix)
+	}
+	if app.ExternalURI == "" {
+		app.err.Println(lm.NoExternalHost + lm.LoginWontSave)
+	}
+	u, err := url.Parse(app.ExternalURI)
+	if err == nil {
+		app.ExternalDomain = u.Hostname()
+	}
+
 	app.config.Section("email").Key("no_username").SetValue(strconv.FormatBool(app.config.Section("email").Key("no_username").MustBool(false)))

 	app.MustSetValue("password_resets", "email_html", "jfa-go:"+"email.html")
@@ -66,6 +122,22 @@ func (app *appContext) loadConfig() error {
 	app.MustSetValue("deletion", "email_html", "jfa-go:"+"deleted.html")
 	app.MustSetValue("deletion", "email_text", "jfa-go:"+"deleted.txt")

+	app.MustSetValue("smtp", "hello_hostname", "localhost")
+	app.MustSetValue("smtp", "cert_validation", "true")
+	app.MustSetValue("smtp", "auth_type", "4")
+	app.MustSetValue("smtp", "port", "465")
+
+	app.MustSetValue("activity_log", "keep_n_records", "1000")
+	app.MustSetValue("activity_log", "delete_after_days", "90")
+
+	sc := app.config.Section("discord").Key("start_command").MustString("start")
+	app.config.Section("discord").Key("start_command").SetValue(strings.TrimPrefix(strings.TrimPrefix(sc, "/"), "!"))
+
+	jfUrl := app.config.Section("jellyfin").Key("server").String()
+	if !(strings.HasPrefix(jfUrl, "http://") || strings.HasPrefix(jfUrl, "https://")) {
+		app.config.Section("jellyfin").Key("server").SetValue("http://" + jfUrl)
+	}
+
 	// Deletion template is good enough for these as well.
 	app.MustSetValue("disable_enable", "disabled_html", "jfa-go:"+"deleted.html")
 	app.MustSetValue("disable_enable", "disabled_text", "jfa-go:"+"deleted.txt")
@@ -82,23 +154,92 @@ func (app *appContext) loadConfig() error {
 	app.MustSetValue("user_expiry", "email_html", "jfa-go:"+"user-expired.html")
 	app.MustSetValue("user_expiry", "email_text", "jfa-go:"+"user-expired.txt")

+	app.MustSetValue("user_expiry", "adjustment_email_html", "jfa-go:"+"expiry-adjusted.html")
+	app.MustSetValue("user_expiry", "adjustment_email_text", "jfa-go:"+"expiry-adjusted.txt")
+
+	app.MustSetValue("email", "collect", "true")
+
+	app.MustSetValue("matrix", "topic", "Jellyfin notifications")
+	app.MustSetValue("matrix", "show_on_reg", "true")
+
+	app.MustSetValue("discord", "show_on_reg", "true")
+
+	app.MustSetValue("telegram", "show_on_reg", "true")
+
+	app.MustSetValue("backups", "every_n_minutes", "1440")
+	app.MustSetValue("backups", "path", filepath.Join(app.dataPath, "backups"))
+	app.MustSetValue("backups", "keep_n_backups", "20")
+	app.MustSetValue("backups", "keep_previous_version_backup", "true")
+
 	app.config.Section("jellyfin").Key("version").SetValue(version)
 	app.config.Section("jellyfin").Key("device").SetValue("jfa-go")
 	app.config.Section("jellyfin").Key("device_id").SetValue(fmt.Sprintf("jfa-go-%s-%s", version, commit))
+
+	LOGIP = app.config.Section("advanced").Key("log_ips").MustBool(false)
+	LOGIPU = app.config.Section("advanced").Key("log_ips_users").MustBool(false)
+
+	app.MustSetValue("advanced", "auth_retry_count", "6")
+	app.MustSetValue("advanced", "auth_retry_gap", "10")
+
+	app.MustSetValue("ui", "port", "8056")
+	app.MustSetValue("advanced", "tls_port", "8057")
+
+	app.MustSetValue("advanced", "value_log_size", "512")
+
+	pwrMethods := []string{"allow_pwr_username", "allow_pwr_email", "allow_pwr_contact_method"}
+	allDisabled := true
+	for _, v := range pwrMethods {
+		if app.config.Section("user_page").Key(v).MustBool(true) {
+			allDisabled = false
+		}
+	}
+	if allDisabled {
+		app.info.Println(lm.EnableAllPWRMethods)
+		for _, v := range pwrMethods {
+			app.config.Section("user_page").Key(v).SetValue("true")
+		}
+	}
+
 	messagesEnabled = app.config.Section("messages").Key("enabled").MustBool(false)
 	telegramEnabled = app.config.Section("telegram").Key("enabled").MustBool(false)
+	discordEnabled = app.config.Section("discord").Key("enabled").MustBool(false)
+	matrixEnabled = app.config.Section("matrix").Key("enabled").MustBool(false)
 	if !messagesEnabled {
 		emailEnabled = false
 		telegramEnabled = false
+		discordEnabled = false
+		matrixEnabled = false
 	} else if app.config.Section("email").Key("method").MustString("") == "" {
 		emailEnabled = false
 	} else {
 		emailEnabled = true
 	}
-	if !emailEnabled && !telegramEnabled {
+	if !emailEnabled && !telegramEnabled && !discordEnabled && !matrixEnabled {
 		messagesEnabled = false
 	}

+	if app.proxyEnabled = app.config.Section("advanced").Key("proxy").MustBool(false); app.proxyEnabled {
+		app.proxyConfig = easyproxy.ProxyConfig{}
+		app.proxyConfig.Protocol = easyproxy.HTTP
+		if strings.Contains(app.config.Section("advanced").Key("proxy_protocol").MustString("http"), "socks") {
+			app.proxyConfig.Protocol = easyproxy.SOCKS5
+		}
+		app.proxyConfig.Addr = app.config.Section("advanced").Key("proxy_address").MustString("")
+		app.proxyConfig.User = app.config.Section("advanced").Key("proxy_user").MustString("")
+		app.proxyConfig.Password = app.config.Section("advanced").Key("proxy_password").MustString("")
+		app.proxyTransport, err = easyproxy.NewTransport(app.proxyConfig)
+		if err != nil {
+			app.err.Printf(lm.FailedInitProxy, app.proxyConfig.Addr, err)
+			// As explained in lm.FailedInitProxy, sleep here might grab the admin's attention,
+			// Since we don't crash on this failing.
+			time.Sleep(15 * time.Second)
+			app.proxyEnabled = false
+		} else {
+			app.proxyEnabled = true
+			app.info.Printf(lm.InitProxy, app.proxyConfig.Addr)
+		}
+	}
+
 	app.MustSetValue("updates", "enabled", "true")
 	releaseChannel := app.config.Section("updates").Key("channel").String()
 	if app.config.Section("updates").Key("enabled").MustBool(false) {
@@ -111,6 +252,9 @@ func (app *appContext) loadConfig() error {
 			v = "git"
 		}
 		app.updater = newUpdater(baseURL, namespace, repo, v, commit, updater)
+		if app.proxyEnabled {
+			app.updater.SetTransport(app.proxyTransport)
+		}
 	}
 	if releaseChannel == "" {
 		if version == "git" {
@@ -121,18 +265,20 @@ func (app *appContext) loadConfig() error {
 		app.MustSetValue("updates", "channel", releaseChannel)
 	}

-	app.storage.customEmails_path = app.config.Section("files").Key("custom_emails").String()
-	app.storage.loadCustomEmails()
-
 	substituteStrings = app.config.Section("jellyfin").Key("substitute_jellyfin_strings").MustString("")

+	if substituteStrings != "" {
+		v := app.config.Section("ui").Key("success_message")
+		v.SetValue(strings.ReplaceAll(v.String(), "Jellyfin", substituteStrings))
+	}
+
 	oldFormLang := app.config.Section("ui").Key("language").MustString("")
 	if oldFormLang != "" {
-		app.storage.lang.chosenFormLang = oldFormLang
+		app.storage.lang.chosenUserLang = oldFormLang
 	}
 	newFormLang := app.config.Section("ui").Key("language-form").MustString("")
 	if newFormLang != "" {
-		app.storage.lang.chosenFormLang = newFormLang
+		app.storage.lang.chosenUserLang = newFormLang
 	}
 	app.storage.lang.chosenAdminLang = app.config.Section("ui").Key("language-admin").MustString("en-us")
 	app.storage.lang.chosenEmailLang = app.config.Section("email").Key("language").MustString("en-us")
@@ -144,27 +290,97 @@ func (app *appContext) loadConfig() error {
 	return nil
 }

-func (app *appContext) migrateEmailConfig() {
-	tempConfig, _ := ini.Load(app.configPath)
-	fmt.Println(warning("Part of your email configuration will be migrated to the new \"messages\" section.\nA backup will be made."))
-	err := tempConfig.SaveTo(app.configPath + "_" + commit + ".bak")
-	if err != nil {
-		app.err.Fatalf("Failed to backup config: %v", err)
-		return
-	}
-	for _, setting := range []string{"use_24h", "date_format", "message"} {
-		if val := app.config.Section("email").Key(setting).Value(); val != "" {
-			tempConfig.Section("email").Key(setting).SetValue("")
-			tempConfig.Section("messages").Key(setting).SetValue(val)
+func (app *appContext) PatchConfigBase() {
+	conf := app.configBase
+	// Load language options
+	formOptions := app.storage.lang.User.getOptions()
+	pwrOptions := app.storage.lang.PasswordReset.getOptions()
+	adminOptions := app.storage.lang.Admin.getOptions()
+	emailOptions := app.storage.lang.Email.getOptions()
+	telegramOptions := app.storage.lang.Email.getOptions()
+
+	for i, section := range app.configBase.Sections {
+		if section.Section == "updates" && updater == "" {
+			section.Meta.Disabled = true
 		}
+		for j, setting := range section.Settings {
+			if section.Section == "ui" {
+				if setting.Setting == "language-form" {
+					setting.Options = formOptions
+					setting.Value = "en-us"
+				} else if setting.Setting == "language-admin" {
+					setting.Options = adminOptions
+					setting.Value = "en-us"
+				}
+			} else if section.Section == "password_resets" {
+				if setting.Setting == "language" {
+					setting.Options = pwrOptions
+					setting.Value = "en-us"
+				}
+			} else if section.Section == "email" {
+				if setting.Setting == "language" {
+					setting.Options = emailOptions
+					setting.Value = "en-us"
+				}
+			} else if section.Section == "telegram" {
+				if setting.Setting == "language" {
+					setting.Options = telegramOptions
+					setting.Value = "en-us"
+				}
+			} else if section.Section == "smtp" {
+				if setting.Setting == "ssl_cert" && PLATFORM == "windows" {
+					// Not accurate but the effect is hiding the option, which we want.
+					setting.Deprecated = true
+				}
+			} else if section.Section == "matrix" {
+				if setting.Setting == "encryption" && !MatrixE2EE() {
+					// Not accurate but the effect is hiding the option, which we want.
+					setting.Deprecated = true
+				}
+			}
+			val := app.config.Section(section.Section).Key(setting.Setting)
+			switch setting.Type {
+			case "list":
+				setting.Value = val.StringsWithShadows("|")
+			case "text", "email", "select", "password", "note":
+				setting.Value = val.MustString("")
+			case "number":
+				setting.Value = val.MustInt(0)
+			case "bool":
+				setting.Value = val.MustBool(false)
+			}
+			section.Settings[j] = setting
+		}
+		conf.Sections[i] = section
 	}
-	if app.config.Section("messages").Key("enabled").MustBool(false) || app.config.Section("telegram").Key("enabled").MustBool(false) {
-		tempConfig.Section("messages").Key("enabled").SetValue("true")
-	}
-	err = tempConfig.SaveTo(app.configPath)
-	if err != nil {
-		app.err.Fatalf("Failed to save config: %v", err)
+	app.patchedConfig = conf
+}
+
+func (app *appContext) PatchConfigDiscordRoles() {
+	if !discordEnabled {
 		return
 	}
-	app.loadConfig()
+	r, err := app.discord.ListRoles()
+	if err != nil {
+		return
+	}
+	roles := make([]common.Option, len(r)+1)
+	roles[0] = common.Option{"", "None"}
+	for i, role := range r {
+		roles[i+1] = role
+	}
+
+	for i, section := range app.patchedConfig.Sections {
+		if section.Section != "discord" {
+			continue
+		}
+		for j, setting := range section.Settings {
+			if setting.Setting != "apply_role" {
+				continue
+			}
+			setting.Options = roles
+			section.Settings[j] = setting
+		}
+		app.patchedConfig.Sections[i] = section
+	}
 }
--- a/config/README.md
+++ b/config/README.md
@@ -1,4 +0,0 @@
-###  fixconfig
-
-Python's `json` library retains the order of data in a JSON file, which meant settings sent to the web page would be in the right order. Go's `encoding/json` and maps do not retain order, so `enumerate/enumerate_config.py` opens the json file, and for each section, adds an "order" array which tells the web page in which order to display settings. 
-Specify the input and output files with `-i` and `-o` respectively.
--- a/config/README.txt
+++ b/config/README.txt
@@ -0,0 +1 @@
+The two python scripts here, `config-json-to-new-yaml.py` and `gen-rough-schema.py` were used to convert the old format, which was stored in a JSON file, to the new format in YAML. The latter script is used to get the possible values for settings and sections, so they could be properly defined in common/config.go.
--- a/config/config-base.json
+++ b/config/config-base.json
--- a/config/config-base.yaml
+++ b/config/config-base.yaml
--- a/config/config-json-to-new-yaml.py
+++ b/config/config-json-to-new-yaml.py
@@ -0,0 +1,35 @@
+from ruamel.yaml import YAML
+import json
+from pathlib import Path
+import sys
+yaml = YAML()
+
+# c = yaml.load(Path(sys.argv[len(sys.argv)-1]))
+with open(sys.argv[len(sys.argv)-1], 'r') as f:
+    c = json.load(f)
+
+c.pop("order")
+
+c1 = c.copy()
+c1["sections"] = []
+for section in c["sections"]:
+    codeSection = { "section": section }
+    s = codeSection | c["sections"][section]
+    s.pop("order")
+    c1["sections"].append(s)
+
+c2 = c.copy()
+c2["sections"] = []
+
+for section in c1["sections"]:
+    sArray = []
+    for setting in section["settings"]:
+        codeSetting = { "setting": setting }
+        s = codeSetting | section["settings"][setting]
+        sArray.append(s)
+
+    section["settings"] = sArray
+    c2["sections"].append(section)
+
+
+yaml.dump(c2, sys.stdout)
--- a/config/gen-rough-schema.py
+++ b/config/gen-rough-schema.py
@@ -0,0 +1,40 @@
+import json
+import sys
+
+sectionSchema = {}
+metaSchema = {}
+settingSchema = {}
+typeValues = {}
+
+# c = yaml.load(Path(sys.argv[len(sys.argv)-1]))
+with open(sys.argv[len(sys.argv)-1], 'r') as f:
+    c = json.load(f)
+
+for section in c["sections"]:
+    for key in c["sections"][section]:
+        sectionSchema[key] = True
+
+    for key in c["sections"][section]["meta"]:
+        metaSchema[key] = c["sections"][section]["meta"][key]
+
+    for setting in c["sections"][section]["settings"]:
+        for field in c["sections"][section]["settings"][setting]:
+            settingSchema[field] = c["sections"][section]["settings"][setting][field]
+        typeValues[c["sections"][section]["settings"][setting]["type"]] = True
+
+print("Section Content:")
+for v in sectionSchema:
+    print(v)
+print("---")
+print("Meta Schema")
+for v in metaSchema:
+    print(v, "=", type(metaSchema[v]))
+print("---")
+print("Setting Schema")
+for v in settingSchema:
+    print(v, "=", type(settingSchema[v]))
+print("---")
+print("Possible Types")
+for v in typeValues:
+    print(v)
+
--- a/css/base.css
+++ b/css/base.css
@@ -1,41 +1,76 @@
-@import "../node_modules/a17t/dist/a17t.css";
@import "remixicon.css";
@import "./modal.css";
@import "./dark.css";
@import "./tooltip.css";
@import "./loader.css";
+@import "./fonts.css";
+
+@tailwind base;
+@tailwind components;
+@tailwind utilities;

 :root {
    --border-width-default: 2px;
    --border-width-2: 3px;
    --border-width-4: 5px;
    --border-width-8: 8px;
+    font-family: 'Hanken Grotesk', ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
+
+    --bg-light: #fff;
+    --bg-dark: #101010;
+
+    color-scheme: light;
 }

-.light-theme {
+.light {
    --settings-section-button-filter: 90%;
 }

-.body {
-    background-color: #101010;
+.dark {
+    --settings-section-button-filter: 80%;
+    color-scheme: dark !important;
 }

-.page-container {
-    margin: 5% 20% 5% 20%;
+.dark body {
+    background-color: var(--bg-dark);
 }

-@media (max-width: 1100px) {
-    .page-container {
-        margin: 2%;
-    }
+html:not(.dark) body {
+    background-color: var(--bg-light);
 }

-@media screen and (max-width: 750px) {
+.dark select, .dark option, .dark input {
+    background: #202020;
+}
+
+html:not(.dark) .card.\@low:not(.\~neutral):not(.\~positive):not(.\~urge):not(.\~warning):not(.\~info):not(.\~critical),
+html:not(.dark) .card.\@low:not(.\~neutral):not(.\~positive):not(.\~urge):not(.\~warning):not(.\~info):not(.\~critical) > * {
+    /* Colors from ~neutral */
+    --color-fill-high: #64748b;
+    --color-fill-low: #e2e8f0;
+    --color-content-high: #f8fafc;
+    --color-content-low: #1e293b;
+    --color-accent-high: #475569;
+    --color-accent-low: #cbd5e1;
+    --color-muted-high: #475569;
+    --color-muted-low: #f1f5f9;
+    background-color: #fff;
+}
+
+.light-only {
+  display: none;
+}
+
+.dark-only {
+  display: initial;
+}
+
+@media screen and (max-width: 1024px) {
    :root {
        font-size: 0.9rem;
    }
    .table-responsive table {
-        min-width: 660px;
+        min-width: 800px;
    }
 }

@@ -50,6 +85,8 @@

 .banner.header {
    margin-bottom: var(--spacing-4,1rem);
+    max-width: calc(100% + 2.2rem); /* no idea why this works */
+    margin-left: -1.1rem;
 }

 .banner.footer {
@@ -57,106 +94,10 @@
    padding: var(--spacing-4,1rem);
 }

-.modal-content .banner {
-    margin-left: calc(-1 * var(--spacing-4,1rem) - 0.5%); /* Not sure why this is necessary */
-    margin-right: calc(-1 * var(--spacing-4,1rem) - 0.5%);
-}
-
 div.card:contains(section.banner.footer) {
    padding-bottom: 0px;
 }

-.tab-button {
-    font-size: 2rem;
-}
-
-.mb-half {
-    margin-bottom: 0.5rem;
-}
-
-.mb-1 {
-    margin-bottom: 1rem;
-}
-
-.mb-2 {
-    margin-bottom: 2rem;
-}
-
-.mt-half {
-    margin-top: 0.5rem;
-}
-
-.mt-1 {
-    margin-top: 1rem;
-}
-
-.ml-1 {
-    margin-left: 1rem;
-}
-
-.ml-half {
-    margin-left: 0.5rem;
-}
-
-.mr-half {
-    margin-right: 0.5rem;
-}
-
-.mr-1 {
-    margin-right: 1rem;
-}
-
-.p-1 {
-    padding: 1rem;
-}
-
-.pb-1 {
-    padding-bottom: 1rem;
-}
-
-.pl-1 {
-    padding-left: 1rem;
-}
-
-.al {
-    text-align: left;
-}
-
-.ar {
-    text-align: right;
-}
-
-.ac {
-    text-align: center;
-}
-
-.inline-block {
-    display: inline-block;
-}
-
-.align-top {
-    align-items: top;
-}
-
-.flex {
-    display: flex;
-}
-
-.flex-expand {
-    display: flex;
-    justify-content: space-between;
-}
-
-.flex-row {
-    display: flex;
-    flex-direction: row;
-}
-
-.flex-row-group {
-    display: block;
-    flex-grow: 1;
-}
-
 .row {
    display: flex;
    flex-wrap: wrap;
@@ -172,7 +113,7 @@ div.card:contains(section.banner.footer) {
 }

 p.sm,
-span.sm {
+span.sm:not(.heading) {
    font-size: 0.75rem;
 }

@@ -181,11 +122,7 @@ span.sm {
    margin: .25rem;
 }

-.flex-col {
-    display: flex;
-    flex-direction: column;
-}
-
+/* Who knows for half of these to be honest */
@media screen and (max-width: 400px) {
    .row {
        flex-direction: column;
@@ -195,15 +132,6 @@ span.sm {
    }
 }

-.fr {
-    float: right;
-}
-
-.monospace {
-    background-color: inherit; /* so we can use a17t code blocks */
-    font-family: Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;
-}
-
 sup.\~critical, .text-critical {
    color: var(--color-critical-normal-content);
 }
@@ -225,69 +153,6 @@ sup.\~critical, .text-critical {
    font-size: 1rem;
 }

-.inv-created-users strong,p {
-    padding-left: 0.5rem;
-    padding-bottom: 0.2rem;
-}
-
-.inv-created-users.empty strong,p {
-    padding: 0;
-}
-
-.inv {
-    overflow: visible;
-}
-
-.inv-table {
-    font-size: 0.8rem;
-}
-
-.inv-profilearea {
-    min-width: 20%;
-}
-
-.inv-profileselect {
-    min-width: 100%;
-}
-
-.inv-codearea {
-    max-width: 40%;
-    min-width: 10rem;
-    display: flex;
-    justify-content: start;
-    align-items: center;
-}
-
-.inv-empty .inv-codearea {
-    justify-content: start;
-}
-
-
-.invite-link {
-    text-overflow: ellipsis;
-    overflow: hidden;
-    white-space: nowrap;
-    width: auto;
-}
-
-.ellipsis {
-    text-overflow: ellipsis;
-    overflow: hidden;
-    white-space: nowrap;
-}
-
-.no-pad {
-    padding: 0px 0px 0px 0px;
-}
-
-.elem-pad > * {
-    margin: var(--spacing-4, 1rem);
-}
-
-.icon.clickable {
-    padding: 0.5rem 0.6rem;
-}
-
 .input {
    box-sizing: border-box; /* fixes weird length issue with inputs */
 }
@@ -306,10 +171,6 @@ sup.\~critical, .text-critical {
    width: 100%;
 }

-.flex-auto {
-    flex: auto;
-}
-
 .center {
    justify-content: center;
 }
@@ -318,14 +179,6 @@ sup.\~critical, .text-critical {
    align-items: center;
 }

-.no-lp {
-    padding-left: 0px;
-}
-
-.block { 
-    display: block;
-}
-
 .focused {
    display: block;
 }
@@ -369,10 +222,8 @@ sup.\~critical, .text-critical {
 }

 .settings-section-button {
-    box-sizing: border-box;
    width: 100%;
    height: 2.5rem;
-    background-color: rgba(0,0,0,0);
 }

 .settings-section-button:hover, .settings-section-button:focus {
@@ -384,8 +235,6 @@ sup.\~critical, .text-critical {
 }

 .settings-section-button.selected {
-    background-color: var(--color-neutral-normal-fill);
-    --buton-filter-brightness: var(--settings-section-button-filter);
    filter: brightness(var(--settings-section-button-filter)) !important;
 }

@@ -413,17 +262,37 @@ select, textarea {
    -moz-appearance: none;
 }

+html.dark textarea {
+    background-color: #202020
+}
+
 input {
    color: inherit;
    border: 0 solid var(--color-neutral-300);
 }

+table {
+    color: var(--color-content);
+}
+
+table.table.manual-pad th, table.table.manual-pad td {
+    padding: 0;
+}
+
+table.table-p-0 th, table.table-p-0 td {
+    padding-left: 0 !important;
+    padding-right: 0 !important;
+    padding-top: 0 !important;
+    padding-bottom: 0 !important;
+}
+
 p.top {
    margin-top: 0px;
 }

 .table-responsive {
    overflow-x: auto;
+    font-size: 0.9rem;
 }

 #notification-box {
@@ -438,12 +307,27 @@ p.top {
    margin-bottom: -0.5rem;
 }

+.dropdown.over-top {
+    position: absolute;
+}
+
+.dropdown-display.lg {
+    white-space: nowrap;
+}
+
+.dropdown-display.above {
+    top: auto;
+    bottom: 115%;
+}
+
 pre {
    white-space: pre-wrap;       /* css-3 */
    white-space: -moz-pre-wrap;  /* Mozilla, since 1999 */
    white-space: -pre-wrap;      /* Opera 4-6 */
    white-space: -o-pre-wrap;    /* Opera 7 */
    word-wrap: break-word;       /* Internet Explorer 5.5+ */
+    background-color: var(--color-content-high) !important;
+    overflow-x: scroll;
 }

 .circle {
@@ -474,12 +358,115 @@ a:hover:not(.lang-link):not(.\~urge), a:active:not(.lang-link):not(.\~urge) {
    color: var(--color-urge-200);
 }

+a.button,
+a.button:link,
+a.button:visited,
+a.button:focus,
+a.buton:hover {
+    color: var(--color-content) !important;
+}
+
+
 .link-center {
    display: block;
    text-align: center;
 }

-.search {
+/* .search {
    max-width: 15rem;
    min-width: 10rem;
+} */
+
+td.img-circle {
+    width: 32px;
+    height: 32px;
 }
+
+span.img-circle.lg {
+    width: 64px;
+    height: 64px;
+}
+
+span.shield.img-circle {
+    padding: 0.2rem;
+}
+
+img.img-circle {
+    border-radius: 50%;
+    vertical-align: middle;
+}
+
+.table td.sm {
+    padding-top: 0.1rem;
+    padding-bottom: 0.1rem;
+}
+
+.table-inline {
+    display: flex !important;
+    align-items: center;
+}
+
+div.card:contains(section.banner.footer) {
+    padding-bottom: 0px;
+}
+
+.card.sectioned {
+    padding: 0px;
+}
+
+.card.sectioned .section {
+    padding: var(--spacing-4, 1rem);
+}
+
+.button.discord.\@low {
+    background-color: rgba(88, 101, 242,60%);
+}
+
+.button.discord.\@low:not(.lang-link) {
+    color: rgba(38, 51, 192, 90%);
+}
+
+.pb-0i {
+    padding-bottom: 0px !important
+}
+
+.mx-0i {
+    margin-left: 0px !important;
+    margin-right: 0px !important
+}
+
+.text-center-i {
+    text-align: center !important;
+}
+
+input[type="checkbox" i], [class^="ri-"], [class*=" ri-"], .ri-refresh-line:before, .modal-close {
+    cursor: pointer;
+}
+
+.g-recaptcha {
+    overflow: hidden;
+    width: 296px;
+    height: 72px;
+    transform: scale(1.1);
+    transform-origin: top left;
+}
+
+.g-recaptcha iframe {
+    margin: -2px 0px 0px -4px;
+}
+
+.dropdown-manual-toggle {
+    margin-bottom: -0.5rem;
+    padding-bottom: 0.5rem;
+}
+
+section.section:not(.\~neutral) {
+    background-color: inherit;
+}
+
+@layer components {
+    .switch {
+        @apply flex flex-row gap-1 items-center;
+    }
+}
+
--- a/css/dark.css
+++ b/css/dark.css
@@ -1,91 +0,0 @@
-.dark-theme {
-
-    --settings-section-button-filter: 110%;
-
-    --color-neutral-900: rgba(255, 255, 255, 0.87);
-    --color-neutral-800: rgba(255, 255, 255, 0.8);
-    --color-neutral-700: rgba(255, 255, 255, 0.73);
-    --color-neutral-600: rgba(255, 255, 255, 0.66);
-    --color-neutral-500: rgb(153, 153, 153);
-    --color-neutral-400: #383838;
-    --color-neutral-300: #303030;
-    --color-neutral-200: #292929;
-    --color-neutral-100: #242424;
-    --color-neutral-50: #202020;
-    --color-neutral-000: #101010;
-
-    --color-critical-900: #fef2f2;
-    --color-critical-800: #fee2e2;
-    --color-critical-700: #fecaca;
-    --color-critical-600: #fca5a5;
-    --color-critical-500: #f87171;
-    --color-critical-400: #ef4444;
-    --color-critical-300: #dc2626;
-    --color-critical-200: #b91c1c;
-    --color-critical-100: #991b1b;
-    --color-critical-50: #7f1d1d;
-    --color-critical-000: #441313;
-
-    --color-warning-900: #fffbeb;
-    --color-warning-800: #fef3c7;
-    --color-warning-700: #fde68a;
-    --color-warning-600: #fcd34d;
-    --color-warning-500: #fbbf24;
-    --color-warning-400: #f59e0b;
-    --color-warning-300: #d97706;
-    --color-warning-200: #b45309;
-    --color-warning-100: #92400e;
-    --color-warning-50: #783900;
-    --color-warning-000: #411e01;
-
-    --color-positive-900: #f0fdf4;
-    --color-positive-800: #dcfce7;
-    --color-positive-700: #bbf7d0;
-    --color-positive-600: #86efac;
-    --color-positive-500: #4ade80;
-    --color-positive-400: #22c55e;
-    --color-positive-300: #16a34a;
-    --color-positive-200: #15803d;
-    --color-positive-100: #166534;
-    --color-positive-50: #14532d;
-    --color-positive-000: #0f2e1b;
-
-    --color-urge-900: #e0ffff;
-    --color-urge-800: #c0fbff;
-    --color-urge-700: #a0f4ff;
-    --color-urge-600: #80e9ff;
-    --color-urge-500: #60dbfb;
-    --color-urge-400: #40cbf3;
-    --color-urge-300: #20b9e9;
-    --color-urge-200: #00a4dc; /* tab buttons */
-    --color-urge-100: #0054bc;
-    --color-urge-50: #00169a;
-    --color-urge-000: #050076;
-
-    --color-info-900: #f5f3ff;
-    --color-info-800: #ede9fe;
-    --color-info-700: #ddd6fe;
-    --color-info-600: #c4b5fd;
-    --color-info-500: #a78bfa;
-    --color-info-400: #8b5cf6;
-    --color-info-300: #7c3aed;
-    --color-info-200: #6d28d9;
-    --color-info-100: #5b21b6;
-    --color-info-50: #4c1d95;
-    --color-info-000: #240e44;
-
-
-    --color-neutral-normal-content: #ffffff;
-}
-
-.light-only {
-  display: none;
-}
-
-.dark-only {
-  display: initial;
-}
-
-.dark-theme select option {
-    background: #202020;
-}
--- a/css/dark.js
+++ b/css/dark.js
@@ -0,0 +1,351 @@
+var c = {
+    inherit: 'inherit',
+    current: 'currentColor',
+    transparent: 'transparent',
+    black: '#000',
+    white: '#fff',
+    d_neutral: {
+        900: "rgba(255, 255, 255, 0.87)",
+        800: "rgba(255, 255, 255, 0.8)",
+        700: "rgba(255, 255, 255, 0.73)",
+        600: "rgba(255, 255, 255, 0.66)",
+        500: "rgb(153, 153, 153)",
+        400: "#383838",
+        300: "#303030",
+        200: "#292929",
+        100: "#242424",
+        50: "#202020",
+        000: "#101010"
+    },
+    d_critical: {
+        900: "#fef2f2",
+        800: "#fee2e2",
+        700: "#fecaca",
+        600: "#fca5a5",
+        500: "#f87171",
+        400: "#ef4444",
+        300: "#dc2626",
+        200: "#b91c1c",
+        100: "#991b1b",
+        50: "#7f1d1d",
+        000: "#441313"
+    },
+    d_warning: {
+        900: "#fffbeb",
+        800: "#fef3c7",
+        700: "#fde68a",
+        600: "#fcd34d",
+        500: "#fbbf24",
+        400: "#f59e0b",
+        300: "#d97706",
+        200: "#b45309",
+        100: "#92400e",
+        50: "#783900",
+        000: "#411e01"
+    },
+    d_positive: {
+        900: "#f0fdf4",
+        800: "#dcfce7",
+        700: "#bbf7d0",
+        600: "#86efac",
+        500: "#4ade80",
+        400: "#22c55e",
+        300: "#16a34a",
+        200: "#15803d",
+        100: "#166534",
+        50: "#14532d",
+        000: "#0f2e1b"
+    },
+    d_urge: {
+        900: "#e0ffff",
+        800: "#c0fbff",
+        700: "#a0f4ff",
+        600: "#80e9ff",
+        500: "#60dbfb",
+        400: "#40cbf3",
+        300: "#20b9e9",
+        200: "#00a4dc",
+        100: "#0054bc",
+        50: "#00169a",
+        000: "#050076"
+    },
+    d_info: {
+        900: "#f5f3ff",
+        800: "#ede9fe",
+        700: "#ddd6fe",
+        600: "#c4b5fd",
+        500: "#a78bfa",
+        400: "#8b5cf6",
+        300: "#7c3aed",
+        200: "#6d28d9",
+        100: "#5b21b6",
+        50: "#4c1d95",
+        000: "#240e44"
+    },
+    slate: {
+        50: '#f8fafc',
+        100: '#f1f5f9',
+        200: '#e2e8f0',
+        300: '#cbd5e1',
+        400: '#94a3b8',
+        500: '#64748b',
+        600: '#475569',
+        700: '#334155',
+        800: '#1e293b',
+        900: '#0f172a'
+    },
+    gray: {
+        50: '#f9fafb',
+        100: '#f3f4f6',
+        200: '#e5e7eb',
+        300: '#d1d5db',
+        400: '#9ca3af',
+        500: '#6b7280',
+        600: '#4b5563',
+        700: '#374151',
+        800: '#1f2937',
+        900: '#111827'
+    },
+    zinc: {
+        50: '#fafafa',
+        100: '#f4f4f5',
+        200: '#e4e4e7',
+        300: '#d4d4d8',
+        400: '#a1a1aa',
+        500: '#71717a',
+        600: '#52525b',
+        700: '#3f3f46',
+        800: '#27272a',
+        900: '#18181b'
+    },
+    neutral: {
+        50: '#fafafa',
+        100: '#f5f5f5',
+        200: '#e5e5e5',
+        300: '#d4d4d4',
+        400: '#a3a3a3',
+        500: '#737373',
+        600: '#525252',
+        700: '#404040',
+        800: '#262626',
+        900: '#171717'
+    },
+    stone: {
+        50: '#fafaf9',
+        100: '#f5f5f4',
+        200: '#e7e5e4',
+        300: '#d6d3d1',
+        400: '#a8a29e',
+        500: '#78716c',
+        600: '#57534e',
+        700: '#44403c',
+        800: '#292524',
+        900: '#1c1917'
+    },
+    red: {
+        50: '#fef2f2',
+        100: '#fee2e2',
+        200: '#fecaca',
+        300: '#fca5a5',
+        400: '#f87171',
+        500: '#ef4444',
+        600: '#dc2626',
+        700: '#b91c1c',
+        800: '#991b1b',
+        900: '#7f1d1d'
+    },
+    orange: {
+        50: '#fff7ed',
+        100: '#ffedd5',
+        200: '#fed7aa',
+        300: '#fdba74',
+        400: '#fb923c',
+        500: '#f97316',
+        600: '#ea580c',
+        700: '#c2410c',
+        800: '#9a3412',
+        900: '#7c2d12'
+    },
+    amber: {
+        50: '#fffbeb',
+        100: '#fef3c7',
+        200: '#fde68a',
+        300: '#fcd34d',
+        400: '#fbbf24',
+        500: '#f59e0b',
+        600: '#d97706',
+        700: '#b45309',
+        800: '#92400e',
+        900: '#78350f'
+    },
+    yellow: {
+        50: '#fefce8',
+        100: '#fef9c3',
+        200: '#fef08a',
+        300: '#fde047',
+        400: '#facc15',
+        500: '#eab308',
+        600: '#ca8a04',
+        700: '#a16207',
+        800: '#854d0e',
+        900: '#713f12'
+    },
+    lime: {
+        50: '#f7fee7',
+        100: '#ecfccb',
+        200: '#d9f99d',
+        300: '#bef264',
+        400: '#a3e635',
+        500: '#84cc16',
+        600: '#65a30d',
+        700: '#4d7c0f',
+        800: '#3f6212',
+        900: '#365314'
+    },
+    green: {
+        50: '#f0fdf4',
+        100: '#dcfce7',
+        200: '#bbf7d0',
+        300: '#86efac',
+        400: '#4ade80',
+        500: '#22c55e',
+        600: '#16a34a',
+        700: '#15803d',
+        800: '#166534',
+        900: '#14532d'
+    },
+    emerald: {
+        50: '#ecfdf5',
+        100: '#d1fae5',
+        200: '#a7f3d0',
+        300: '#6ee7b7',
+        400: '#34d399',
+        500: '#10b981',
+        600: '#059669',
+        700: '#047857',
+        800: '#065f46',
+        900: '#064e3b'
+    },
+    teal: {
+        50: '#f0fdfa',
+        100: '#ccfbf1',
+        200: '#99f6e4',
+        300: '#5eead4',
+        400: '#2dd4bf',
+        500: '#14b8a6',
+        600: '#0d9488',
+        700: '#0f766e',
+        800: '#115e59',
+        900: '#134e4a'
+    },
+    cyan: {
+        50: '#ecfeff',
+        100: '#cffafe',
+        200: '#a5f3fc',
+        300: '#67e8f9',
+        400: '#22d3ee',
+        500: '#06b6d4',
+        600: '#0891b2',
+        700: '#0e7490',
+        800: '#155e75',
+        900: '#164e63'
+    },
+    sky: {
+        50: '#f0f9ff',
+        100: '#e0f2fe',
+        200: '#bae6fd',
+        300: '#7dd3fc',
+        400: '#38bdf8',
+        500: '#0ea5e9',
+        600: '#0284c7',
+        700: '#0369a1',
+        800: '#075985',
+        900: '#0c4a6e'
+    },
+    blue: {
+        50: '#eff6ff',
+        100: '#dbeafe',
+        200: '#bfdbfe',
+        300: '#93c5fd',
+        400: '#60a5fa',
+        500: '#3b82f6',
+        600: '#2563eb',
+        700: '#1d4ed8',
+        800: '#1e40af',
+        900: '#1e3a8a'
+    },
+    indigo: {
+        50: '#eef2ff',
+        100: '#e0e7ff',
+        200: '#c7d2fe',
+        300: '#a5b4fc',
+        400: '#818cf8',
+        500: '#6366f1',
+        600: '#4f46e5',
+        700: '#4338ca',
+        800: '#3730a3',
+        900: '#312e81'
+    },
+    violet: {
+        50: '#f5f3ff',
+        100: '#ede9fe',
+        200: '#ddd6fe',
+        300: '#c4b5fd',
+        400: '#a78bfa',
+        500: '#8b5cf6',
+        600: '#7c3aed',
+        700: '#6d28d9',
+        800: '#5b21b6',
+        900: '#4c1d95'
+    },
+    purple: {
+        50: '#faf5ff',
+        100: '#f3e8ff',
+        200: '#e9d5ff',
+        300: '#d8b4fe',
+        400: '#c084fc',
+        500: '#a855f7',
+        600: '#9333ea',
+        700: '#7e22ce',
+        800: '#6b21a8',
+        900: '#581c87'
+    },
+    fuchsia: {
+        50: '#fdf4ff',
+        100: '#fae8ff',
+        200: '#f5d0fe',
+        300: '#f0abfc',
+        400: '#e879f9',
+        500: '#d946ef',
+        600: '#c026d3',
+        700: '#a21caf',
+        800: '#86198f',
+        900: '#701a75'
+    },
+    pink: {
+        50: '#fdf2f8',
+        100: '#fce7f3',
+        200: '#fbcfe8',
+        300: '#f9a8d4',
+        400: '#f472b6',
+        500: '#ec4899',
+        600: '#db2777',
+        700: '#be185d',
+        800: '#9d174d',
+        900: '#831843'
+    },
+    rose: {
+        50: '#fff1f2',
+        100: '#ffe4e6',
+        200: '#fecdd3',
+        300: '#fda4af',
+        400: '#fb7185',
+        500: '#f43f5e',
+        600: '#e11d48',
+        700: '#be123c',
+        800: '#9f1239',
+        900: '#881337'
+    }
+}
+
+module.exports = c;
--- a/css/fonts.css
+++ b/css/fonts.css
@@ -0,0 +1,44 @@
+/* hanken-grotesk-regular - cyrillic-ext_latin_vietnamese */
+@font-face {
+  font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
+  font-family: 'Hanken Grotesk';
+  font-style: normal;
+  font-weight: 400;
+  src: url('../fonts/hanken-grotesk-v8-cyrillic-ext_latin_vietnamese-regular.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+}
+
+/* hanken-grotesk-500 - cyrillic-ext_latin_vietnamese */
+@font-face {
+  font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
+  font-family: 'Hanken Grotesk';
+  font-style: normal;
+  font-weight: 500;
+  src: url('../fonts/hanken-grotesk-v8-cyrillic-ext_latin_vietnamese-500.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+}
+
+/* hanken-grotesk-500italic - cyrillic-ext_latin_vietnamese */
+@font-face {
+  font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
+  font-family: 'Hanken Grotesk';
+  font-style: italic;
+  font-weight: 500;
+  src: url('../fonts/hanken-grotesk-v8-cyrillic-ext_latin_vietnamese-500italic.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+}
+
+/* hanken-grotesk-700 - cyrillic-ext_latin_vietnamese */
+@font-face {
+  font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
+  font-family: 'Hanken Grotesk';
+  font-style: normal;
+  font-weight: 700;
+  src: url('../fonts/hanken-grotesk-v8-cyrillic-ext_latin_vietnamese-700.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+}
+
+/* hanken-grotesk-700italic - cyrillic-ext_latin_vietnamese */
+@font-face {
+  font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
+  font-family: 'Hanken Grotesk';
+  font-style: italic;
+  font-weight: 700;
+  src: url('../fonts/hanken-grotesk-v8-cyrillic-ext_latin_vietnamese-700italic.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+}
--- a/css/loader.css
+++ b/css/loader.css
@@ -1,6 +1,10 @@
 .loader {
    height: auto;
-    color: rgba(0, 0, 0, 0);
+    color: rgba(0, 0, 0, 0) !important;
+}
+
+.loader.rel {
+    position: relative;
 }

 .loader .dot {
@@ -15,6 +19,12 @@
    left: calc(50% - var(--radius));
    animation: osc 1s cubic-bezier(.72,.16,.31,.97) infinite;
 }
+
+.loader.rel .dot {
+    position: absolute;
+    top: 50%;
+}
+
 .loader.loader-sm .dot {
    --deviation: 10%;
 }
--- a/css/modal.css
+++ b/css/modal.css
@@ -10,54 +10,22 @@
    background-color: rgba(0,0,0,40%);
 }

-.modal-shown {
-    display: block;
+.wall {
+    position: fixed;
+    z-index: 11;
+    top: 0;
+    left: 0;
+    width: 100%;
+    height: 100%;
+    overflow: auto;
 }

-@keyframes modal-hide {
-    from { opacity: 1; }
-    to { opacity: 0; }
+html.dark .wall {
+    background-color: var(--bg-dark);
 }

-.modal-hiding {
-    animation: modal-hide 0.2s cubic-bezier(0.25, 0.46, 0.45, 0.94);
-}
-
-@keyframes modal-content-show {
-    from {
-        opacity: 0;
-        top: -6rem;
-    }
-    to {
-        opacity: 1;
-        top: 0;
-    }
-}
-
-.modal-content {
-    position: relative;
-    margin: 10% auto;
-    width: 30%;
-}
-
-.modal-content.wide {
-    width: 60%;
-}
-
-.modal-shown .modal-content {
-    animation: modal-content-show 0.3s cubic-bezier(0.25, 0.46, 0.45, 0.94);
-}
-
-@media screen and (max-width: 1000px) {
-    .modal-content.wide {
-        width: 75%;
-    }
-}
-
-@media screen and (max-width: 400px) {
-    .modal-content, .modal-content.wide {
-        width: 90%;
-    }
+html:not(.dark) .wall {
+    background-color: var(--bg-light);
 }

 .modal-close {
--- a/css/tooltip.css
+++ b/css/tooltip.css
@@ -5,6 +5,7 @@

 .tooltip .content {
    visibility: hidden;
+    opacity: 0;
    max-width: 10rem;
    min-width: 6rem;
    background-color: rgba(0, 0, 0, 0.6);
@@ -13,12 +14,23 @@
    border-radius: 6px;
    overflow-wrap: break-word;
    text-align: center;
+    transition: opacity 100ms;

    position: absolute;
    z-index: 1;
    top: -1rem;
 }

+.tooltip.below .content {
+    top: 2.5rem;
+    left: 0;
+    right: 0;
+}
+
+.tooltip.darker .content {
+    background-color: rgba(0, 0, 0, 0.8);
+}
+
 .tooltip.right .content {
    left: 120%;
 }
@@ -31,6 +43,10 @@
    font-size: 0.8rem;
 }

-.tooltip:hover .content {
+.tooltip:hover .content,
+.tooltip:focus .content,
+.tooltip:focus-within .content
+{
    visibility: visible;
+    opacity: 1;
 }
--- a/daemon.go
+++ b/daemon.go
@@ -1,50 +0,0 @@
-package main
-
-import "time"
-
-// https://bbengfort.github.io/snippets/2016/06/26/background-work-goroutines-timer.html THANKS
-
-type inviteDaemon struct {
-	Stopped         bool
-	ShutdownChannel chan string
-	Interval        time.Duration
-	period          time.Duration
-	app             *appContext
-}
-
-func newInviteDaemon(interval time.Duration, app *appContext) *inviteDaemon {
-	return &inviteDaemon{
-		Stopped:         false,
-		ShutdownChannel: make(chan string),
-		Interval:        interval,
-		period:          interval,
-		app:             app,
-	}
-}
-
-func (rt *inviteDaemon) run() {
-	rt.app.info.Println("Invite daemon started")
-	for {
-		select {
-		case <-rt.ShutdownChannel:
-			rt.ShutdownChannel <- "Down"
-			return
-		case <-time.After(rt.period):
-			break
-		}
-		started := time.Now()
-		rt.app.storage.loadInvites()
-		rt.app.debug.Println("Daemon: Checking invites")
-		rt.app.checkInvites()
-		finished := time.Now()
-		duration := finished.Sub(started)
-		rt.period = rt.Interval - duration
-	}
-}
-
-func (rt *inviteDaemon) shutdown() {
-	rt.Stopped = true
-	rt.ShutdownChannel <- "Down"
-	<-rt.ShutdownChannel
-	close(rt.ShutdownChannel)
-}
--- a/discord.go
+++ b/discord.go
@@ -0,0 +1,829 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	dg "github.com/bwmarrin/discordgo"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/timshannon/badgerhold/v4"
+)
+
+type DiscordDaemon struct {
+	Stopped                       bool
+	ShutdownChannel               chan string
+	bot                           *dg.Session
+	username                      string
+	tokens                        map[string]VerifToken  // Map of pins to tokens.
+	verifiedTokens                map[string]DiscordUser // Map of token pins to discord users.
+	Channel, InviteChannel        struct{ ID, Name string }
+	guildID                       string
+	serverChannelName, serverName string
+	users                         map[string]DiscordUser // Map of user IDs to users. Added to on first interaction, and loaded from app.storage.discord on start.
+	roleID                        string
+	app                           *appContext
+	commandHandlers               map[string]func(s *dg.Session, i *dg.InteractionCreate, lang string)
+	commandIDs                    []string
+	commandDescriptions           []*dg.ApplicationCommand
+}
+
+func newDiscordDaemon(app *appContext) (*DiscordDaemon, error) {
+	token := app.config.Section("discord").Key("token").String()
+	if token == "" {
+		return nil, fmt.Errorf("token was blank")
+	}
+	bot, err := dg.New("Bot " + token)
+	if err != nil {
+		return nil, err
+	}
+	dd := &DiscordDaemon{
+		Stopped:         false,
+		ShutdownChannel: make(chan string),
+		bot:             bot,
+		tokens:          map[string]VerifToken{},
+		verifiedTokens:  map[string]DiscordUser{},
+		users:           map[string]DiscordUser{},
+		app:             app,
+		roleID:          app.config.Section("discord").Key("apply_role").String(),
+		commandHandlers: map[string]func(s *dg.Session, i *dg.InteractionCreate, lang string){},
+		commandIDs:      []string{},
+	}
+	dd.commandHandlers[app.config.Section("discord").Key("start_command").MustString("start")] = dd.cmdStart
+	dd.commandHandlers["lang"] = dd.cmdLang
+	dd.commandHandlers["pin"] = dd.cmdPIN
+	dd.commandHandlers["inv"] = dd.cmdInvite
+	for _, user := range app.storage.GetDiscord() {
+		dd.users[user.ID] = user
+	}
+
+	return dd, nil
+}
+
+// SetTransport sets the http.Transport to use for requests. Can be used to set a proxy.
+func (d *DiscordDaemon) SetTransport(t *http.Transport) {
+	d.bot.Client.Transport = t
+}
+
+// NewAuthToken generates an 8-character pin in the form "A1-2B-CD".
+func (d *DiscordDaemon) NewAuthToken() string {
+	pin := genAuthToken()
+	d.tokens[pin] = VerifToken{Expiry: time.Now().Add(VERIF_TOKEN_EXPIRY_SEC * time.Second), JellyfinID: ""}
+	return pin
+}
+
+// NewAssignedAuthToken generates an 8-character pin in the form "A1-2B-CD",
+// and assigns it for access only with the given Jellyfin ID.
+func (d *DiscordDaemon) NewAssignedAuthToken(id string) string {
+	pin := genAuthToken()
+	d.tokens[pin] = VerifToken{Expiry: time.Now().Add(VERIF_TOKEN_EXPIRY_SEC * time.Second), JellyfinID: id}
+	return pin
+}
+
+func (d *DiscordDaemon) NewUnknownUser(channelID, userID, discrim, username string) DiscordUser {
+	user := DiscordUser{
+		ChannelID:     channelID,
+		ID:            userID,
+		Username:      username,
+		Discriminator: discrim,
+	}
+	return user
+}
+
+func (d *DiscordDaemon) MustGetUser(channelID, userID, discrim, username string) DiscordUser {
+	if user, ok := d.users[userID]; ok {
+		return user
+	}
+	return d.NewUnknownUser(channelID, userID, discrim, username)
+}
+
+func (d *DiscordDaemon) run() {
+	d.bot.AddHandler(d.commandHandler)
+
+	d.bot.Identify.Intents = dg.IntentsGuildMessages | dg.IntentsDirectMessages | dg.IntentsGuildMembers | dg.IntentsGuildInvites
+	if err := d.bot.Open(); err != nil {
+		d.app.err.Printf(lm.FailedStartDaemon, lm.Discord, err)
+		return
+	}
+	// Wait for everything to populate, it's slow sometimes.
+	for d.bot.State == nil {
+		continue
+	}
+	for d.bot.State.User == nil {
+		continue
+	}
+	d.username = d.bot.State.User.Username
+	for d.bot.State.Guilds == nil {
+		continue
+	}
+	// Choose the last guild (server), for now we don't really support multiple anyway
+	d.guildID = d.bot.State.Guilds[len(d.bot.State.Guilds)-1].ID
+	guild, err := d.bot.Guild(d.guildID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedGetDiscordGuild, err)
+	}
+	d.serverChannelName = guild.Name
+	d.serverName = guild.Name
+	if channel := d.app.config.Section("discord").Key("channel").String(); channel != "" {
+		d.Channel.Name = channel
+		d.serverChannelName += "/" + channel
+	}
+	if d.app.config.Section("discord").Key("provide_invite").MustBool(false) {
+		if invChannel := d.app.config.Section("discord").Key("invite_channel").String(); invChannel != "" {
+			d.InviteChannel.Name = invChannel
+		}
+	}
+	err = d.bot.UpdateGameStatus(0, "/"+d.app.config.Section("discord").Key("start_command").MustString("start"))
+	defer d.deregisterCommands()
+	defer d.bot.Close()
+
+	go d.registerCommands()
+
+	<-d.ShutdownChannel
+	d.ShutdownChannel <- "Down"
+	return
+}
+
+// ListRoles returns a list of available (excluding bot and @everyone) roles in a guild as a list of containing an array of the guild ID and its name.
+func (d *DiscordDaemon) ListRoles() (roles [][2]string, err error) {
+	var r []*dg.Role
+	r, err = d.bot.GuildRoles(d.guildID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedGetDiscordRoles, err)
+		return
+	}
+	for _, role := range r {
+		if role.Name != d.username && role.Name != "@everyone" {
+			roles = append(roles, [2]string{role.ID, role.Name})
+		}
+	}
+	// roles = make([][2]string, len(r))
+	// for i, role := range r {
+	// 	roles[i] = [2]string{role.ID, role.Name}
+	// }
+	return
+}
+
+// ApplyRole applies the member role to the given user if set.
+func (d *DiscordDaemon) ApplyRole(userID string) error {
+	if d.roleID == "" {
+		return nil
+	}
+	return d.bot.GuildMemberRoleAdd(d.guildID, userID, d.roleID)
+}
+
+// RemoveRole removes the member role to the given user if set.
+func (d *DiscordDaemon) RemoveRole(userID string) error {
+	if d.roleID == "" {
+		return nil
+	}
+	return d.bot.GuildMemberRoleRemove(d.guildID, userID, d.roleID)
+}
+
+// SetRoleDisabled removes the role if "disabled", and applies if "!disabled".
+func (d *DiscordDaemon) SetRoleDisabled(userID string, disabled bool) (err error) {
+	if disabled {
+		err = d.RemoveRole(userID)
+	} else {
+		err = d.ApplyRole(userID)
+	}
+	return
+}
+
+// NewTempInvite creates an invite link, and returns the invite URL, as well as the URL for the server icon.
+func (d *DiscordDaemon) NewTempInvite(ageSeconds, maxUses int) (inviteURL, iconURL string) {
+	var inv *dg.Invite
+	var err error
+	if d.InviteChannel.Name == "" {
+		d.app.err.Printf(lm.FailedCreateDiscordInviteChannel, lm.InviteChannelEmpty)
+		return
+	}
+	if d.InviteChannel.ID == "" {
+		channels, err := d.bot.GuildChannels(d.guildID)
+		if err != nil {
+			d.app.err.Printf(lm.FailedGetDiscordChannels, err)
+			return
+		}
+		found := false
+		for _, channel := range channels {
+			// channel, err := d.bot.Channel(ch.ID)
+			// if err != nil {
+			// 	d.app.err.Printf(lm.FailedGetDiscordChannel, ch.ID, err)
+			// 	return
+			// }
+			if channel.Name == d.InviteChannel.Name {
+				d.InviteChannel.ID = channel.ID
+				found = true
+				break
+			}
+		}
+		if !found {
+			d.app.err.Printf(lm.FailedGetDiscordChannel, d.InviteChannel.Name, lm.NotFound)
+			return
+		}
+	}
+	// channel, err := d.bot.Channel(d.inviteChannelID)
+	// if err != nil {
+	// 	d.app.err.Printf(lm.FailedGetDiscordChannel, d.inviteChannelID, err)
+	// 	return
+	// }
+	inv, err = d.bot.ChannelInviteCreate(d.InviteChannel.ID, dg.Invite{
+		// Guild:   d.bot.State.Guilds[len(d.bot.State.Guilds)-1],
+		// Channel: channel,
+		// Inviter: d.bot.State.User,
+		MaxAge:    ageSeconds,
+		MaxUses:   maxUses,
+		Temporary: false,
+	})
+	if err != nil {
+		d.app.err.Printf(lm.FailedGenerateDiscordInvite, err)
+		return
+	}
+	inviteURL = "https://discord.gg/" + inv.Code
+	guild, err := d.bot.Guild(d.guildID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedGetDiscordGuild, err)
+		return
+	}
+	iconURL = guild.IconURL("256")
+	return
+}
+
+// RenderDiscordUsername returns String of discord username, with support for new discriminator-less versions.
+func RenderDiscordUsername[DcUser *dg.User | DiscordUser](user DcUser) string {
+	u, ok := interface{}(user).(*dg.User)
+	var discriminator, username string
+	if ok {
+		discriminator = u.Discriminator
+		username = u.Username
+	} else {
+		u2 := interface{}(user).(DiscordUser)
+		discriminator = u2.Discriminator
+		username = u2.Username
+	}
+
+	if discriminator == "0" {
+		return "@" + username
+	}
+	return username + "#" + discriminator
+}
+
+// Returns the user(s) roughly corresponding to the username (if they are in the guild).
+// if no discriminator (#xxxx) is given in the username and there are multiple corresponding users, a list of all matching users is returned.
+func (d *DiscordDaemon) GetUsers(username string) []*dg.Member {
+	members, err := d.bot.GuildMembers(
+		d.guildID,
+		"",
+		1000,
+	)
+	if err != nil {
+		d.app.err.Printf(lm.FailedGetDiscordGuildMembers, err)
+		return nil
+	}
+	hasDiscriminator := strings.Contains(username, "#")
+	hasAt := strings.HasPrefix(username, "@")
+	if hasAt {
+		username = username[1:]
+	}
+	var users []*dg.Member
+	for _, member := range members {
+		if hasDiscriminator {
+			if member.User.Username+"#"+member.User.Discriminator == username {
+				return []*dg.Member{member}
+			}
+		}
+		if hasAt {
+			if member.User.Username == username && member.User.Discriminator == "0" {
+				return []*dg.Member{member}
+			}
+		}
+		if strings.Contains(member.User.Username, username) {
+			users = append(users, member)
+		}
+	}
+	return users
+}
+
+func (d *DiscordDaemon) NewUser(ID string) (user DiscordUser, ok bool) {
+	u, err := d.bot.User(ID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedGetUser, ID, lm.Discord, err)
+		return
+	}
+	user.ID = ID
+	user.Username = u.Username
+	user.Contact = true
+	user.Discriminator = u.Discriminator
+	channel, err := d.bot.UserChannelCreate(ID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedCreateDiscordDMChannel, ID, err)
+		return
+	}
+	user.ChannelID = channel.ID
+	ok = true
+	return
+}
+
+func (d *DiscordDaemon) Shutdown() {
+	d.Stopped = true
+	d.ShutdownChannel <- "Down"
+	<-d.ShutdownChannel
+	close(d.ShutdownChannel)
+}
+
+func (d *DiscordDaemon) registerCommands() {
+	d.commandDescriptions = []*dg.ApplicationCommand{
+		{
+			Name:        d.app.config.Section("discord").Key("start_command").MustString("start"),
+			Description: "Start the Discord linking process. The bot will send further instructions.",
+		},
+		{
+			Name:        "lang",
+			Description: "Set the language for the bot.",
+			Options: []*dg.ApplicationCommandOption{
+				{
+					Type:        dg.ApplicationCommandOptionString,
+					Name:        "language",
+					Description: "Language Name",
+					Required:    true,
+					Choices:     []*dg.ApplicationCommandOptionChoice{},
+				},
+			},
+		},
+		{
+			Name:        "pin",
+			Description: "Send PIN for Discord verification.",
+			Options: []*dg.ApplicationCommandOption{
+				{
+					Type:        dg.ApplicationCommandOptionString,
+					Name:        "pin",
+					Description: "Verification PIN (e.g AB-CD-EF)",
+					Required:    true,
+				},
+			},
+		},
+		{
+			Name:        "inv",
+			Description: "Send an invite to a discord user (admin only).",
+			Options: []*dg.ApplicationCommandOption{
+				{
+					Type:        dg.ApplicationCommandOptionUser,
+					Name:        "user",
+					Description: "User to Invite.",
+					Required:    true,
+				},
+				{
+					Type:        dg.ApplicationCommandOptionInteger,
+					Name:        "expiry",
+					Description: "Time in minutes before expiration.",
+					Required:    false,
+				},
+				/* Label should be automatically set to something like "Discord invite for @username"
+				{
+					Type:        dg.ApplicationCommandOptionString,
+					Name:        "label",
+					Description: "Label given to this invite (shown on the Admin page)",
+					Required:    false,
+				}, */
+				{
+					Type:        dg.ApplicationCommandOptionString,
+					Name:        "user_label",
+					Description: "Label given to users created with this invite.",
+					Required:    false,
+				},
+				{
+					Type:        dg.ApplicationCommandOptionString,
+					Name:        "profile",
+					Description: "Profile to apply to the created user.",
+					Required:    false,
+				},
+			},
+		},
+	}
+	d.commandDescriptions[1].Options[0].Choices = make([]*dg.ApplicationCommandOptionChoice, len(d.app.storage.lang.Telegram))
+	i := 0
+	for code := range d.app.storage.lang.Telegram {
+		d.app.debug.Printf(lm.RegisterDiscordChoice, lm.Lang, d.app.storage.lang.Telegram[code].Meta.Name+":"+code)
+		d.commandDescriptions[1].Options[0].Choices[i] = &dg.ApplicationCommandOptionChoice{
+			Name:  d.app.storage.lang.Telegram[code].Meta.Name,
+			Value: code,
+		}
+		i++
+	}
+
+	profiles := d.app.storage.GetProfiles()
+	d.commandDescriptions[3].Options[3].Choices = make([]*dg.ApplicationCommandOptionChoice, len(profiles))
+	for i, profile := range profiles {
+		d.app.debug.Printf(lm.RegisterDiscordChoice, lm.Profile, profile.Name)
+		d.commandDescriptions[3].Options[3].Choices[i] = &dg.ApplicationCommandOptionChoice{
+			Name:  profile.Name,
+			Value: profile.Name,
+		}
+	}
+
+	// d.deregisterCommands()
+
+	d.commandIDs = make([]string, len(d.commandDescriptions))
+	// cCommands, err := d.bot.ApplicationCommandBulkOverwrite(d.bot.State.User.ID, d.guildID, commands)
+	// if err != nil {
+	// 	d.app.err.Printf("Discord: Cannot create commands: %v", err)
+	// }
+	for i, cmd := range d.commandDescriptions {
+		command, err := d.bot.ApplicationCommandCreate(d.bot.State.User.ID, d.guildID, cmd)
+		if err != nil {
+			d.app.err.Printf(lm.FailedRegisterDiscordCommand, cmd.Name, err)
+		} else {
+			d.app.debug.Printf(lm.RegisterDiscordCommand, cmd.Name)
+			d.commandIDs[i] = command.ID
+		}
+	}
+}
+
+func (d *DiscordDaemon) deregisterCommands() {
+	existingCommands, err := d.bot.ApplicationCommands(d.bot.State.User.ID, d.guildID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedGetDiscordCommands, err)
+		return
+	}
+	for _, cmd := range existingCommands {
+		if err := d.bot.ApplicationCommandDelete(d.bot.State.User.ID, d.guildID, cmd.ID); err != nil {
+			d.app.err.Printf(lm.FailedDeregDiscordCommand, cmd.Name, err)
+		}
+	}
+}
+
+// UpdateCommands updates commands which have defined lists of options, to be used when changes occur.
+func (d *DiscordDaemon) UpdateCommands() {
+	// Reload Profile List
+	profiles := d.app.storage.GetProfiles()
+	d.commandDescriptions[3].Options[3].Choices = make([]*dg.ApplicationCommandOptionChoice, len(profiles))
+	for i, profile := range profiles {
+		d.app.debug.Printf(lm.RegisterDiscordChoice, lm.Profile, profile.Name)
+		d.commandDescriptions[3].Options[3].Choices[i] = &dg.ApplicationCommandOptionChoice{
+			Name:  profile.Name,
+			Value: profile.Name,
+		}
+	}
+	cmd, err := d.bot.ApplicationCommandEdit(d.bot.State.User.ID, d.guildID, d.commandIDs[3], d.commandDescriptions[3])
+	if err != nil {
+		d.app.err.Printf(lm.FailedRegisterDiscordChoices, lm.Profile, err)
+	} else {
+		d.commandIDs[3] = cmd.ID
+	}
+}
+
+func (d *DiscordDaemon) commandHandler(s *dg.Session, i *dg.InteractionCreate) {
+	if h, ok := d.commandHandlers[i.ApplicationCommandData().Name]; ok {
+		if i.GuildID != "" && d.Channel.Name != "" {
+			if d.Channel.ID == "" {
+				channel, err := s.Channel(i.ChannelID)
+				if err != nil {
+					d.app.err.Printf(lm.FailedGetDiscordChannel, i.ChannelID, err)
+					d.app.err.Println(lm.MonitorAllDiscordChannels)
+					d.Channel.Name = ""
+				}
+				if channel.Name == d.Channel.Name {
+					d.Channel.ID = channel.ID
+				}
+			}
+			if d.Channel.ID != i.ChannelID {
+				d.app.debug.Printf(lm.IgnoreOutOfChannelMessage, lm.Discord)
+				return
+			}
+		}
+		if i.Interaction.Member.User.ID == s.State.User.ID {
+			return
+		}
+		lang := d.app.storage.lang.chosenTelegramLang
+		if user, ok := d.users[i.Interaction.Member.User.ID]; ok {
+			if _, ok := d.app.storage.lang.Telegram[user.Lang]; ok {
+				lang = user.Lang
+			}
+		}
+		h(s, i, lang)
+	}
+}
+
+// cmd* methods handle slash-commands, msg* methods handle ! commands.
+
+func (d *DiscordDaemon) cmdStart(s *dg.Session, i *dg.InteractionCreate, lang string) {
+	channel, err := s.UserChannelCreate(i.Interaction.Member.User.ID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedCreateDiscordDMChannel, i.Interaction.Member.User.ID, err)
+		return
+	}
+	user := d.MustGetUser(channel.ID, i.Interaction.Member.User.ID, i.Interaction.Member.User.Discriminator, i.Interaction.Member.User.Username)
+	d.users[i.Interaction.Member.User.ID] = user
+
+	content := d.app.storage.lang.Telegram[lang].Strings.get("discordStartMessage") + "\n"
+	content += d.app.storage.lang.Telegram[lang].Strings.template("languageMessageDiscord", tmpl{"command": "/lang"})
+	err = s.InteractionRespond(i.Interaction, &dg.InteractionResponse{
+		//	Type: dg.InteractionResponseChannelMessageWithSource,
+		Type: dg.InteractionResponseChannelMessageWithSource,
+		Data: &dg.InteractionResponseData{
+			Content: content,
+			Flags:   64, // Ephemeral
+		},
+	})
+	if err != nil {
+		d.app.err.Printf(lm.FailedReply, lm.Discord, i.Interaction.Member.User.ID, err)
+		return
+	}
+}
+
+func (d *DiscordDaemon) cmdPIN(s *dg.Session, i *dg.InteractionCreate, lang string) {
+	pin := i.ApplicationCommandData().Options[0].StringValue()
+	user, ok := d.tokens[pin]
+	if !ok || time.Now().After(user.Expiry) {
+		err := s.InteractionRespond(i.Interaction, &dg.InteractionResponse{
+			//	Type: dg.InteractionResponseChannelMessageWithSource,
+			Type: dg.InteractionResponseChannelMessageWithSource,
+			Data: &dg.InteractionResponseData{
+				Content: d.app.storage.lang.Telegram[lang].Strings.get("invalidPIN"),
+				Flags:   64, // Ephemeral
+			},
+		})
+		if err != nil {
+			d.app.err.Printf(lm.FailedReply, lm.Discord, i.Interaction.Member.User.ID, err)
+		}
+		delete(d.tokens, pin)
+		return
+	}
+	err := s.InteractionRespond(i.Interaction, &dg.InteractionResponse{
+		//	Type: dg.InteractionResponseChannelMessageWithSource,
+		Type: dg.InteractionResponseChannelMessageWithSource,
+		Data: &dg.InteractionResponseData{
+			Content: d.app.storage.lang.Telegram[lang].Strings.get("pinSuccess"),
+			Flags:   64, // Ephemeral
+		},
+	})
+	if err != nil {
+		d.app.err.Printf(lm.FailedReply, lm.Discord, i.Interaction.Member.User.ID, err)
+	}
+	dcUser := d.users[i.Interaction.Member.User.ID]
+	dcUser.JellyfinID = user.JellyfinID
+	d.verifiedTokens[pin] = dcUser
+	delete(d.tokens, pin)
+}
+
+func (d *DiscordDaemon) cmdLang(s *dg.Session, i *dg.InteractionCreate, lang string) {
+	code := i.ApplicationCommandData().Options[0].StringValue()
+	if _, ok := d.app.storage.lang.Telegram[code]; ok {
+		var user DiscordUser
+		for _, u := range d.app.storage.GetDiscord() {
+			if u.ID == i.Interaction.Member.User.ID {
+				u.Lang = code
+				lang = code
+				d.app.storage.SetDiscordKey(u.JellyfinID, u)
+				user = u
+				break
+			}
+		}
+		d.users[i.Interaction.Member.User.ID] = user
+		err := s.InteractionRespond(i.Interaction, &dg.InteractionResponse{
+			//	Type: dg.InteractionResponseChannelMessageWithSource,
+			Type: dg.InteractionResponseChannelMessageWithSource,
+			Data: &dg.InteractionResponseData{
+				Content: d.app.storage.lang.Telegram[lang].Strings.template("languageSet", tmpl{"language": d.app.storage.lang.Telegram[lang].Meta.Name}),
+				Flags:   64, // Ephemeral
+			},
+		})
+		if err != nil {
+			d.app.err.Printf(lm.FailedReply, lm.Discord, i.Interaction.Member.User.ID, err)
+			return
+		}
+	}
+}
+
+func (d *DiscordDaemon) cmdInvite(s *dg.Session, i *dg.InteractionCreate, lang string) {
+	channel, err := s.UserChannelCreate(i.Interaction.Member.User.ID)
+	if err != nil {
+		d.app.err.Printf(lm.FailedCreateDiscordDMChannel, i.Interaction.Member.User.ID, err)
+		return
+	}
+	requester := d.MustGetUser(channel.ID, i.Interaction.Member.User.ID, i.Interaction.Member.User.Discriminator, i.Interaction.Member.User.Username)
+	d.users[i.Interaction.Member.User.ID] = requester
+	recipient := i.ApplicationCommandData().Options[0].UserValue(s)
+	// d.app.debug.Println(invuser)
+	//label := i.ApplicationCommandData().Options[2].StringValue()
+	//profile := i.ApplicationCommandData().Options[3].StringValue()
+	//mins, err := strconv.Atoi(i.ApplicationCommandData().Options[1].StringValue())
+	//if mins > 0 {
+	//	expmin = mins
+	//}
+	//	Check whether requestor is linked to the admin account
+	requesterEmail, ok := d.app.storage.GetEmailsKey(requester.JellyfinID)
+	if !(ok && requesterEmail.Admin) {
+		d.app.err.Printf(lm.FailedGenerateInvite, fmt.Sprintf(lm.NonAdminUser, requester.JellyfinID))
+		// FIXME: add response message
+		return
+	}
+
+	var expiryMinutes int64 = 30
+	userLabel := ""
+	profileName := ""
+
+	for i, opt := range i.ApplicationCommandData().Options {
+		if i == 0 {
+			continue
+		}
+		switch opt.Name {
+		case "expiry":
+			expiryMinutes = opt.IntValue()
+		case "user_label":
+			userLabel = opt.StringValue()
+		case "profile":
+			profileName = opt.StringValue()
+		}
+	}
+
+	currentTime := time.Now()
+
+	validTill := currentTime.Add(time.Minute * time.Duration(expiryMinutes))
+
+	invite := Invite{
+		Code:          GenerateInviteCode(),
+		Created:       currentTime,
+		RemainingUses: 1,
+		UserExpiry:    false,
+		ValidTill:     validTill,
+		UserLabel:     userLabel,
+		Profile:       "Default",
+		Label:         fmt.Sprintf("%s: %s", lm.Discord, RenderDiscordUsername(recipient)),
+	}
+	if profileName != "" {
+		if _, ok := d.app.storage.GetProfileKey(profileName); ok {
+			invite.Profile = profileName
+		}
+	}
+
+	if recipient != nil && d.app.config.Section("invite_emails").Key("enabled").MustBool(false) {
+		invname, err := d.bot.GuildMember(d.guildID, recipient.ID)
+		invite.SendTo = invname.User.Username
+		msg, err := d.app.email.constructInvite(invite.Code, invite, d.app, false)
+		if err != nil {
+			invite.SendTo = fmt.Sprintf(lm.FailedConstructInviteMessage, invite.Code, err)
+			d.app.err.Println(invite.SendTo)
+			err := s.InteractionRespond(i.Interaction, &dg.InteractionResponse{
+				Type: dg.InteractionResponseChannelMessageWithSource,
+				Data: &dg.InteractionResponseData{
+					Content: d.app.storage.lang.Telegram[lang].Strings.get("sentInviteFailure"),
+					Flags:   64, // Ephemeral
+				},
+			})
+			if err != nil {
+				d.app.err.Printf(lm.FailedReply, lm.Discord, requester.ID, err)
+			}
+		} else {
+			var err error
+			err = d.app.discord.SendDM(msg, recipient.ID)
+			if err != nil {
+				invite.SendTo = fmt.Sprintf(lm.FailedSendInviteMessage, invite.Code, RenderDiscordUsername(recipient), err)
+				d.app.err.Println(invite.SendTo)
+				err := s.InteractionRespond(i.Interaction, &dg.InteractionResponse{
+					Type: dg.InteractionResponseChannelMessageWithSource,
+					Data: &dg.InteractionResponseData{
+						Content: d.app.storage.lang.Telegram[lang].Strings.get("sentInviteFailure"),
+						Flags:   64, // Ephemeral
+					},
+				})
+				if err != nil {
+					d.app.err.Printf(lm.FailedReply, lm.Discord, requester.ID, err)
+				}
+			} else {
+				d.app.info.Printf(lm.SentInviteMessage, invite.Code, RenderDiscordUsername(recipient))
+				err := s.InteractionRespond(i.Interaction, &dg.InteractionResponse{
+					Type: dg.InteractionResponseChannelMessageWithSource,
+					Data: &dg.InteractionResponseData{
+						Content: d.app.storage.lang.Telegram[lang].Strings.get("sentInvite"),
+						Flags:   64, // Ephemeral
+					},
+				})
+				if err != nil {
+					d.app.err.Printf(lm.FailedReply, lm.Discord, requester.ID, err)
+				}
+			}
+		}
+	}
+	//if profile != "" {
+	d.app.storage.SetInvitesKey(invite.Code, invite)
+}
+
+func (d *DiscordDaemon) SendDM(message *Message, userID ...string) error {
+	channels := make([]string, len(userID))
+	for i, id := range userID {
+		channel, err := d.bot.UserChannelCreate(id)
+		if err != nil {
+			return err
+		}
+		channels[i] = channel.ID
+	}
+	return d.Send(message, channels...)
+}
+
+func (d *DiscordDaemon) Send(message *Message, channelID ...string) error {
+	msg := ""
+	var embeds []*dg.MessageEmbed
+	if message.Markdown != "" {
+		msg, embeds = StripAltText(message.Markdown, true)
+	} else {
+		msg = message.Text
+	}
+	for _, id := range channelID {
+		var err error
+		if len(embeds) != 0 {
+			_, err = d.bot.ChannelMessageSendComplex(
+				id,
+				&dg.MessageSend{
+					Content: msg,
+					Embed:   embeds[0],
+				},
+			)
+			if err != nil {
+				return err
+			}
+			for i := 1; i < len(embeds); i++ {
+				_, err := d.bot.ChannelMessageSendEmbed(id, embeds[i])
+				if err != nil {
+					return err
+				}
+			}
+		} else {
+			_, err := d.bot.ChannelMessageSend(
+				id,
+				msg,
+			)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// UserVerified returns whether or not a token with the given PIN has been verified, and the user itself.
+func (d *DiscordDaemon) UserVerified(pin string) (ContactMethodUser, bool) {
+	u, ok := d.verifiedTokens[pin]
+	// delete(d.verifiedTokens, pin)
+	return &u, ok
+}
+
+// AssignedUserVerified returns whether or not a user with the given PIN has been verified, and the token itself.
+// Returns false if the given Jellyfin ID does not match the one in the user.
+func (d *DiscordDaemon) AssignedUserVerified(pin string, jfID string) (user DiscordUser, ok bool) {
+	user, ok = d.verifiedTokens[pin]
+	if ok && user.JellyfinID != jfID {
+		ok = false
+	}
+	// delete(d.verifiedUsers, pin)
+	return
+}
+
+// UserExists returns whether or not a user with the given ID exists.
+func (d *DiscordDaemon) UserExists(id string) bool {
+	c, err := d.app.storage.db.Count(&DiscordUser{}, badgerhold.Where("ID").Eq(id))
+	return err != nil || c > 0
+}
+
+// Exists returns whether or not the given user exists.
+func (d *DiscordDaemon) Exists(user ContactMethodUser) bool {
+	return d.UserExists(user.MethodID().(string))
+}
+
+// DeleteVerifiedToken removes the token with the given PIN.
+func (d *DiscordDaemon) DeleteVerifiedToken(PIN string) {
+	delete(d.verifiedTokens, PIN)
+}
+
+func (d *DiscordDaemon) PIN(req newUserDTO) string { return req.DiscordPIN }
+
+func (d *DiscordDaemon) Name() string { return lm.Discord }
+
+func (d *DiscordDaemon) Required() bool {
+	return d.app.config.Section("discord").Key("required").MustBool(false)
+}
+
+func (d *DiscordDaemon) UniqueRequired() bool {
+	return d.app.config.Section("discord").Key("require_unique").MustBool(false)
+}
+
+func (d *DiscordDaemon) PostVerificationTasks(PIN string, u ContactMethodUser) error {
+	err := d.ApplyRole(u.MethodID().(string))
+	if err != nil {
+		return fmt.Errorf(lm.FailedSetDiscordMemberRole, err)
+	}
+	return err
+}
+
+func (d *DiscordUser) Name() string                          { return RenderDiscordUsername(*d) }
+func (d *DiscordUser) SetMethodID(id any)                    { d.ID = id.(string) }
+func (d *DiscordUser) MethodID() any                         { return d.ID }
+func (d *DiscordUser) SetJellyfin(id string)                 { d.JellyfinID = id }
+func (d *DiscordUser) Jellyfin() string                      { return d.JellyfinID }
+func (d *DiscordUser) SetAllowContactFromDTO(req newUserDTO) { d.Contact = req.DiscordContact }
+func (d *DiscordUser) SetAllowContact(contact bool)          { d.Contact = contact }
+func (d *DiscordUser) AllowContact() bool                    { return d.Contact }
+func (d *DiscordUser) Store(st *Storage) {
+	st.SetDiscordKey(d.Jellyfin(), *d)
+}
--- a/easyproxy/easyproxy.go
+++ b/easyproxy/easyproxy.go
@@ -0,0 +1,83 @@
+// Package easyproxy provides a method to quickly create a http.Transport or net.Conn using given proxy details (SOCKS5 or HTTP).
+package easyproxy
+
+import (
+	"crypto/tls"
+	"net/http"
+	"net/url"
+
+	"github.com/magisterquis/connectproxy"
+	"golang.org/x/net/proxy"
+)
+
+type Protocol int
+
+const (
+	SOCKS5 Protocol = iota // SOCKS5
+	HTTP                   // HTTP
+)
+
+type ProxyConfig struct {
+	Protocol Protocol
+	Addr     string
+	User     string
+	Password string
+}
+
+// NewTransport returns a http.Transport using the given proxy details. Leave user/pass blank if not needed.
+func NewTransport(c ProxyConfig) (*http.Transport, error) {
+	t := &http.Transport{}
+	if c.Protocol == HTTP {
+		u := &url.URL{
+			Scheme: "http",
+			Host:   c.Addr,
+		}
+		if c.User != "" && c.Password != "" {
+			u.User = url.UserPassword(c.User, c.Password)
+		}
+		t.Proxy = http.ProxyURL(u)
+		return t, nil
+	}
+	var auth *proxy.Auth = nil
+	if c.User != "" && c.Password != "" {
+		auth = &proxy.Auth{User: c.User, Password: c.Password}
+	}
+	dialer, err := proxy.SOCKS5("tcp", c.Addr, auth, proxy.Direct)
+	if err != nil {
+		return nil, err
+	}
+	t.Dial = dialer.Dial
+	return t, nil
+}
+
+// NewConn returns a tls.Conn to "addr" using the given proxy details. Leave user/pass blank if not needed.
+func NewConn(c ProxyConfig, addr string, tlsConf *tls.Config) (*tls.Conn, error) {
+	var proxyDialer proxy.Dialer
+	var err error
+	if c.Protocol == SOCKS5 {
+		var auth *proxy.Auth = nil
+		if c.User != "" && c.Password != "" {
+			auth = &proxy.Auth{User: c.User, Password: c.Password}
+		}
+		proxyDialer, err = proxy.SOCKS5("tcp", c.Addr, auth, proxy.Direct)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		u := &url.URL{
+			Scheme: "http",
+			Host:   c.Addr,
+		}
+		if c.User != "" && c.Password != "" {
+			u.User = url.UserPassword(c.User, c.Password)
+		}
+		proxyDialer, err = connectproxy.New(u, proxy.Direct)
+	}
+
+	dialer, err := proxyDialer.Dial("tcp", addr)
+	if err != nil {
+		return nil, err
+	}
+	conn := tls.Client(dialer, tlsConf)
+	return conn, nil
+}
--- a/easyproxy/go.mod
+++ b/easyproxy/go.mod
@@ -0,0 +1,7 @@
+module github.com/hrfee/jfa-go/easyproxy
+
+go 1.18
+
+require golang.org/x/net v0.36.0
+
+require github.com/magisterquis/connectproxy v0.0.0-20200725203833-3582e84f0c9b
--- a/easyproxy/go.sum
+++ b/easyproxy/go.sum
@@ -0,0 +1,4 @@
+github.com/magisterquis/connectproxy v0.0.0-20200725203833-3582e84f0c9b h1:xZ59n7Frzh8CwyfAapUZLSg+gXH5m63YEaFCMpDHhpI=
+github.com/magisterquis/connectproxy v0.0.0-20200725203833-3582e84f0c9b/go.mod h1:uDd4sYVYsqcxAB8j+Q7uhL6IJCs/r1kxib1HV4bgOMg=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
--- a/email.go
+++ b/email.go
@@ -10,90 +10,32 @@ import (
 	"html/template"
 	"io"
 	"io/fs"
-	"net/smtp"
+	"net/http"
+	"net/url"
 	"os"
 	"strconv"
 	"strings"
-	"sync"
 	textTemplate "text/template"
 	"time"

 	"github.com/gomarkdown/markdown"
 	"github.com/gomarkdown/markdown/html"
+	"github.com/hrfee/jfa-go/easyproxy"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/hrfee/mediabrowser"
 	"github.com/itchyny/timefmt-go"
-	jEmail "github.com/jordan-wright/email"
 	"github.com/mailgun/mailgun-go/v4"
+	"github.com/timshannon/badgerhold/v4"
+	sMail "github.com/xhit/go-simple-mail/v2"
 )

-// implements email sending, right now via smtp or mailgun.
+var markdownRenderer = html.NewRenderer(html.RendererOptions{Flags: html.Smartypants})
+
+// EmailClient implements email sending, right now via smtp, mailgun or a dummy client.
 type EmailClient interface {
 	Send(fromName, fromAddr string, message *Message, address ...string) error
 }

-type DummyClient struct{}
-
-func (dc *DummyClient) Send(fromName, fromAddr string, email *Message, address ...string) error {
-	fmt.Printf("FROM: %s <%s>\nTO: %s\nTEXT: %s\n", fromName, fromAddr, strings.Join(address, ", "), email.Text)
-	return nil
-}
-
-// Mailgun client implements emailClient.
-type Mailgun struct {
-	client *mailgun.MailgunImpl
-}
-
-func (mg *Mailgun) Send(fromName, fromAddr string, email *Message, address ...string) error {
-	message := mg.client.NewMessage(
-		fmt.Sprintf("%s <%s>", fromName, fromAddr),
-		email.Subject,
-		email.Text,
-	)
-	for _, a := range address {
-		// Adding variable tells mailgun to do a batch send, so users don't see other recipients.
-		message.AddRecipientAndVariables(a, map[string]interface{}{"unique_id": a})
-	}
-	message.SetHtml(email.HTML)
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
-	defer cancel()
-	_, _, err := mg.client.Send(ctx, message)
-	return err
-}
-
-// SMTP supports SSL/TLS and STARTTLS; implements emailClient.
-type SMTP struct {
-	sslTLS    bool
-	server    string
-	port      int
-	auth      smtp.Auth
-	tlsConfig *tls.Config
-}
-
-func (sm *SMTP) Send(fromName, fromAddr string, email *Message, address ...string) error {
-	server := fmt.Sprintf("%s:%d", sm.server, sm.port)
-	from := fmt.Sprintf("%s <%s>", fromName, fromAddr)
-	var wg sync.WaitGroup
-	var err error
-	for _, addr := range address {
-		wg.Add(1)
-		go func(addr string) {
-			defer wg.Done()
-			e := jEmail.NewEmail()
-			e.Subject = email.Subject
-			e.From = from
-			e.Text = []byte(email.Text)
-			e.HTML = []byte(email.HTML)
-			e.To = []string{addr}
-			if sm.sslTLS {
-				err = e.SendWithTLS(server, sm.auth, sm.tlsConfig)
-			} else {
-				err = e.SendWithStartTLS(server, sm.auth, sm.tlsConfig)
-			}
-		}(addr)
-	}
-	wg.Wait()
-	return err
-}
-
 // Emailer contains the email sender, translations, and methods to construct messages.
 type Emailer struct {
 	fromAddr, fromName string
@@ -139,44 +81,77 @@ func NewEmailer(app *appContext) *Emailer {
 	}
 	method := app.config.Section("email").Key("method").String()
 	if method == "smtp" {
-		sslTls := false
+		sslTLS := false
 		if app.config.Section("smtp").Key("encryption").String() == "ssl_tls" {
-			sslTls = true
+			sslTLS = true
 		}
-		username := ""
-		if u := app.config.Section("smtp").Key("username").MustString(""); u != "" {
-			username = u
-		} else {
+		username := app.config.Section("smtp").Key("username").MustString("")
+		password := app.config.Section("smtp").Key("password").String()
+		if username == "" && password != "" {
 			username = emailer.fromAddr
 		}
-		err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, app.config.Section("smtp").Key("password").String(), sslTls, app.config.Section("smtp").Key("ssl_cert").MustString(""))
+		var proxyConf *easyproxy.ProxyConfig = nil
+		if app.proxyEnabled {
+			proxyConf = &app.proxyConfig
+		}
+		authType := sMail.AuthType(app.config.Section("smtp").Key("auth_type").MustInt(4))
+		err := emailer.NewSMTP(app.config.Section("smtp").Key("server").String(), app.config.Section("smtp").Key("port").MustInt(465), username, password, sslTLS, app.config.Section("smtp").Key("ssl_cert").MustString(""), app.config.Section("smtp").Key("hello_hostname").String(), app.config.Section("smtp").Key("cert_validation").MustBool(true), authType, proxyConf)
 		if err != nil {
-			app.err.Printf("Error while initiating SMTP mailer: %v", err)
+			app.err.Printf(lm.FailedInitSMTP, err)
 		}
 	} else if method == "mailgun" {
-		emailer.NewMailgun(app.config.Section("mailgun").Key("api_url").String(), app.config.Section("mailgun").Key("api_key").String())
+		emailer.NewMailgun(app.config.Section("mailgun").Key("api_url").String(), app.config.Section("mailgun").Key("api_key").String(), app.proxyTransport)
 	} else if method == "dummy" {
 		emailer.sender = &DummyClient{}
 	}
 	return emailer
 }

-// NewMailgun returns a Mailgun emailClient.
-func (emailer *Emailer) NewMailgun(url, key string) {
-	sender := &Mailgun{
-		client: mailgun.NewMailgun(strings.Split(emailer.fromAddr, "@")[1], key),
-	}
-	// Mailgun client takes the base url, so we need to trim off the end (e.g 'v3/messages')
-	if strings.Contains(url, "messages") {
-		url = url[0:strings.LastIndex(url, "/")]
-		url = url[0:strings.LastIndex(url, "/")]
-	}
-	sender.client.SetAPIBase(url)
-	emailer.sender = sender
+// DummyClient just logs the email to the console for debugging purposes. It can be used by settings [email]/method to "dummy".
+type DummyClient struct{}
+
+func (dc *DummyClient) Send(fromName, fromAddr string, email *Message, address ...string) error {
+	fmt.Printf("FROM: %s <%s>\nTO: %s\nTEXT: %s\n", fromName, fromAddr, strings.Join(address, ", "), email.Text)
+	return nil
+}
+
+// SMTP supports SSL/TLS and STARTTLS; implements EmailClient.
+type SMTP struct {
+	Client *sMail.SMTPServer
 }

 // NewSMTP returns an SMTP emailClient.
-func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string) (err error) {
+func (emailer *Emailer) NewSMTP(server string, port int, username, password string, sslTLS bool, certPath string, helloHostname string, validateCertificate bool, authType sMail.AuthType, proxy *easyproxy.ProxyConfig) (err error) {
+	sender := &SMTP{}
+	sender.Client = sMail.NewSMTPClient()
+	if sslTLS {
+		sender.Client.Encryption = sMail.EncryptionSSLTLS
+	} else {
+		sender.Client.Encryption = sMail.EncryptionSTARTTLS
+	}
+	if username != "" || password != "" {
+		sender.Client.Authentication = authType
+		sender.Client.Username = username
+		sender.Client.Password = password
+	}
+	sender.Client.Helo = helloHostname
+	sender.Client.ConnectTimeout, sender.Client.SendTimeout = 15*time.Second, 15*time.Second
+	sender.Client.Host = server
+	sender.Client.Port = port
+	sender.Client.KeepAlive = false
+
+	// x509.SystemCertPool is unavailable on windows
+	if PLATFORM == "windows" {
+		sender.Client.TLSConfig = &tls.Config{
+			InsecureSkipVerify: !validateCertificate,
+			ServerName:         server,
+		}
+		if proxy != nil {
+			sender.Client.CustomConn, err = easyproxy.NewConn(*proxy, fmt.Sprintf("%s:%d", server, port), sender.Client.TLSConfig)
+		}
+		emailer.sender = sender
+		return
+	}
 	rootCAs, err := x509.SystemCertPool()
 	if rootCAs == nil || err != nil {
 		rootCAs = x509.NewCertPool()
@@ -188,20 +163,81 @@ func (emailer *Emailer) NewSMTP(server string, port int, username, password stri
 			err = errors.New("Failed to append cert to pool")
 		}
 	}
-	emailer.sender = &SMTP{
-		auth:   smtp.PlainAuth("", username, password, server),
-		server: server,
-		port:   port,
-		sslTLS: sslTLS,
-		tlsConfig: &tls.Config{
-			InsecureSkipVerify: false,
-			ServerName:         server,
-			RootCAs:            rootCAs,
-		},
+	sender.Client.TLSConfig = &tls.Config{
+		InsecureSkipVerify: !validateCertificate,
+		ServerName:         server,
+		RootCAs:            rootCAs,
 	}
+	if proxy != nil {
+		sender.Client.CustomConn, err = easyproxy.NewConn(*proxy, fmt.Sprintf("%s:%d", server, port), sender.Client.TLSConfig)
+	}
+	emailer.sender = sender
 	return
 }

+func (sm *SMTP) Send(fromName, fromAddr string, email *Message, address ...string) error {
+	from := fmt.Sprintf("%s <%s>", fromName, fromAddr)
+	var cli *sMail.SMTPClient
+	var err error
+	cli, err = sm.Client.Connect()
+	if err != nil {
+		return err
+	}
+	defer cli.Close()
+	e := sMail.NewMSG()
+	e.SetFrom(from)
+	e.SetSubject(email.Subject)
+	e.AddTo(address...)
+	e.SetBody(sMail.TextPlain, email.Text)
+	if email.HTML != "" {
+		e.AddAlternative(sMail.TextHTML, email.HTML)
+	}
+	err = e.Send(cli)
+	return err
+}
+
+// Mailgun client implements EmailClient.
+type Mailgun struct {
+	client *mailgun.MailgunImpl
+}
+
+// NewMailgun returns a Mailgun emailClient.
+func (emailer *Emailer) NewMailgun(url, key string, transport *http.Transport) {
+	sender := &Mailgun{
+		client: mailgun.NewMailgun(strings.Split(emailer.fromAddr, "@")[1], key),
+	}
+	if transport != nil {
+		cli := sender.client.Client()
+		cli.Transport = transport
+	}
+	// Mailgun client takes the base url, so we need to trim off the end (e.g 'v3/messages')
+	if strings.Contains(url, "messages") {
+		url = url[0:strings.LastIndex(url, "/")]
+	}
+	if strings.Contains(url, "v3") {
+		url = url[0:strings.LastIndex(url, "/")]
+	}
+	sender.client.SetAPIBase(url)
+	emailer.sender = sender
+}
+
+func (mg *Mailgun) Send(fromName, fromAddr string, email *Message, address ...string) error {
+	message := mg.client.NewMessage(
+		fmt.Sprintf("%s <%s>", fromName, fromAddr),
+		email.Subject,
+		email.Text,
+	)
+	for _, a := range address {
+		// Adding variable tells mailgun to do a batch send, so users don't see other recipients.
+		message.AddRecipientAndVariables(a, map[string]interface{}{"unique_id": a})
+	}
+	message.SetHtml(email.HTML)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+	defer cancel()
+	_, _, err := mg.client.Send(ctx, message)
+	return err
+}
+
 type templ interface {
 	Execute(wr io.Writer, data interface{}) error
 }
@@ -215,9 +251,8 @@ func (emailer *Emailer) construct(app *appContext, section, keyFragment string,
 	}
 	var keys []string
 	plaintext := app.config.Section("email").Key("plaintext").MustBool(false)
-	telegram := app.config.Section("telegram").Key("enabled").MustBool(false)
 	if plaintext {
-		if telegram {
+		if telegramEnabled || discordEnabled {
 			keys = []string{"text"}
 			text, markdown = "", ""
 		} else {
@@ -225,7 +260,7 @@ func (emailer *Emailer) construct(app *appContext, section, keyFragment string,
 			text = ""
 		}
 	} else {
-		if telegram {
+		if telegramEnabled || discordEnabled {
 			keys = []string{"html", "text", "markdown"}
 		} else {
 			keys = []string{"html", "text"}
@@ -290,8 +325,12 @@ func (emailer *Emailer) confirmationValues(code, username, key string, app *appC
 		}
 	} else {
 		message := app.config.Section("messages").Key("message").String()
-		inviteLink := app.config.Section("invite_emails").Key("url_base").String()
-		inviteLink = fmt.Sprintf("%s/%s?key=%s", inviteLink, code, key)
+		inviteLink := app.ExternalURI
+		if code == "" { // Personal email change
+			inviteLink = fmt.Sprintf("%s/my/confirm/%s", inviteLink, url.PathEscape(key))
+		} else { // Invite email confirmation
+			inviteLink = fmt.Sprintf("%s%s/%s?key=%s", inviteLink, PAGES.Form, code, url.PathEscape(key))
+		}
 		template["helloUser"] = emailer.lang.Strings.template("helloUser", tmpl{"username": username})
 		template["confirmationURL"] = inviteLink
 		template["message"] = message
@@ -305,10 +344,11 @@ func (emailer *Emailer) constructConfirmation(code, username, key string, app *a
 	}
 	var err error
 	template := emailer.confirmationValues(code, username, key, app, noSub)
-	if app.storage.customEmails.EmailConfirmation.Enabled {
+	message := app.storage.MustGetCustomContentKey("EmailConfirmation")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.EmailConfirmation.Content,
-			app.storage.customEmails.EmailConfirmation.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -322,19 +362,27 @@ func (emailer *Emailer) constructConfirmation(code, username, key string, app *a
 	return email, nil
 }

-func (emailer *Emailer) constructTemplate(subject, md string, app *appContext) (*Message, error) {
+// username is optional, but should only be passed once.
+func (emailer *Emailer) constructTemplate(subject, md string, app *appContext, username ...string) (*Message, error) {
+	if len(username) != 0 {
+		md = templateEmail(md, []string{"{username}"}, nil, map[string]interface{}{"username": username[0]})
+		subject = templateEmail(subject, []string{"{username}"}, nil, map[string]interface{}{"username": username[0]})
+	}
 	email := &Message{Subject: subject}
-	renderer := html.NewRenderer(html.RendererOptions{Flags: html.Smartypants})
-	html := markdown.ToHTML([]byte(md), nil, renderer)
+	html := markdown.ToHTML([]byte(md), nil, markdownRenderer)
 	text := stripMarkdown(md)
 	message := app.config.Section("messages").Key("message").String()
 	var err error
-	email.HTML, email.Text, email.Markdown, err = emailer.construct(app, "template_email", "email_", map[string]interface{}{
+	data := map[string]interface{}{
 		"text":      template.HTML(html),
 		"plaintext": text,
 		"message":   message,
 		"md":        md,
-	})
+	}
+	if len(username) != 0 {
+		data["username"] = username[0]
+	}
+	email.HTML, email.Text, email.Markdown, err = emailer.construct(app, "template_email", "email_", data)
 	if err != nil {
 		return nil, err
 	}
@@ -345,8 +393,7 @@ func (emailer *Emailer) inviteValues(code string, invite Invite, app *appContext
 	expiry := invite.ValidTill
 	d, t, expiresIn := emailer.formatExpiry(expiry, false, app.datePattern, app.timePattern)
 	message := app.config.Section("messages").Key("message").String()
-	inviteLink := app.config.Section("invite_emails").Key("url_base").String()
-	inviteLink = fmt.Sprintf("%s/%s", inviteLink, code)
+	inviteLink := fmt.Sprintf("%s%s/%s", app.ExternalURI, PAGES.Form, code)
 	template := map[string]interface{}{
 		"hello":              emailer.lang.InviteEmail.get("hello"),
 		"youHaveBeenInvited": emailer.lang.InviteEmail.get("youHaveBeenInvited"),
@@ -377,10 +424,11 @@ func (emailer *Emailer) constructInvite(code string, invite Invite, app *appCont
 	}
 	template := emailer.inviteValues(code, invite, app, noSub)
 	var err error
-	if app.storage.customEmails.InviteEmail.Enabled {
+	message := app.storage.MustGetCustomContentKey("InviteEmail")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.InviteEmail.Content,
-			app.storage.customEmails.InviteEmail.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -416,10 +464,11 @@ func (emailer *Emailer) constructExpiry(code string, invite Invite, app *appCont
 	}
 	var err error
 	template := emailer.expiryValues(code, invite, app, noSub)
-	if app.storage.customEmails.InviteExpiry.Enabled {
+	message := app.storage.MustGetCustomContentKey("InviteExpiry")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.InviteExpiry.Content,
-			app.storage.customEmails.InviteExpiry.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -470,10 +519,11 @@ func (emailer *Emailer) constructCreated(code, username, address string, invite
 	}
 	template := emailer.createdValues(code, username, address, invite, app, noSub)
 	var err error
-	if app.storage.customEmails.UserCreated.Enabled {
+	message := app.storage.MustGetCustomContentKey("UserCreated")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.UserCreated.Content,
-			app.storage.customEmails.UserCreated.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -517,17 +567,16 @@ func (emailer *Emailer) resetValues(pwr PasswordReset, app *appContext, noSub bo
 	} else {
 		template["helloUser"] = emailer.lang.Strings.template("helloUser", tmpl{"username": pwr.Username})
 		template["codeExpiry"] = emailer.lang.PasswordReset.template("codeExpiry", tmpl{"date": d, "time": t, "expiresInMinutes": expiresIn})
-		inviteLink := app.config.Section("invite_emails").Key("url_base").String()
 		if linkResetEnabled {
-			if inviteLink != "" {
+			pinLink, err := app.GenResetLink(pwr.Pin)
+			if err == nil {
 				// Strip /invite form end of this URL, ik its ugly.
 				template["link_reset"] = true
-				pinLink := fmt.Sprintf("%s/reset?pin=%s", strings.Replace(inviteLink, "/invite", "", 1), pwr.Pin)
 				template["pin"] = pinLink
 				// Only used in html email.
 				template["pin_code"] = pwr.Pin
 			} else {
-				app.info.Println("Password Reset link disabled as no URL Base provided. Set in Settings > Invite Emails.")
+				app.info.Printf(lm.FailedGeneratePWRLink, err)
 				template["pin"] = pwr.Pin
 			}
 		} else {
@@ -544,10 +593,11 @@ func (emailer *Emailer) constructReset(pwr PasswordReset, app *appContext, noSub
 	}
 	template := emailer.resetValues(pwr, app, noSub)
 	var err error
-	if app.storage.customEmails.PasswordReset.Enabled {
+	message := app.storage.MustGetCustomContentKey("PasswordReset")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.PasswordReset.Content,
-			app.storage.customEmails.PasswordReset.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -585,10 +635,11 @@ func (emailer *Emailer) constructDeleted(reason string, app *appContext, noSub b
 	}
 	var err error
 	template := emailer.deletedValues(reason, app, noSub)
-	if app.storage.customEmails.UserDeleted.Enabled {
+	message := app.storage.MustGetCustomContentKey("UserDeleted")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.UserDeleted.Content,
-			app.storage.customEmails.UserDeleted.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -626,10 +677,11 @@ func (emailer *Emailer) constructDisabled(reason string, app *appContext, noSub
 	}
 	var err error
 	template := emailer.disabledValues(reason, app, noSub)
-	if app.storage.customEmails.UserDisabled.Enabled {
+	message := app.storage.MustGetCustomContentKey("UserDisabled")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.UserDisabled.Content,
-			app.storage.customEmails.UserDisabled.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -667,10 +719,11 @@ func (emailer *Emailer) constructEnabled(reason string, app *appContext, noSub b
 	}
 	var err error
 	template := emailer.enabledValues(reason, app, noSub)
-	if app.storage.customEmails.UserEnabled.Enabled {
+	message := app.storage.MustGetCustomContentKey("UserEnabled")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.UserEnabled.Content,
-			app.storage.customEmails.UserEnabled.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -684,6 +737,72 @@ func (emailer *Emailer) constructEnabled(reason string, app *appContext, noSub b
 	return email, nil
 }

+func (emailer *Emailer) expiryAdjustedValues(username string, expiry time.Time, reason string, app *appContext, noSub bool, custom bool) map[string]interface{} {
+	template := map[string]interface{}{
+		"yourExpiryWasAdjusted": emailer.lang.UserExpiryAdjusted.get("yourExpiryWasAdjusted"),
+		"ifPreviouslyDisabled":  emailer.lang.UserExpiryAdjusted.get("ifPreviouslyDisabled"),
+		"reasonString":          emailer.lang.Strings.get("reason"),
+		"newExpiry":             "",
+		"message":               "",
+	}
+	if noSub {
+		template["helloUser"] = emailer.lang.Strings.get("helloUser")
+		empty := []string{"reason", "newExpiry"}
+		for _, v := range empty {
+			template[v] = "{" + v + "}"
+		}
+	} else {
+		template["reason"] = reason
+		template["message"] = app.config.Section("messages").Key("message").String()
+		template["helloUser"] = emailer.lang.Strings.template("helloUser", tmpl{"username": username})
+		exp := app.formatDatetime(expiry)
+		if !expiry.IsZero() {
+			if custom {
+				template["newExpiry"] = exp
+			} else if !expiry.IsZero() {
+				template["newExpiry"] = emailer.lang.UserExpiryAdjusted.template("newExpiry", tmpl{
+					"date": exp,
+				})
+			}
+		}
+	}
+	return template
+}
+
+func (emailer *Emailer) constructExpiryAdjusted(username string, expiry time.Time, reason string, app *appContext, noSub bool) (*Message, error) {
+	email := &Message{
+		Subject: app.config.Section("user_expiry").Key("adjustment_subject").MustString(emailer.lang.UserExpiryAdjusted.get("title")),
+	}
+	var err error
+	var template map[string]interface{}
+	message := app.storage.MustGetCustomContentKey("UserExpiryAdjusted")
+	if message.Enabled {
+		template = emailer.expiryAdjustedValues(username, expiry, reason, app, noSub, true)
+	} else {
+		template = emailer.expiryAdjustedValues(username, expiry, reason, app, noSub, false)
+	}
+	if noSub {
+		template["newExpiry"] = emailer.lang.UserExpiryAdjusted.template("newExpiry", tmpl{
+			"date": "{newExpiry}",
+		})
+	}
+	if message.Enabled {
+		content := templateEmail(
+			message.Content,
+			message.Variables,
+			nil,
+			template,
+		)
+		email, err = emailer.constructTemplate(email.Subject, content, app)
+	} else {
+		email.HTML, email.Text, email.Markdown, err = emailer.construct(app, "user_expiry", "adjustment_email_", template)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return email, nil
+}
+
 func (emailer *Emailer) welcomeValues(username string, expiry time.Time, app *appContext, noSub bool, custom bool) map[string]interface{} {
 	template := map[string]interface{}{
 		"welcome":               emailer.lang.WelcomeEmail.get("welcome"),
@@ -722,7 +841,8 @@ func (emailer *Emailer) constructWelcome(username string, expiry time.Time, app
 	}
 	var err error
 	var template map[string]interface{}
-	if app.storage.customEmails.WelcomeEmail.Enabled {
+	message := app.storage.MustGetCustomContentKey("WelcomeEmail")
+	if message.Enabled {
 		template = emailer.welcomeValues(username, expiry, app, noSub, true)
 	} else {
 		template = emailer.welcomeValues(username, expiry, app, noSub, false)
@@ -732,11 +852,11 @@ func (emailer *Emailer) constructWelcome(username string, expiry time.Time, app
 			"date": "{yourAccountWillExpire}",
 		})
 	}
-	if app.storage.customEmails.WelcomeEmail.Enabled {
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.WelcomeEmail.Content,
-			app.storage.customEmails.WelcomeEmail.Variables,
-			app.storage.customEmails.WelcomeEmail.Conditionals,
+			message.Content,
+			message.Variables,
+			message.Conditionals,
 			template,
 		)
 		email, err = emailer.constructTemplate(email.Subject, content, app)
@@ -767,10 +887,11 @@ func (emailer *Emailer) constructUserExpired(app *appContext, noSub bool) (*Mess
 	}
 	var err error
 	template := emailer.userExpiredValues(app, noSub)
-	if app.storage.customEmails.UserExpired.Enabled {
+	message := app.storage.MustGetCustomContentKey("UserExpired")
+	if message.Enabled {
 		content := templateEmail(
-			app.storage.customEmails.UserExpired.Content,
-			app.storage.customEmails.UserExpired.Variables,
+			message.Content,
+			message.Variables,
 			nil,
 			template,
 		)
@@ -789,27 +910,123 @@ func (emailer *Emailer) send(email *Message, address ...string) error {
 	return emailer.sender.Send(emailer.fromName, emailer.fromAddr, email, address...)
 }

-func (app *appContext) sendByID(email *Message, ID ...string) error {
+func (app *appContext) sendByID(email *Message, ID ...string) (err error) {
 	for _, id := range ID {
-		var err error
-		if tgChat, ok := app.storage.telegram[id]; ok && tgChat.Contact && telegramEnabled {
+		if tgChat, ok := app.storage.GetTelegramKey(id); ok && tgChat.Contact && telegramEnabled {
 			err = app.telegram.Send(email, tgChat.ChatID)
-		} else if address, ok := app.storage.emails[id]; ok {
-			err = app.email.send(email, address.(string))
+			// if err != nil {
+			// 	return err
+			// }
 		}
-		if err != nil {
-			return err
+		if dcChat, ok := app.storage.GetDiscordKey(id); ok && dcChat.Contact && discordEnabled {
+			err = app.discord.Send(email, dcChat.ChannelID)
+			// if err != nil {
+			// 	return err
+			// }
 		}
+		if mxChat, ok := app.storage.GetMatrixKey(id); ok && mxChat.Contact && matrixEnabled {
+			err = app.matrix.Send(email, mxChat)
+			// if err != nil {
+			// 	return err
+			// }
+		}
+		if address, ok := app.storage.GetEmailsKey(id); ok && address.Contact && emailEnabled {
+			err = app.email.send(email, address.Addr)
+			// if err != nil {
+			// 	return err
+			// }
+		}
+		// if err != nil {
+		// 	return err
+		// }
 	}
-	return nil
+	return
 }

 func (app *appContext) getAddressOrName(jfID string) string {
-	if tgChat, ok := app.storage.telegram[jfID]; ok && tgChat.Contact && telegramEnabled {
+	if dcChat, ok := app.storage.GetDiscordKey(jfID); ok && dcChat.Contact && discordEnabled {
+		return RenderDiscordUsername(dcChat)
+	}
+	if tgChat, ok := app.storage.GetTelegramKey(jfID); ok && tgChat.Contact && telegramEnabled {
 		return "@" + tgChat.Username
 	}
-	if addr, ok := app.storage.emails[jfID]; ok {
-		return addr.(string)
+	if addr, ok := app.storage.GetEmailsKey(jfID); ok {
+		return addr.Addr
+	}
+	if mxChat, ok := app.storage.GetMatrixKey(jfID); ok && mxChat.Contact && matrixEnabled {
+		return mxChat.UserID
 	}
 	return ""
 }
+
+// ReverseUserSearch returns the jellyfin ID of the user with the given username, email, or contact method username.
+// returns "" if none found. returns only the first match, might be an issue if there are users with the same contact method usernames.
+func (app *appContext) ReverseUserSearch(address string, matchUsername, matchEmail, matchContactMethod bool) (user mediabrowser.User, ok bool) {
+	ok = false
+	var err error = nil
+	if matchUsername {
+		user, err = app.jf.UserByName(address, false)
+		if err == nil {
+			ok = true
+			return
+		}
+	}
+
+	if matchEmail {
+		emailAddresses := []EmailAddress{}
+		err = app.storage.db.Find(&emailAddresses, badgerhold.Where("Addr").Eq(address))
+		if err == nil && len(emailAddresses) > 0 {
+			for _, emailUser := range emailAddresses {
+				user, err = app.jf.UserByID(emailUser.JellyfinID, false)
+				if err == nil {
+					ok = true
+					return
+				}
+			}
+		}
+	}
+
+	// Dont know how we'd use badgerhold when we need to render each username,
+	// Apart from storing the rendered name in the db.
+	if matchContactMethod {
+		for _, dcUser := range app.storage.GetDiscord() {
+			if RenderDiscordUsername(dcUser) == strings.ToLower(address) {
+				user, err = app.jf.UserByID(dcUser.JellyfinID, false)
+				if err == nil {
+					ok = true
+					return
+				}
+			}
+		}
+		tgUsername := strings.TrimPrefix(address, "@")
+		telegramUsers := []TelegramUser{}
+		err = app.storage.db.Find(&telegramUsers, badgerhold.Where("Username").Eq(tgUsername))
+		if err == nil && len(telegramUsers) > 0 {
+			for _, telegramUser := range telegramUsers {
+				user, err = app.jf.UserByID(telegramUser.JellyfinID, false)
+				if err == nil {
+					ok = true
+					return
+				}
+			}
+		}
+		matrixUsers := []MatrixUser{}
+		err = app.storage.db.Find(&matrixUsers, badgerhold.Where("UserID").Eq(address))
+		if err == nil && len(matrixUsers) > 0 {
+			for _, matrixUser := range matrixUsers {
+				user, err = app.jf.UserByID(matrixUser.JellyfinID, false)
+				if err == nil {
+					ok = true
+					return
+				}
+			}
+		}
+	}
+	return
+}
+
+// EmailAddressExists returns whether or not a user with the given email address exists.
+func (app *appContext) EmailAddressExists(address string) bool {
+	c, err := app.storage.db.Count(&EmailAddress{}, badgerhold.Where("Addr").Eq(address))
+	return err != nil || c > 0
+}
--- a/exit.go
+++ b/exit.go
@@ -0,0 +1,113 @@
+package main
+
+import (
+	"fmt"
+	"html/template"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"runtime/debug"
+	"strings"
+	"time"
+
+	"github.com/robert-nix/ansihtml"
+)
+
+// https://gist.github.com/swdunlop/9629168
+func identifyPanic() string {
+	var name, file string
+	var line int
+	var pc [16]uintptr
+
+	n := runtime.Callers(4, pc[:])
+	for _, pc := range pc[:n] {
+		fn := runtime.FuncForPC(pc)
+		if fn == nil {
+			continue
+		}
+		file, line = fn.FileLine(pc)
+		name = fn.Name()
+		if !strings.HasPrefix(name, "runtime.") {
+			break
+		}
+	}
+
+	switch {
+	case name != "":
+		return fmt.Sprintf("%v:%v", name, line)
+	case file != "":
+		return fmt.Sprintf("%v:%v", file, line)
+	}
+
+	return fmt.Sprintf("pc:%x", pc)
+}
+
+// OpenFile attempts to open a given file in the appropriate GUI application.
+func OpenFile(fpath string) (err error) {
+	switch PLATFORM {
+	case "linux":
+		err = exec.Command("xdg-open", fpath).Start()
+	case "windows":
+		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", fpath).Start()
+	case "darwin":
+		err = exec.Command("open", fpath).Start()
+	default:
+		err = fmt.Errorf("unknown os")
+	}
+	return
+}
+
+// Exit dumps the last 100 lines of output to a crash file in /tmp (or equivalent), and generates a prettier HTML file containing it that is opened in the browser if possible.
+func Exit(err interface{}) {
+	tmpl, err2 := template.ParseFS(localFS, "html/crash.html", "html/header.html")
+	if err2 != nil {
+		log.Fatalf("Failed to load template: %v", err)
+	}
+	logCache := lineCache.String()
+	if err != nil {
+		fmt.Println(err)
+		logCache += "\n" + fmt.Sprint(err)
+	}
+	logCache += "\n" + string(debug.Stack())
+	sanitized := sanitizeLog(logCache)
+	data := map[string]interface{}{
+		"Log":          logCache,
+		"SanitizedLog": sanitized,
+	}
+	if err != nil {
+		data["Err"] = fmt.Sprintf("%s %v", identifyPanic(), err)
+	}
+	// Use dashes for time rather than colons for Windows
+	fpath := filepath.Join(temp, "jfa-go-crash-"+time.Now().Local().Format("2006-01-02T15-04-05"))
+	err2 = os.WriteFile(fpath+".txt", []byte(logCache), 0666)
+	if err2 != nil {
+		log.Fatalf("Failed to write crash dump file: %v", err2)
+	}
+	log.Printf("\n------\nA crash report has been saved to \"%s\".\n------", fpath+".txt")
+
+	// Render ANSI colors to HTML
+	data["Log"] = template.HTML(string(ansihtml.ConvertToHTML([]byte(data["Log"].(string)))))
+	data["SanitizedLog"] = template.HTML(string(ansihtml.ConvertToHTML([]byte(data["SanitizedLog"].(string)))))
+	data["Err"] = template.HTML(string(ansihtml.ConvertToHTML([]byte(data["Err"].(string)))))
+
+	f, err2 := os.OpenFile(fpath+".html", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666)
+	if err2 != nil {
+		log.Fatalf("Failed to open crash dump file: %v", err2)
+	}
+	defer f.Close()
+	err2 = tmpl.Execute(f, data)
+	if err2 != nil {
+		log.Fatalf("Failed to execute template: %v", err2)
+	}
+	if err := OpenFile(fpath + ".html"); err != nil {
+		log.Printf("Failed to open browser, trying text file...")
+		OpenFile(fpath + ".txt")
+	}
+	if TRAY {
+		QuitTray()
+	} else {
+		os.Exit(1)
+	}
+}
--- a/external.go
+++ b/external.go
@@ -1,3 +1,4 @@
+//go:build external
 // +build external

 package main
@@ -12,8 +13,10 @@ import (

 const binaryType = "external"

-var localFS fs.FS
-var langFS fs.FS
+func BuildTagsExternal() { buildTags = append(buildTags, "external") }
+
+var localFS dirFS
+var langFS dirFS

 // When using os.DirFS, even on Windows the separator seems to be '/'.
 // func FSJoin(elem ...string) string { return filepath.Join(elem...) }
@@ -29,9 +32,23 @@ func FSJoin(elem ...string) string {
 	return strings.TrimSuffix(path, sep)
 }

+type dirFS string
+
+func (dir dirFS) Open(name string) (fs.File, error) {
+	return os.Open(string(dir) + "/" + name)
+}
+
+func (dir dirFS) ReadFile(name string) ([]byte, error) {
+	return os.ReadFile(string(dir) + "/" + name)
+}
+
+func (dir dirFS) ReadDir(name string) ([]fs.DirEntry, error) {
+	return os.ReadDir(string(dir) + "/" + name)
+}
+
 func loadFilesystems() {
 	log.Println("Using external storage")
 	executable, _ := os.Executable()
-	localFS = os.DirFS(filepath.Join(filepath.Dir(executable), "data"))
-	langFS = os.DirFS(filepath.Join(filepath.Dir(executable), "data", "lang"))
+	localFS = dirFS(filepath.Join(filepath.Dir(executable), "data"))
+	langFS = dirFS(filepath.Join(filepath.Dir(executable), "data", "lang"))
 }
--- a/generic-d.go
+++ b/generic-d.go
@@ -0,0 +1,69 @@
+package main
+
+import (
+	"time"
+
+	lm "github.com/hrfee/jfa-go/logmessages"
+)
+
+// https://bbengfort.github.io/snippets/2016/06/26/background-work-goroutines-timer.html THANKS
+
+type GenericDaemon struct {
+	Stopped         bool
+	ShutdownChannel chan string
+	Interval        time.Duration
+	period          time.Duration
+	jobs            []func(app *appContext)
+	app             *appContext
+	name            string
+}
+
+func (d *GenericDaemon) appendJobs(jobs ...func(app *appContext)) {
+	d.jobs = append(d.jobs, jobs...)
+}
+
+// NewGenericDaemon returns a daemon which can be given jobs that utilize appContext.
+func NewGenericDaemon(interval time.Duration, app *appContext, jobs ...func(app *appContext)) *GenericDaemon {
+	d := GenericDaemon{
+		Stopped:         false,
+		ShutdownChannel: make(chan string),
+		Interval:        interval,
+		period:          interval,
+		app:             app,
+		name:            "Generic Daemon",
+	}
+	d.jobs = jobs
+	return &d
+
+}
+
+func (d *GenericDaemon) Name(name string) { d.name = name }
+
+func (d *GenericDaemon) run() {
+	d.app.info.Printf(lm.StartDaemon, d.name)
+	for {
+		select {
+		case <-d.ShutdownChannel:
+			d.ShutdownChannel <- "Down"
+			return
+		case <-time.After(d.period):
+			break
+		}
+		started := time.Now()
+
+		for _, job := range d.jobs {
+			job(d.app)
+		}
+
+		finished := time.Now()
+		duration := finished.Sub(started)
+		d.period = d.Interval - duration
+	}
+}
+
+func (d *GenericDaemon) Shutdown() {
+	d.Stopped = true
+	d.ShutdownChannel <- "Down"
+	<-d.ShutdownChannel
+	close(d.ShutdownChannel)
+}
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module github.com/hrfee/jfa-go

-go 1.16
+go 1.23.0
+
+toolchain go1.24.0

 replace github.com/hrfee/jfa-go/docs => ./docs

@@ -10,41 +12,133 @@ replace github.com/hrfee/jfa-go/ombi => ./ombi

 replace github.com/hrfee/jfa-go/logger => ./logger

+replace github.com/hrfee/jfa-go/logmessages => ./logmessages
+
+replace github.com/hrfee/jfa-go/linecache => ./linecache
+
+replace github.com/hrfee/jfa-go/api => ./api
+
+replace github.com/hrfee/jfa-go/easyproxy => ./easyproxy
+
+replace github.com/hrfee/jfa-go/jellyseerr => ./jellyseerr
+
 require (
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/fatih/color v1.10.0
-	github.com/fsnotify/fsnotify v1.4.9
-	github.com/gin-contrib/pprof v1.3.0
-	github.com/gin-contrib/static v0.0.0-20200916080430-d45d9a37d28e
-	github.com/gin-gonic/gin v1.6.3
-	github.com/go-openapi/spec v0.20.3 // indirect
-	github.com/go-openapi/swag v0.19.15 // indirect
-	github.com/go-playground/validator/v10 v10.4.1 // indirect
-	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect
-	github.com/golang/protobuf v1.4.3 // indirect
-	github.com/gomarkdown/markdown v0.0.0-20210408062403-ad838ccf8cdd
-	github.com/google/uuid v1.1.2 // indirect
-	github.com/hrfee/jfa-go/common v0.0.0-20210105184019-fdc97b4e86cc
-	github.com/hrfee/jfa-go/docs v0.0.0-20201112212552-b6f3cd7c1f71
-	github.com/hrfee/jfa-go/logger v0.0.0-00010101000000-000000000000
-	github.com/hrfee/jfa-go/ombi v0.0.0-20201112212552-b6f3cd7c1f71
-	github.com/hrfee/mediabrowser v0.3.3
-	github.com/itchyny/timefmt-go v0.1.2
-	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
-	github.com/lithammer/shortuuid/v3 v3.0.4
-	github.com/mailgun/mailgun-go/v4 v4.5.1
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/smartystreets/goconvey v1.6.4 // indirect
-	github.com/swaggo/files v0.0.0-20190704085106-630677cd5c14
-	github.com/swaggo/gin-swagger v1.3.0
-	github.com/swaggo/swag v1.7.0 // indirect
-	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
-	github.com/ugorji/go v1.2.0 // indirect
+	github.com/bwmarrin/discordgo v0.28.1
+	github.com/dgraph-io/badger/v4 v4.3.1
+	github.com/emersion/go-autostart v0.0.0-20210130080809-00ed301c8e9a
+	github.com/fatih/color v1.18.0
+	github.com/fsnotify/fsnotify v1.8.0
+	github.com/getlantern/systray v1.2.2
+	github.com/gin-contrib/pprof v1.5.0
+	github.com/gin-contrib/static v1.1.2
+	github.com/gin-gonic/gin v1.10.0
+	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/gomarkdown/markdown v0.0.0-20241105142532-d03b89096d81
+	github.com/hrfee/jfa-go/common v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/jfa-go/docs v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/jfa-go/easyproxy v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/jfa-go/jellyseerr v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/jfa-go/linecache v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/jfa-go/logger v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/jfa-go/logmessages v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/jfa-go/ombi v0.0.0-20241105225412-da4470bc4fbc
+	github.com/hrfee/mediabrowser v0.3.24
+	github.com/itchyny/timefmt-go v0.1.6
+	github.com/lithammer/shortuuid/v3 v3.0.7
+	github.com/mailgun/mailgun-go/v4 v4.18.1
+	github.com/mattn/go-sqlite3 v1.14.24
+	github.com/robert-nix/ansihtml v1.0.1
+	github.com/steambap/captcha v1.4.1
+	github.com/swaggo/files v1.0.1
+	github.com/swaggo/gin-swagger v1.6.0
+	github.com/timshannon/badgerhold/v4 v4.0.3
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
-	golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 // indirect
-	golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c // indirect
-	golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54 // indirect
-	golang.org/x/tools v0.1.0 // indirect
-	google.golang.org/protobuf v1.25.0 // indirect
-	gopkg.in/ini.v1 v1.62.0
+	github.com/xhit/go-simple-mail/v2 v2.16.0
+	gopkg.in/ini.v1 v1.67.0
+	gopkg.in/yaml.v3 v3.0.1
+	maunium.net/go/mautrix v0.21.1
+)
+
+require (
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/bytedance/sonic v1.12.4 // indirect
+	github.com/bytedance/sonic/loader v0.2.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/dgraph-io/ristretto v1.0.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
+	github.com/getlantern/context v0.0.0-20220418194847-3d5e7a086201 // indirect
+	github.com/getlantern/errors v1.0.4 // indirect
+	github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65 // indirect
+	github.com/getlantern/hex v0.0.0-20220104173244-ad7e4b9194dc // indirect
+	github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770 // indirect
+	github.com/getlantern/ops v0.0.0-20231025133620-f368ab734534 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-chi/chi/v5 v5.1.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.22.1 // indirect
+	github.com/go-stack/stack v1.8.1 // indirect
+	github.com/go-test/deep v1.1.0 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/flatbuffers v24.3.25+incompatible // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/magisterquis/connectproxy v0.0.0-20200725203833-3582e84f0c9b // indirect
+	github.com/mailgun/errors v0.4.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/petermattis/goid v0.0.0-20241025130422-66cb2e6d7274 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/rs/zerolog v1.33.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/swaggo/swag v1.16.4 // indirect
+	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
+	github.com/tidwall/gjson v1.18.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/tidwall/sjson v1.2.5 // indirect
+	github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	go.mau.fi/util v0.8.1 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/otel v1.31.0 // indirect
+	go.opentelemetry.io/otel/metric v1.31.0 // indirect
+	go.opentelemetry.io/otel/trace v1.31.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/arch v0.11.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
+	golang.org/x/image v0.21.0 // indirect
+	golang.org/x/net v0.36.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,258 +1,425 @@
-cloud.google.com/go v0.26.0 h1:e0WKqKTd5BnrG8aKH3J3h+QvEIQtSUcf2n5UZ5ZgLtQ=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
+github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
 github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
 github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
 github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/bwmarrin/discordgo v0.28.1 h1:gXsuo2GBO7NbR6uqmrrBDplPUx2T3nzu775q/Rd1aG4=
+github.com/bwmarrin/discordgo v0.28.1/go.mod h1:NJZpH+1AfhIcyQsPeuBKsUtYrRnjkyu0kIVMCHkZtRY=
+github.com/bytedance/sonic v1.12.4 h1:9Csb3c9ZJhfUWeMtpCDCq6BUoH5ogfDFLUgQ/jG+R0k=
+github.com/bytedance/sonic v1.12.4/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.2.1 h1:1GgorWTqf12TA8mma4DDSbaQigE2wOgQo7iCjjJv3+E=
+github.com/bytedance/sonic/loader v0.2.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
+github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/elazarl/go-bindata-assetfs v1.0.0 h1:G/bYguwHIzWq9ZoyUQqrjTmJbbYn3j3CKKpKinvZLFk=
-github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473 h1:4cmBvAEBNJaGARUEs3/suWRyfyBfhf7I60WBZq+bv2w=
+github.com/dgraph-io/badger/v4 v4.1.0/go.mod h1:P50u28d39ibBRmIJuQC/NSdBOg46HnHw7al2SW5QRHg=
+github.com/dgraph-io/badger/v4 v4.3.1 h1:7r5wKqmoRpGgSxqa0S/nGdpOpvvzuREGPLSua73C8tw=
+github.com/dgraph-io/badger/v4 v4.3.1/go.mod h1:oObz97DImXpd6O/Dt8BqdKLLTDmEmarAimo72VV5whQ=
+github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA=
+github.com/dgraph-io/ristretto v1.0.0 h1:SYG07bONKMlFDUYu5pEu3DGAh8c2OFNzKm6G9J4Si84=
+github.com/dgraph-io/ristretto v1.0.0/go.mod h1:jTi2FiYEhQ1NsMmA7DeBykizjOuY88NhKBkepyu1jPc=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/emersion/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:M88ob4TyDnEqNuL3PgsE/p3bDujfspnulR+0dQWNYZs=
+github.com/emersion/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:buzQsO8HHkZX2Q45fdfGH1xejPjuDQaXH8btcYMFzPM=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 h1:0JZ+dUmQeA8IIVUMzysrX4/AKuQwWhV2dYQuPZdvdSQ=
-github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64=
-github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A=
-github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
-github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 h1:E2s37DuLxFhQDg5gKsWoLBOB0n+ZW8s599zru8FJ2/Y=
-github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=
-github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
+github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
+github.com/getlantern/context v0.0.0-20190109183933-c447772a6520/go.mod h1:L+mq6/vvYHKjCX2oez0CgEAJmbq1fbb/oNJIWQkBybY=
+github.com/getlantern/context v0.0.0-20220418194847-3d5e7a086201 h1:oEZYEpZo28Wdx+5FZo4aU7JFXu0WG/4wJWese5reQSA=
+github.com/getlantern/context v0.0.0-20220418194847-3d5e7a086201/go.mod h1:Y9WZUHEb+mpra02CbQ/QczLUe6f0Dezxaw5DCJlJQGo=
+github.com/getlantern/errors v0.0.0-20190325191628-abdb3e3e36f7/go.mod h1:l+xpFBrCtDLpK9qNjxs+cHU6+BAdlBaxHqikB6Lku3A=
+github.com/getlantern/errors v1.0.1/go.mod h1:l+xpFBrCtDLpK9qNjxs+cHU6+BAdlBaxHqikB6Lku3A=
+github.com/getlantern/errors v1.0.4 h1:i2iR1M9GKj4WuingpNqJ+XQEw6i6dnAgKAmLj6ZB3X0=
+github.com/getlantern/errors v1.0.4/go.mod h1:/Foq8jtSDGP8GOXzAjeslsC4Ar/3kB+UiQH+WyV4pzY=
+github.com/getlantern/golog v0.0.0-20190830074920-4ef2e798c2d7/go.mod h1:zx/1xUUeYPy3Pcmet8OSXLbF47l+3y6hIPpyLWoR9oc=
+github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65 h1:NlQedYmPI3pRAXJb+hLVVDGqfvvXGRPV8vp7XOjKAZ0=
+github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65/go.mod h1:+ZU1h+iOVqWReBpky6d5Y2WL0sF2Llxu+QcxJFs2+OU=
+github.com/getlantern/hex v0.0.0-20190417191902-c6586a6fe0b7/go.mod h1:dD3CgOrwlzca8ed61CsZouQS5h5jIzkK9ZWrTcf0s+o=
+github.com/getlantern/hex v0.0.0-20220104173244-ad7e4b9194dc h1:sue+aeVx7JF5v36H1HfvcGFImLpSD5goj8d+MitovDU=
+github.com/getlantern/hex v0.0.0-20220104173244-ad7e4b9194dc/go.mod h1:D9RWpXy/EFPYxiKUURo2TB8UBosbqkiLhttRrZYtvqM=
+github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55/go.mod h1:6mmzY2kW1TOOrVy+r41Za2MxXM+hhqTtY3oBKd2AgFA=
+github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770 h1:cSrD9ryDfTV2yaur9Qk3rHYD414j3Q1rl7+L0AylxrE=
+github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770/go.mod h1:GOQsoDnEHl6ZmNIL+5uVo+JWRFWozMEp18Izcb++H+A=
+github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA=
+github.com/getlantern/ops v0.0.0-20220713155959-1315d978fff7/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA=
+github.com/getlantern/ops v0.0.0-20231025133620-f368ab734534 h1:3BwvWj0JZzFEvNNiMhCu4bf60nqcIuQpTYb00Ezm1ag=
+github.com/getlantern/ops v0.0.0-20231025133620-f368ab734534/go.mod h1:ZsLfOY6gKQOTyEcPYNA9ws5/XHZQFroxqCOhHjGcs9Y=
+github.com/getlantern/systray v1.2.2 h1:dCEHtfmvkJG7HZ8lS/sLklTH4RKUcIsKrAD9sThoEBE=
+github.com/getlantern/systray v1.2.2/go.mod h1:pXFOI1wwqwYXEhLPm9ZGjS2u/vVELeIgNMY5HvhHhcE=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gin-contrib/gzip v0.0.1 h1:ezvKOL6jH+jlzdHNE4h9h8q8uMpDQjyl0NN0Jd7jozc=
 github.com/gin-contrib/gzip v0.0.1/go.mod h1:fGBJBCdt6qCZuCAOwWuFhBB4OOq9EFqlo5dEaFhhu5w=
-github.com/gin-contrib/pprof v1.3.0 h1:G9eK6HnbkSqDZBYbzG4wrjCsA4e+cvYAHUZw6W+W9K0=
-github.com/gin-contrib/pprof v1.3.0/go.mod h1:waMjT1H9b179t3CxuG1cV3DHpga6ybizwfBaM5OXaB0=
+github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
+github.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=
+github.com/gin-contrib/pprof v1.5.0 h1:E/Oy7g+kNw94KfdCy3bZxQFtyDnAX2V7axRS7sNYVrU=
+github.com/gin-contrib/pprof v1.5.0/go.mod h1:GqFL6LerKoCQ/RSWnkYczkTJ+tOAUVN/8sbnEtaqOKs=
 github.com/gin-contrib/sse v0.0.0-20170109093832-22d885f9ecc7/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s=
 github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-contrib/static v0.0.0-20200916080430-d45d9a37d28e h1:8bZpGwoPxkaivQPrAbWl+7zjjUcbFUnYp7yQcx2r2N0=
-github.com/gin-contrib/static v0.0.0-20200916080430-d45d9a37d28e/go.mod h1:VhW/Ch/3FhimwZb8Oj+qJmdMmoB8r7lmJ5auRjm50oQ=
+github.com/gin-contrib/static v1.1.2 h1:c3kT4bFkUJn2aoRU3s6XnMjJT8J6nNWJkR0NglqmlZ4=
+github.com/gin-contrib/static v1.1.2/go.mod h1:Fw90ozjHCmZBWbgrsqrDvO28YbhKEKzKp8GixhR4yLw=
 github.com/gin-gonic/gin v1.3.0/go.mod h1:7cKuhb5qV2ggCFctp2fJQ+ErvciLZrIeoOSOm6mUr7Y=
 github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
-github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do=
-github.com/gin-gonic/gin v1.6.2/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
-github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14=
-github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
+github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
 github.com/go-openapi/jsonreference v0.19.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.4/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
-github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
-github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
 github.com/go-openapi/spec v0.19.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.19.4/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/spec v0.19.14/go.mod h1:gwrgJS15eCUgjLpMjBJmbZezCsw88LmgeEip0M63doA=
-github.com/go-openapi/spec v0.20.3 h1:uH9RQ6vdyPSs2pSy9fL8QPspDF2AMIMPtmK5coSSjtQ=
-github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg=
+github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
+github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
 github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.11/go.mod h1:Uc0gKkdR+ojzsEpjh39QChyu92vPgIr72POcgHMAgSY=
-github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
-github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
-github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
-github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE=
-github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
+github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
+github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
 github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible h1:2cauKuaELYAEARXRkq2LrJ0yDDv1rW7+wrTEdVL3uaU=
 github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
+github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
+github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8=
+github.com/golang/glog v1.1.1/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/gomarkdown/markdown v0.0.0-20210408062403-ad838ccf8cdd h1:0b8AqsWQb6A0jjx80UXLG/uMTXQkGD0IGuXWqsrNz1M=
-github.com/gomarkdown/markdown v0.0.0-20210408062403-ad838ccf8cdd/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/gomarkdown/markdown v0.0.0-20241105142532-d03b89096d81 h1:5lyLWsV+qCkoYqsKUDuycESh9DEIPVKN6iCFeL7ag50=
+github.com/gomarkdown/markdown v0.0.0-20241105142532-d03b89096d81/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
+github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
+github.com/google/flatbuffers v23.5.9+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
+github.com/google/flatbuffers v24.3.25+incompatible h1:CX395cjN9Kke9mmalRoL3d81AtFUxJM+yDthflgJGkI=
+github.com/google/flatbuffers v24.3.25+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/hrfee/mediabrowser v0.3.3 h1:7E05uiol8hh2ytKn3WVLrUIvHAyifYEIy3Y5qtuNh8I=
-github.com/hrfee/mediabrowser v0.3.3/go.mod h1:PnHZbdxmbv1wCVdAQyM7nwPwpVj9fdKx2EcET7sAk+U=
-github.com/itchyny/timefmt-go v0.1.2 h1:q0Xa4P5it6K6D7ISsbLAMwx1PnWlixDcJL6/sFs93Hs=
-github.com/itchyny/timefmt-go v0.1.2/go.mod h1:0osSSCQSASBJMsIZnhAaF1C2fCBTJZXrnj37mG8/c+A=
-github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
-github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
+github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hrfee/mediabrowser v0.3.24 h1:cT5+X3bZeaSBQFevMYkFIw6JJ8nW7Myvb+11a2/THMA=
+github.com/hrfee/mediabrowser v0.3.24/go.mod h1:PnHZbdxmbv1wCVdAQyM7nwPwpVj9fdKx2EcET7sAk+U=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/itchyny/timefmt-go v0.1.6 h1:ia3s54iciXDdzWzwaVKXZPbiXzxxnv1SPGFfM/myJ5Q=
+github.com/itchyny/timefmt-go v0.1.6/go.mod h1:RRDZYC5s9ErkjQvTvvU7keJjxUYzIISJGxm9/mAERQg=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
+github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
+github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5 h1:hyz3dwM5QLc1Rfoz4FuWJQG5BN7tc6K1MndAUnGpQr4=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
-github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
-github.com/lithammer/shortuuid/v3 v3.0.4 h1:uj4xhotfY92Y1Oa6n6HUiFn87CdoEHYUlTy0+IgbLrs=
-github.com/lithammer/shortuuid/v3 v3.0.4/go.mod h1:RviRjexKqIzx/7r1peoAITm6m7gnif/h+0zmolKJjzw=
-github.com/mailgun/mailgun-go/v4 v4.5.1 h1:XrQQ/ZgqFvINRKy+eBqowLl7k3pQO6OCLpKphliMOFs=
-github.com/mailgun/mailgun-go/v4 v4.5.1/go.mod h1:FJlF9rI5cQT+mrwujtJjPMbIVy3Ebor9bKTVsJ0QU40=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lithammer/shortuuid/v3 v3.0.7 h1:trX0KTHy4Pbwo/6ia8fscyHoGA+mf1jWbPJVuvyJQQ8=
+github.com/lithammer/shortuuid/v3 v3.0.7/go.mod h1:vMk8ke37EmiewwolSO1NLW8vP4ZaKlRuDIi8tWWmAts=
+github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ=
+github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magisterquis/connectproxy v0.0.0-20200725203833-3582e84f0c9b h1:xZ59n7Frzh8CwyfAapUZLSg+gXH5m63YEaFCMpDHhpI=
+github.com/magisterquis/connectproxy v0.0.0-20200725203833-3582e84f0c9b/go.mod h1:uDd4sYVYsqcxAB8j+Q7uhL6IJCs/r1kxib1HV4bgOMg=
+github.com/mailgun/errors v0.4.0 h1:6LFBvod6VIW83CMIOT9sYNp28TCX0NejFPP4dSX++i8=
+github.com/mailgun/errors v0.4.0/go.mod h1:xGBaaKdEdQT0/FhwvoXv4oBaqqmVZz9P1XEnvD/onc0=
+github.com/mailgun/mailgun-go/v4 v4.18.1 h1:ShNH/wzj7albTF/6le011FF+DGMd3azcSKL4iO9AgeI=
+github.com/mailgun/mailgun-go/v4 v4.18.1/go.mod h1:+d4FCswFAukgYc1XtKK2IxOYaVxjVm8AN2z/5TBiT8M=
 github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
+github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
+github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/petermattis/goid v0.0.0-20241025130422-66cb2e6d7274 h1:qli3BGQK0tYDkSEvZ/FzZTi9ZrOX86Q6CIhKLGc489A=
+github.com/petermattis/goid v0.0.0-20241025130422-66cb2e6d7274/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4 h1:gQz4mCbXsO+nc9n1hCxHcGA3Zx3Eo+UHZoInFGUIXNM=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/robert-nix/ansihtml v1.0.1 h1:VTiyQ6/+AxSJoSSLsMecnkh8i0ZqOEdiRl/odOc64fc=
+github.com/robert-nix/ansihtml v1.0.1/go.mod h1:CJwclxYaTPc2RfcxtanEACsYuTksh4yDXcNeHHKZINE=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
+github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/steambap/captcha v1.4.1 h1:OmMdxLCWCqJvsFaFYwRpvMckIuvI6s8s1LsBrBw97P0=
+github.com/steambap/captcha v1.4.1/go.mod h1:oC9T7IfEgnrhzjDz5Djf1H7GPffCzRMbsQfFkJmhlnk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/swaggo/files v0.0.0-20190704085106-630677cd5c14 h1:PyYN9JH5jY9j6av01SpfRMb+1DWg/i3MbGOKPxJ2wjM=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/swaggo/files v0.0.0-20190704085106-630677cd5c14/go.mod h1:gxQT6pBGRuIGunNf/+tSOB5OHvguWi8Tbt82WOkf35E=
+github.com/swaggo/files v1.0.1 h1:J1bVJ4XHZNq0I46UU90611i9/YzdrF7x92oX1ig5IdE=
+github.com/swaggo/files v1.0.1/go.mod h1:0qXmMNH6sXNf+73t65aKeB+ApmgxdnkQzVTAj2uaMUg=
 github.com/swaggo/gin-swagger v1.2.0/go.mod h1:qlH2+W7zXGZkczuL+r2nEBR2JTT+/lX05Nn6vPhc7OI=
-github.com/swaggo/gin-swagger v1.3.0 h1:eOmp7r57oUgZPw2dJOjcGNMse9cvXcI4tTqBcnZtPsI=
-github.com/swaggo/gin-swagger v1.3.0/go.mod h1:oy1BRA6WvgtCp848lhxce7BnWH4C8Bxa0m5SkWx+cS0=
+github.com/swaggo/gin-swagger v1.6.0 h1:y8sxvQ3E20/RCyrXeFfg60r6H0Z+SwpTjMYsMm+zy8M=
+github.com/swaggo/gin-swagger v1.6.0/go.mod h1:BG00cCEy294xtVpyIAHG6+e2Qzj/xKlRdOqDkvq0uzo=
 github.com/swaggo/swag v1.5.1/go.mod h1:1Bl9F/ZBpVWh22nY0zmYyASPO1lI/zIwRDrpZU+tv8Y=
 github.com/swaggo/swag v1.6.7/go.mod h1:xDhTyuFIujYiN3DKWC/H/83xcfHp+UE/IzWWampG7Zc=
-github.com/swaggo/swag v1.7.0 h1:5bCA/MTLQoIqDXXyHfOpMeDvL9j68OY/udlK4pQoo4E=
-github.com/swaggo/swag v1.7.0/go.mod h1:BdPIL73gvS9NBsdi7M1JOxLvlbfvNRaBP8m6WT6Aajo=
+github.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A=
+github.com/swaggo/swag v1.16.4/go.mod h1:VBsHJRsDvfYvqoiMKnsdwhNV9LEMHgEDZcyVYX0sxPg=
 github.com/technoweenie/multipartstreamer v1.0.1 h1:XRztA5MXiR1TIRHxH2uNxXxaIkKQDeX7m2XsSOlQEnM=
 github.com/technoweenie/multipartstreamer v1.0.1/go.mod h1:jNVxdtShOxzAsukZwTSw6MDx5eUJoiEBsSvzDU9uzog=
+github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
+github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
+github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
+github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
+github.com/timshannon/badgerhold/v4 v4.0.3 h1:W6pd2qckoXw2cl8eH0ZCV/9CXNaXvaM26tzFi5Tj+v8=
+github.com/timshannon/badgerhold/v4 v4.0.3/go.mod h1:IkZIr0kcZLMdD7YJfW/G6epb6ZXHD/h0XR2BTk/VZg8=
+github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208/go.mod h1:BzWtXXrXzZUvMacR0oF/fbDDgUPO8L36tDMmRAf14ns=
+github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92 h1:flbMkdl6HxQkLs6DDhH1UkcnFpNBOu70391STjMS0O4=
+github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92/go.mod h1:BzWtXXrXzZUvMacR0oF/fbDDgUPO8L36tDMmRAf14ns=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go v1.1.5-pre/go.mod h1:FwP/aQVg39TXzItUBMwnWp9T9gPQnXw4Poh4/oBQZ/0=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go v1.1.13/go.mod h1:jxau1n+/wyTGLQoCkjok9r5zFa/FxT6eI5HiHKQszjc=
-github.com/ugorji/go v1.2.0 h1:6eXlzYLLwZwXroJx9NyqbYcbv/d93twiOzQLDewE6qM=
-github.com/ugorji/go v1.2.0/go.mod h1:1ny++pKMXhLWrwWV5Nf+CbOuZJhMoaFD+0GMFfd8fEc=
 github.com/ugorji/go/codec v0.0.0-20181022190402-e5e69e061d4f/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ugorji/go/codec v1.1.5-pre/go.mod h1:tULtS6Gy1AE1yCENaw4Vb//HLH5njI2tfCQDUqRd8fI=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
-github.com/ugorji/go/codec v1.1.13/go.mod h1:oNVt3Dq+FO91WNQ/9JnHKQP2QJxTzoN7wCBFCq1OeuU=
-github.com/ugorji/go/codec v1.2.0 h1:As6RccOIlbm9wHuWYMlB30dErcI+4WiKWsYsmPkyrUw=
-github.com/ugorji/go/codec v1.2.0/go.mod h1:dXvG35r7zTX6QImXOSFhGMmKtX+wJ7VTWzGvYQGIjBs=
-github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
+github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
-github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M=
-github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible/go.mod h1:Rsyu10ZhbEK9pXdk8V6MVnZmTzRG0alMNLMwa0J01fE=
-github.com/yuin/goldmark v1.2.1 h1:ruQGxdhGHe7FWOJPT0mKs5+pD2Xs1Bm/kdGlHO04FmM=
+github.com/xhit/go-simple-mail/v2 v2.16.0 h1:ouGy/Ww4kuaqu2E2UrDw7SvLaziWTB60ICLkIkNVccA=
+github.com/xhit/go-simple-mail/v2 v2.16.0/go.mod h1:b7P5ygho6SYE+VIqpxA6QkYfv4teeyG4MKqB3utRu98=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-golang.org/dl v0.0.0-20190829154251-82a15e2f2ead h1:jeP6FgaSLNTMP+Yri3qjlACywQLye+huGLmNGhBzm6k=
-golang.org/dl v0.0.0-20190829154251-82a15e2f2ead/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.mau.fi/util v0.8.1 h1:Ga43cz6esQBYqcjZ/onRoVnYWoUwjWbsxVeJg2jOTSo=
+go.mau.fi/util v0.8.1/go.mod h1:T1u/rD2rzidVrBLyaUdPpZiJdP/rsyi+aTzn0D+Q6wc=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo=
+go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
+go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
+go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
+go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
+go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTNGg6VODnOiPo=
+go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
+go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/arch v0.11.0 h1:KXV8WWKCXm6tRpLirl2szsO5j/oOODwZf4hATmGVNs4=
+golang.org/x/arch v0.11.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9 h1:umElSU9WZirRdgu2yFHY0ayQkEnKiOC1TtM3fWXFnoU=
-golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4 h1:c2HOrn5iMezYjSlGPncknSEr/8x5LELb/ilJbXi9DEA=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
+golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
+golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/image v0.21.0 h1:c5qV36ajHpdj4Qi0GnE0jUc/yuo33OLFaa0d+crTD5s=
+golang.org/x/image v0.21.0/go.mod h1:vUbsLavqK/W303ZroQQVKQ+Af3Yl6Uz1Ppu5J/cLz78=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3 h1:XQyxROzUlZH+WIQwySDgnISgOivlhjIEwaQaJEJrrN0=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -265,73 +432,104 @@ golang.org/x/net v0.0.0-20190611141213-3f473d35a33a/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c h1:KHUzaHIpjWVlVVNh65G3hhuj3KB1HnjY6Cq5cTvRQT8=
-golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181228144115-9a3f9b0469bb/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190610200419-93c9922d18ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54 h1:rF3Ohx8DRyl8h2zw9qojyLHLhrJpEMgyPOImREEryf0=
-golang.org/x/sys v0.0.0-20210331175145-43e1dd70ce54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606050223-4d9ae51c2468/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190611222205-d73e1c7e250b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20201120155355-20be4ac4bd6e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.27.0 h1:rRYRFMVgRv6E0D70Skyfsr28tDXIuuPZyWGMPdMcnXg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -340,30 +538,31 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+gopkg.in/Knetic/govaluate.v3 v3.0.0/go.mod h1:csKLBORsPbafmSCGTEh3U7Ozmsuq8ZSIlKk1bcqph0E=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
-gopkg.in/go-playground/validator.v8 v8.18.2 h1:lFB4DoMU6B626w8ny76MV7VX6W2VHct2GVOI3xgiMrQ=
 gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/RRjR0eouCJSH80/M2Y=
-gopkg.in/go-playground/validator.v9 v9.29.1 h1:SvGtYmN60a5CVKTOzMSyfzWDeZRxRuGvRQyEAKbw1xc=
-gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
-gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
-gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc h1:/hemPrYIhOhy8zYrNj+069zDB68us2sMGsfkFJO0iZs=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+maunium.net/go/mautrix v0.21.1 h1:Z+e448jtlY977iC1kokNJTH5kg2WmDpcQCqn+v9oZOA=
+maunium.net/go/mautrix v0.21.1/go.mod h1:7F/S6XAdyc/6DW+Q7xyFXRSPb6IjfqMb1OMepQ8C8OE=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
--- a/housekeeping-d.go
+++ b/housekeeping-d.go
@@ -0,0 +1,163 @@
+package main
+
+import (
+	"time"
+
+	"github.com/dgraph-io/badger/v4"
+	lm "github.com/hrfee/jfa-go/logmessages"
+	"github.com/hrfee/mediabrowser"
+	"github.com/timshannon/badgerhold/v4"
+)
+
+// clearEmails removes stored emails for users which no longer exist.
+// meant to be called with other such housekeeping functions, so assumes
+// the user cache is fresh.
+func (app *appContext) clearEmails() {
+	app.debug.Println(lm.HousekeepingEmail)
+	emails := app.storage.GetEmails()
+	for _, email := range emails {
+		_, err := app.jf.UserByID(email.JellyfinID, false)
+		// Make sure the user doesn't exist, and no other error has occured
+		switch err.(type) {
+		case mediabrowser.ErrUserNotFound:
+			app.storage.DeleteEmailsKey(email.JellyfinID)
+		default:
+			continue
+		}
+	}
+}
+
+// clearDiscord does the same as clearEmails, but for Discord Users.
+func (app *appContext) clearDiscord() {
+	app.debug.Println(lm.HousekeepingDiscord)
+	discordUsers := app.storage.GetDiscord()
+	for _, discordUser := range discordUsers {
+		user, err := app.jf.UserByID(discordUser.JellyfinID, false)
+		// Make sure the user doesn't exist, and no other error has occured
+		switch err.(type) {
+		case mediabrowser.ErrUserNotFound:
+			// Remove role in case their account was deleted oustide of jfa-go
+			app.discord.RemoveRole(discordUser.MethodID().(string))
+			app.storage.DeleteDiscordKey(discordUser.JellyfinID)
+		default:
+			if user.Policy.IsDisabled {
+				app.discord.RemoveRole(discordUser.MethodID().(string))
+			}
+			continue
+		}
+	}
+}
+
+// clearMatrix does the same as clearEmails, but for Matrix Users.
+func (app *appContext) clearMatrix() {
+	app.debug.Println(lm.HousekeepingMatrix)
+	matrixUsers := app.storage.GetMatrix()
+	for _, matrixUser := range matrixUsers {
+		_, err := app.jf.UserByID(matrixUser.JellyfinID, false)
+		// Make sure the user doesn't exist, and no other error has occured
+		switch err.(type) {
+		case mediabrowser.ErrUserNotFound:
+			app.storage.DeleteMatrixKey(matrixUser.JellyfinID)
+		default:
+			continue
+		}
+	}
+}
+
+// clearTelegram does the same as clearEmails, but for Telegram Users.
+func (app *appContext) clearTelegram() {
+	app.debug.Println(lm.HousekeepingTelegram)
+	telegramUsers := app.storage.GetTelegram()
+	for _, telegramUser := range telegramUsers {
+		_, err := app.jf.UserByID(telegramUser.JellyfinID, false)
+		// Make sure the user doesn't exist, and no other error has occured
+		switch err.(type) {
+		case mediabrowser.ErrUserNotFound:
+			app.storage.DeleteTelegramKey(telegramUser.JellyfinID)
+		default:
+			continue
+		}
+	}
+}
+
+func (app *appContext) clearPWRCaptchas() {
+	app.debug.Println(lm.HousekeepingCaptcha)
+	captchas := map[string]Captcha{}
+	for k, capt := range app.pwrCaptchas {
+		if capt.Generated.Add(CAPTCHA_VALIDITY * time.Second).After(time.Now()) {
+			captchas[k] = capt
+		}
+	}
+	app.pwrCaptchas = captchas
+}
+
+func (app *appContext) clearActivities() {
+	app.debug.Println(lm.HousekeepingActivity)
+	keepCount := app.config.Section("activity_log").Key("keep_n_records").MustInt(1000)
+	maxAgeDays := app.config.Section("activity_log").Key("delete_after_days").MustInt(90)
+	minAge := time.Now().AddDate(0, 0, -maxAgeDays)
+	err := error(nil)
+	errorSource := 0
+	if maxAgeDays != 0 {
+		err = app.storage.db.DeleteMatching(&Activity{}, badgerhold.Where("Time").Lt(minAge))
+	}
+	if err == nil && keepCount != 0 {
+		// app.debug.Printf("Keeping %d records", keepCount)
+		err = app.storage.db.DeleteMatching(&Activity{}, (&badgerhold.Query{}).Reverse().SortBy("Time").Skip(keepCount))
+		if err != nil {
+			errorSource = 1
+		}
+	}
+	if err == badger.ErrTxnTooBig {
+		app.debug.Printf(lm.ActivityLogTxnTooBig)
+		list := []Activity{}
+		if errorSource == 0 {
+			app.storage.db.Find(&list, badgerhold.Where("Time").Lt(minAge))
+		} else {
+			app.storage.db.Find(&list, (&badgerhold.Query{}).Reverse().SortBy("Time").Skip(keepCount))
+		}
+		for _, record := range list {
+			app.storage.DeleteActivityKey(record.ID)
+		}
+	}
+}
+
+func newHousekeepingDaemon(interval time.Duration, app *appContext) *GenericDaemon {
+	d := NewGenericDaemon(interval, app,
+		func(app *appContext) {
+			app.debug.Println(lm.HousekeepingInvites)
+			app.checkInvites()
+		},
+		func(app *appContext) { app.clearActivities() },
+	)
+
+	d.Name("Housekeeping")
+
+	clearEmail := app.config.Section("email").Key("require_unique").MustBool(false)
+	clearDiscord := discordEnabled && (app.config.Section("discord").Key("require_unique").MustBool(false) || app.config.Section("discord").Key("disable_enable_role").MustBool(false))
+	clearTelegram := telegramEnabled && (app.config.Section("telegram").Key("require_unique").MustBool(false))
+	clearMatrix := matrixEnabled && (app.config.Section("matrix").Key("require_unique").MustBool(false))
+	clearPWR := app.config.Section("captcha").Key("enabled").MustBool(false) && !app.config.Section("captcha").Key("recaptcha").MustBool(false)
+
+	if clearEmail || clearDiscord || clearTelegram || clearMatrix {
+		d.appendJobs(func(app *appContext) { app.jf.CacheExpiry = time.Now() })
+	}
+
+	if clearEmail {
+		d.appendJobs(func(app *appContext) { app.clearEmails() })
+	}
+	if clearDiscord {
+		d.appendJobs(func(app *appContext) { app.clearDiscord() })
+	}
+	if clearTelegram {
+		d.appendJobs(func(app *appContext) { app.clearTelegram() })
+	}
+	if clearMatrix {
+		d.appendJobs(func(app *appContext) { app.clearMatrix() })
+	}
+	if clearPWR {
+		d.appendJobs(func(app *appContext) { app.clearPWRCaptchas() })
+	}
+
+	return d
+}
--- a/html/404.html
+++ b/html/404.html
@@ -1,16 +1,17 @@
 <!DOCTYPE html>
 <html lang="en" class="{{ .cssClass }}">
    <head>
-        <link rel="stylesheet" type="text/css" href="css/bundle.css">
-        {{ template "header.html" . }}
        <title>404 - jfa-go</title>
+        {{ template "header.html" . }}
    </head>
    <body class="section">
-        <div class="page-container">
-            <h1 class="heading">Page not found.</h1>
-            <p class="content">
-            {{ .contactMessage }}
-            </p>
+        <div class="page-container m-2 lg:my-20 lg:mx-64">
+            <div class="card">
+                <h1 class="heading">Page not found.</h1>
+                <p class="content">
+                    {{ .contactMessage }}
+                </p>
+            </div>
        </div>
    </body>
 </html>                            
--- a/html/account-linking.html
+++ b/html/account-linking.html
@@ -0,0 +1,52 @@
+{{ if .discordEnabled }}
+<div id="modal-discord" class="modal">
+    <div class="card relative mx-auto my-[10%] w-4/5 lg:w-1/3">
+        <span class="heading mb-4">{{ .strings.linkDiscord }}</span>
+        <p class="content mb-4"> {{ .discordSendPINMessage }}</p>
+        <h1 class="text-center text-2xl mb-2 pin"></h1>
+        <div class="row center">
+            <a class="my-5 hover:underline">
+                <span class="mr-2">{{ .strings.joinTheServer }}</span>
+                <span id="discord-invite"></span>
+            </a>
+        </div>
+        <span class="button ~info @low full-width center mt-4" id="discord-waiting">{{ .strings.success }}</span>
+    </div>
+</div>
+{{ end }}
+{{ if .telegramEnabled }}
+<div id="modal-telegram" class="modal">
+    <div class="card relative mx-auto my-[10%] w-4/5 lg:w-1/3">
+        <span class="heading mb-4">{{ .strings.linkTelegram }}</span>
+        <p class="content mb-4">{{ .strings.sendPIN }}</p>
+        <p class="text-center text-2xl mb-2 pin"></p>
+        <a class="subheading link-center" href="{{ .telegramURL }}" target="_blank">
+            <span class="shield ~info mr-4">
+                <span class="icon">
+                    <i class="ri-telegram-line"></i>
+                </span>
+            </span>
+            &#64;{{ .telegramUsername }}
+        </a>
+        <span class="button ~info @low full-width center mt-4" id="telegram-waiting">{{ .strings.success }}</span>
+    </div>
+</div>
+{{ end }}
+{{ if .matrixEnabled }}
+<div id="modal-matrix" class="modal">
+    <div class="card relative mx-auto my-[10%] w-4/5 lg:w-1/3">
+        <span class="heading mb-4">{{ .strings.linkMatrix }}</span>
+        <p class="content mb-4"> {{ .strings.matrixEnterUser }}</p>
+        <input type="text" class="input ~neutral @high" placeholder="@user:riot.im" id="matrix-userid">
+        <div class="subheading link-center mt-4">
+            <span class="shield ~info mr-4">
+                <span class="icon">
+                    <i class="ri-chat-3-line"></i>
+                </span>
+            </span>
+            {{ .matrixUser }}
+        </div>
+        <span class="button ~info @low full-width center mt-4" id="matrix-send">{{ .strings.submit }}</span>
+    </div>
+</div>
+{{ end }}
--- a/html/admin.html
+++ b/html/admin.html
--- a/html/crash.html
+++ b/html/crash.html
@@ -0,0 +1,46 @@
+<!doctype html>
+<html lang="en">
+    <head>
+        <!--- This CSS is inlined so we should keep this here! -->
+        <link inline rel="stylesheet" type="text/css" href="web/css/v3bundle.css">
+        {{ template "header.html" . }}
+        <title>Crash report</title>
+    </head>
+    <body>
+        <div class="page-container m-2 lg:my-20 lg:mx-64">
+            <div class="card ~critical sectioned">
+                <section class="section ~critical">
+                    <span class="heading">Crash report for jfa-go</span>
+                    {{ if .Err }}
+                    <div class="font-mono bg-inherit pre-line mt-4 mb-4">
+                    Error: {{ .Err }}
+                    </div>
+                    {{ end }}
+                    <a class="button ~critical mb-4" target="_blank" href="https://github.com/hrfee/jfa-go/issues/new/choose">Create an Issue</a>
+                </section>
+                <section class="section ~neutral @low">
+                    <div class="flex flex-row justify-between">
+                        <span class="subheading">Full Log</span>
+                        <span class="button ~urge ml-4" id="copy-log">Copy</span>
+                    </div>
+                    <div class="row mb-4">
+                        <label class="col mr-4">
+                            <span class="button ~neutral @high supra full-width center" id="button-log-normal">Normal</span>
+                        </label>
+                        <label class="col mr-4">
+                            <span class="button ~neutral @low supra full-width center" id="button-log-sanitized">Sanitized</span>
+                        </label>
+                    </div>
+                    <div id="log-normal">
+                        <pre class="font-mono bg-inherit pre-line">{{ .Log }}</pre>
+                    </div>
+                    <div id="log-sanitized" class="unfocused">
+                        <p class="subheading">An attempt has been made to remove sensitive info, but make sure to check yourself.</p>
+                        <pre class="font-mono bg-inherit pre-line">{{ .SanitizedLog }}</pre>
+                    </div>
+                </section>
+            </div>
+        </div>
+        <script inline src="web/js/crash.js"></script>
+    </body>
+</html>
--- a/html/create-success.html
+++ b/html/create-success.html
@@ -1,16 +1,15 @@
 <!DOCTYPE html>
 <html lang="en" class="{{ .cssClass }}">
    <head>
-        <link rel="stylesheet" type="text/css" href="css/bundle.css">
        {{ template "header.html" . }}
-        <title>{{ .strings.successHeader }} -  jfa-go</title>
+        <title>{{ .strings.successHeader }} - jfa-go</title>
    </head>
    <body class="section">
-        <div class="page-container">
-            <div class="card ~neutral !normal mb-1">
-                <span class="heading mb-1">{{ .strings.successHeader }}</span>
-                <p class="content mb-1">{{ .successMessage }}</p>
-                <a class="button ~urge !normal full-width center supra submit" href="{{ .jfLink }}" id="create-success-button">{{ .strings.successContinueButton }}</a>
+        <div class="page-container m-2 lg:my-20 lg:mx-64">
+            <div class="card ~neutral @low mb-4">
+                <span class="heading mb-4">{{ .strings.successHeader }}</span>
+                <p class="content my-4">{{ .successMessage }}</p>
+                <a class="button ~urge @high full-width center supra submit" href="{{ .jfLink }}" id="create-success-button">{{ .strings.continue }}</a>
            </div>
            <i class="content">{{ .contactMessage }}</i>
        </div>
--- a/html/form-base.html
+++ b/html/form-base.html
@@ -3,7 +3,6 @@
    window.usernameEnabled = {{ .username }};
    window.validationStrings = JSON.parse({{ .validationStrings }});
    window.invalidPassword = "{{ .strings.reEnterPasswordInvalid }}";
-    window.URLBase = "{{ .urlBase }}";
    window.code = "{{ .code }}";
    window.language = "{{ .langName }}";
    window.messages = JSON.parse({{ .notifications }});
@@ -14,9 +13,44 @@
    window.userExpiryHours = {{ .userExpiryHours }};
    window.userExpiryMinutes = {{ .userExpiryMinutes }};
    window.userExpiryMessage = {{ .userExpiryMessage }};
-    window.telegramEnabled = {{ .telegramEnabled }};
    window.telegramRequired = {{ .telegramRequired }};
    window.telegramPIN = "{{ .telegramPIN }}";
+    window.emailRequired = {{ .emailRequired }};
+    window.discordRequired = {{ .discordRequired }};
+    window.discordPIN = "{{ .discordPIN }}";
+    window.discordInviteLink = {{ .discordInviteLink }};
+    window.discordServerName = "{{ .discordServerName }}";
+    window.matrixRequired = {{ .matrixRequired }};
+    window.matrixUserID = "{{ .matrixUser }}";
+    window.captcha = {{ .captcha }};
+    window.reCAPTCHA = {{ .reCAPTCHA }};
+    window.reCAPTCHASiteKey = "{{ .reCAPTCHASiteKey }}";
+    window.userPageEnabled = {{ .userPageEnabled }};
+    window.userPageAddress = "{{ .userPageAddress }}";
+    {{ if index . "customSuccessCard" }}
+        window.customSuccessCard = {{ .customSuccessCard }};
+    {{ else }}
+        window.customSuccessCard = false;
+    {{ end }}
 </script>
+{{ if .passwordReset }}
+<script src="js/pwr.js" type="module"></script>
+<script>
+    window.pwrPIN = "{{ .pwrPIN }}";
+</script>
+{{ else }}
 <script src="js/form.js" type="module"></script>
 {{ end }}
+{{ if .reCAPTCHA }}
+<script>
+    var reCAPTCHACallback = () => {
+        const el = document.getElementsByClassName("g-recaptcha")[0];
+        grecaptcha.render(el, {
+            "sitekey": window.reCAPTCHASiteKey,
+            "theme": document.documentElement.classList.contains("dark") ? "dark" : "light"
+        });
+    }
+</script>
+<script src="https://www.google.com/recaptcha/api.js?onload=reCAPTCHACallback&render=explicit" async defer></script>
+{{ end }}
+{{ end }}
--- a/html/form.html
+++ b/html/form.html
@@ -1,97 +1,130 @@
 <!DOCTYPE html>
 <html lang="en" class="{{ .cssClass }}">
    <head>
-        <link rel="stylesheet" type="text/css" href="css/bundle.css">
        {{ template "header.html" . }}
+        {{ if .passwordReset }}
+        <title>{{ .strings.passwordReset }}</title>
+        {{ else }}
        <title>{{ .strings.pageTitle }}</title>
+        {{ end }}
+        <script>
+            window.redirectToJellyfin = {{ .redirectToJellyfin }};
+        </script>
    </head>
    <body class="max-w-full overflow-x-hidden section">
        <div id="modal-success" class="modal">
-            <div class="modal-content card">
-                <span class="heading mb-1">{{ .strings.successHeader }}</span>
-                <p class="content mb-1">{{ .successMessage }}</p>
-                <a class="button ~urge !normal full-width center supra submit" href="{{ .jfLink }}" id="create-success-button">{{ .strings.successContinueButton }}</a>
-            </div>
+            {{ if .customSuccessCard }}
+                <div class="card @low dark:~d_neutral content break-words relative mx-auto my-[10%] w-4/5 lg:w-1/3">
+                    {{ .customSuccessCardContent }}
+                    <a class="button ~urge @low full-width center supra submit my-2" href="{{ .jfLink }}" id="create-success-button">{{ .strings.continue }}</a>
+                </div>
+            {{ else }}
+                <div class="card relative mx-auto my-[10%] w-4/5 lg:w-1/3">
+                    <span class="heading mb-4">{{ if .passwordReset }}{{ .strings.passwordReset }}{{ else }}{{ .strings.successHeader }}{{ end }}</span>
+                    <p class="content mb-4">{{ if .passwordReset }}{{ .strings.youCanLoginPassword }}{{ else }}{{ .successMessage }}{{ end }}</p>
+                    {{ if .userPageEnabled }}<p class="content mb-4" id="modal-success-user-page-area" my-account-term="{{ .strings.myAccount }}">{{ .strings.userPageSuccessMessage }}</p>{{ end }}
+                    <a class="button ~urge @low full-width center supra submit" href="{{ .jfLink }}" id="create-success-button">{{ .strings.continue }}</a>
+                </div>
+            {{ end }}
        </div>
        <div id="modal-confirmation" class="modal">
-            <div class="modal-content card">
-                <span class="heading mb-1">{{ .strings.confirmationRequired }}</span>
-                <p class="content mb-1">{{ .strings.confirmationRequiredMessage }}</p>
+            <div class="card relative mx-auto my-[10%] w-4/5 lg:w-1/3">
+                <span class="heading mb-4">{{ .strings.confirmationRequired }}</span>
+                <p class="content mb-4">{{ .strings.confirmationRequiredMessage }}</p>
            </div>
        </div>
-        {{ if .telegramEnabled }}
-        <div id="modal-telegram" class="modal">
-            <div class="modal-content card">
-                <span class="heading mb-1">{{ .strings.linkTelegram }}</span>
-                <p class="content mb-1">{{ .strings.sendPIN }}</p>
-                <h1 class="ac">{{ .telegramPIN }}</h1>
-                <a class="subheading link-center" href="{{ .telegramURL }}" target="_blank">
-                    <span class="shield ~info mr-1">
-                        <span class="icon">
-                            <i class="ri-telegram-line"></i>
-                        </span>
-                    </span>
-                    &#64;{{ .telegramUsername }}
-                </a>
-                <span class="button ~info !normal full-width center mt-1" id="telegram-waiting">{{ .strings.success }}</span>
-            </div>
-        </div>
-        {{ end }}
-        <span class="dropdown" tabindex="0" id="lang-dropdown">
-            <span class="button ~urge dropdown-button">
-                <i class="ri-global-line"></i>
-                <span class="ml-1 chev"></span>
-            </span>
-            <div class="dropdown-display">
-                <div class="card ~neutral !low" id="lang-list">
-                </div>
-            </div>
-        </span>
+        {{ template "account-linking.html" . }}
        <div id="notification-box"></div>
-        <div class="page-container">
-            <div class="card ~neutral !low">
-                <div class="row baseline">
-                    <span class="col heading">{{ .strings.createAccountHeader }}</span>
-                    <span class="col subheading"> {{ .helpMessage }}</span>
+        <div class="page-container m-2 lg:my-20 lg:mx-64 flex flex-col gap-4">
+            <div class="top-2 inset-x-2 lg:absolute flex flex-row justify-between">
+                {{ template "lang-select.html" . }}
+            </div>
+            <div class="card dark:~d_neutral @low">
+                <div class="flex flex-col md:flex-row gap-3 items-baseline mb-2">
+                    <span class="heading mr-5">
+                        {{ if .passwordReset }}
+                        {{ .strings.passwordReset }}
+                        {{ else }}
+                        {{ .strings.createAccountHeader }}
+                        {{ end }}
+                    </span>
+                    <span class="subheading">
+                        {{ if .passwordReset }}
+                            {{ .strings.enterYourPassword }}
+                        {{ else }}
+                            {{ .helpMessage }}
+                        {{ end }}
+                    </span>
                </div>
-                <div class="row">
-                    <div class="col">
+                <div class="flex flex-col md:flex-row gap-3">
+                    <div class="flex-1">
                        {{ if .userExpiry }}
                        <aside class="col aside sm ~warning" id="user-expiry-message"></aside>
                        {{ end }}
-                        <form class="card ~neutral !normal" id="form-create" href="">
+                        <form class="card dark:~d_neutral @low" id="form-create" href="">
+                            {{ if not .passwordReset }}
                            <label class="label supra">
                                {{ .strings.username }}
-                                <input type="text" class="input ~neutral !high mt-half mb-1" placeholder="{{ .strings.username }}" id="create-username" aria-label="{{ .strings.username }}">
+                                <input type="text" class="input ~neutral @high mt-2 mb-4" placeholder="{{ .strings.username }}" id="create-username" aria-label="{{ .strings.username }}">
                            </label>
-                            
+
                            <label class="label supra" for="create-email">{{ .strings.emailAddress }}</label>
-                            <input type="email" class="input ~neutral !high mt-half mb-1" placeholder="{{ .strings.emailAddress }}" id="create-email" aria-label="{{ .strings.emailAddress }}" value="{{ .email }}">
+                            <input type="email" class="input ~neutral @high mt-2 mb-4" placeholder="{{ .strings.emailAddress }}" id="create-email" aria-label="{{ .strings.emailAddress }}" value="{{ .email }}">
                            {{ if .telegramEnabled }}
-                            <span class="button ~info !normal full-width center mb-1" id="link-telegram">{{ .strings.linkTelegram }}</span>
+                            <span class="button ~info @low full-width center mb-4" id="link-telegram">{{ .strings.linkTelegram }} {{ if .telegramRequired }}({{ .strings.required }}){{ end }}</span>
+                            {{ end }}
+                            {{ if .discordEnabled }}
+                            <span class="button ~info @low full-width center mb-4" id="link-discord">{{ .strings.linkDiscord }} {{ if .discordRequired }}({{ .strings.required }}){{ end }}</span>
+                            {{ end }}
+                            {{ if .matrixEnabled }}
+                            <span class="button ~info @low full-width center mb-4" id="link-matrix">{{ .strings.linkMatrix }} {{ if .matrixRequired }}({{ .strings.required }}){{ end }}</span>
+                            {{ end }}
+                            {{ if or (.telegramEnabled) (or .discordEnabled .matrixEnabled) }}
                            <div id="contact-via" class="unfocused">
-                                <label class="row switch pb-1">
-                                    <input type="radio" name="contact-via" value="email"><span>Contact through Email</span>
+                                <label class="row switch pb-4 unfocused">
+                                    <input type="checkbox" name="contact-via" value="email" id="contact-via-email" class="mr-2"><span>Contact through Email</span>
                                </label>
-                                <label class="row switch pb-1">
-                                    <input type="radio" name="contact-via" value="telegram" id="contact-via-telegram"><span>Contact through Telegram</span>
+                                {{ if .telegramEnabled }}
+                                <label class="row switch pb-4 unfocused">
+                                    <input type="checkbox" name="contact-via" value="telegram" id="contact-via-telegram" class="mr-2"><span>Contact through Telegram</span>
                                </label>
+                                {{ end }}
+                                {{ if .discordEnabled }}
+                                <label class="row switch pb-4 unfocused">
+                                    <input type="checkbox" name="contact-via" value="discord" id="contact-via-discord" class="mr-2"><span>Contact through Discord</span>
+                                </label>
+                                {{ end }}
+                                {{ if .matrixEnabled }}
+                                <label class="row switch pb-4 unfocused">
+                                    <input type="checkbox" name="contact-via" value="matrix" id="contact-via-matrix" class="mr-2"><span>Contact through Matrix</span>
+                                </label>
+                                {{ end }}
                            </div>
                            {{ end }}
+                            {{ end }}
                            <label class="label supra" for="create-password">{{ .strings.password }}</label>
-                            <input type="password" class="input ~neutral !high mt-half mb-1" placeholder="{{ .strings.password }}" id="create-password" aria-label="{{ .strings.password }}">
-                            
+                            <input type="password" class="input ~neutral @high mt-2 mb-4" placeholder="{{ .strings.password }}" id="create-password" aria-label="{{ .strings.password }}">
+
                            <label class="label supra" for="create-reenter-password">{{ .strings.reEnterPassword }}</label>
-                            <input type="password" class="input ~neutral !high mt-half mb-1" placeholder="{{ .strings.password }}" id="create-reenter-password" aria-label="{{ .strings.reEnterPassword }}">
+                            <input type="password" class="input ~neutral @high mt-2 mb-4" placeholder="{{ .strings.password }}" id="create-reenter-password" aria-label="{{ .strings.reEnterPassword }}">
                            <label>
                                <input type="submit" class="unfocused">
-                                <span class="button ~urge !normal full-width center supra submit">{{ .strings.createAccountButton }}</span>
+                                <span class="button ~urge @low full-width center supra submit">
+                                    {{ if .passwordReset }}
+                                    {{ .strings.reset }}
+                                    {{ else }}
+                                    {{ .strings.createAccountButton }}
+                                    {{ end }}
+                                </span>
                            </label>
                        </form>
                    </div>
-                    <div class="col">
-                        <div class="card ~neutral !normal">
-                            <span class="label supra" for="inv-uses">{{ .strings.passwordRequirementsHeader }}</span>
+                    <div class="flex-initial">
+                        {{ if .fromUser }}
+                            <aside class="col aside sm ~positive mb-4" id="invite-from-user" data-from="{{ .fromUser }}">{{ .strings.invitedBy }}</aside>
+                        {{ end }}
+                        <div class="card ~neutral @low mb-4">
+                            <span class="label supra">{{ .strings.passwordRequirementsHeader }}</span>
                            <ul>
                                {{ range $key, $value := .requirements }}
                                <li class="" id="requirement-{{ $key }}" min="{{ $value }}">
@@ -100,8 +133,17 @@
                                {{ end }}
                            </ul>
                        </div>
+                        {{ if .captcha }}
+                        <div class="card ~neutral @low mb-4">
+                            <span class="label supra mb-2">CAPTCHA {{ if not .reCAPTCHA }}<span id="captcha-regen" title="{{ .strings.refresh }}" class="badge lg @low ~info ml-2 float-right"><i class="ri-refresh-line"></i></span><span id="captcha-success" class="badge lg @low ~critical ml-2 float-right"><i class="ri-close-line"></i></span>{{ end }}</span>
+                            <div id="captcha-img" class="mt-2 mb-2 {{ if .reCAPTCHA }}g-recaptcha{{ end }}"></div>
+                            {{ if not .reCAPTCHA }}
+                            <input class="field ~neutral @low" id="captcha-input" class="mt-2" placeholder="CAPTCHA">
+                            {{ end }}
+                        </div>
+                        {{ end }}
                        {{ if .contactMessage }}
-                        <aside class="col aside sm ~info">{{ .contactMessage }}</aside>
+                            <aside class="col aside sm ~info mt-4">{{ .contactMessage }}</aside>
                        {{ end }}
                    </div>
                </div>
@@ -110,4 +152,3 @@
        {{ template "form-base" . }}
    </body>
 </html>
-
--- a/html/header.html
+++ b/html/header.html
@@ -1,12 +1,32 @@
-<meta charset="utf-8">
+<link rel="stylesheet" type="text/css" href="{{ .pages.Base }}/css/{{ .cssVersion }}bundle.css">
+<meta charset="UTF-8"/>
 <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 <meta name="Description" content="jfa-go, a better way to manage Jellyfin users.">
 <meta name="color-scheme" content="dark light">
+<meta name="robots" content="noindex">

-<link rel="apple-touch-icon" sizes="180x180" href="{{ .urlBase }}/apple-touch-icon.png">
-<link rel="icon" type="image/png" sizes="32x32" href="{{ .urlBase }}/favicon-32x32.png">
-<link rel="icon" type="image/png" sizes="16x16" href="{{ .urlBase }}/favicon-16x16.png">
-<link rel="manifest" href="{{ .urlBase }}/site.webmanifest">
-<link rel="mask-icon" href="{{ .urlBase }}/safari-pinned-tab.svg" color="#5bbad5">
+<link rel="apple-touch-icon" sizes="180x180" href="{{ .pages.Base }}/apple-touch-icon.png">
+<link rel="icon" type="image/png" sizes="32x32" href="{{ .pages.Base }}/favicon-32x32.png">
+<link rel="icon" type="image/png" sizes="16x16" href="{{ .pages.Base }}/favicon-16x16.png">
+<link rel="manifest" href="{{ .pages.Base }}/site.webmanifest">
+<link rel="mask-icon" href="{{ .pages.Base }}/safari-pinned-tab.svg" color="#5bbad5">
 <meta name="msapplication-TileColor" content="#603cba">
 <meta name="theme-color" content="#ffffff">
+<script>
+    window.pages = {
+        "Base": "{{ .pages.Base }}",
+        "Current": "{{ .pages.Current }}",
+        "Admin": "{{ .pages.Admin }}",
+        "MyAccount": "{{ .pages.MyAccount }}",
+        "Form": "{{ .pages.Form }}"
+    };
+    window.emailEnabled = {{ .emailEnabled }};
+    window.discordEnabled = {{ .discordEnabled }};
+    window.telegramEnabled = {{ .telegramEnabled }};
+    window.matrixEnabled = {{ .matrixEnabled }};
+    window.notificationsEnabled = {{ .notifications }};
+    window.ombiEnabled = {{ .ombiEnabled }};
+    window.jellyseerrEnabled = {{ .jellyseerrEnabled }};
+    window.referralsEnabled = {{ .referralsEnabled }};
+    window.pwrEnabled = {{ .pwrEnabled }};
+</script>
--- a/html/invalidCode.html
+++ b/html/invalidCode.html
@@ -1,17 +1,18 @@
 <!DOCTYPE html>
 <html lang="en" class="{{ .cssClass }}">
    <head>
-        <link rel="stylesheet" type="text/css" href="css/bundle.css">
        {{ template "header.html" . }}
        <title>Invalid Code - jfa-go</title>
    </head>
    <body class="section">
-        <div class="page-container">
-            <h1 class="heading">Invalid invite code.</h1>
-            <p class="content">The code above was either incorrect, or has expired.</p>
-            <p class="content">
-            {{ .contactMessage }}
-            </p>
+        <div class="page-container m-2 lg:my-20 lg:mx-64">
+            <div class="card">
+                <h1 class="text-3xl font-semibold">Invalid invite code.</h1>
+                <p class="content">The code above was either incorrect, or has expired.</p>
+                <p class="content">
+                    {{ .contactMessage }}
+                </p>
+            </div>
        </div>
    </body>
 </html>                            
--- a/html/lang-select.html
+++ b/html/lang-select.html
@@ -0,0 +1,19 @@
+<span class="dropdown z-[11]" tabindex="0" id="lang-dropdown">
+    <span class="button ~urge dropdown-button">
+        <i class="ri-global-line"></i>
+        <span class="ml-2 chev"></span>
+    </span>
+    <div class="dropdown-display">
+        <div class="card ~neutral @low flex flex-col gap-2">
+            <label class="switch">
+                <input type="radio" name="lang-time" id="lang-12h">
+                <span>{{ .strings.time12h }}</span>
+            </label>
+            <label class="switch">
+                <input type="radio" name="lang-time" id="lang-24h">
+                <span>{{ .strings.time24h }}</span>
+            </label>
+            <div id="lang-list"></div>
+        </div>
+    </div>
+</span>
--- a/html/login-modal.html
+++ b/html/login-modal.html
@@ -0,0 +1,37 @@
+<span class="lg:w-[55%]"></span> <!-- the if statement around the 55% width below messes up tailwind, so we force include it here --!>
+<div id="modal-login" class="modal">
+    <div class="my-[10%] row items-stretch relative mx-auto w-11/12 sm:w-4/5 lg:w-1/2">
+        {{ $hasTwoCards := 0 }}
+        {{ if index . "LoginMessageEnabled" }}
+            {{ if .LoginMessageEnabled }}
+                {{ $hasTwoCards = 1 }}
+                <div class="card mx-2 flex-initial w-full lg:w-[35%] mb-4 lg:mb-0 dark:~d_neutral @low content">
+                    {{ .LoginMessageContent }}
+                </div>
+            {{ end }}
+        {{ end }}
+        {{ if index . "userPageEnabled" }}
+            {{ if and .userPageEnabled .showUserPageLink }}
+                {{ $hasTwoCards = 1 }}
+                <div class="card mx-2 flex-initial w-full lg:w-[35%] mb-4 lg:mb-0 dark:~d_neutral @low content">
+                    <span class="heading row">{{ .strings.loginNotAdmin }}</span>
+                    <a class="button ~info h-12 w-full" href="{{ .pages.Base }}{{ .pages.MyAccount }}"><i class="ri-account-circle-fill mr-2"></i>{{ .strings.myAccount }}</a>
+                </div>
+            {{ end }}
+        {{ end }}
+        <form class="card mx-2 form-login w-full {{ if eq $hasTwoCards 1 }}lg:w-[55%]{{ end }} mb-0" href=""> 
+            <span class="heading">{{ .strings.login }}</span>
+            <input type="text" class="field input ~neutral @high mt-4 mb-2" placeholder="{{ .strings.username }}" id="login-user">
+            <input type="password" class="field input ~neutral @high mb-4" placeholder="{{ .strings.password }}" id="login-password">
+            <label>
+                <input type="submit" class="unfocused">
+                <span class="button ~urge @low full-width center supra submit">{{ .strings.login }}</span>
+                {{ if index . "pwrEnabled" }}
+                    {{ if .pwrEnabled }}
+                        <span class="button ~info @low full-width center supra submit my-2" id="modal-login-pwr">{{ .strings.resetPassword }}</span>
+                    {{ end }}
+                {{ end }}
+            </label>
+        </form>
+    </div>
+</div>
--- a/html/password-reset.html
+++ b/html/password-reset.html
@@ -1,7 +1,6 @@
 <!DOCTYPE html>
 <html lang="en" class="{{ .cssClass }}">
    <head>
-        <link rel="stylesheet" type="text/css" href="css/bundle.css">
        {{ template "header.html" . }}
        <title>{{ .strings.passwordReset }} -  jfa-go</title>
    </head>
@@ -11,16 +10,16 @@
            <span id="copy-notification" class="unfocused">{{ .strings.copied }}</span>
        </div>
        {{ end }}
-        <div class="page-container">
-            <div class="card ~neutral !normal mb-1">
-                <span class="heading mb-1">
+        <div class="page-container m-2 lg:my-20 lg:mx-64">
+            <div class="card ~neutral @low mb-4">
+                <span class="heading mb-4">
                {{ if .success }}
                {{ .strings.passwordReset }}
                {{ else }}
                {{ .strings.resetFailed }}
                {{ end }}
                </span>
-                <p class="content mb-1">
+                <p class="content mb-4">
                {{ if .success }}
                {{ if .ombiEnabled }}
                {{ .strings.youCanLoginOmbi }}
@@ -35,11 +34,11 @@
                <aside class="aside ~warning">
                    {{ .strings.changeYourPassword }}
                </aside>
-                <span class="button ~urge !normal full-width center supra p-1 mt-1" id="pin" title="{{ .strings.copy }}">{{ .pin }}</span>
+                <span class="button ~urge @low w-full text-center text-xl p-1 mt-4" id="pin" title="{{ .strings.copy }}">{{ .pin }}</span>
                {{ end }}
            </div>
            <i class="content">{{ .contactMessage }}</i>
        </div>
-        <script src="{{ .urlBase }}/js/pwr.js" type="module"></script>
+        <script src="{{ .pages.Base }}/js/pwr-pin.js" type="module"></script>
    </body>
 </html>                            
--- a/html/setup.html
+++ b/html/setup.html
@@ -1,477 +1,568 @@
 <!DOCTYPE html>
-<html lang="en" class="light-theme">
+<html lang="en" class="light">
    <head>
-        <link rel="stylesheet" type="text/css" href="css/bundle.css">
        {{ template "header.html" . }}
        <title>{{ .lang.Strings.pageTitle }}</title>
    </head>
    <body class="max-w-full overflow-x-hidden section">
        <div id="notification-box"></div>
-        <span class="dropdown" tabindex="0" id="lang-dropdown">
-            <span class="button ~urge dropdown-button">
-                <i class="ri-global-line"></i>
-                <span class="ml-1 chev"></span>
-            </span>
-            <div class="dropdown-display">
-                <div class="card ~neutral !low" id="lang-list">
+        <div class="page-container m-2 lg:my-20 lg:mx-64 flex flex-col gap-4 items-center">
+            <div class="top-2 inset-x-2 lg:absolute flex flex-row justify-between">
+                <div class="flex flex-row gap-2">
+                    {{ template "lang-select.html" . }}
                </div>
-            </div>
-        </span>
-        <div class="page-container" id="page-container">
-            <div class="card ~neutral !low mb-1">
-                <div class="row">
-                    <img class="banner header" src="banner.svg" alt="jfa-go" />
-                </div>
-                <div class="row col flex center">
-                    <span class="heading welcome">{{ .lang.StartPage.welcome }}</span>
-                </div>
-                <div class="row col flex center">
-                    <p class="content">{{ .lang.StartPage.pressStart }}</p>
-                </div>
-                <section class="section ~neutral banner footer flex-expand middle">
+                <span class="button ~warning" alt="{{ .strings.theme }}" id="button-theme"><i class="ri-sun-line"></i></span>
+            </div>    
+            <div class="card lg:container sectioned ~neutral @low flex flex-col gap-4 justify-between items-center">
+                <img class="w-[105%] max-w-none" src="banner.svg" alt="jfa-go" />
+                <span class="heading welcome">{{ .lang.StartPage.welcome }}</span>
+                <p class="content text-center">{{ .lang.StartPage.pressStart }}</p>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
                    <span class="support">{{ .lang.StartPage.httpsNotice }}</span>
-                    <span class="button ~urge !normal next">{{ .lang.StartPage.start }}</span>
+                    <span class="button ~urge @low next">{{ .lang.StartPage.start }}</span>
                </section>
            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.Language.title }}</span>
-                <p class="content" id="language-description"></p>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Language.defaultAdminLang }}</span>
-                    <div class="select ~neutral !normal mt-half mb-1">
-                        <select id="ui-language-admin">
-                        </select>
-                    </div>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Language.defaultFormLang }}</span>
-                    <div class="select ~neutral !normal mt-half mb-1">
-                        <select id="ui-language-form">
-                        </select>
-                    </div>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Language.defaultEmailLang }}</span>
-                    <div class="select ~neutral !normal mt-half mb-1">
-                        <select id="email-language">
-                        </select>
-                    </div>
-                </label>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
-                    <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.Language.title }}</span>
+                    <p class="content" id="language-description"></p>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Language.defaultAdminLang }}</span>
+                        <div class="select ~neutral @low">
+                            <select id="ui-language-admin">
+                            </select>
+                        </div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Language.defaultFormLang }}</span>
+                        <div class="select ~neutral @low">
+                            <select id="ui-language-form">
+                            </select>
+                        </div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Language.defaultEmailLang }}</span>
+                        <div class="select ~neutral @low">
+                            <select id="email-language">
+                            </select>
+                        </div>
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
+                    <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
                </section>
            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.General.title }}</span>
-                <div class="row">
-                    <div class="col">
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.General.listenAddress }}</span>
-                            <input type="url" class="input ~neutral !normal mt-half mb-1" id="ui-host" value="0.0.0.0">
-                        </label>
-                        <label class="row switch">
-                            <input type="checkbox" id="advanced-tls"><span>{{ .lang.General.useHTTPS }}</span>
-                        </label>
-                        <p class="support mb-1">{{ .lang.General.useHTTPSNotice }}</p>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.General.pathToCertificate }}</span>
-                            <input type="text" class="input ~neutral !normal mt-half mb-1" id="advanced-tls_cert">
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.General.pathToKeyFile }}</span>
-                            <input type="text" class="input ~neutral !normal mt-half mb-1" id="advanced-tls_key">
-                        </label>
-                        <span class="heading">{{ .lang.Updates.title }}</span>
-                        <p class="content" id="updates-description"></p>
-                        <label class="row switch pb-1">
-                            <input type="checkbox" id="updates-enabled" checked><span>{{ .lang.Strings.enabled }}</span>
-                        </label>
-                        <label class="label">
-                            <span>{{ .lang.Updates.updateChannel }}</span>
-                            <div class="select ~neutral !normal mt-half mb-1">
-                                <select id="updates-channel">
-                                    <option value="stable">{{ .lang.Updates.stable }}</option>
-                                    <option value="unstable">{{ .lang.Updates.unstable }}</option>
-                                </select>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.General.title }}</span>
+                    <div class="flex flex-row gap-2 justify-between">
+                        <div class="flex flex-col gap-2">
+                            <div class="flex flex-row gap-2 justify-between">
+                                <label class="label flex flex-col gap-2 grow">
+                                    <span>{{ .lang.General.listenAddress }}</span>
+                                    <input type="url" class="input ~neutral @low" id="ui-host" value="0.0.0.0">
+                                </label>
+                                <label class="label flex flex-col gap-2">
+                                    <span>{{ .lang.Strings.port }}</span>
+                                    <input type="number" class="input ~neutral @low" id="ui-port" value="8056">
+                                </label>
                            </div>
-                        </label>
-                    </div>
-                    <div class="col">
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.Strings.port }}</span>
-                            <input type="number" class="input ~neutral !normal mt-half mb-1" id="ui-port" value="8056">
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.General.httpsPort }}</span>
-                            <input type="number" class="input ~neutral !normal mt-half mb-1" id="advanced-tls_port" value="8057">
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.General.urlBase }} ({{ .lang.Strings.optional }})</span>
-                            <input type="url" class="input ~neutral !normal mt-half" id="ui-url_base">
-                            <p class="support mb-1">{{ .lang.General.urlBaseNotice }}</p>
-                        </label>
-                        <label class="label">
-                            <span>{{ .lang.Strings.theme }}</span>
-                            <div class="select ~neutral !normal mt-half mb-1">
-                                <select id="ui-theme">
-                                    <option value="Jellyfin (Dark)">{{ .lang.General.darkTheme }}</option>
-                                    <option value="Default (Light)">{{ .lang.General.lightTheme }}</option>
-                                </select>
-                            </div>
-                        </label>
-                    </div>
-                </div>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
-                    <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
-                </section>
-            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.Login.title }}</span>
-                <p class="content">{{ .lang.Login.description }}</p>
-                <div class="pl-1">
-                    <label class="row switch pb-1">
-                        <input type="radio" name="ui-jellyfin_login" value="true" checked><span>{{ .lang.Login.authorizeWithJellyfin }}</span>
-                    </label>
-                    <label class="row switch pl-1 pb-1">
-                        <input type="checkbox" id="ui-admin_only"><span>{{ .lang.Login.adminOnly }}</span>
-                    </label>
-                    <label class="row switch pb-1">
-                        <input type="radio" name="ui-jellyfin_login" value="false"><span>{{ .lang.Login.authorizeManual }}</span>
-                    </label>
-                </div>
-                <div id="login-manual">
-                    <label class="label">
-                        <span class="mt-half">{{ .lang.Strings.username }}</span>
-                        <input type="text" id="ui-username" class="input ~neutral !normal mt-half mb-1" placeholder="{{ .lang.Strings.username }}">
-                    </label>
-                    <label class="label">
-                        <span>{{ .lang.Strings.password }}</span>
-                        <input type="password" id="ui-password" class="input ~neutral !normal mt-half mb-1" placeholder="{{ .lang.Strings.password }}">
-                    </label>
-                    <label class="label">
-                        <span>{{ .lang.Strings.emailAddress }} ({{ .lang.Strings.optional }})</span>
-                        <input type="email" id="ui-email" class="input ~neutral !normal mt-half" placeholder="email@address">
-                        <span class="support mb-1">{{ .lang.Login.emailNotice }}</span>
-                    </label>
-                </div>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
-                    <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
-                </section>
-            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.JellyfinEmby.title }}</span>
-                <p class="content">{{ .lang.JellyfinEmby.description }}</p>
-                <div class="row">
-                    <div class="col">
-                        <label class="label">
-                            <span>{{ .lang.Strings.serverType }}</span>
-                            <div class="select ~neutral !normal mt-half">
-                                <select id="jellyfin-type">
-                                    <option value="jellyfin">Jellyfin</option>
-                                    <option value="emby">Emby</option>
-                                </select>
-                            </div>
-                            <p class="support mb-1">{{ .lang.JellyfinEmby.embyNotice }}</p>
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.JellyfinEmby.replaceJellyfin }} ({{ .lang.Strings.optional }})</span>
-                            <input type="text" class="input ~neutral !normal mt-half" id="jellyfin-substitute_jellyfin_strings">
-                            <p class="support mb-1">{{ .lang.JellyfinEmby.replaceJellyfinNotice }}</p>
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.Strings.username }}</span>
-                            <input type="text" id="jellyfin-username" class="input ~neutral !normal mt-half mb-1" placeholder="{{ .lang.Strings.username }}">
-                        </label>
-                        <label class="label">
-                            <span>{{ .lang.Strings.password }}</span>
-                            <input type="password" id="jellyfin-password" class="input ~neutral !normal mt-half mb-1" placeholder="{{ .lang.Strings.password }}">
-                        </label>
-                    </div>
-                    <div class="col">
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.Strings.serverAddress }} ({{ .lang.JellyfinEmby.internal }})</span>
-                            <input type="url" class="input ~neutral !normal mt-half mb-1" id="jellyfin-server" placeholder="http://jellyf.in:80">
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.Strings.serverAddress }} ({{ .lang.JellyfinEmby.external }})</span>
-                            <input type="url" class="input ~neutral !normal mt-half" id="jellyfin-public_server" placeholder="https://jellyf.in">
-                            <p class="support mb-1">{{ .lang.JellyfinEmby.addressExternalNotice }}</p>
-                        </label>
-                    </div>
-                </div>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
-                    <div>
-                        <span class="button ~urge !normal" id="jellyfin-test-connection">{{ .lang.JellyfinEmby.testConnection }}</span>
-                        <span class="button ~urge !normal next" disabled>{{ .lang.Strings.next }}</span>
-                    </div>
-                </section>
-            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.Ombi.title }}</span>
-                <p class="content">{{ .lang.Ombi.description }}</p>
-                <label class="row switch pb-1">
-                    <input type="checkbox" id="ombi-enabled"><span>{{ .lang.Strings.enabled }}</span>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Strings.serverAddress }}</span>
-                    <input type="url" class="input ~neutral !normal mt-half mb-1" id="ombi-server" placeholder="ombi.jellyf.in">
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Strings.apiKey }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half" id="ombi-api_key">
-                    <p class="support mb-1">{{ .lang.Ombi.apiKeyNotice }}</p>
-                </label>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
-                    <div>
-                        <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
-                    </div>
-                </section>
-            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.Email.title }}</span>
-                <p class="content" id="email-description"></p>
-                <div class="row">
-                    <div class="col">
-                        <label class="label">
-                            <span>{{ .lang.Email.method }}</span>
-                            <div class="select ~neutral !normal mt-half mb-1">
-                                <select id="email-method">
-                                    <option value="">{{ .lang.Strings.disabled }}</option>
-                                    <option value="smtp">SMTP</option>
-                                    <option value="mailgun">Mailgun</option>
-                                </select>
-                            </div>
-                        </label>
-                        <label class="row switch">
-                            <input type="checkbox" id="email-no_username"><span>{{ .lang.Email.useEmailAsUsername }}</span>
-                            <p class="support mb-1">{{ .lang.Email.useEmailAsUsernameNotice }}</p>
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.Email.fromAddress }}</span>
-                            <input type="email" class="input ~neutral !normal mt-half mb-1" id="email-address" placeholder="mail@jellyf.in">
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.Email.senderName }}</span>
-                            <input type="text" class="input ~neutral !normal mt-half mb-1" id="email-from" value="Jellyfin">
-                        </label>
-                        <label class="label">
-                            <span class="mt-half">{{ .lang.Email.dateFormat }}</span>
-                            <input type="text" class="input ~neutral !normal mt-half" id="email-date_format" value="%d/%m/%y">
-                            <p class="support mb-1" id="email-dateformat-notice"></p>
-                        </label>
-                        <div>
-                            <label class="row switch pb-1">
-                                <input type="radio" name="email-24h" value="true" checked><span>{{ .lang.Strings.time24h }}</span>
+                            <label class="label flex flex-col gap-2">
+                                <div class="switch"><input type="checkbox" id="advanced-tls"><span>{{ .lang.General.useHTTPS }}</span></div>
+                                <p class="support">{{ .lang.General.useHTTPSNotice }}</p>
                            </label>
-                            <label class="row switch pb-1">
-                                <input type="radio" name="email-24h" value="false"><span>{{ .lang.Strings.time12h }}</span>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.General.pathToCertificate }}</span>
+                                <input type="text" class="input ~neutral @low" id="advanced-tls_cert">
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.General.pathToKeyFile }}</span>
+                                <input type="text" class="input ~neutral @low" id="advanced-tls_key">
+                            </label>
+                            <span class="heading">{{ .lang.Updates.title }}</span>
+                            <p class="content" id="updates-description"></p>
+                            <label class="label flex flex-col gap-2">
+                                <div class="switch"><input type="checkbox" id="updates-enabled" checked><span>{{ .lang.Strings.enabled }}</span></div>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Updates.updateChannel }}</span>
+                                <div class="select ~neutral @low">
+                                    <select id="updates-channel">
+                                        <option value="stable">{{ .lang.Updates.stable }}</option>
+                                        <option value="unstable">{{ .lang.Updates.unstable }}</option>
+                                    </select>
+                                </div>
+                            </label>
+                        </div>
+                        <div class="flex flex-col gap-2">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.General.httpsPort }}</span>
+                                <input type="number" class="input ~neutral @low" id="advanced-tls_port" value="8057">
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.General.urlBase }} ({{ .lang.Strings.optional }})</span>
+                                <input type="text" class="input ~neutral @low" id="ui-url_base" placeholder="/mysubfolder">
+                                <p class="support">{{ .lang.General.urlBaseNotice }}</p>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.General.externalURL }}</span>
+                                <input type="text" class="input ~neutral @low" id="ui-jfa_url" placeholder="https://jellyf.in/mysubfolder">
+                                <p class="support">{{ .lang.General.externalURLNotice }}</p>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.theme }}</span>
+                                <div class="select ~neutral @low">
+                                    <select id="ui-theme">
+                                        <option value="Jellyfin (Dark)">{{ .lang.General.darkTheme }}</option>
+                                        <option value="Default (Light)">{{ .lang.General.lightTheme }}</option>
+                                    </select>
+                                </div>
+                            </label>
+                            <span class="heading">{{ .lang.Proxy.title }}</span>
+                            <p class="content" id="proxy-description">{{ .lang.Proxy.description }}</p>
+                            <label class="label flex flex-col gap-2">
+                                <div class="switch"><input type="checkbox" id="advanced-proxy"><span>{{ .lang.Strings.enabled }}</span></div>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Proxy.protocol }}</span>
+                                <div class="select ~neutral @low">
+                                    <select id="advanced-proxy_protocol">
+                                        <option value="http">HTTP</option>
+                                        <option value="socks">SOCKS5</option>
+                                    </select>
+                                </div>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Proxy.address }}</span>
+                                <input type="text" class="input ~neutral @low" id="advanced-proxy_address">
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.username }}</span>
+                                <input type="text" class="input ~neutral @low" id="advanced-proxy_user">
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.password }}</span>
+                                <input type="text" class="input ~neutral @low" id="advanced-proxy_password">
                            </label>
                        </div>
                    </div>
-                    <div class="col">
-                        <div id="email-smtp">
-                            <p class="subheading">SMTP</p>
-                            <label class="label">
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
+                    <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
+                </section>
+            </div>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.Login.title }}</span>
+                    <p class="content">{{ .lang.Login.description }}</p>
+                    <div class="flex flex-col gap-2">
+                        <label class="label flex flex-col gap-2">
+                            <div class="switch"><input type="radio" name="ui-jellyfin_login" value="true" checked><span>{{ .lang.Login.authorizeWithJellyfin }}</span></div>
+                        </label>
+                        <div class="pl-4 flex flex-col gap-2">
+                            <label class="label flex flex-col gap-2">
+                                <div class="switch"><input type="checkbox" id="ui-admin_only" checked><span>{{ .lang.Login.adminOnly }}</span></div>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <div class="switch"><input type="checkbox" id="ui-allow_all"><span>{{ .lang.Login.allowAll }}</span></div>
+                                <p class="support" id="description-ui-allow_all">{{ .lang.Login.allowAllDescription }}</p>
+                            </label>
+                        </div>
+                    </div>
+                    <div class="flex flex-col gap-2">
+                        <label class="label flex flex-col gap-2">
+                            <div class="switch"><input type="radio" name="ui-jellyfin_login" value="false"><span>{{ .lang.Login.authorizeManual }}</span></div>
+                        </label>
+                        <p class="support">{{ .lang.Login.authorizeManualUserPageNotice }}</p>
+                    </div>
+                    <div class ="flex flex-col gap-2" id="login-manual">
+                        <label class="label flex flex-col gap-2">
+                            <span>{{ .lang.Strings.username }}</span>
+                            <input type="text" id="ui-username" class="input ~neutral @low" placeholder="{{ .lang.Strings.username }}">
+                        </label>
+                        <label class="label flex flex-col gap-2">
+                            <span>{{ .lang.Strings.password }}</span>
+                            <input type="password" id="ui-password" class="input ~neutral @low" placeholder="{{ .lang.Strings.password }}">
+                        </label>
+                        <label class="label flex flex-col gap-2">
+                            <span>{{ .lang.Strings.emailAddress }} ({{ .lang.Strings.optional }})</span>
+                            <input type="email" id="ui-email" class="input ~neutral @low" placeholder="email@address">
+                            <span class="support">{{ .lang.Login.emailNotice }}</span>
+                        </label>
+                    </div>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
+                    <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
+                </section>
+            </div>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.JellyfinEmby.title }}</span>
+                    <p class="content">{{ .lang.JellyfinEmby.description }}</p>
+                    <div class="flex flex-row gap-2 justify-between">
+                        <div class="flex flex-col gap-2 grow">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.serverType }}</span>
+                                <div class="select ~neutral @low">
+                                    <select id="jellyfin-type">
+                                        <option value="jellyfin">Jellyfin</option>
+                                        <option value="emby">Emby</option>
+                                    </select>
+                                </div>
+                                <p class="support">{{ .lang.JellyfinEmby.embyNotice }}</p>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.JellyfinEmby.replaceJellyfin }} ({{ .lang.Strings.optional }})</span>
+                                <input type="text" class="input ~neutral @low" id="jellyfin-substitute_jellyfin_strings">
+                                <p class="support">{{ .lang.JellyfinEmby.replaceJellyfinNotice }}</p>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.username }}</span>
+                                <input type="text" id="jellyfin-username" class="input ~neutral @low" placeholder="{{ .lang.Strings.username }}">
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.password }}</span>
+                                <input type="password" id="jellyfin-password" class="input ~neutral @low" placeholder="{{ .lang.Strings.password }}">
+                            </label>
+                        </div>
+                        <div class="flex flex-col gap-2 grow ">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.serverAddress }} ({{ .lang.JellyfinEmby.internal }})</span>
+                                <input type="url" class="input ~neutral @low" id="jellyfin-server" placeholder="http://jellyf.in:80">
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.serverAddress }} ({{ .lang.JellyfinEmby.external }})</span>
+                                <input type="url" class="input ~neutral @low" id="jellyfin-public_server" placeholder="https://jellyf.in">
+                                <p class="support">{{ .lang.JellyfinEmby.addressExternalNotice }}</p>
+                            </label>
+                        </div>
+                    </div>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
+                    <div class="flex flex-row gap-2">
+                        <span class="button ~urge @low" id="jellyfin-test-connection">{{ .lang.JellyfinEmby.testConnection }}</span>
+                        <span class="button ~urge @low next" disabled>{{ .lang.Strings.next }}</span>
+                    </div>
+                </section>
+            </div>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.Ombi.title }}</span>
+                    <p class="content">{{ .lang.Ombi.description }}</p>
+                    <aside class="aside ~warning" id="ombi-stability-warning">{{ .lang.Ombi.stabilityWarning }}</aside>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="ombi-enabled"><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Strings.serverAddress }}</span>
+                        <input type="url" class="input ~neutral @low" id="ombi-server" placeholder="ombi.jellyf.in">
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Strings.apiKey }}</span>
+                        <input type="text" class="input ~neutral @low" id="ombi-api_key">
+                        <p class="support">{{ .lang.Ombi.apiKeyNotice }}</p>
+                    </label>
+                    <span class="heading">{{ .lang.Jellyseerr.title }}</span>
+                    <p class="content">{{ .lang.Jellyseerr.description }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="jellyseerr-enabled"><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Strings.serverAddress }}</span>
+                        <input type="url" class="input ~neutral @low" id="jellyseerr-server" placeholder="https://jellyseerr.jellyf.in:5055">
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Strings.apiKey }}</span>
+                        <input type="text" class="input ~neutral @low" id="jellyseerr-api_key">
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="jellyseerr-import_existing" checked><span>{{ .lang.Jellyseerr.importExisting }}</span></div>
+                        <p class="support">{{ .lang.Jellyseerr.importExistingDescription }}</p>
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
+                    <div>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
+                    </div>
+                </section>
+            </div>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.UserPage.title }}</span>
+                    <p class="content">{{ .lang.UserPage.description }}</p>
+                    <p class="content">{{ .lang.UserPage.customizeMessages }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="userpage-enabled"><span>{{ .lang.Strings.enabled }}</span></div>
+                        <p class="support">{{ .lang.UserPage.requiredSettings }}</p>
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
+                    <div>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
+                    </div>
+                </section>
+            </div>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.Messages.title }}</span>
+                    <p class="content" id="messages-description"></p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="messages-enabled" checked><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Email.dateFormat }}</span>
+                        <input type="text" class="input ~neutral @low" id="email-date_format" value="%d/%m/%y">
+                        <p class="support" id="email-dateformat-notice"></p>
+                    </label>
+                    <div class="flex flex-col gap-2">
+                        <label class="label flex flex-col gap-2">
+                            <div class="switch"><input type="radio" class="mr-2" name="email-24h" value="true" checked><span>{{ .lang.Strings.time24h }}</span></div>
+                        </label>
+                        <label class="label flex flex-col gap-2">
+                            <div class="switch"><input type="radio" class="mr-2" name="email-24h" value="false"><span>{{ .lang.Strings.time12h }}</span></div>
+                        </label>
+                    </div>
+                    <div id="email-sect" class="flex flex-row gap-2 justify-between">
+                        <div class="flex flex-col gap-2">
+                            <span class="heading">{{ .lang.Email.title }}</span>
+                            <p class="content" id="email-description"></p>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Email.method }}</span>
+                                <div class="select ~neutral @low">
+                                    <select id="email-method">
+                                        <option value="">{{ .lang.Strings.disabled }}</option>
+                                        <option value="smtp">SMTP</option>
+                                        <option value="mailgun">Mailgun</option>
+                                    </select>
+                                </div>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <div class="switch"><input type="checkbox" id="email-no_username"><span>{{ .lang.Email.useEmailAsUsername }}</span></div>
+                                <p class="support">{{ .lang.Email.useEmailAsUsernameNotice }}</p>
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Email.fromAddress }}</span>
+                                <input type="email" class="input ~neutral @low" id="email-address" placeholder="mail@jellyf.in">
+                            </label>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Email.senderName }}</span>
+                                <input type="text" class="input ~neutral @low" id="email-from" value="Jellyfin">
+                            </label>
+                        </div>
+                        <div id="email-smtp" class="flex flex-col gap-2 min-w-[40%]">
+                            <p class="text-2xl font-semibold">SMTP</p>
+                            <label class="label flex flex-col gap-2">
                                <span>{{ .lang.Email.encryption }}</span>
-                                <div class="select ~neutral !normal mt-half mb-1">
+                                <div class="select ~neutral @low">
                                    <select id="smtp-encryption">
                                        <option value="starttls">STARTTLS ({{ .lang.Strings.port }} 587)</option>
                                        <option value="ssl_tls">SSL/TLS ({{ .lang.Strings.port }} 465)</option>
                                    </select>
                                </div>
                            </label>
-                            <label class="label">
-                                <span class="mt-half">{{ .lang.Strings.serverAddress }}</span>
-                                <input type="url" class="input ~neutral !normal mt-half mb-1" id="smtp-server" placeholder="smtp.jellyf.in">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.serverAddress }}</span>
+                                <input type="url" class="input ~neutral @low" id="smtp-server" placeholder="smtp.jellyf.in">
                            </label>
-                            <label class="label">
-                                <span class="mt-half">{{ .lang.Strings.port }}</span>
-                                <input type="number" class="input ~neutral !normal mt-half mb-1" id="smtp-port" placeholder="587">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.port }}</span>
+                                <input type="number" class="input ~neutral @low" id="smtp-port" placeholder="587">
                            </label>
-                            <label class="label">
-                                <span class="mt-half">{{ .lang.Strings.username }}</span>
-                                <input type="text" class="input ~neutral !normal mt-half mb-1" id="smtp-username">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.username }}</span>
+                                <input type="text" class="input ~neutral @low" id="smtp-username">
                            </label>
-                            <label class="label">
-                                <span class="mt-half">{{ .lang.Strings.password }}</span>
-                                <input type="password" class="input ~neutral !normal mt-half mb-1" id="smtp-password">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.password }}</span>
+                                <input type="password" class="input ~neutral @low" id="smtp-password">
                            </label>
                        </div>
-                        <div id="email-mailgun">
-                            <p class="subheading">Mailgun</p>
-                            <label class="label">
-                                <span class="mt-half">{{ .lang.Email.mailgunApiURL }}</span>
-                                <input type="url" class="input ~neutral !normal mt-half mb-1" id="mailgun-api_url" placeholder="https://api.eu.mailgun.net/v3/mail.jellyf.in/messages">
+                        <div id="email-mailgun" class="flex flex-col gap-2 min-w-[40%]">
+                            <p class="text-2xl font-semibold">Mailgun</p>
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Email.mailgunApiURL }}</span>
+                                <input type="url" class="input ~neutral @low" id="mailgun-api_url" placeholder="https://api.eu.mailgun.net/v3/mail.jellyf.in/messages">
                            </label>
-                            <label class="label">
-                                <span class="mt-half">{{ .lang.Strings.apiKey }}</span>
-                                <input type="text" class="input ~neutral !normal mt-half mb-1" id="mailgun-api_key">
+                            <label class="label flex flex-col gap-2">
+                                <span>{{ .lang.Strings.apiKey }}</span>
+                                <input type="text" class="input ~neutral @low" id="mailgun-api_key">
                            </label>
                        </div>
                    </div>
-                </div>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
                    <div>
-                        <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
                    </div>
                </section>
            </div>
-            <div class="card ~neutral !low mb-1 unfocused related-to-email">
-                <span class="heading">{{ .lang.Notifications.title }}</span>
-                <p class="content">{{ .lang.Notifications.description }}</p>
-                <label class="row switch pb-1">
-                    <input type="checkbox" id="notifications-enabled"><span>{{ .lang.Strings.enabled }}</span>
-                </label>
-                <span class="heading">{{ .lang.WelcomeEmails.title }}</span>
-                <p class="content">{{ .lang.WelcomeEmails.description }}</p>
-                <label class="row switch pb-1">
-                    <input type="checkbox" id="welcome_email-enabled"><span>{{ .lang.Strings.enabled }}</span>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Strings.emailSubject }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half mb-1" id="welcome_email-subject" placeholder="{{ .emailLang.WelcomeEmail.title }}">
-                </label>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
+            <div class="card lg:container sectioned ~neutral @low unfocused related-to-email">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.Notifications.title }}</span>
+                    <p class="content">{{ .lang.Notifications.description }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="notifications-enabled"><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <span class="heading">{{ .lang.WelcomeEmails.title }}</span>
+                    <p class="content">{{ .lang.WelcomeEmails.description }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="welcome_email-enabled"><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Strings.emailSubject }}</span>
+                        <input type="text" class="input ~neutral @low" id="welcome_email-subject" placeholder="{{ .emailLang.WelcomeEmail.title }}">
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
                    <div>
-                        <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
                    </div>
                </section>
            </div>
-            <div class="card ~neutral !low mb-1 unfocused related-to-email">
-                <span class="heading">{{ .lang.InviteEmails.title }}</span>
-                <p class="content">{{ .lang.InviteEmails.description }}</p>
-                <label class="row switch pb-1">
-                    <input type="checkbox" id="invite_emails-enabled"><span>{{ .lang.Strings.enabled }}</span>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Strings.URL }}</span>
-                    <input type="url" class="input ~neutral !normal mt-half mb-1" id="invite_emails-url_base" placeholder="https://accounts.jellyf.in/invite">
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.Strings.emailSubject }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half mb-1" id="invite_emails-subject" placeholder="{{ .emailLang.InviteEmail.title }}">
-                </label>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
+            <div class="card lg:container sectioned ~neutral @low unfocused related-to-email">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.InviteEmails.title }}</span>
+                    <p class="content">{{ .lang.InviteEmails.description }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="invite_emails-enabled"><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Strings.emailSubject }}</span>
+                        <input type="text" class="input ~neutral @low" id="invite_emails-subject" placeholder="{{ .emailLang.InviteEmail.title }}">
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
                    <div>
-                        <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
                    </div>
                </section>
            </div>
-            <div id="password-resets" class="card ~neutral !low mb-1 unfocused related-to-email">
-                <span class="heading">{{ .lang.PasswordResets.title }}</span>
-                <p class="content">{{ .lang.PasswordResets.description }}</p>
-                <label class="row switch pb-1">
-                    <input type="checkbox" id="password_resets-enabled"><span>{{ .lang.Strings.enabled }}</span>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.PasswordResets.pathToJellyfin }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half" id="password_resets-watch_directory" placeholder="/config/jellyfin">
-                    <p class="support mb-1">{{ .lang.PasswordResets.pathToJellyfinNotice }}</p>
-                </label>
-                <label class="switch">
-                    <input type="checkbox" id="password_resets-link_reset"><span>{{ .lang.PasswordResets.resetLinks }}</span>
-                    <p class="support mb-1">{{ .lang.PasswordResets.resetLinksNotice }}</p>
-                </label>
-                <label class="row label">
-                    <p class="mt-half">{{ .lang.PasswordResets.resetLinksLanguage }}</p>
-                    <div class="select ~neutral !normal mt-half mb-1">
-                        <select id="password_resets-language">
-                        </select>
-                    </div>
-                </label>
-                <label class="row label">
-                    <span class="mt-half">{{ .lang.Strings.emailSubject }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half mb-1" id="password_resets-subject" placeholder="{{ .emailLang.PasswordReset.title }}">
-                </label>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
+            <div id="password-resets" class="card lg:container sectioned ~neutral @low unfocused related-to-email">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.PasswordResets.title }}</span>
+                    <p class="content">{{ .lang.PasswordResets.description }}</p>
+                    <p class="content" id="password_resets-more-info">{{ .lang.PasswordResets.moreInfo }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="password_resets-enabled"><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.PasswordResets.pathToJellyfin }}</span>
+                        <input type="text" class="input ~neutral @low" id="password_resets-watch_directory" placeholder="/config/jellyfin">
+                        <p class="support">{{ .lang.PasswordResets.pathToJellyfinNotice }}</p>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="password_resets-link_reset"><span>{{ .lang.PasswordResets.resetLinks }}</span></div>
+                        <p class="support">{{ .lang.PasswordResets.resetLinksNotice }} {{ .lang.PasswordResets.resetLinksRequiredForUserPage }}</p>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="password_resets-set_password"><span>{{ .lang.PasswordResets.setPassword }}</span></div>
+                        <p class="support">{{ .lang.PasswordResets.setPasswordNotice }}</p>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.PasswordResets.resetLinksLanguage }}</span>
+                        <div class="select ~neutral @low">
+                            <select id="password_resets-language">
+                            </select>
+                        </div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.Strings.emailSubject }}</span>
+                        <input type="text" class="input ~neutral @low" id="password_resets-subject" placeholder="{{ .emailLang.PasswordReset.title }}">
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
                    <div>
-                        <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
                    </div>
                </section>
            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.PasswordValidation.title }}</span>
-                <p class="content">{{ .lang.PasswordValidation.description }}</p>
-                <label class="row switch pb-1">
-                    <input type="checkbox" id="password_validation-enabled" checked><span>{{ .lang.Strings.enabled }}</span>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.PasswordValidation.length }}</span>
-                    <input type="number" class="input ~neutral !normal mt-half mb-1" id="password_validation-min_length" value="8">
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.PasswordValidation.uppercase }}</span>
-                    <input type="number" class="input ~neutral !normal mt-half mb-1" id="password_validation-upper" value="1">
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.PasswordValidation.lowercase }}</span>
-                    <input type="number" class="input ~neutral !normal mt-half mb-1" id="password_validation-lower" value="0">
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.PasswordValidation.numbers }}</span>
-                    <input type="number" class="input ~neutral !normal mt-half mb-1" id="password_validation-number" value="0">
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.PasswordValidation.special }}</span>
-                    <input type="number" class="input ~neutral !normal mt-half mb-1" id="password_validation-special" value="0">
-                </label>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.PasswordValidation.title }}</span>
+                    <p class="content">{{ .lang.PasswordValidation.description }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <div class="switch"><input type="checkbox" id="password_validation-enabled" checked><span>{{ .lang.Strings.enabled }}</span></div>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.PasswordValidation.length }}</span>
+                        <input type="number" class="input ~neutral @low" id="password_validation-min_length" value="8">
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.PasswordValidation.uppercase }}</span>
+                        <input type="number" class="input ~neutral @low" id="password_validation-upper" value="1">
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.PasswordValidation.lowercase }}</span>
+                        <input type="number" class="input ~neutral @low" id="password_validation-lower" value="0">
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.PasswordValidation.numbers }}</span>
+                        <input type="number" class="input ~neutral @low" id="password_validation-number" value="0">
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.PasswordValidation.special }}</span>
+                        <input type="number" class="input ~neutral @low" id="password_validation-special" value="0">
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
                    <div>
-                        <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
                    </div>
                </section>
            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <span class="heading">{{ .lang.HelpMessages.title }}</span>
-                <p class="content">{{ .lang.HelpMessages.description }}</p>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.HelpMessages.contactMessage }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half" id="ui-contact_message">
-                    <p class="support mb-1">{{ .lang.HelpMessages.contactMessageNotice }}</p>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.HelpMessages.helpMessage }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half" id="ui-help_message">
-                    <p class="support mb-1">{{ .lang.HelpMessages.helpMessageNotice }}</p>
-                </label>
-                <label class="label">
-                    <span class="mt-half">{{ .lang.HelpMessages.successMessage }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half" id="ui-success_message">
-                    <p class="support mb-1">{{ .lang.HelpMessages.successMessageNotice }}</p>
-                </label>
-                <label class="label related-to-email">
-                    <span class="mt-half">{{ .lang.HelpMessages.emailMessage }}</span>
-                    <input type="text" class="input ~neutral !normal mt-half" id="email-message">
-                    <p class="support mb-1">{{ .lang.HelpMessages.emailMessageNotice }}</p>
-                </label>
-                <section class="section ~neutral banner footer flex-expand middle">
-                    <span class="button ~neutral !normal back">{{ .lang.Strings.back }}</span>
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-between">
+                    <span class="heading">{{ .lang.HelpMessages.title }}</span>
+                    <p class="content">{{ .lang.HelpMessages.description }}</p>
+                    <p class="content">{{ .lang.HelpMessages.markdownMessageNotice }}</p>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.HelpMessages.contactMessage }}</span>
+                        <input type="text" class="input ~neutral @low" id="ui-contact_message">
+                        <p class="support">{{ .lang.HelpMessages.contactMessageNotice }}</p>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.HelpMessages.helpMessage }}</span>
+                        <input type="text" class="input ~neutral @low" id="ui-help_message">
+                        <p class="support">{{ .lang.HelpMessages.helpMessageNotice }}</p>
+                    </label>
+                    <label class="label flex flex-col gap-2">
+                        <span>{{ .lang.HelpMessages.successMessage }}</span>
+                        <input type="text" class="input ~neutral @low" id="ui-success_message">
+                        <p class="support">{{ .lang.HelpMessages.successMessageNotice }}</p>
+                    </label>
+                    <label class="label related-to-email">
+                        <span>{{ .lang.HelpMessages.emailMessage }}</span>
+                        <input type="text" class="input ~neutral @low" id="email-message">
+                        <p class="support">{{ .lang.HelpMessages.emailMessageNotice }}</p>
+                    </label>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-between items-center">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
                    <div>
-                        <span class="button ~urge !normal next">{{ .lang.Strings.next }}</span>
+                        <span class="button ~urge @low next">{{ .lang.Strings.next }}</span>
                    </div>
                </section>
            </div>
-            <div class="card ~neutral !low mb-1 unfocused">
-                <div class="row col flex center">
+            <div class="card lg:container sectioned ~neutral @low unfocused">
+                <section class="section flex flex-col gap-2 justify-center items-center">
                    <span class="heading">{{ .lang.EndPage.finished }}</span>
-                </div>
-                <div class="row col flex center">
-                    <p class="content">{{ .lang.EndPage.restartMessage }}</p>
-                </div>
-                <div class="row col flex center">
-                    <span class="button ~neutral !normal back mr-1">{{ .lang.Strings.back }}</span>
-                    <span class="button ~urge !normal" id="restart">{{ .lang.Strings.submit }}</span>
-                    <span class="button ~urge !normal unfocused" id="refresh">{{ .lang.EndPage.refreshPage }}</span>
+                    <p class="content text-center">{{ .lang.EndPage.restartMessage }} {{ .lang.EndPage.urlChangedNotice }}</p>
+                </section>
+                <section class="section w-full ~neutral footer flex flex-row justify-center items-center gap-2">
+                    <span class="button ~neutral @low back">{{ .lang.Strings.back }}</span>
+                    <span class="button ~urge @low" id="restart">{{ .lang.Strings.submit }}</span>
+                    <span class="button ~urge @low unfocused" id="refresh">{{ .lang.EndPage.refreshPage }}</span>
                </div>
            </div>
        </div>
@@ -482,4 +573,3 @@
        <script src="js/setup.js" type="module"></script>
    </body>
 </html>
-
--- a/html/user.html
+++ b/html/user.html
@@ -0,0 +1,152 @@
+<!DOCTYPE html>
+<html lang="en" class="light">
+    <head>
+        <script>
+            window.langFile = JSON.parse({{ .language }});
+            window.linkResetEnabled = {{ .linkResetEnabled }};
+            window.language = "{{ .langName }}";
+            window.telegramRequired = {{ .telegramRequired }};
+            window.telegramUsername = {{ .telegramUsername }};
+            window.telegramURL = {{ .telegramURL }};
+            window.emailRequired = {{ .emailRequired }};
+            window.discordRequired = {{ .discordRequired }};
+            window.discordServerName = "{{ .discordServerName }}";
+            window.discordInviteLink = {{ .discordInviteLink }};
+            window.discordSendPINMessage = "{{ .discordSendPINMessage }}";
+            window.matrixRequired = {{ .matrixRequired }};
+            window.matrixUserID = "{{ .matrixUser }}";
+            window.validationStrings = JSON.parse({{ .validationStrings }});
+        </script>
+        {{ template "header.html" . }}
+        <title>{{ .strings.myAccount }}</title>
+    </head>
+    <body class="max-w-full overflow-x-hidden section">
+        <div id="modal-email" class="modal">
+            <div class="card relative mx-auto my-[10%] w-4/5 lg:w-1/3">
+                <div class="content">
+                    <span class="heading mb-4 my-2"></span>
+                    <label class="label supra row m-1" for="modal-email-input">{{ .strings.emailAddress }}</label>
+                    <div class="row">
+                        <input type="email" class="col sm field ~neutral @low input" id="modal-email-input" placeholder="{{ .strings.emailAddress }}">
+                    </div>
+                    <button class="button ~urge @low supra full-width center lg my-2 modal-submit">{{ .strings.submit }}</button>
+                </div>
+                <div class="confirmation-required unfocused">
+                    <span class="heading mb-4">{{ .strings.confirmationRequired }} <span class="modal-close">&times;</span></span>
+                    <p class="content mb-4">{{ .strings.confirmationRequiredMessage }}</p>
+                </div>
+            </div>
+        </div>
+        {{ if .pwrEnabled }}
+        <div id="modal-pwr" class="modal">
+            <div class="card content relative mx-auto my-[10%] w-4/5 lg:w-1/3 ~neutral @low">
+                <span class="heading">{{ .strings.resetPassword }}</span>
+                <p class="content my-2">
+                {{ if .linkResetEnabled }}
+                    {{ .strings.resetPasswordThroughLinkStart }}
+                    <ul class="content">
+                        {{ if .resetPasswordUsername }}<li>{{ .strings.resetPasswordUsername }}</li>{{ end }}
+                        {{ if .resetPasswordEmail }}<li>{{ .strings.resetPasswordEmail }}</li>{{ end }}
+                        {{ if .resetPasswordContactMethod }}<li>{{ .strings.resetPasswordContactMethod }}</li>{{ end }}
+                    </ul>
+                    {{ .strings.resetPasswordThroughLinkEnd }}
+                {{ else }}
+                    {{ .strings.resetPasswordThroughJellyfin }}
+                {{ end }}
+                </p>
+                <div class="row">
+                    <input type="text" class="col sm field ~neutral @low input" id="pwr-address" placeholder="username | example@example.com | user#1234 | @user:host | @username">
+                </div>
+                {{ if .linkResetEnabled }}
+                    <span class="button ~info @low full-width center mt-4" id="pwr-submit">
+                        {{ .strings.submit }}
+                    </span>
+                {{ else }}
+                    <a class="button ~info @low full-width center mt-4" href="{{ .jfLink }}" target="_blank">{{ .strings.continue }}</a>
+                {{ end }}
+            </div>
+        </div>
+        {{ end }}
+        {{ template "login-modal.html" . }}
+        {{ template "account-linking.html" . }}
+        <div id="notification-box"></div>
+        <div class="page-container m-2 lg:my-20 lg:mx-64 flex flex-col gap-4 unfocused">
+            <div class="top-2 inset-x-2 lg:absolute flex flex-row justify-between">
+                <div class="flex flex-row gap-2">
+                    {{ template "lang-select.html" . }}
+                    <span class="button ~warning h-min" alt="{{ .strings.theme }}" id="button-theme"><i class="ri-sun-line"></i></span>
+                    <span class="button ~critical @low mb-4 unfocused" id="logout-button">{{ .strings.logout }}</span>
+                </div>
+                <a class="button ~info unfocused h-min" href="/" id="admin-back-button"><i class="ri-arrow-left-fill mr-2"></i>{{ .strings.admin }}</a>
+            </div>
+            <div class="card @low dark:~d_neutral mb-4" id="card-user">
+                <span class="heading mb-2"></span>
+            </div>
+            <div class="columns-1 sm:columns-2 gap-4" id="user-cardlist">
+                {{ if index . "PageMessageEnabled" }}
+                    {{ if .PageMessageEnabled }}
+                        <div class="card @low dark:~d_neutral content break-words" id="card-message">
+                            {{ .PageMessageContent }}
+                        </div>
+                    {{ end }}
+                {{ end }}
+                <div class="card @low dark:~d_neutral flex-col" id="card-contact">
+                    <span class="heading mb-2">{{ .strings.contactMethods }}</span>
+                    <div class="content flex justify-between flex-col h-100"></div>
+                </div>
+                <div>
+                    <div class="card @low dark:~d_neutral content" id="card-password">
+                        <span class="heading row mb-2">{{ .strings.changePassword }}</span>
+                        <div class="">
+                            <div class="my-2">
+                                <span class="label supra row">{{ .strings.passwordRequirementsHeader }}</span>
+                                <ul>
+                                    {{ range $key, $value := .requirements }}
+                                        <li class="" id="requirement-{{ $key }}" min="{{ $value }}">
+                                            <span class="badge lg ~positive requirement-valid"></span> <span class="content requirement-content"></span>
+                                        </li>
+                                    {{ end }}
+                                </ul>
+                            </div>
+                            <div class="my-2">
+                                <label class="label supra" for="user-old-password">{{ .strings.oldPassword }}</label>
+                                <input type="password" class="input ~neutral @low mt-2 mb-4" placeholder="{{ .strings.password }}" id="user-old-password" aria-label="{{ .strings.oldPassword }}">
+                                <label class="label supra" for="user-new-password">{{ .strings.newPassword }}</label>
+                                <input type="password" class="input ~neutral @low mt-2 mb-4" placeholder="{{ .strings.password }}" id="user-new-password" aria-label="{{ .strings.newPassword }}">
+
+                                <label class="label supra" for="user-reenter-password">{{ .strings.reEnterPassword }}</label>
+                                <input type="password" class="input ~neutral @low mt-2 mb-4" placeholder="{{ .strings.password }}" id="user-reenter-new-password" aria-label="{{ .strings.reEnterPassword }}">
+                                <span class="button ~info @low full-width center mt-4" id="user-password-submit">
+                                    {{ .strings.changePassword }}
+                                </span>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div>
+                    <div class="card @low dark:~d_neutral unfocused" id="card-status">
+                        <span class="heading mb-2">{{ .strings.expiry }}</span>
+                        <aside class="aside ~warning user-expiry my-4"></aside>
+                        <div class="user-expiry-countdown"></div>
+                    </div>
+                </div>
+                {{ if .referralsEnabled }}
+                    <div>
+                        <div class="card @low dark:~d_neutral unfocused" id="card-referrals">
+                            <span class="heading mb-2">{{ .strings.referrals }}</span>
+                            <aside class="aside ~neutral my-4 col user-referrals-description"></aside>
+                            <div class="flex flex-row justify-between gap-2">
+                                <div class="user-referrals-info"></div>
+                                <div class="grid my-2">
+                                    <button type="button" class="user-referrals-button button ~info dark:~d_info @low" title="Copy">{{ .strings.copyReferral }}<i class="ri-file-copy-line ml-2"></i></button>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                {{ end }}
+            </div>
+        </div>
+        <script src="{{ .pages.Base }}/js/user.js" type="module"></script>
+    </body>
+</html>
+
--- a/images/README.md
+++ b/images/README.md
@@ -1,6 +1,9 @@
 # Images

-This holds any images on the main README, and the base files for the icons and banner. The font used, like Jellyfin, is [Quicksand](https://fonts.google.com/specimen/Quicksand) by Andrew Paglinawan.
+This holds any images on the main README, and the base files for the icons and banner. The font used pre-0.5.0, like Jellyfin, is [Quicksand](https://fonts.google.com/specimen/Quicksand) by Andrew Paglinawan. These old versions are prefixed with `-quicksand` in `src/`.
+
+Post-0.5.0, the font used is Hanken Grotesk, available under SIL OFL 1.1 License.
+https://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web

 "Go" text logo and Gopher image: Copyright 2018 The Go Authors. All rights reserved.
 https://creativecommons.org/licenses/by/3.0/legalcode
--- a/images/accounts.png
+++ b/images/accounts.png
--- a/images/banner.svg
+++ b/images/banner.svg
--- a/images/create.png
+++ b/images/create.png
--- a/images/discord/1.jpg
+++ b/images/discord/1.jpg
--- a/images/discord/2.jpg
+++ b/images/discord/2.jpg
--- a/images/discord/3.jpg
+++ b/images/discord/3.jpg
--- a/images/discord/4.jpg
+++ b/images/discord/4.jpg
--- a/images/discord/5.jpg
+++ b/images/discord/5.jpg
--- a/images/discord/6.jpg
+++ b/images/discord/6.jpg
--- a/images/discord/7.jpg
+++ b/images/discord/7.jpg
--- a/images/discord/8.jpg
+++ b/images/discord/8.jpg
--- a/images/invites.png
+++ b/images/invites.png
--- a/images/jfa-go-icon.png
+++ b/images/jfa-go-icon.png
--- a/images/jfa-go-icon.svg
+++ b/images/jfa-go-icon.svg
--- a/images/jfa-go-social.png
+++ b/images/jfa-go-social.png
--- a/images/jfa-go-social.svg
+++ b/images/jfa-go-social.svg
--- a/images/matrix/1.png
+++ b/images/matrix/1.png
--- a/images/matrix/2.png
+++ b/images/matrix/2.png
--- a/images/matrix/3.png
+++ b/images/matrix/3.png
--- a/images/matrix/4.png
+++ b/images/matrix/4.png
--- a/images/myaccount.png
+++ b/images/myaccount.png
--- a/images/src/banner-hanken.svg
+++ b/images/src/banner-hanken.svg
--- a/images/src/banner-quicksand.svg
+++ b/images/src/banner-quicksand.svg
--- a/images/src/jfa-go-social-hanken.svg
+++ b/images/src/jfa-go-social-hanken.svg
--- a/images/src/jfa-go-social-quicksand.svg
+++ b/images/src/jfa-go-social-quicksand.svg
--- a/images/tg-settings.png
+++ b/images/tg-settings.png
--- a/images/tg.png
+++ b/images/tg.png
--- a/images/thumb-white.png
+++ b/images/thumb-white.png
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				The two python scripts here, `config-json-to-new-yaml.py` and `gen-rough-schema.py` were used to convert the old format, which was stored in a JSON file, to the new format in YAML. The latter script is used to get the possible values for settings and sections, so they could be properly defined in common/config.go.