Update install instructions, bump version

Add ARMv6 install instructions
Makefile for ARMv6
2026-01-18 16:17:26 +01:00 · 2022-04-24 22:09:58 -04:00 · 2022-04-24 21:53:08 -04:00 · 2022-04-24 21:41:40 -04:00 · 2022-04-24 21:20:49 -04:00 · 2022-04-24 20:32:17 -04:00
174 changed files with 38624 additions and 2376 deletions
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -8,12 +8,18 @@ jobs:
        uses: actions/setup-go@v2
        with:
          go-version: '1.17.x'
+      - name: Install node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16'
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Install dependencies
        run: sudo apt update && sudo apt install -y python3-pip curl
      - name: Build docs (required for tests)
        run: make docs
+      - name: Build web app (required for tests)
+        run: make web
      - name: Run tests, formatting, vetting and linting
        run: make check
      - name: Run coverage
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,8 @@ dist/
 build/
 .idea/
 server/docs/
+server/site/
 tools/fbsend/fbsend
 playground/
 *.iml
+node_modules/
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -4,7 +4,7 @@ before:
    - go mod tidy
 builds:
  -
-    id: ntfy
+    id: ntfy_amd64
    binary: ntfy
    env:
      - CGO_ENABLED=1 # required for go-sqlite3
@@ -16,6 +16,20 @@ builds:
    hooks:
      post:
        - upx "{{ .Path }}" # apt install upx
+  -
+    id: ntfy_armv6
+    binary: ntfy
+    env:
+      - CGO_ENABLED=1 # required for go-sqlite3
+      - CC=arm-linux-gnueabi-gcc # apt install gcc-arm-linux-gnueabi
+    tags: [sqlite_omit_load_extension,osusergo,netgo]
+    ldflags:
+      - "-linkmode=external -extldflags=-static -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}"
+    goos: [linux]
+    goarch: [arm]
+    goarm: [6]
+    # No "upx", since it causes random core dumps, see
+    # https://github.com/binwiederhier/ntfy/issues/191#issuecomment-1083406546
  -
    id: ntfy_armv7
    binary: ntfy
@@ -28,9 +42,8 @@ builds:
    goos: [linux]
    goarch: [arm]
    goarm: [7]
-    hooks:
-      post:
-        - upx "{{ .Path }}" # apt install upx
+    # No "upx", since it causes random core dumps, see
+    # https://github.com/binwiederhier/ntfy/issues/191#issuecomment-1083406546
  -
    id: ntfy_arm64
    binary: ntfy
@@ -42,9 +55,8 @@ builds:
      - "-linkmode=external -extldflags=-static -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}"
    goos: [linux]
    goarch: [arm64]
-    hooks:
-      post:
-        - upx "{{ .Path }}" # apt install upx
+    # No "upx", since it causes random core dumps, see
+    # https://github.com/binwiederhier/ntfy/issues/191#issuecomment-1083406546
 nfpms:
  -
    package_name: ntfy
@@ -59,12 +71,12 @@ nfpms:
    contents:
      - src: server/server.yml
        dst: /etc/ntfy/server.yml
-        type: config
+        type: "config|noreplace"
      - src: server/ntfy.service
        dst: /lib/systemd/system/ntfy.service
      - src: client/client.yml
        dst: /etc/ntfy/client.yml
-        type: config
+        type: "config|noreplace"
      - src: client/ntfy-client.service
        dst: /lib/systemd/system/ntfy-client.service
      - dst: /var/cache/ntfy
@@ -74,7 +86,7 @@ nfpms:
      - dst: /var/lib/ntfy
        type: dir
      - dst: /usr/share/ntfy/logo.png
-        src: server/static/img/ntfy.png
+        src: web/public/static/img/ntfy.png
    scripts:
      preinstall: "scripts/preinst.sh"
      postinstall: "scripts/postinst.sh"
--- a/2
+++ b/2
@@ -2,4 +2,6 @@ FROM alpine
 MAINTAINER Philipp C. Heckel <philipp.heckel@gmail.com>

 COPY ntfy /usr/bin
+
+EXPOSE 80/tcp
 ENTRYPOINT ["ntfy"]
--- a/216
+++ b/216
@@ -3,47 +3,137 @@ VERSION := $(shell git describe --tag)
 .PHONY:

 help:
-	@echo "Typical commands:"
-	@echo "  make check                       - Run all tests, vetting/formatting checks and linters"
-	@echo "  make fmt build-snapshot install  - Build latest and install to local system"
+	@echo "Typical commands (more see below):"
+	@echo "  make build                   - Build web app, documentation and server/client (sloowwww)"
+	@echo "  make server-amd64            - Build server/client binary (amd64, no web app or docs)"
+	@echo "  make install-amd64           - Install ntfy binary to /usr/bin/ntfy (amd64)"
+	@echo "  make web                     - Build the web app"
+	@echo "  make docs                    - Build the documentation"
+	@echo "  make check                   - Run all tests, vetting/formatting checks and linters"
+	@echo
+	@echo "Build everything:"
+	@echo "  make build                   - Build web app, documentation and server/client"
+	@echo "  make clean                   - Clean build/dist folders"
+	@echo
+	@echo "Build server & client (not release version):"
+	@echo "  make server                  - Build server & client (all architectures)"
+	@echo "  make server-amd64            - Build server & client (amd64 only)"
+	@echo "  make server-armv6            - Build server & client (armv6 only)"
+	@echo "  make server-armv7            - Build server & client (armv7 only)"
+	@echo "  make server-arm64            - Build server & client (arm64 only)"
+	@echo
+	@echo "Build web app:"
+	@echo "  make web                     - Build the web app"
+	@echo "  make web-deps                - Install web app dependencies (npm install the universe)"
+	@echo "  make web-build               - Actually build the web app"
+	@echo
+	@echo "Build documentation:"
+	@echo "  make docs                    - Build the documentation"
+	@echo "  make docs-deps               - Install Python dependencies (pip3 install)"
+	@echo "  make docs-build              - Actually build the documentation"
 	@echo
 	@echo "Test/check:"
-	@echo "  make test                        - Run tests"
-	@echo "  make race                        - Run tests with -race flag"
-	@echo "  make coverage                    - Run tests and show coverage"
-	@echo "  make coverage-html               - Run tests and show coverage (as HTML)"
-	@echo "  make coverage-upload             - Upload coverage results to codecov.io"
+	@echo "  make test                    - Run tests"
+	@echo "  make race                    - Run tests with -race flag"
+	@echo "  make coverage                - Run tests and show coverage"
+	@echo "  make coverage-html           - Run tests and show coverage (as HTML)"
+	@echo "  make coverage-upload         - Upload coverage results to codecov.io"
 	@echo
 	@echo "Lint/format:"
-	@echo "  make fmt                         - Run 'go fmt'"
-	@echo "  make fmt-check                   - Run 'go fmt', but don't change anything"
-	@echo "  make vet                         - Run 'go vet'"
-	@echo "  make lint                        - Run 'golint'"
-	@echo "  make staticcheck                 - Run 'staticcheck'"
+	@echo "  make fmt                     - Run 'go fmt'"
+	@echo "  make fmt-check               - Run 'go fmt', but don't change anything"
+	@echo "  make vet                     - Run 'go vet'"
+	@echo "  make lint                    - Run 'golint'"
+	@echo "  make staticcheck             - Run 'staticcheck'"
 	@echo
-	@echo "Build:"
-	@echo "  make build                       - Build"
-	@echo "  make build-snapshot              - Build snapshot"
-	@echo "  make build-simple                - Build (using go build, without goreleaser)"
-	@echo "  make clean                       - Clean build folder"
-	@echo
-	@echo "Releasing (requires goreleaser):"
-	@echo "  make release                     - Create a release"
-	@echo "  make release-snapshot            - Create a test release"
+	@echo "Releasing:"
+	@echo "  make release                 - Create a release"
+	@echo "  make release-snapshot        - Create a test release"
 	@echo
 	@echo "Install locally (requires sudo):"
-	@echo "  make install                     - Copy binary from dist/ to /usr/bin"
-	@echo "  make install-deb                 - Install .deb from dist/"
-	@echo "  make install-lint                - Install golint"
+	@echo "  make install-amd64           - Copy amd64 binary from dist/ to /usr/bin/ntfy"
+	@echo "  make install-armv6           - Copy armv6 binary from dist/ to /usr/bin/ntfy"
+	@echo "  make install-armv7           - Copy armv7 binary from dist/ to /usr/bin/ntfy"
+	@echo "  make install-arm64           - Copy arm64 binary from dist/ to /usr/bin/ntfy"
+	@echo "  make install-deb-amd64       - Install .deb from dist/ (amd64 only)"
+	@echo "  make install-deb-armv6       - Install .deb from dist/ (armv6 only)"
+	@echo "  make install-deb-armv7       - Install .deb from dist/ (armv7 only)"
+	@echo "  make install-deb-arm64       - Install .deb from dist/ (arm64 only)"
+
+
+# Building everything
+
+clean: .PHONY
+	rm -rf dist build server/docs server/site
+
+build: web docs server


 # Documentation
+
+docs: docs-deps docs-build
+
 docs-deps: .PHONY
 	pip3 install -r requirements.txt

-docs: docs-deps
+docs-build: .PHONY
 	mkdocs build

+
+# Web app
+
+web: web-deps web-build
+
+web-deps:
+	cd web && npm install
+	# If this fails for .svg files, optimizes them with svgo
+
+web-build:
+	cd web \
+		&& npm run build \
+		&& mv build/index.html build/app.html \
+		&& rm -rf ../server/site \
+		&& mv build ../server/site \
+		&& rm \
+			../server/site/config.js \
+			../server/site/asset-manifest.json
+
+
+# Main server/client build
+
+server: server-deps
+	goreleaser build --snapshot --rm-dist --debug
+
+server-amd64: server-deps-static-sites
+	goreleaser build --snapshot --rm-dist --debug --id ntfy_amd64
+
+server-armv6: server-deps-static-sites server-deps-gcc-armv6-armv7
+	goreleaser build --snapshot --rm-dist --debug --id ntfy_armv6
+
+server-armv7: server-deps-static-sites server-deps-gcc-armv6-armv7
+	goreleaser build --snapshot --rm-dist --debug --id ntfy_armv7
+
+server-arm64: server-deps-static-sites server-deps-gcc-arm64
+	goreleaser build --snapshot --rm-dist --debug --id ntfy_arm64
+
+server-deps: server-deps-static-sites server-deps-all server-deps-gcc
+
+server-deps-gcc: server-deps-gcc-armv6-armv7 server-deps-gcc-arm64
+
+server-deps-static-sites:
+	mkdir -p server/docs server/site
+	touch server/docs/index.html server/site/app.html
+
+server-deps-all:
+	which upx || { echo "ERROR: upx not installed. On Ubuntu, run: apt install upx"; exit 1; }
+
+server-deps-gcc-armv6-armv7:
+	which arm-linux-gnueabi-gcc || { echo "ERROR: ARMv6/ARMv7 cross compiler not installed. On Ubuntu, run: apt install gcc-arm-linux-gnueabi"; exit 1; }
+
+server-deps-gcc-arm64:
+	which aarch64-linux-gnu-gcc || { echo "ERROR: ARM64 cross compiler not installed. On Ubuntu, run: apt install gcc-aarch64-linux-gnu"; exit 1; }
+
+
 # Test/check targets

 check: test fmt-check vet lint staticcheck
@@ -92,55 +182,55 @@ staticcheck: .PHONY
 	rm -rf build/staticcheck


-# Building targets
-
-build-deps: docs
-	which arm-linux-gnueabi-gcc || { echo "ERROR: ARMv6/v7 cross compiler not installed. On Ubuntu, run: apt install gcc-arm-linux-gnueabi"; exit 1; }
-	which aarch64-linux-gnu-gcc || { echo "ERROR: ARM64 cross compiler not installed. On Ubuntu, run: apt install gcc-aarch64-linux-gnu"; exit 1; }
-
-build: build-deps
-	goreleaser build --rm-dist --debug
-
-build-snapshot: build-deps
-	goreleaser build --snapshot --rm-dist --debug
-
-build-simple: clean
-	mkdir -p dist/ntfy_linux_amd64 server/docs
-	touch server/docs/dummy
-	export CGO_ENABLED=1
-	go build \
-		-o dist/ntfy_linux_amd64/ntfy \
-		-tags sqlite_omit_load_extension,osusergo,netgo \
-		-ldflags \
-		"-linkmode=external -extldflags=-static -s -w -X main.version=$(VERSION) -X main.commit=$(shell git rev-parse --short HEAD) -X main.date=$(shell date +%s)"
-
-clean: .PHONY
-	rm -rf dist build server/docs
-
-
 # Releasing targets

+release: clean server-deps release-check-tags docs web check
+	goreleaser release --rm-dist --debug
+
+release-snapshot: clean server-deps docs web check
+	goreleaser release --snapshot --skip-publish --rm-dist --debug
+
 release-check-tags:
 	$(eval LATEST_TAG := $(shell git describe --abbrev=0 --tags | cut -c2-))
 	if ! grep -q $(LATEST_TAG) docs/install.md; then\
 	 	echo "ERROR: Must update docs/install.md with latest tag first.";\
 	 	exit 1;\
 	fi
-
-release: build-deps release-check-tags check
-	goreleaser release --rm-dist --debug
-
-release-snapshot: build-deps
-	goreleaser release --snapshot --skip-publish --rm-dist --debug
+	if ! grep -q $(LATEST_TAG) docs/releases.md; then\
+		echo "ERROR: Must update docs/releases.md with latest tag first.";\
+		exit 1;\
+	fi


 # Installing targets

-install:
-	sudo rm -f /usr/bin/ntfy
-	sudo cp -a dist/ntfy_linux_amd64/ntfy /usr/bin/ntfy
+install-amd64: remove-binary
+	sudo cp -a dist/ntfy_amd64_linux_amd64_v1/ntfy /usr/bin/ntfy

-install-deb:
+install-armv6: remove-binary
+	sudo cp -a dist/ntfy_armv6_linux_arm_6/ntfy /usr/bin/ntfy
+
+install-armv7: remove-binary
+	sudo cp -a dist/ntfy_armv7_linux_arm_7/ntfy /usr/bin/ntfy
+
+install-arm64: remove-binary
+	sudo cp -a dist/ntfy_arm64_linux_arm64/ntfy /usr/bin/ntfy
+
+remove-binary:
+	sudo rm -f /usr/bin/ntfy
+
+install-amd64-deb: purge-package
+	sudo dpkg -i dist/ntfy_*_linux_amd64.deb
+
+install-armv6-deb: purge-package
+	sudo dpkg -i dist/ntfy_*_linux_armv6.deb
+
+install-armv7-deb: purge-package
+	sudo dpkg -i dist/ntfy_*_linux_armv7.deb
+
+install-arm64-deb: purge-package
+	sudo dpkg -i dist/ntfy_*_linux_arm64.deb
+
+purge-package:
 	sudo systemctl stop ntfy || true
 	sudo apt-get purge ntfy || true
-	sudo dpkg -i dist/ntfy_*_linux_amd64.deb
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![ntfy](server/static/img/ntfy.png)
+![ntfy](web/public/static/img/ntfy.png)

 # ntfy.sh | Send push notifications to your phone or desktop via PUT/POST
 [![Release](https://img.shields.io/github/release/binwiederhier/ntfy.svg?color=success&style=flat-square)](https://github.com/binwiederhier/ntfy/releases/latest)
@@ -18,11 +18,11 @@ I run a free version of it at **[ntfy.sh](https://ntfy.sh)**, and there's an [op
 too.

 <p>
-  <img src="server/static/img/screenshot-curl.png" height="180">
-  <img src="server/static/img/screenshot-web-detail.png" height="180">
-  <img src="server/static/img/screenshot-phone-main.jpg" height="180">
-  <img src="server/static/img/screenshot-phone-detail.jpg" height="180">
-  <img src="server/static/img/screenshot-phone-notification.jpg" height="180">
+  <img src="web/public/static/img/screenshot-curl.png" height="180">
+  <img src="web/public/static/img/screenshot-web-detail.png" height="180">
+  <img src="web/public/static/img/screenshot-phone-main.jpg" height="180">
+  <img src="web/public/static/img/screenshot-phone-detail.jpg" height="180">
+  <img src="web/public/static/img/screenshot-phone-notification.jpg" height="180">
 </p>

 ## **[Documentation](https://ntfy.sh/docs/)**
@@ -34,7 +34,14 @@ too.
 [Building](https://ntfy.sh/docs/develop/)

 ## Contributing
-I welcome any and all contributions. Just create a PR or an issue.
+I welcome any and all contributions. Just create a PR or an issue. To contribute code, check out 
+the [build instructions](https://ntfy.sh/docs/develop/) for the server and the Android app.
+Or, if you'd like to help translate 🇩🇪 🇺🇸 🇧🇬, you can start immediately in
+[Hosted Weblate](https://hosted.weblate.org/projects/ntfy/).
+
+<a href="https://hosted.weblate.org/engage/ntfy/">
+<img src="https://hosted.weblate.org/widgets/ntfy/-/multi-blue.svg" alt="Translation status" />
+</a>

 ## Contact me
 You can directly contact me **[on Discord](https://discord.gg/cT7ECsZj9w)** or [on Matrix](https://matrix.to/#/#ntfy:matrix.org) 
@@ -47,13 +54,21 @@ The project is dual licensed under the [Apache License 2.0](LICENSE) and the [GP

 Third party libraries and resources:
 * [github.com/urfave/cli/v2](https://github.com/urfave/cli/v2) (MIT) is used to drive the CLI
-* [Mixkit sound](https://mixkit.co/free-sound-effects/notification/) (Mixkit Free License) used as notification sound
-* [Lato Font](https://www.latofonts.com/) (OFL) is used as a font in the Web UI
+* [Mixkit sounds](https://mixkit.co/free-sound-effects/notification/) (Mixkit Free License) are used as notification sounds
+* [Sounds from notificationsounds.com](https://notificationsounds.com) (Creative Commons Attribution) are used as notification sounds
+* [Roboto Font](https://fonts.google.com/specimen/Roboto) (Apache 2.0) is used as a font in everything web
+* [React](https://reactjs.org/) (MIT) is used for the web app
+* [Material UI components](https://mui.com/) (MIT) are used in the web app
+* [MUI dashboard template](https://github.com/mui/material-ui/tree/master/docs/data/material/getting-started/templates/dashboard) (MIT) was used as a basis for the web app
+* [Dexie.js](https://github.com/dexie/Dexie.js) (Apache 2.0) is used for web app persistence in IndexedDB
 * [GoReleaser](https://goreleaser.com/) (MIT) is used to create releases
 * [go-smtp](https://github.com/emersion/go-smtp) (MIT) is used to receive e-mails
 * [stretchr/testify](https://github.com/stretchr/testify) (MIT) is used for unit and integration tests
 * [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) (MIT) is used to provide the persistent message cache
 * [Firebase Admin SDK](https://github.com/firebase/firebase-admin-go) (Apache 2.0) is used to send FCM messages
 * [github/gemoji](https://github.com/github/gemoji) (MIT) is used for emoji support (specifically the [emoji.json](https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json) file)
-* [Lightbox with vanilla JS](https://yossiabramov.com/blog/vanilla-js-lightbox) 
+* [Lightbox with vanilla JS](https://yossiabramov.com/blog/vanilla-js-lightbox) as a lightbox on the landing page 
+* [HTTP middleware for gzip compression](https://gist.github.com/CJEnright/bc2d8b8dc0c1389a9feeddb110f822d7) (MIT) is used for serving static files
+* [Regex for auto-linking](https://github.com/bryanwoods/autolink-js) (MIT) is used to highlight links (the library is not used)
 * [Statically linking go-sqlite3](https://www.arp242.net/static-go.html)
+* [Linked tabs in mkdocs](https://facelessuser.github.io/pymdown-extensions/extensions/tabbed/#linked-tabs)
--- a/client/client.yml
+++ b/client/client.yml
@@ -16,6 +16,10 @@
 #         command: 'echo "$message"'
 #         if:
 #             priority: high,urgent
+#       - topic: secret
+#         command: 'notify-send "$m"'
+#         user: phill
+#         password: mypass
 #
 # Variables:
 #     Variable        Aliases               Description
--- a/client/config.go
+++ b/client/config.go
@@ -14,9 +14,11 @@ const (
 type Config struct {
 	DefaultHost string `yaml:"default-host"`
 	Subscribe   []struct {
-		Topic   string            `yaml:"topic"`
-		Command string            `yaml:"command"`
-		If      map[string]string `yaml:"if"`
+		Topic    string            `yaml:"topic"`
+		User     string            `yaml:"user"`
+		Password string            `yaml:"password"`
+		Command  string            `yaml:"command"`
+		If       map[string]string `yaml:"if"`
 	} `yaml:"subscribe"`
 }

--- a/client/config_test.go
+++ b/client/config_test.go
@@ -13,7 +13,9 @@ func TestConfig_Load(t *testing.T) {
 	require.Nil(t, os.WriteFile(filename, []byte(`
 default-host: http://localhost
 subscribe:
-  - topic: no-command
+  - topic: no-command-with-auth
+    user: phil
+    password: mypass
  - topic: echo-this
    command: 'echo "Message received: $message"'
  - topic: alerts
@@ -26,8 +28,10 @@ subscribe:
 	require.Nil(t, err)
 	require.Equal(t, "http://localhost", conf.DefaultHost)
 	require.Equal(t, 3, len(conf.Subscribe))
-	require.Equal(t, "no-command", conf.Subscribe[0].Topic)
+	require.Equal(t, "no-command-with-auth", conf.Subscribe[0].Topic)
 	require.Equal(t, "", conf.Subscribe[0].Command)
+	require.Equal(t, "phil", conf.Subscribe[0].User)
+	require.Equal(t, "mypass", conf.Subscribe[0].Password)
 	require.Equal(t, "echo-this", conf.Subscribe[1].Topic)
 	require.Equal(t, `echo "Message received: $message"`, conf.Subscribe[1].Command)
 	require.Equal(t, "alerts", conf.Subscribe[2].Topic)
--- a/client/options.go
+++ b/client/options.go
@@ -56,6 +56,12 @@ func WithClick(url string) PublishOption {
 	return WithHeader("X-Click", url)
 }

+// WithActions adds custom user actions to the notification. The value can be either a JSON array or the
+// simple format definition. See https://ntfy.sh/docs/publish/#action-buttons for details.
+func WithActions(value string) PublishOption {
+	return WithHeader("X-Actions", value)
+}
+
 // WithAttach sets a URL that will be used by the client to download an attachment
 func WithAttach(attach string) PublishOption {
 	return WithHeader("X-Attach", attach)
--- a/cmd/app.go
+++ b/cmd/app.go
@@ -30,9 +30,6 @@ func New() *cli.App {
 		Reader:                 os.Stdin,
 		Writer:                 os.Stdout,
 		ErrWriter:              os.Stderr,
-		Action:                 execMainApp,
-		Before:                 initConfigFileInputSource("config", flagsServe), // DEPRECATED, see deprecation notice
-		Flags:                  flagsServe,                                      // DEPRECATED, see deprecation notice
 		Commands: []*cli.Command{
 			// Server commands
 			cmdServe,
@@ -46,12 +43,6 @@ func New() *cli.App {
 	}
 }

-func execMainApp(c *cli.Context) error {
-	fmt.Fprintln(c.App.ErrWriter, "\x1b[1;33mDeprecation notice: Please run the server using 'ntfy serve'; see 'ntfy -h' for help.\x1b[0m")
-	fmt.Fprintln(c.App.ErrWriter, "\x1b[1;33mThis way of running the server will be removed March 2022. See https://ntfy.sh/docs/deprecations/ for details.\x1b[0m")
-	return execServe(c)
-}
-
 // initConfigFileInputSource is like altsrc.InitInputSourceWithContext and altsrc.NewYamlSourceFromFlagFunc, but checks
 // if the config flag is exists and only loads it if it does. If the flag is set and the file exists, it fails.
 func initConfigFileInputSource(configFlag string, flags []cli.Flag) cli.BeforeFunc {
--- a/cmd/publish.go
+++ b/cmd/publish.go
@@ -26,6 +26,7 @@ var cmdPublish = &cli.Command{
 		&cli.StringFlag{Name: "tags", Aliases: []string{"tag", "T"}, EnvVars: []string{"NTFY_TAGS"}, Usage: "comma separated list of tags and emojis"},
 		&cli.StringFlag{Name: "delay", Aliases: []string{"at", "in", "D"}, EnvVars: []string{"NTFY_DELAY"}, Usage: "delay/schedule message"},
 		&cli.StringFlag{Name: "click", Aliases: []string{"U"}, EnvVars: []string{"NTFY_CLICK"}, Usage: "URL to open when notification is clicked"},
+		&cli.StringFlag{Name: "actions", Aliases: []string{"A"}, EnvVars: []string{"NTFY_ACTIONS"}, Usage: "actions JSON array or simple definition"},
 		&cli.StringFlag{Name: "attach", Aliases: []string{"a"}, EnvVars: []string{"NTFY_ATTACH"}, Usage: "URL to send as an external attachment"},
 		&cli.StringFlag{Name: "filename", Aliases: []string{"name", "n"}, EnvVars: []string{"NTFY_FILENAME"}, Usage: "filename for the attachment"},
 		&cli.StringFlag{Name: "file", Aliases: []string{"f"}, EnvVars: []string{"NTFY_FILE"}, Usage: "file to upload as an attachment"},
@@ -72,6 +73,7 @@ func execPublish(c *cli.Context) error {
 	tags := c.String("tags")
 	delay := c.String("delay")
 	click := c.String("click")
+	actions := c.String("actions")
 	attach := c.String("attach")
 	filename := c.String("filename")
 	file := c.String("file")
@@ -112,6 +114,9 @@ func execPublish(c *cli.Context) error {
 	if click != "" {
 		options = append(options, client.WithClick(click))
 	}
+	if actions != "" {
+		options = append(options, client.WithActions(strings.ReplaceAll(actions, "\n", " ")))
+	}
 	if attach != "" {
 		options = append(options, client.WithAttach(attach))
 	}
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -33,6 +33,7 @@ var flagsServe = []cli.Flag{
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "attachment-expiry-duration", Aliases: []string{"X"}, EnvVars: []string{"NTFY_ATTACHMENT_EXPIRY_DURATION"}, Value: server.DefaultAttachmentExpiryDuration, DefaultText: "3h", Usage: "duration after which uploaded attachments will be deleted (e.g. 3h, 20h)"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "keepalive-interval", Aliases: []string{"k"}, EnvVars: []string{"NTFY_KEEPALIVE_INTERVAL"}, Value: server.DefaultKeepaliveInterval, Usage: "interval of keepalive messages"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "manager-interval", Aliases: []string{"m"}, EnvVars: []string{"NTFY_MANAGER_INTERVAL"}, Value: server.DefaultManagerInterval, Usage: "interval of for message pruning and stats printing"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "web-root", EnvVars: []string{"NTFY_WEB_ROOT"}, Value: "app", Usage: "sets web root to landing page (home) or web app (app)"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-addr", EnvVars: []string{"NTFY_SMTP_SENDER_ADDR"}, Usage: "SMTP server address (host:port) for outgoing emails"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-user", EnvVars: []string{"NTFY_SMTP_SENDER_USER"}, Usage: "SMTP user (if e-mail sending is enabled)"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-pass", EnvVars: []string{"NTFY_SMTP_SENDER_PASS"}, Usage: "SMTP password (if e-mail sending is enabled)"}),
@@ -93,6 +94,7 @@ func execServe(c *cli.Context) error {
 	attachmentExpiryDuration := c.Duration("attachment-expiry-duration")
 	keepaliveInterval := c.Duration("keepalive-interval")
 	managerInterval := c.Duration("manager-interval")
+	webRoot := c.String("web-root")
 	smtpSenderAddr := c.String("smtp-sender-addr")
 	smtpSenderUser := c.String("smtp-sender-user")
 	smtpSenderPass := c.String("smtp-sender-pass")
@@ -136,9 +138,12 @@ func execServe(c *cli.Context) error {
 		return errors.New("if set, base-url must start with http:// or https://")
 	} else if !util.InStringList([]string{"read-write", "read-only", "write-only", "deny-all"}, authDefaultAccess) {
 		return errors.New("if set, auth-default-access must start set to 'read-write', 'read-only', 'write-only' or 'deny-all'")
+	} else if !util.InStringList([]string{"app", "home"}, webRoot) {
+		return errors.New("if set, web-root must be 'home' or 'app'")
 	}

 	// Default auth permissions
+	webRootIsApp := webRoot == "app"
 	authDefaultRead := authDefaultAccess == "read-write" || authDefaultAccess == "read-only"
 	authDefaultWrite := authDefaultAccess == "read-write" || authDefaultAccess == "write-only"

@@ -200,6 +205,7 @@ func execServe(c *cli.Context) error {
 	conf.AttachmentExpiryDuration = attachmentExpiryDuration
 	conf.KeepaliveInterval = keepaliveInterval
 	conf.ManagerInterval = managerInterval
+	conf.WebRootIsApp = webRootIsApp
 	conf.SMTPSenderAddr = smtpSenderAddr
 	conf.SMTPSenderUser = smtpSenderUser
 	conf.SMTPSenderPass = smtpSenderPass
--- a/cmd/subscribe.go
+++ b/cmd/subscribe.go
@@ -23,6 +23,7 @@ var cmdSubscribe = &cli.Command{
 	Flags: []cli.Flag{
 		&cli.StringFlag{Name: "config", Aliases: []string{"c"}, Usage: "client config file"},
 		&cli.StringFlag{Name: "since", Aliases: []string{"s"}, Usage: "return events since `SINCE` (Unix timestamp, or all)"},
+		&cli.StringFlag{Name: "user", Aliases: []string{"u"}, Usage: "username[:password] used to auth against the server"},
 		&cli.BoolFlag{Name: "from-config", Aliases: []string{"C"}, Usage: "read subscriptions from config file (service mode)"},
 		&cli.BoolFlag{Name: "poll", Aliases: []string{"p"}, Usage: "return events and exit, do not listen for new events"},
 		&cli.BoolFlag{Name: "scheduled", Aliases: []string{"sched", "S"}, Usage: "also return scheduled/delayed events"},
@@ -40,6 +41,7 @@ ntfy subscribe TOPIC
    ntfy subscribe mytopic            # Prints JSON for incoming messages for ntfy.sh/mytopic
    ntfy sub home.lan/backups         # Subscribe to topic on different server
    ntfy sub --poll home.lan/backups  # Just query for latest messages and exit
+    ntfy sub -u phil:mypass secret    # Subscribe with username/password
  
 ntfy subscribe TOPIC COMMAND
  This executes COMMAND for every incoming messages. The message fields are passed to the
@@ -81,6 +83,7 @@ func execSubscribe(c *cli.Context) error {
 	}
 	cl := client.New(conf)
 	since := c.String("since")
+	user := c.String("user")
 	poll := c.Bool("poll")
 	scheduled := c.Bool("scheduled")
 	fromConfig := c.Bool("from-config")
@@ -93,6 +96,23 @@ func execSubscribe(c *cli.Context) error {
 	if since != "" {
 		options = append(options, client.WithSince(since))
 	}
+	if user != "" {
+		var pass string
+		parts := strings.SplitN(user, ":", 2)
+		if len(parts) == 2 {
+			user = parts[0]
+			pass = parts[1]
+		} else {
+			fmt.Fprint(c.App.ErrWriter, "Enter Password: ")
+			p, err := util.ReadPassword(c.App.Reader)
+			if err != nil {
+				return err
+			}
+			pass = string(p)
+			fmt.Fprintf(c.App.ErrWriter, "\r%s\r", strings.Repeat(" ", 20))
+		}
+		options = append(options, client.WithBasicAuth(user, pass))
+	}
 	if poll {
 		options = append(options, client.WithPoll())
 	}
@@ -142,6 +162,9 @@ func doSubscribe(c *cli.Context, cl *client.Client, conf *client.Config, topic,
 		for filter, value := range s.If {
 			topicOptions = append(topicOptions, client.WithFilter(filter, value))
 		}
+		if s.User != "" && s.Password != "" {
+			topicOptions = append(topicOptions, client.WithBasicAuth(s.User, s.Password))
+		}
 		subscriptionID := cl.Subscribe(s.Topic, topicOptions...)
 		commands[subscriptionID] = s.Command
 	}
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -25,7 +25,6 @@ var cmdUser = &cli.Command{
 			Aliases:   []string{"a"},
 			Usage:     "Adds a new user",
 			UsageText: "ntfy user add [--role=admin|user] USERNAME",
-			Before:    inheritRootReaderFunc,
 			Action:    execUserAdd,
 			Flags: []cli.Flag{
 				&cli.StringFlag{Name: "role", Aliases: []string{"r"}, Value: string(auth.RoleUser), Usage: "user role"},
@@ -46,7 +45,6 @@ Examples:
 			Aliases:   []string{"del", "rm"},
 			Usage:     "Removes a user",
 			UsageText: "ntfy user remove USERNAME",
-			Before:    inheritRootReaderFunc,
 			Action:    execUserDel,
 			Description: `Remove a user from the ntfy user database.

@@ -59,7 +57,6 @@ Example:
 			Aliases:   []string{"chp"},
 			Usage:     "Changes a user's password",
 			UsageText: "ntfy user change-pass USERNAME",
-			Before:    inheritRootReaderFunc,
 			Action:    execUserChangePass,
 			Description: `Change the password for the given user.

@@ -75,7 +72,6 @@ Example:
 			Aliases:   []string{"chr"},
 			Usage:     "Changes the role of a user",
 			UsageText: "ntfy user change-role USERNAME ROLE",
-			Before:    inheritRootReaderFunc,
 			Action:    execUserChangeRole,
 			Description: `Change the role for the given user to admin or user.

@@ -97,7 +93,6 @@ Example:
 			Name:    "list",
 			Aliases: []string{"l"},
 			Usage:   "Shows a list of users",
-			Before:  inheritRootReaderFunc,
 			Action:  execUserList,
 			Description: `Shows a list of all configured users, including the everyone ('*') user.

@@ -275,14 +270,3 @@ func userCommandFlags() []cli.Flag {
 		altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-default-access", Aliases: []string{"p"}, EnvVars: []string{"NTFY_AUTH_DEFAULT_ACCESS"}, Value: "read-write", Usage: "default permissions if no matching entries in the auth database are found"}),
 	}
 }
-
-// inheritRootReaderFunc is a workaround for a urfave/cli bug that makes subcommands not inherit the App.Reader.
-// This bug was fixed in master, but not in v2.3.0.
-func inheritRootReaderFunc(ctx *cli.Context) error {
-	for _, c := range ctx.Lineage() {
-		if c.App != nil && c.App.Reader != nil {
-			ctx.App.Reader = c.App.Reader
-		}
-	}
-	return nil
-}
--- a/docs/config.md
+++ b/docs/config.md
@@ -346,7 +346,7 @@ statuspage.io (though these days most services also support webhooks and HTTP ca
 To configure the SMTP server, you must at least set `smtp-server-listen` and `smtp-server-domain`:

 * `smtp-server-listen` defines the IP address and port the SMTP server will listen on, e.g. `:25` or `1.2.3.4:25`
-* `smtp-server-domain` is the e-mail domain, e.g. `ntfy.sh`
+* `smtp-server-domain` is the e-mail domain, e.g. `ntfy.sh` (must be identical to MX record, see below)
 * `smtp-server-addr-prefix` is an optional prefix for the e-mail addresses to prevent spam. If set to `ntfy-`, for instance,
  only e-mails to `ntfy-$topic@ntfy.sh` will be accepted. If this is not set, all emails to `$topic@ntfy.sh` will be
  accepted (which may obviously be a spam problem).
@@ -369,6 +369,42 @@ configured (in [Amazon Route 53](https://aws.amazon.com/route53/)):
  <figcaption>DNS records for incoming mail</figcaption>
 </figure>

+You can check if everything is working correctly by sending an email as raw SMTP via `nc`. Create a text file, e.g. 
+`email.txt`
+
+```
+EHLO example.com
+MAIL FROM: phil@example.com
+RCPT TO: ntfy-mytopic@ntfy.sh
+DATA
+Subject: Email for you
+Content-Type: text/plain; charset="UTF-8"
+
+Hello from 🇩🇪
+.
+```
+
+And then send the mail via `nc` like this. If you see any lines starting with `451`, those are errors from the 
+ntfy server. Read them carefully.
+
+```
+$ cat email.txt | nc -N ntfy.sh 25
+220 ntfy.sh ESMTP Service Ready
+250-Hello example.com
+...
+250 2.0.0 Roger, accepting mail from <phil@example.com>
+250 2.0.0 I'll make sure <ntfy-mytopic@ntfy.sh> gets this
+```
+
+As for the DNS setup, be sure to verify that `dig MX` and `dig A` are returning results similar to this:
+
+```
+$ dig MX ntfy.sh +short 
+10 mx1.ntfy.sh.
+$ dig A mx1.ntfy.sh +short 
+3.139.215.220
+```
+
 ## Behind a proxy (TLS, etc.)
 !!! warning
    If you are running ntfy behind a proxy, you must set the `behind-proxy` flag. Otherwise, all visitors are
@@ -399,8 +435,10 @@ HTTP challenge. I've found [this guide](https://nandovieira.com/using-lets-encry
 be incredibly helpful.

 ### nginx/Apache2/caddy
-For your convenience, here's a working config that'll help configure things behind a proxy. In this 
-example, ntfy runs on `:2586` and we proxy traffic to it. We also redirect HTTP to HTTPS for GET requests against a topic
+For your convenience, here's a working config that'll help configure things behind a proxy. Be sure to **enable WebSockets**
+by forwarding the `Connection` and `Upgrade` headers accordingly. 
+
+In this example, ntfy runs on `:2586` and we proxy traffic to it. We also redirect HTTP to HTTPS for GET requests against a topic
 or the root domain:

 === "nginx (/etc/nginx/sites-*/ntfy)"
@@ -490,6 +528,11 @@ or the root domain:
        
        # Higher than the max message size of 4096 bytes
        LimitRequestBody 102400
+
+        # WebSockets support
+        RewriteCond %{HTTP:Upgrade} websocket [NC]
+        RewriteCond %{HTTP:Connection} upgrade [NC]
+        RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L]
        
        # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want 
        # it to work with curl without the annoying https:// prefix 
@@ -514,6 +557,11 @@ or the root domain:
        
        # Higher than the max message size of 4096 bytes 
        LimitRequestBody 102400
+
+        # WebSockets support
+        RewriteCond %{HTTP:Upgrade} websocket [NC]
+        RewriteCond %{HTTP:Connection} upgrade [NC]
+        RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L]
        
        # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want 
        # it to work with curl without the annoying https:// prefix 
@@ -717,42 +765,43 @@ Each config option can be set in the config file `/etc/ntfy/server.yml` (e.g. `l
 CLI option (e.g. `--listen-http :80`. Here's a list of all available options. Alternatively, you can set an environment
 variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`).

-| Config option                              | Env variable                                    | Format                                              | Default | Description                                                                                                                                                                                                                     |
-|--------------------------------------------|-------------------------------------------------|-----------------------------------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `base-url`                                 | `NTFY_BASE_URL`                                 | *URL*                                               | -       | Public facing base URL of the service (e.g. `https://ntfy.sh`)                                                                                                                                                                  |
-| `listen-http`                              | `NTFY_LISTEN_HTTP`                              | `[host]:port`                                       | `:80`   | Listen address for the HTTP web server                                                                                                                                                                                          |
-| `listen-https`                             | `NTFY_LISTEN_HTTPS`                             | `[host]:port`                                       | -       | Listen address for the HTTPS web server. If set, you also need to set `key-file` and `cert-file`.                                                                                                                               |
-| `listen-unix`                              | `NTFY_LISTEN_UNIX`                              | *filename*                                          | -       | Path to a Unix socket to listen on                                                                                                                                                                                              |
-| `key-file`                                 | `NTFY_KEY_FILE`                                 | *filename*                                          | -       | HTTPS/TLS private key file, only used if `listen-https` is set.                                                                                                                                                                 |
-| `cert-file`                                | `NTFY_CERT_FILE`                                | *filename*                                          | -       | HTTPS/TLS certificate file, only used if `listen-https` is set.                                                                                                                                                                 |
-| `firebase-key-file`                        | `NTFY_FIREBASE_KEY_FILE`                        | *filename*                                          | -       | If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app. This is optional and only required to save battery when using the Android app. See [Firebase (FCM](#firebase-fcm).                        |
-| `cache-file`                               | `NTFY_CACHE_FILE`                               | *filename*                                          | -       | If set, messages are cached in a local SQLite database instead of only in-memory. This allows for service restarts without losing messages in support of the since= parameter. See [message cache](#message-cache).             |
-| `cache-duration`                           | `NTFY_CACHE_DURATION`                           | *duration*                                          | 12h     | Duration for which messages will be buffered before they are deleted. This is required to support the `since=...` and `poll=1` parameter. Set this to `0` to disable the cache entirely.                                        |
-| `auth-file`                                | `NTFY_AUTH_FILE`                                | *filename*                                          | -       | Auth database file used for access control. If set, enables authentication and access control. See [access control](#access-control).                                                                                           |
-| `auth-default-access`                      | `NTFY_AUTH_DEFAULT_ACCESS`                      | `read-write`, `read-only`, `write-only`, `deny-all` | -       | Default permissions if no matching entries in the auth database are found. Default is `read-write`.                                                                                                                             |
-| `behind-proxy`                             | `NTFY_BEHIND_PROXY`                             | *bool*                                              | false   | If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection.                                                                                                 |
-| `attachment-cache-dir`                     | `NTFY_ATTACHMENT_CACHE_DIR`                     | *directory*                                         | -       | Cache directory for attached files. To enable attachments, this has to be set.                                                                                                                                                  |
-| `attachment-total-size-limit`              | `NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT`              | *size*                                              | 5G      | Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected.                                                                                                                   |
-| `attachment-file-size-limit`               | `NTFY_ATTACHMENT_FILE_SIZE_LIMIT`               | *size*                                              | 15M     | Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected.                                                                                                                                       |
-| `attachment-expiry-duration`               | `NTFY_ATTACHMENT_EXPIRY_DURATION`               | *duration*                                          | 3h      | Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects `visitor-attachment-total-size-limit`.                                                                                               |
-| `smtp-sender-addr`                         | `NTFY_SMTP_SENDER_ADDR`                         | `host:port`                                         | -       | SMTP server address to allow email sending                                                                                                                                                                                      |
-| `smtp-sender-user`                         | `NTFY_SMTP_SENDER_USER`                         | *string*                                            | -       | SMTP user; only used if e-mail sending is enabled                                                                                                                                                                               |
-| `smtp-sender-pass`                         | `NTFY_SMTP_SENDER_PASS`                         | *string*                                            | -       | SMTP password; only used if e-mail sending is enabled                                                                                                                                                                           |
-| `smtp-sender-from`                         | `NTFY_SMTP_SENDER_FROM`                         | *e-mail address*                                    | -       | SMTP sender e-mail address; only used if e-mail sending is enabled                                                                                                                                                              |
-| `smtp-server-listen`                       | `NTFY_SMTP_SERVER_LISTEN`                       | `[ip]:port`                                         | -       | Defines the IP address and port the SMTP server will listen on, e.g. `:25` or `1.2.3.4:25`                                                                                                                                      |
-| `smtp-server-domain`                       | `NTFY_SMTP_SERVER_DOMAIN`                       | *domain name*                                       | -       | SMTP server e-mail domain, e.g. `ntfy.sh`                                                                                                                                                                                       |
-| `smtp-server-addr-prefix`                  | `NTFY_SMTP_SERVER_ADDR_PREFIX`                  | `[ip]:port`                                         | -       | Optional prefix for the e-mail addresses to prevent spam, e.g. `ntfy-`                                                                                                                                                          |
-| `keepalive-interval`                       | `NTFY_KEEPALIVE_INTERVAL`                       | *duration*                                          | 45s     | Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. |
-| `manager-interval`                         | `$NTFY_MANAGER_INTERVAL`                        | *duration*                                          | 1m      | Interval in which the manager prunes old messages, deletes topics and prints the stats.                                                                                                                                         |
-| `global-topic-limit`                       | `NTFY_GLOBAL_TOPIC_LIMIT`                       | *number*                                            | 15,000  | Rate limiting: Total number of topics before the server rejects new topics.                                                                                                                                                     |
-| `visitor-subscription-limit`               | `NTFY_VISITOR_SUBSCRIPTION_LIMIT`               | *number*                                            | 30      | Rate limiting: Number of subscriptions per visitor (IP address)                                                                                                                                                                 |
-| `visitor-attachment-total-size-limit`      | `NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT`      | *size*                                              | 100M    | Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See `attachment-expiry-duration`.                                                 |
-| `visitor-attachment-daily-bandwidth-limit` | `NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT` | *size*                                              | 500M    | Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding.                                                                                        |
-| `visitor-request-limit-burst`              | `NTFY_VISITOR_REQUEST_LIMIT_BURST`              | *number*                                            | 60      | Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has                                                                                           |
-| `visitor-request-limit-replenish`          | `NTFY_VISITOR_REQUEST_LIMIT_REPLENISH`          | *duration*                                          | 5s      | Rate limiting: Strongly related to `visitor-request-limit-burst`: The rate at which the bucket is refilled                                                                                                                      |
-| `visitor-request-limit-exempt-hosts`       | `NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS`       | *comma-separated host/IP list*                      | -       | Rate limiting: List of hostnames and IPs to be exempt from request rate limiting                                                                                                                                                |
-| `visitor-email-limit-burst`                | `NTFY_VISITOR_EMAIL_LIMIT_BURST`                | *number*                                            | 16      | Rate limiting:Initial limit of e-mails per visitor                                                                                                                                                                              |
-| `visitor-email-limit-replenish`            | `NTFY_VISITOR_EMAIL_LIMIT_REPLENISH`            | *duration*                                          | 1h      | Rate limiting: Strongly related to `visitor-email-limit-burst`: The rate at which the bucket is refilled                                                                                                                        |
+| Config option                              | Env variable                                    | Format                                              | Default      | Description                                                                                                                                                                                                                     |
+|--------------------------------------------|-------------------------------------------------|-----------------------------------------------------|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `base-url`                                 | `NTFY_BASE_URL`                                 | *URL*                                               | -            | Public facing base URL of the service (e.g. `https://ntfy.sh`)                                                                                                                                                                  |
+| `listen-http`                              | `NTFY_LISTEN_HTTP`                              | `[host]:port`                                       | `:80`        | Listen address for the HTTP web server                                                                                                                                                                                          |
+| `listen-https`                             | `NTFY_LISTEN_HTTPS`                             | `[host]:port`                                       | -            | Listen address for the HTTPS web server. If set, you also need to set `key-file` and `cert-file`.                                                                                                                               |
+| `listen-unix`                              | `NTFY_LISTEN_UNIX`                              | *filename*                                          | -            | Path to a Unix socket to listen on                                                                                                                                                                                              |
+| `key-file`                                 | `NTFY_KEY_FILE`                                 | *filename*                                          | -            | HTTPS/TLS private key file, only used if `listen-https` is set.                                                                                                                                                                 |
+| `cert-file`                                | `NTFY_CERT_FILE`                                | *filename*                                          | -            | HTTPS/TLS certificate file, only used if `listen-https` is set.                                                                                                                                                                 |
+| `firebase-key-file`                        | `NTFY_FIREBASE_KEY_FILE`                        | *filename*                                          | -            | If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app. This is optional and only required to save battery when using the Android app. See [Firebase (FCM](#firebase-fcm).                        |
+| `cache-file`                               | `NTFY_CACHE_FILE`                               | *filename*                                          | -            | If set, messages are cached in a local SQLite database instead of only in-memory. This allows for service restarts without losing messages in support of the since= parameter. See [message cache](#message-cache).             |
+| `cache-duration`                           | `NTFY_CACHE_DURATION`                           | *duration*                                          | 12h          | Duration for which messages will be buffered before they are deleted. This is required to support the `since=...` and `poll=1` parameter. Set this to `0` to disable the cache entirely.                                        |
+| `auth-file`                                | `NTFY_AUTH_FILE`                                | *filename*                                          | -            | Auth database file used for access control. If set, enables authentication and access control. See [access control](#access-control).                                                                                           |
+| `auth-default-access`                      | `NTFY_AUTH_DEFAULT_ACCESS`                      | `read-write`, `read-only`, `write-only`, `deny-all` | `read-write` | Default permissions if no matching entries in the auth database are found. Default is `read-write`.                                                                                                                             |
+| `behind-proxy`                             | `NTFY_BEHIND_PROXY`                             | *bool*                                              | false        | If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection.                                                                                                 |
+| `attachment-cache-dir`                     | `NTFY_ATTACHMENT_CACHE_DIR`                     | *directory*                                         | -            | Cache directory for attached files. To enable attachments, this has to be set.                                                                                                                                                  |
+| `attachment-total-size-limit`              | `NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT`              | *size*                                              | 5G           | Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected.                                                                                                                   |
+| `attachment-file-size-limit`               | `NTFY_ATTACHMENT_FILE_SIZE_LIMIT`               | *size*                                              | 15M          | Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected.                                                                                                                                       |
+| `attachment-expiry-duration`               | `NTFY_ATTACHMENT_EXPIRY_DURATION`               | *duration*                                          | 3h           | Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects `visitor-attachment-total-size-limit`.                                                                                               |
+| `smtp-sender-addr`                         | `NTFY_SMTP_SENDER_ADDR`                         | `host:port`                                         | -            | SMTP server address to allow email sending                                                                                                                                                                                      |
+| `smtp-sender-user`                         | `NTFY_SMTP_SENDER_USER`                         | *string*                                            | -            | SMTP user; only used if e-mail sending is enabled                                                                                                                                                                               |
+| `smtp-sender-pass`                         | `NTFY_SMTP_SENDER_PASS`                         | *string*                                            | -            | SMTP password; only used if e-mail sending is enabled                                                                                                                                                                           |
+| `smtp-sender-from`                         | `NTFY_SMTP_SENDER_FROM`                         | *e-mail address*                                    | -            | SMTP sender e-mail address; only used if e-mail sending is enabled                                                                                                                                                              |
+| `smtp-server-listen`                       | `NTFY_SMTP_SERVER_LISTEN`                       | `[ip]:port`                                         | -            | Defines the IP address and port the SMTP server will listen on, e.g. `:25` or `1.2.3.4:25`                                                                                                                                      |
+| `smtp-server-domain`                       | `NTFY_SMTP_SERVER_DOMAIN`                       | *domain name*                                       | -            | SMTP server e-mail domain, e.g. `ntfy.sh`                                                                                                                                                                                       |
+| `smtp-server-addr-prefix`                  | `NTFY_SMTP_SERVER_ADDR_PREFIX`                  | `[ip]:port`                                         | -            | Optional prefix for the e-mail addresses to prevent spam, e.g. `ntfy-`                                                                                                                                                          |
+| `keepalive-interval`                       | `NTFY_KEEPALIVE_INTERVAL`                       | *duration*                                          | 45s          | Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. |
+| `manager-interval`                         | `$NTFY_MANAGER_INTERVAL`                        | *duration*                                          | 1m           | Interval in which the manager prunes old messages, deletes topics and prints the stats.                                                                                                                                         |
+| `web-root`                                 | `NTFY_WEB_ROOT`                                 | `app` or `home`                                     | `app`        | Sets web root to landing page (home) or web app (app)                                                                                                                                                                           |
+| `global-topic-limit`                       | `NTFY_GLOBAL_TOPIC_LIMIT`                       | *number*                                            | 15,000       | Rate limiting: Total number of topics before the server rejects new topics.                                                                                                                                                     |
+| `visitor-subscription-limit`               | `NTFY_VISITOR_SUBSCRIPTION_LIMIT`               | *number*                                            | 30           | Rate limiting: Number of subscriptions per visitor (IP address)                                                                                                                                                                 |
+| `visitor-attachment-total-size-limit`      | `NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT`      | *size*                                              | 100M         | Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See `attachment-expiry-duration`.                                                 |
+| `visitor-attachment-daily-bandwidth-limit` | `NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT` | *size*                                              | 500M         | Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding.                                                                                        |
+| `visitor-request-limit-burst`              | `NTFY_VISITOR_REQUEST_LIMIT_BURST`              | *number*                                            | 60           | Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has                                                                                           |
+| `visitor-request-limit-replenish`          | `NTFY_VISITOR_REQUEST_LIMIT_REPLENISH`          | *duration*                                          | 5s           | Rate limiting: Strongly related to `visitor-request-limit-burst`: The rate at which the bucket is refilled                                                                                                                      |
+| `visitor-request-limit-exempt-hosts`       | `NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS`       | *comma-separated host/IP list*                      | -            | Rate limiting: List of hostnames and IPs to be exempt from request rate limiting                                                                                                                                                |
+| `visitor-email-limit-burst`                | `NTFY_VISITOR_EMAIL_LIMIT_BURST`                | *number*                                            | 16           | Rate limiting:Initial limit of e-mails per visitor                                                                                                                                                                              |
+| `visitor-email-limit-replenish`            | `NTFY_VISITOR_EMAIL_LIMIT_REPLENISH`            | *duration*                                          | 1h           | Rate limiting: Strongly related to `visitor-email-limit-burst`: The rate at which the bucket is refilled                                                                                                                        |

 The format for a *duration* is: `<number>(smh)`, e.g. 30s, 20m or 1h.   
 The format for a *size* is: `<number>(GMK)`, e.g. 1G, 200M or 4000k.
@@ -798,6 +847,7 @@ OPTIONS:
   --attachment-expiry-duration value, -X value      duration after which uploaded attachments will be deleted (e.g. 3h, 20h) (default: 3h) [$NTFY_ATTACHMENT_EXPIRY_DURATION]
   --keepalive-interval value, -k value              interval of keepalive messages (default: 45s) [$NTFY_KEEPALIVE_INTERVAL]
   --manager-interval value, -m value                interval of for message pruning and stats printing (default: 1m0s) [$NTFY_MANAGER_INTERVAL]
+   --web-root value                                  sets web root to landing page (home) or web app (app) (default: "app") [$NTFY_WEB_ROOT]
   --smtp-sender-addr value                          SMTP server address (host:port) for outgoing emails [$NTFY_SMTP_SENDER_ADDR]
   --smtp-sender-user value                          SMTP user (if e-mail sending is enabled) [$NTFY_SMTP_SENDER_USER]
   --smtp-sender-pass value                          SMTP password (if e-mail sending is enabled) [$NTFY_SMTP_SENDER_PASS]
--- a/docs/deprecations.md
+++ b/docs/deprecations.md
@@ -4,8 +4,28 @@ This page is used to list deprecation notices for ntfy. Deprecated commands and

 ## Active deprecations

+### Android app: WebSockets will become the default connection protocol  
+> Active since 2022-03-13, behavior will change in **June 2022**
+
+In future versions of the Android app, instant delivery connections and connections to self-hosted servers will
+be using the WebSockets protocol. This potentially requires [configuration changes in your proxy](https://ntfy.sh/docs/config/#nginxapache2caddy).
+
+Due to [reports of varying battery consumption](https://github.com/binwiederhier/ntfy/issues/190) (which entirely 
+seems to depend on the phone), JSON HTTP stream support will not be removed. Instead, I'll just flip the default to 
+WebSocket in June.
+
+### Android app: Using `since=<timestamp>` instead of `since=<id>`
+> Active since 2022-02-27, behavior will change in **May 2022**
+
+In about 3 months, the Android app will start using `since=<id>` instead of `since=<timestamp>`, which means that it will
+not work with servers older than v1.16.0 anymore. This is to simplify handling of deduplication in the Android app.
+
+The `since=<timestamp>` endpoint will continue to work. This is merely a notice that the Android app behavior will change.
+
+## Previous deprecations
+
 ### Running server via `ntfy` (instead of `ntfy serve`)
-> since 2021-12-17
+> Deprecated 2021-12-17, behavior changed with v1.10.0

 As more commands are added to the `ntfy` CLI tool, using just `ntfy` to run the server is not practical
 anymore. Please use `ntfy serve` instead. This also applies to Docker images, as they can also execute more than
--- a/docs/develop.md
+++ b/docs/develop.md
@@ -1,51 +1,287 @@
-# Building
+# Development
+Hurray 🥳 🎉, you are interested in writing code for ntfy! **That's awesome.** 😎
+
+I tried my very best to write up detailed instructions, but if at any point in time you run into issues, don't 
+hesitate to **contact me on [Discord](https://discord.gg/cT7ECsZj9w) or [Matrix](https://matrix.to/#/#ntfy:matrix.org)**.

 ## ntfy server
-The ntfy server source code is available [on GitHub](https://github.com/binwiederhier/ntfy). 
-To quickly build on amd64, you can use `make build-simple`:
+The ntfy server source code is available [on GitHub](https://github.com/binwiederhier/ntfy). The codebase for the
+server consists of three components:

-```
-git clone git@github.com:binwiederhier/ntfy.git
-cd ntfy
-make build-simple
+* **The main server/client** is written in [Go](https://go.dev/) (so you'll need Go). Its main entrypoint is at 
+  [main.go](https://github.com/binwiederhier/ntfy/blob/main/main.go), and the meat you're likely interested in is 
+  in [server.go](https://github.com/binwiederhier/ntfy/blob/main/server/server.go). Notably, the server uses a 
+  [SQLite](https://sqlite.org) library called [go-sqlite3](https://github.com/mattn/go-sqlite3), which requires 
+  [Cgo](https://go.dev/blog/cgo) and `CGO_ENABLED=1` to be set. Otherwise things will not work (see below).
+* **The documentation** is generated by [MkDocs](https://www.mkdocs.org/) and [Material for MkDocs](https://squidfunk.github.io/mkdocs-material/),
+  which is written in [Python](https://www.python.org/). You'll need Python and MkDocs (via `pip`) only if you want to
+  build the docs.
+* **The web app** is written in [React](https://reactjs.org/), using [MUI](https://mui.com/). It uses [Create React App](https://create-react-app.dev/)
+  to build the production build. If you want to modify the web app, you need [nodejs](https://nodejs.org/en/) (for `npm`) 
+  and install all the 100,000 dependencies (*sigh*).
+
+All of these components are built and then **baked into one binary**. 
+
+### Navigating the code
+Code:
+
+* [main.go](https://github.com/binwiederhier/ntfy/blob/main/main.go) - Main entrypoint into the CLI, for both server and client
+* [cmd/](https://github.com/binwiederhier/ntfy/tree/main/cmd) - CLI commands, such as `serve` or `publish`
+* [server/](https://github.com/binwiederhier/ntfy/tree/main/server) - The meat of the server logic
+* [docs/](https://github.com/binwiederhier/ntfy/tree/main/docs) - The [MkDocs](https://www.mkdocs.org/) documentation, also see `mkdocs.yml`
+* [web/](https://github.com/binwiederhier/ntfy/tree/main/web) - The [React](https://reactjs.org/) application, also see `web/package.json`
+
+Build related:
+
+* [Makefile](https://github.com/binwiederhier/ntfy/blob/main/Makefile) - Main entrypoint for all things related to building
+* [.goreleaser.yml](https://github.com/binwiederhier/ntfy/blob/main/.goreleaser.yml) - Describes all build outputs (for [GoReleaser](https://goreleaser.com/))
+* [go.mod](https://github.com/binwiederhier/ntfy/blob/main/go.mod) - Go modules dependency file
+* [mkdocs.yml](https://github.com/binwiederhier/ntfy/blob/main/mkdocs.yml) - Config file for the docs (for [MkDocs](https://www.mkdocs.org/))
+* [web/package.json](https://github.com/binwiederhier/ntfy/blob/main/web/package.json) - Build and dependency file for web app (for npm)
+
+
+The `web/` and `docs/` folder are the sources for web app and documentation. During the build process,
+the generated output is copied to `server/site` (web app and landing page) and `server/docs` (documentation).
+
+### Build requirements
+
+* [Go](https://go.dev/) (required for main server)
+* [gcc](https://gcc.gnu.org/) (required main server, for SQLite cgo-based bindings)
+* [Make](https://www.gnu.org/software/make/) (required for convenience)
+* [libsqlite3/libsqlite3-dev](https://www.sqlite.org/) (required for main server, for SQLite cgo-based bindings)
+* [GoReleaser](https://goreleaser.com/) (required for a proper main server build)
+* [Python](https://www.python.org/) (for `pip`, only to build the docs) 
+* [nodejs](https://nodejs.org/en/) (for `npm`, only to build the web app)
+
+### Install dependencies
+These steps **assume Ubuntu**. Steps may vary on different Linux distributions.
+
+First, install [Go](https://go.dev/) (see [official instructions](https://go.dev/doc/install)):
+``` shell
+wget https://go.dev/dl/go1.18.linux-amd64.tar.gz
+rm -rf /usr/local/go && tar -C /usr/local -xzf go1.18.linux-amd64.tar.gz
+export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin
+go version   # verifies that it worked
 ```

-That'll generate a statically linked binary in `dist/ntfy_linux_amd64/ntfy`.
-
-For all other platforms (including Docker), and for production or other snapshot builds, you should use the amazingly 
-awesome [GoReleaser](https://goreleaser.com/) make targets:
-
-```
-Build:
-  make build                       - Build
-  make build-snapshot              - Build snapshot
-  make build-simple                - Build (using go build, without goreleaser)
-  make clean                       - Clean build folder
-
-Releasing (requires goreleaser):
-  make release                     - Create a release
-  make release-snapshot            - Create a test release
+Install [GoReleaser](https://goreleaser.com/) (see [official instructions](https://goreleaser.com/install/)):
+``` shell
+go install github.com/goreleaser/goreleaser@latest
+goreleaser -v   # verifies that it worked
 ```

-There are currently no platform-specific make targets, so they will build for all platforms (which may take a while).
+Install [nodejs](https://nodejs.org/en/) (see [official instructions](https://nodejs.org/en/download/package-manager/)):
+``` shell
+curl -fsSL https://deb.nodesource.com/setup_17.x | sudo -E bash -
+sudo apt-get install -y nodejs
+npm -v   # verifies that it worked
+```
+
+Then install a few other things required:
+``` shell
+sudo apt install \
+    build-essential \
+    libsqlite3-dev \
+    gcc-arm-linux-gnueabi \
+    gcc-aarch64-linux-gnu \
+    python3-pip \
+    upx \
+    git
+```
+
+### Check out code
+Now check out via git from the [GitHub repository](https://github.com/binwiederhier/ntfy):
+
+=== "via HTTPS"
+    ``` shell
+    git clone https://github.com/binwiederhier/ntfy.git
+    cd ntfy
+    ```
+
+=== "via SSH"
+    ``` shell
+    git clone git@github.com:binwiederhier/ntfy.git 
+    cd ntfy
+    ```
+
+### Build all the things
+Now you can finally build everything. There are tons of `make` targets, so maybe just review what's there first 
+by typing `make`:
+
+``` shell
+$ make 
+Typical commands (more see below):
+  make build                   - Build web app, documentation and server/client (sloowwww)
+  make server-amd64            - Build server/client binary (amd64, no web app or docs)
+  make install-amd64           - Install ntfy binary to /usr/bin/ntfy (amd64)
+  make web                     - Build the web app
+  make docs                    - Build the documentation
+  make check                   - Run all tests, vetting/formatting checks and linters
+...
+```
+
+If you want to build the **ntfy binary including web app and docs for all supported architectures** (amd64, armv7, and amd64), 
+you can simply run `make build`:
+
+``` shell
+$ make build
+...
+# This builds web app, docs, and the ntfy binary (for amd64, armv7 and arm64). 
+# This will be SLOW (5+ minutes on my laptop on the first run). Maybe look at the other make targets?
+```
+
+You'll see all the outputs in the `dist/` folder afterwards:
+
+``` bash
+$ find dist 
+dist
+dist/metadata.json
+dist/ntfy_arm64_linux_arm64
+dist/ntfy_arm64_linux_arm64/ntfy
+dist/ntfy_armv7_linux_arm_7
+dist/ntfy_armv7_linux_arm_7/ntfy
+dist/ntfy_amd64_linux_amd64
+dist/ntfy_amd64_linux_amd64/ntfy
+dist/config.yaml
+dist/artifacts.json
+```
+
+If you also want to build the **Debian/RPM packages and the Docker images for all supported architectures**, you can 
+use the `make release-snapshot` target:
+
+``` shell
+$ make release-snapshot
+...
+# This will be REALLY SLOW (sometimes 5+ minutes on my laptop)
+```
+
+During development, you may want to be more picky and build only certain things. Here are a few examples.
+
+### Build the ntfy binary
+To build only the `ntfy` binary **without the web app or documentation**, use the `make server-...` targets:
+
+``` shell
+$ make
+Build server & client (not release version):
+  make server                  - Build server & client (all architectures)
+  make server-amd64            - Build server & client (amd64 only)
+  make server-armv7            - Build server & client (armv7 only)
+  make server-arm64            - Build server & client (arm64 only)
+```
+
+So if you're on an amd64/x86_64-based machine, you may just want to run `make server-amd64` during testing. On a modern
+system, this shouldn't take longer than 5-10 seconds. I often combine it with `install-amd64` so I can run the binary
+right away:
+
+``` shell
+$ make server-amd64 install-amd64
+$ ntfy serve
+```
+
+**During development of the main app, you can also just use `go run main.go`**, as long as you run 
+`make server-deps-static-sites`at least once and `CGO_ENABLED=1`:
+
+``` shell
+$ export CGO_ENABLED=1
+$ make server-deps-static-sites
+$ go run main.go serve
+2022/03/18 08:43:55 Listening on :2586[http]
+...
+```
+
+If you don't run `server-deps-static-sites`, you may see an error *`pattern ...: no matching files found`*:
+```
+$ go run main.go serve
+server/server.go:85:13: pattern docs: no matching files found
+```
+
+This is because we use `go:embed` to embed the documentation and web app, so the Go code expects files to be
+present at `server/docs` and `server/site`. If they are not, you'll see the above error. The `server-deps-static-sites`
+target creates dummy files that ensures that you'll be able to build.
+
+
+### Build the web app
+The sources for the web app live in `web/`. As long as you have `npm` installed (see above), building the web app 
+is really simple. Just type `make web` and you're in business:
+
+``` shell
+$ make web
+...
+```
+
+This will build the web app using Create React App and then **copy the production build to the `server/site` folder**, so 
+that when you `make server` (or `make server-amd64`, ...), you will have the web app included in the `ntfy` binary.
+
+If you're developing on the web app, it's best to just `cd web` and run `npm start` manually. This will open your browser
+at `http://127.0.0.1:3000` with the web app, and as you edit the source files, they will be recompiled and the browser 
+will automatically refresh:
+
+``` shell
+$ cd web
+$ npm start
+```
+
+### Build the docs
+The sources for the docs live in `docs/`. Similarly to the web app, you can simply run `make docs` to build the 
+documentation. As long as you have `mkdocs` installed (see above), this should work fine:
+
+``` shell
+$ make docs
+...
+```
+
+If you are changing the documentation, you should be running `mkdocs serve` directly. This will build the documentation, 
+serve the files at `http://127.0.0.1:8000/`, and rebuild every time you save the source files: 
+
+```
+$ mkdocs serve
+INFO     -  Building documentation...
+INFO     -  Cleaning site directory
+INFO     -  Documentation built in 5.53 seconds
+INFO     -  [16:28:14] Serving on http://127.0.0.1:8000/
+```
+
+Then you can navigate to http://127.0.0.1:8000/ and whenever you change a markdown file in your text editor it'll automatically update.

 ## Android app
 The ntfy Android app source code is available [on GitHub](https://github.com/binwiederhier/ntfy-android).
 The Android app has two flavors:

-* **Google Play:** The `play` flavor includes Firebase (FCM) and requires a Firebase account
+* **Google Play:** The `play` flavor includes [Firebase (FCM)](https://firebase.google.com/) and requires a Firebase account
 * **F-Droid:** The `fdroid` flavor does not include Firebase or Google dependencies

+### Navigating the code
+* [main/](https://github.com/binwiederhier/ntfy-android/tree/main/app/src/main) - Main Android app source code
+* [play/](https://github.com/binwiederhier/ntfy-android/tree/main/app/src/play) - Google Play / Firebase specific code
+* [fdroid/](https://github.com/binwiederhier/ntfy-android/tree/main/app/src/fdroid) - F-Droid Firebase stubs
+* [build.gradle](https://github.com/binwiederhier/ntfy-android/blob/main/app/build.gradle) - Main build file
+
+### IDE/Environment
+You should download [Android Studio](https://developer.android.com/studio) (or [IntelliJ IDEA](https://www.jetbrains.com/idea/) 
+with the relevant Android plugins). Everything else will just be a pain for you. Do yourself a favor. 😀 
+
+### Check out the code
 First check out the repository:

-```
-git clone git@github.com:binwiederhier/ntfy-android.git
-cd ntfy-android
-```
+=== "via HTTPS"
+    ``` shell
+    git clone https://github.com/binwiederhier/ntfy-android.git
+    cd ntfy-android
+    ```
+
+=== "via SSH"
+    ``` shell
+    git clone git@github.com:binwiederhier/ntfy-android.git
+    cd ntfy-android
+    ```

 Then either follow the steps for building with or without Firebase.

-### Building without Firebase (F-Droid flavor)
+### Build F-Droid flavor (no FCM)
+!!! info
+    I do build the ntfy Android app using IntelliJ IDEA (Android Studio), so I don't know if these Gradle commands will
+    work without issues. Please give me feedback if it does/doesn't work for you.
+
 Without Firebase, you may want to still change the default `app_base_url` in [strings.xml](https://github.com/binwiederhier/ntfy-android/blob/main/app/src/main/res/values/strings.xml)
 if you're self-hosting the server. Then run:
 ```
@@ -56,8 +292,13 @@ if you're self-hosting the server. Then run:
 ./gradlew bundleFdroidRelease
 ```

-### Building with Firebase (FCM, Google Play flavor)
+### Build Play flavor (FCM)
+!!! info
+    I do build the ntfy Android app using IntelliJ IDEA (Android Studio), so I don't know if these Gradle commands will
+    work without issues. Please give me feedback if it does/doesn't work for you.
+
 To build your own version with Firebase, you must:
+
 * Create a Firebase/FCM account
 * Place your account file at `app/google-services.json`
 * And change `app_base_url` in [strings.xml](https://github.com/binwiederhier/ntfy-android/blob/main/app/src/main/res/values/strings.xml)
--- a/docs/examples.md
+++ b/docs/examples.md
@@ -16,6 +16,27 @@ rsync -a root@laptop /backups/laptop \
  || curl -H tags:warning -H prio:high -d "Laptop backup failed" ntfy.sh/backups
 ```

+## Low disk space alerts
+Here's a simple cronjob that I use to alert me when the disk space on the root disk is running low. It's simple, but 
+effective. 
+
+``` bash 
+#!/bin/bash
+
+mingigs=10
+avail=$(df | awk '$6 == "/" && $4 < '$mingigs' * 1024*1024 { print $4/1024/1024 }')
+topicurl=https://ntfy.sh/mytopic
+
+if [ -n "$avail" ]; then
+  curl \
+    -d "Only $avail GB available on the root disk. Better clean that up." \
+    -H "Title: Low disk space alert on $(hostname)" \
+    -H "Priority: high" \
+    -H "Tags: warning,cd" \
+    $topicurl
+fi
+```
+
 ## Server-sent messages in your web app
 Just as you can [subscribe to topics in the Web UI](subscribe/web.md), you can use ntfy in your own
 web application. Check out the <a href="/example.html">live example</a> or just look the source of this page.
@@ -75,3 +96,273 @@ One of my co-workers uses the following Ansible task to let him know when things
    method: POST
    body: "{{ inventory_hostname }} reseeding complete"
 ```
+
+## Watchtower notifications (shoutrrr)
+You can use `shoutrrr` generic webhook support to send watchtower notifications to your ntfy topic.
+
+Example docker-compose.yml:
+```yml
+services:
+  watchtower:
+    image: containrrr/watchtower
+    environment:
+      - WATCHTOWER_NOTIFICATIONS=shoutrrr
+      - WATCHTOWER_NOTIFICATION_URL=generic+https://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates
+```
+
+Or, if you only want to send notifications using shoutrrr:
+```
+shoutrrr send -u "generic+https://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates" -m "testMessage"
+```
+
+## Random cronjobs
+Alright, here's one for the history books. I desperately want the `github.com/ntfy` organization, but all my tickets with
+GitHub have been hopeless. In case it ever becomes available, I want to know immediately.
+
+``` cron
+# Check github/ntfy user
+*/6 * * * * if curl -s https://api.github.com/users/ntfy | grep "Not Found"; then curl -d "github.com/ntfy is available" -H "Tags: tada" -H "Prio: high" ntfy.sh/my-alerts; fi
+~           
+```
+
+## Download notifications (Sonarr, Radarr, Lidarr, Readarr, Prowlarr, SABnzbd)
+It's possible to use custom scripts for all the *arr services, plus SABnzbd. Notifications for downloads, warnings, grabs etc.
+Some simple bash scripts to achieve this are kindly provided in [nickexyz's repository](https://github.com/nickexyz/ntfy-shellscripts). 
+
+## Node-RED
+You can use the HTTP request node to send messages with [Node-RED](https://nodered.org), some examples:
+
+
+<details>
+<summary>Example: Send a message (click to expand)</summary>
+
+```
+[
+    {
+        "id": "c956e688cc74ad8e",
+        "type": "http request",
+        "z": "fabdd7a3.4045a",
+        "name": "ntfy.sh",
+        "method": "POST",
+        "ret": "txt",
+        "paytoqs": "ignore",
+        "url": "https://ntfy.sh/mytopic",
+        "tls": "",
+        "persist": false,
+        "proxy": "",
+        "authType": "",
+        "senderr": false,
+        "credentials":
+        {
+            "user": "",
+            "password": ""
+        },
+        "x": 590,
+        "y": 3160,
+        "wires":
+        [
+            []
+        ]
+    },
+    {
+        "id": "32ee1eade51fae50",
+        "type": "function",
+        "z": "fabdd7a3.4045a",
+        "name": "data",
+        "func": "msg.payload = \"Something happened\";\nmsg.headers = {};\nmsg.headers['tags'] = 'house';\nmsg.headers['X-Title'] = 'Home Assistant';\n\nreturn msg;",
+        "outputs": 1,
+        "noerr": 0,
+        "initialize": "",
+        "finalize": "",
+        "libs": [],
+        "x": 470,
+        "y": 3160,
+        "wires":
+        [
+            [
+                "c956e688cc74ad8e"
+            ]
+        ]
+    },
+    {
+        "id": "b287e59cd2311815",
+        "type": "inject",
+        "z": "fabdd7a3.4045a",
+        "name": "Manual start",
+        "props":
+        [
+            {
+                "p": "payload"
+            },
+            {
+                "p": "topic",
+                "vt": "str"
+            }
+        ],
+        "repeat": "",
+        "crontab": "",
+        "once": false,
+        "onceDelay": "20",
+        "topic": "",
+        "payload": "",
+        "payloadType": "date",
+        "x": 330,
+        "y": 3160,
+        "wires":
+        [
+            [
+                "32ee1eade51fae50"
+            ]
+        ]
+    }
+]
+```
+
+</details>
+
+![Node red message flow](static/img/nodered-message.png)
+
+<details>
+<summary>Example: Send a picture (click to expand)</summary>
+
+```
+[
+    {
+        "id": "d135a13eadeb9d6d",
+        "type": "http request",
+        "z": "fabdd7a3.4045a",
+        "name": "Download image",
+        "method": "GET",
+        "ret": "bin",
+        "paytoqs": "ignore",
+        "url": "https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png",
+        "tls": "",
+        "persist": false,
+        "proxy": "",
+        "authType": "",
+        "senderr": false,
+        "credentials":
+        {
+            "user": "",
+            "password": ""
+        },
+        "x": 490,
+        "y": 3320,
+        "wires":
+        [
+            [
+                "6e75bc41d2ec4a03"
+            ]
+        ]
+    },
+    {
+        "id": "6e75bc41d2ec4a03",
+        "type": "function",
+        "z": "fabdd7a3.4045a",
+        "name": "data",
+        "func": "msg.payload = msg.payload;\nmsg.headers = {};\nmsg.headers['tags'] = 'house';\nmsg.headers['X-Title'] = 'Home Assistant - Picture';\n\nreturn msg;",
+        "outputs": 1,
+        "noerr": 0,
+        "initialize": "",
+        "finalize": "",
+        "libs": [],
+        "x": 650,
+        "y": 3320,
+        "wires":
+        [
+            [
+                "eb160615b6ceda98"
+            ]
+        ]
+    },
+    {
+        "id": "eb160615b6ceda98",
+        "type": "http request",
+        "z": "fabdd7a3.4045a",
+        "name": "ntfy.sh",
+        "method": "PUT",
+        "ret": "bin",
+        "paytoqs": "ignore",
+        "url": "https://ntfy.sh/mytopic",
+        "tls": "",
+        "persist": false,
+        "proxy": "",
+        "authType": "",
+        "senderr": false,
+        "credentials":
+        {
+            "user": "",
+            "password": ""
+        },
+        "x": 770,
+        "y": 3320,
+        "wires":
+        [
+            []
+        ]
+    },
+    {
+        "id": "5b8dbf15c8a7a3a5",
+        "type": "inject",
+        "z": "fabdd7a3.4045a",
+        "name": "Manual start",
+        "props":
+        [
+            {
+                "p": "payload"
+            },
+            {
+                "p": "topic",
+                "vt": "str"
+            }
+        ],
+        "repeat": "",
+        "crontab": "",
+        "once": false,
+        "onceDelay": "20",
+        "topic": "",
+        "payload": "",
+        "payloadType": "date",
+        "x": 310,
+        "y": 3320,
+        "wires":
+        [
+            [
+                "d135a13eadeb9d6d"
+            ]
+        ]
+    }
+]
+```
+
+</details>
+
+![Node red picture flow](static/img/nodered-picture.png)
+
+## Gatus service health check
+
+An example for a custom alert with <a href="https://github.com/TwiN/gatus">Gatus</a>
+```
+alerting:
+  custom:
+    url: "https://ntfy.sh"
+    method: "POST"
+    body: |
+      {
+        "topic": "mytopic",
+        "message": "[ENDPOINT_NAME] - [ALERT_DESCRIPTION]",
+        "title": "Gatus",
+        "tags": ["[ALERT_TRIGGERED_OR_RESOLVED]"],
+        "priority": 3
+      }
+    default-alert:
+      enabled: true
+      description: "health check failed"
+      send-on-resolved: true
+      failure-threshold: 3
+      success-threshold: 3
+    placeholders:
+      ALERT_TRIGGERED_OR_RESOLVED:
+        TRIGGERED: "warning"
+        RESOLVED: "white_check_mark"
+```
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -33,10 +33,11 @@ If you do not care for Firebase, I suggest you install the [F-Droid version](htt
 of the app and [self-host your own ntfy server](install.md).

 ## How much battery does the Android app use?
-If you use the ntfy.sh server and you don't use the [instant delivery](subscribe/phone.md#instant-delivery) feature, 
+If you use the ntfy.sh server, and you don't use the [instant delivery](subscribe/phone.md#instant-delivery) feature, 
 the Android app uses no additional battery, since Firebase Cloud Messaging (FCM) is used. If you use your own server, 
-or you use *instant delivery*, the app has to maintain a constant connection to the server, which consumes about 4% of
-battery in 17h of use (on my phone). I use it, and it makes no difference to me.
+or you use *instant delivery*, the app has to maintain a constant connection to the server, which consumes about 0-1% of
+battery in 17h of use (on my phone). There has been a ton of testing and improvement around this. I think it's pretty 
+decent now.

 ## What is instant delivery?
 [Instant delivery](subscribe/phone.md#instant-delivery) is a feature in the Android app. If turned on, the app maintains a constant connection to the
--- a/docs/install.md
+++ b/docs/install.md
@@ -26,23 +26,38 @@ deb/rpm packages.

 === "x86_64/amd64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_x86_64.tar.gz
-    sudo tar -C /usr/bin -zxf ntfy_*.tar.gz ntfy
-    sudo ./ntfy serve
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_x86_64.tar.gz
+    tar zxvf ntfy_1.21.1_linux_x86_64.tar.gz
+    sudo cp -a ntfy_1.21.1_linux_x86_64/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.21.1_linux_x86_64/{client,server}/*.yml /etc/ntfy
+    sudo ntfy serve
+    ```
+
+=== "armv6"
+    ```bash
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_armv6.tar.gz
+    tar zxvf ntfy_1.21.1_linux_armv6.tar.gz
+    sudo cp -a ntfy_1.21.1_linux_armv6/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.21.1_linux_armv6/{client,server}/*.yml /etc/ntfy
+    sudo ntfy serve
    ```

 === "armv7/armhf"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_armv7.tar.gz
-    sudo tar -C /usr/bin -zxf ntfy_*.tar.gz ntfy
-    sudo ./ntfy serve
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_armv7.tar.gz
+    tar zxvf ntfy_1.21.1_linux_armv7.tar.gz
+    sudo cp -a ntfy_1.21.1_linux_armv7/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.21.1_linux_armv7/{client,server}/*.yml /etc/ntfy
+    sudo ntfy serve
    ```

 === "arm64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_arm64.tar.gz
-    sudo tar -C /usr/bin -zxf ntfy_*.tar.gz ntfy
-    sudo ./ntfy serve
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_arm64.tar.gz
+    tar zxvf ntfy_1.21.1_linux_arm64.tar.gz
+    sudo cp -a ntfy_1.21.1_linux_arm64/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.21.1_linux_arm64/{client,server}/*.yml /etc/ntfy
+    sudo ntfy serve
    ```

 ## Debian/Ubuntu repository
@@ -88,7 +103,15 @@ Manually installing the .deb file:

 === "x86_64/amd64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_amd64.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_amd64.deb
+    sudo dpkg -i ntfy_*.deb
+    sudo systemctl enable ntfy
+    sudo systemctl start ntfy
+    ```
+
+=== "armv6"
+    ```bash
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_armv6.deb
    sudo dpkg -i ntfy_*.deb
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
@@ -96,7 +119,7 @@ Manually installing the .deb file:

 === "armv7/armhf"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_armv7.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_armv7.deb
    sudo dpkg -i ntfy_*.deb
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
@@ -104,7 +127,7 @@ Manually installing the .deb file:

 === "arm64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_arm64.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_arm64.deb
    sudo dpkg -i ntfy_*.deb
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
@@ -114,21 +137,28 @@ Manually installing the .deb file:

 === "x86_64/amd64"
    ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_amd64.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_amd64.rpm
    sudo systemctl enable ntfy 
    sudo systemctl start ntfy
    ```

+=== "armv6"
+    ```bash
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_armv6.rpm
+    sudo systemctl enable ntfy
+    sudo systemctl start ntfy
+    ```
+
 === "armv7/armhf"
    ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_armv7.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_armv7.rpm
    sudo systemctl enable ntfy 
    sudo systemctl start ntfy
    ```

 === "arm64"
    ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.15.0/ntfy_1.15.0_linux_arm64.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.21.1/ntfy_1.21.1_linux_arm64.rpm
    sudo systemctl enable ntfy 
    sudo systemctl start ntfy
    ```
@@ -146,7 +176,6 @@ cd ntfysh-bin
 makepkg -si
 ```

-
 ## Docker
 The [ntfy image](https://hub.docker.com/r/binwiederhier/ntfy) is available for amd64, armv7 and arm64. It should be pretty
 straight forward to use.
@@ -181,6 +210,24 @@ docker run \
  serve
 ```

+Using docker-compose:
+```yaml
+version: "2.1"
+
+services:
+  ntfy:
+    image: binwiederhier/ntfy
+    container_name: ntfy
+    command:
+      - serve
+    volumes:
+      - /var/cache/ntfy:/var/cache/ntfy
+      - /etc/ntfy:/etc/ntfy
+    ports:
+      - 80:80
+    restart: unless-stopped
+```
+
 Alternatively, you may wish to build a customized Docker image that can be run with fewer command-line arguments and without delivering the configuration file separately.
 ```
 FROM binwiederhier/ntfy
@@ -188,13 +235,3 @@ COPY server.yml /etc/ntfy/server.yml
 ENTRYPOINT ["ntfy", "serve"]
 ```
 This image can be pushed to a container registry and shipped independently. All that's needed when running it is mapping ntfy's port to a host port.
-
-## Go
-To install via Go, simply run:
-```bash
-go install heckel.io/ntfy@latest
-```
-
-!!! info
-    Please [let me know](https://github.com/binwiederhier/ntfy/issues) if there are any issues with this installation
-    method. The SQLite bindings require CGO and it works for me, but I have the feeling it may not work for everyone.
--- a/docs/publish.md
+++ b/docs/publish.md
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -0,0 +1,421 @@
+# Release notes
+Binaries for all releases can be found on the GitHub releases pages for the [ntfy server](https://github.com/binwiederhier/ntfy/releases)
+and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/releases).
+
+<!--
+
+## ntfy Android app v1.12.0 (UNRELEASED)
+
+**Features:**
+
+* Custom notification [action buttons](https://ntfy.sh/docs/publish/#action-buttons) ([#134](https://github.com/binwiederhier/ntfy/issues/134), 
+  thanks to [@mrherman](https://github.com/mrherman) for reporting) 
+* Support for [ntfy:// deep links](https://ntfy.sh/docs/subscribe/phone/#ntfy-links) ([#20](https://github.com/binwiederhier/ntfy/issues/20), thanks 
+  to [@Copephobia](https://github.com/Copephobia) for reporting)
+* [Fastlane metadata](https://hosted.weblate.org/projects/ntfy/android-fastlane/) can now be translated too ([#198](https://github.com/binwiederhier/ntfy/issues/198),
+  thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting) 
+* Channel settings option to configure DND override, sounds, etc. ([#91](https://github.com/binwiederhier/ntfy/issues/91))
+
+**Bugs:**
+
+* Validate URLs when changing default server and server in user management ([#193](https://github.com/binwiederhier/ntfy/issues/193), 
+  thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting)
+* Error in sending test notification in different languages ([#209](https://github.com/binwiederhier/ntfy/issues/209), 
+  thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting)
+* "[x] Instant delivery in doze mode" checkbox does not work properly ([#211](https://github.com/binwiederhier/ntfy/issues/211))
+* Disallow "http" GET/HEAD actions with body ([#221](https://github.com/binwiederhier/ntfy/issues/221), thanks to 
+  [@cmeis](https://github.com/cmeis) for reporting)
+* Action "view" with "clear=true" does not work on some phones ([#220](https://github.com/binwiederhier/ntfy/issues/220), thanks to 
+  [@cmeis](https://github.com/cmeis) for reporting)
+* Do not group foreground service notification with others ([#219](https://github.com/binwiederhier/ntfy/issues/219), thanks to 
+  [@s-h-a-r-d](https://github.com/s-h-a-r-d) for reporting)
+
+**Additional translations:**
+
+* Japanese (thanks to [@shak](https://hosted.weblate.org/user/shak/))
+* Russian (thanks to [@flamey](https://hosted.weblate.org/user/flamey/) and [@ilya.mikheev.coder](https://hosted.weblate.org/user/ilya.mikheev.coder/))
+
+**Thanks for testing:**
+
+Thanks to [@s-h-a-r-d](https://github.com/s-h-a-r-d) (aka @Shard), [@cmeis](https://github.com/cmeis),
+@poblabs, and everyone I forgot for testing.
+
+-->
+
+
+## ntfy server v1.21.1
+Released Apr 24, 2022
+
+**Features:**
+
+* Custom notification [action buttons](https://ntfy.sh/docs/publish/#action-buttons) ([#134](https://github.com/binwiederhier/ntfy/issues/134),
+  thanks to [@mrherman](https://github.com/mrherman) for reporting)
+* Added ARMv6 build ([#200](https://github.com/binwiederhier/ntfy/issues/200), thanks to [@jcrubioa](https://github.com/jcrubioa) for reporting)
+* Web app internationalization support 🇧🇬 🇩🇪 🇺🇸 🌎 ([#189](https://github.com/binwiederhier/ntfy/issues/189))
+
+**Bugs:**
+
+* Web app: English language strings fixes, additional descriptions for settings ([#203](https://github.com/binwiederhier/ntfy/issues/203), thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov))
+* Web app: Show error message snackbar when sending test notification fails ([#205](https://github.com/binwiederhier/ntfy/issues/205), thanks to [@cmeis](https://github.com/cmeis))
+* Web app: basic URL validation in user management ([#204](https://github.com/binwiederhier/ntfy/issues/204), thanks to [@cmeis](https://github.com/cmeis))
+* Disallow "http" GET/HEAD actions with body ([#221](https://github.com/binwiederhier/ntfy/issues/221), thanks to
+  [@cmeis](https://github.com/cmeis) for reporting)
+
+**Translations (web app):**
+
+* Bulgarian (thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov))
+* German (thanks to [@cmeis](https://github.com/cmeis))
+* Indonesian (thanks to [@linerly](https://hosted.weblate.org/user/linerly/))
+* Japanese (thanks to [@shak](https://hosted.weblate.org/user/shak/))
+* Norwegian Bokmål (thanks to [@comradekingu](https://github.com/comradekingu))
+* Russian (thanks to [@flamey](https://hosted.weblate.org/user/flamey/) and [@ilya.mikheev.coder](https://hosted.weblate.org/user/ilya.mikheev.coder/))
+* Spanish (thanks to [@rogeliodh](https://github.com/rogeliodh))
+* Turkish (thanks to [@ersen](https://ersen.moe/))
+
+**Integrations:**
+
+[Apprise](https://github.com/caronc/apprise) support was fully released in [v0.9.8.2](https://github.com/caronc/apprise/releases/tag/v0.9.8.2)
+of Apprise. Thanks to [@particledecay](https://github.com/particledecay) and [@caronc](https://github.com/caronc) for their fantastic work. 
+You can try it yourself like this (detailed usage in the [Apprise wiki](https://github.com/caronc/apprise/wiki/Notify_ntfy)):
+
+```
+pip3 install apprise
+apprise -b "Hi there" ntfys://mytopic
+```
+
+
+## ntfy Android app v1.11.0
+Released Apr 7, 2022
+
+**Features:**
+
+* Download attachments to cache folder ([#181](https://github.com/binwiederhier/ntfy/issues/181))
+* Regularly delete attachments for deleted notifications ([#142](https://github.com/binwiederhier/ntfy/issues/142))
+* Translations to different languages ([#188](https://github.com/binwiederhier/ntfy/issues/188), thanks to
+  [@StoyanDimitrov](https://github.com/StoyanDimitrov) for initiating things)
+
+**Bugs:**
+
+* IllegalStateException: Failed to build unique file ([#177](https://github.com/binwiederhier/ntfy/issues/177), thanks to [@Fallenbagel](https://github.com/Fallenbagel) for reporting)
+* SQLiteConstraintException: Crash during UP registration ([#185](https://github.com/binwiederhier/ntfy/issues/185))
+* Refresh preferences screen after settings import (#183, thanks to [@cmeis](https://github.com/cmeis) for reporting)
+* Add priority strings to strings.xml to make it translatable (#192, thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov))
+
+**Translations:**
+
+* English language improvements (thanks to [@comradekingu](https://github.com/comradekingu))
+* Bulgarian (thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov))
+* Chinese/Simplified (thanks to [@poi](https://hosted.weblate.org/user/poi) and [@PeterCxy](https://hosted.weblate.org/user/PeterCxy))
+* Dutch (*incomplete*, thanks to [@diony](https://hosted.weblate.org/user/diony))
+* French (thanks to [@Kusoneko](https://kusoneko.moe/) and [@mlcsthor](https://hosted.weblate.org/user/mlcsthor/))
+* German (thanks to [@cmeis](https://github.com/cmeis))
+* Italian (thanks to [@theTranslator](https://hosted.weblate.org/user/theTranslator/))
+* Indonesian (thanks to [@linerly](https://hosted.weblate.org/user/linerly/))
+* Norwegian Bokmål (*incomplete*, thanks to [@comradekingu](https://github.com/comradekingu))
+* Portuguese/Brazil (thanks to [@LW](https://hosted.weblate.org/user/LW/))
+* Spanish (thanks to [@rogeliodh](https://github.com/rogeliodh))
+* Turkish (thanks to [@ersen](https://ersen.moe/))
+
+**Thanks:**
+
+* Many thanks to [@cmeis](https://github.com/cmeis), [@Fallenbagel](https://github.com/Fallenbagel), [@Joeharrison94](https://github.com/Joeharrison94),
+  and [@rogeliodh](https://github.com/rogeliodh) for input on the new attachment logic, and for testing the release
+
+## ntfy server v1.20.0
+Released Apr 6, 2022
+
+**Features:**:
+
+* Added message bar and publish dialog ([#196](https://github.com/binwiederhier/ntfy/issues/196)) 
+
+**Bugs:**
+
+* Added `EXPOSE 80/tcp` to Dockerfile to support auto-discovery in [Traefik](https://traefik.io/) ([#195](https://github.com/binwiederhier/ntfy/issues/195), thanks to [@s-h-a-r-d](https://github.com/s-h-a-r-d))
+
+**Documentation:**
+
+* Added docker-compose example to [install instructions](install.md#docker) ([#194](https://github.com/binwiederhier/ntfy/pull/194), thanks to [@s-h-a-r-d](https://github.com/s-h-a-r-d))
+
+**Integrations:**
+
+* [Apprise](https://github.com/caronc/apprise) has added integration into ntfy ([#99](https://github.com/binwiederhier/ntfy/issues/99), [apprise#524](https://github.com/caronc/apprise/pull/524),
+  thanks to [@particledecay](https://github.com/particledecay) and [@caronc](https://github.com/caronc) for their fantastic work)
+
+## ntfy server v1.19.0
+Released Mar 30, 2022
+
+**Bugs:**
+
+* Do not pack binary with `upx` for armv7/arm64 due to `illegal instruction` errors ([#191](https://github.com/binwiederhier/ntfy/issues/191), thanks to [@iexos](https://github.com/iexos))
+* Do not allow comma in topic name in publish via GET endpoint (no ticket)
+* Add "Access-Control-Allow-Origin: *" for attachments (no ticket, thanks to @FrameXX)
+* Make pruning run again in web app ([#186](https://github.com/binwiederhier/ntfy/issues/186))
+* Added missing params `delay` and `email` to publish as JSON body (no ticket)
+
+**Documentation:**
+
+* Improved [e-mail publishing](config.md#e-mail-publishing) documentation
+
+## ntfy server v1.18.1
+Released Mar 21, 2022   
+_This release ships no features or bug fixes. It's merely a documentation update._
+
+**Documentation:**
+
+* Overhaul of [developer documentation](https://ntfy.sh/docs/develop/)
+* PowerShell examples for [publish documentation](https://ntfy.sh/docs/publish/) ([#138](https://github.com/binwiederhier/ntfy/issues/138), thanks to [@Joeharrison94](https://github.com/Joeharrison94))
+* Additional examples for [NodeRED, Gatus, Sonarr, Radarr, ...](https://ntfy.sh/docs/examples/) (thanks to [@nickexyz](https://github.com/nickexyz))
+* Fixes in developer instructions (thanks to [@Fallenbagel](https://github.com/Fallenbagel) for reporting)
+
+## ntfy Android app v1.10.0
+Released Mar 21, 2022
+
+**Features:**
+
+* Support for UnifiedPush 2.0 specification (bytes messages, [#130](https://github.com/binwiederhier/ntfy/issues/130))
+* Export/import settings and subscriptions ([#115](https://github.com/binwiederhier/ntfy/issues/115), thanks [@cmeis](https://github.com/cmeis) for reporting)
+* Open "Click" link when tapping notification ([#110](https://github.com/binwiederhier/ntfy/issues/110), thanks [@cmeis](https://github.com/cmeis) for reporting)
+* JSON stream deprecation banner ([#164](https://github.com/binwiederhier/ntfy/issues/164))
+
+**Bug fixes:**
+
+* Display locale-specific times, with AM/PM or 24h format ([#140](https://github.com/binwiederhier/ntfy/issues/140), thanks [@hl2guide](https://github.com/hl2guide) for reporting)
+
+## ntfy server v1.18.0
+Released Mar 16, 2022
+
+**Features:**
+
+* [Publish messages as JSON](https://ntfy.sh/docs/publish/#publish-as-json) ([#133](https://github.com/binwiederhier/ntfy/issues/133), 
+  thanks [@cmeis](https://github.com/cmeis) for reporting, thanks to [@Joeharrison94](https://github.com/Joeharrison94) and 
+  [@Fallenbagel](https://github.com/Fallenbagel) for testing)
+
+**Bug fixes:**
+
+* rpm: do not overwrite server.yaml on package upgrade ([#166](https://github.com/binwiederhier/ntfy/issues/166), thanks [@waclaw66](https://github.com/waclaw66) for reporting)
+* Typo in [ntfy.sh/announcements](https://ntfy.sh/announcements) topic ([#170](https://github.com/binwiederhier/ntfy/pull/170), thanks to [@sandebert](https://github.com/sandebert))
+* Readme image URL fixes ([#156](https://github.com/binwiederhier/ntfy/pull/156), thanks to [@ChaseCares](https://github.com/ChaseCares))
+
+**Deprecations:**
+
+* Removed the ability to run server as `ntfy` (as opposed to `ntfy serve`) as per [deprecation](deprecations.md)
+
+## ntfy server v1.17.1
+Released Mar 12, 2022
+
+**Bug fixes:**
+
+* Replace `crypto.subtle` with `hashCode` to errors with Brave/FF-Windows (#157, thanks for reporting @arminus)
+
+## ntfy server v1.17.0
+Released Mar 11, 2022
+
+**Features & bug fixes:**
+
+* Replace [web app](https://ntfy.sh/app) with a React/MUI-based web app from the 21st century (#111)
+* Web UI broken with auth (#132, thanks for reporting @arminus)
+* Send static web resources as `Content-Encoding: gzip`, i.e. docs and web app (no ticket)
+* Add support for auth via `?auth=...` query param, used by WebSocket in web app (no ticket) 
+
+## ntfy server v1.16.0
+Released Feb 27, 2022
+
+**Features & Bug fixes:**
+
+* Add [auth support](https://ntfy.sh/docs/subscribe/cli/#authentication) for subscribing with CLI (#147/#148, thanks @lrabane)
+* Add support for [?since=<id>](https://ntfy.sh/docs/subscribe/api/#fetch-cached-messages) (#151, thanks for reporting @nachotp)
+
+**Documentation:**
+
+* Add [watchtower/shoutrr examples](https://ntfy.sh/docs/examples/#watchtower-notifications-shoutrrr) (#150, thanks @rogeliodh)
+* Add [release notes](https://ntfy.sh/docs/releases/)
+
+**Technical notes:**
+
+* As of this release, message IDs will be 12 characters long (as opposed to 10 characters). This is to be able to 
+  distinguish them from Unix timestamps for #151.
+
+## ntfy Android app v1.9.1
+Released Feb 16, 2022
+
+**Features:**
+
+* Share to topic feature (#131, thanks u/emptymatrix for reporting)
+* Ability to pick a default server (#127, thanks to @poblabs for reporting and testing)
+* Automatically delete notifications (#71, thanks @arjan-s for reporting)
+* Dark theme: Improvements around style and contrast (#119, thanks @kzshantonu for reporting)
+
+**Bug fixes:**
+
+* Do not attempt to download attachments if they are already expired (#135)
+* Fixed crash in AddFragment as seen per stack trace in Play Console (no ticket)
+
+**Other thanks:**
+
+* Thanks to @rogeliodh, @cmeis and @poblabs for testing
+
+## ntfy server v1.15.0
+Released Feb 14, 2022
+
+**Features & bug fixes:**
+
+* Compress binaries with `upx` (#137)
+* Add `visitor-request-limit-exempt-hosts` to exempt friendly hosts from rate limits (#144)
+* Double default requests per second limit from 1 per 10s to 1 per 5s (no ticket)
+* Convert `\n` to new line for `X-Message` header as prep for sharing feature (see #136)
+* Reduce bcrypt cost to 10 to make auth timing more reasonable on slow servers (no ticket)
+* Docs update to include [public test topics](https://ntfy.sh/docs/publish/#public-topics) (no ticket)
+
+## ntfy server v1.14.1
+Released Feb 9, 2022
+
+**Bug fixes:**
+
+* Fix ARMv8 Docker build (#113, thanks to @djmaze)
+* No other significant changes
+
+## ntfy Android app v1.8.1
+Released Feb 6, 2022
+
+**Features:**
+
+* Support [auth / access control](https://ntfy.sh/docs/config/#access-control) (#19, thanks to @cmeis, @drsprite/@poblabs, 
+  @gedw99, @karmanyaahm, @Mek101, @gc-ss, @julianfoad, @nmoseman, Jakob, PeterCxy, Techlosopher)
+* Export/upload log now allows censored/uncensored logs (no ticket)
+* Removed wake lock (except for notification dispatching, no ticket)
+* Swipe to remove notifications (#117)
+
+**Bug fixes:**
+
+* Fix download issues on SDK 29 "Movement not allowed" (#116, thanks Jakob)
+* Fix for Android 12 crashes (#124, thanks @eskilop)
+* Fix WebSocket retry logic bug with multiple servers (no ticket)
+* Fix race in refresh logic leading to duplicate connections (no ticket)
+* Fix scrolling issue in subscribe to topic dialog (#131, thanks @arminus)
+* Fix base URL text field color in dark mode, and size with large fonts (no ticket)
+* Fix action bar color in dark mode (make black, no ticket)
+
+**Notes:**
+
+* Foundational work for per-subscription settings
+
+## ntfy server v1.14.0
+Released Feb 3, 2022
+
+**Features**:
+
+* Server-side for [authentication & authorization](https://ntfy.sh/docs/config/#access-control) (#19, thanks for testing @cmeis, and for input from @gedw99, @karmanyaahm, @Mek101, @gc-ss, @julianfoad, @nmoseman, Jakob, PeterCxy, Techlosopher)
+* Support `NTFY_TOPIC` env variable in `ntfy publish` (#103)
+
+**Bug fixes**:
+
+* Binary UnifiedPush messages should not be converted to attachments (part 1, #101)
+
+**Docs**:
+
+* Clarification regarding attachments (#118, thanks @xnumad)
+
+## ntfy Android app v1.7.1
+Released Jan 21, 2022
+
+**New features:**
+
+* Battery improvements: wakelock disabled by default (#76)
+* Dark mode: Allow changing app appearance (#102)
+* Report logs: Copy/export logs to help troubleshooting (#94)
+* WebSockets (experimental): Use WebSockets to subscribe to topics (#96, #100, #97)
+* Show battery optimization banner (#105)
+
+**Bug fixes:**
+
+* (Partial) support for binary UnifiedPush messages (#101)
+
+**Notes:**
+
+* The foreground wakelock is now disabled by default
+* The service restarter is now scheduled every 3h instead of every 6h
+
+## ntfy server v1.13.0
+Released Jan 16, 2022
+
+**Features:**
+
+* [Websockets](https://ntfy.sh/docs/subscribe/api/#websockets) endpoint
+* Listen on Unix socket, see [config option](https://ntfy.sh/docs/config/#config-options) `listen-unix`
+
+## ntfy Android app v1.6.0
+Released Jan 14, 2022
+
+**New features:**
+
+* Attachments: Send files to the phone (#25, #15)
+* Click action: Add a click action URL to notifications (#85)
+* Battery optimization: Allow disabling persistent wake-lock (#76, thanks @MatMaul)
+* Recognize imported user CA certificate for self-hosted servers (#87, thanks @keith24)
+* Remove mentions of "instant delivery" from F-Droid to make it less confusing (no ticket)
+
+**Bug fixes:**
+
+* Subscription "muted until" was not always respected (#90)
+* Fix two stack traces reported by Play console vitals (no ticket)
+* Truncate FCM messages >4,000 bytes, prefer instant messages (#84)
+
+## ntfy server v1.12.1
+Released Jan 14, 2022
+
+**Bug fixes:**
+
+* Fix security issue with attachment peaking (#93)
+
+## ntfy server v1.12.0
+Released Jan 13, 2022
+
+**Features:**
+
+* [Attachments](https://ntfy.sh/docs/publish/#attachments) (#25, #15)
+* [Click action](https://ntfy.sh/docs/publish/#click-action) (#85)
+* Increase FCM priority for high/max priority messages (#70)
+
+**Bug fixes:**
+
+* Make postinst script work properly for rpm-based systems (#83, thanks @cmeis)
+* Truncate FCM messages longer than 4000 bytes (#84)
+* Fix `listen-https` port (no ticket)
+
+## ntfy Android app v1.5.2
+Released Jan 3, 2022
+
+**New features:**
+
+* Allow using ntfy as UnifiedPush distributor (#9)
+* Support for longer message up to 4096 bytes (#77)
+* Minimum priority: show notifications only if priority X or higher (#79)
+* Allowing disabling broadcasts in global settings (#80)
+
+**Bug fixes:**
+
+* Allow int/long extras for SEND_MESSAGE intent (#57)
+* Various battery improvement fixes (#76)
+
+## ntfy server v1.11.2
+Released Jan 1, 2022
+
+**Features & bug fixes:**
+
+* Increase message limit to 4096 bytes (4k) #77
+* Docs for [UnifiedPush](https://unifiedpush.org) #9
+* Increase keepalive interval to 55s #76
+* Increase Firebase keepalive to 3 hours #76
+
+## ntfy server v1.10.0
+Released Dec 28, 2021
+
+**Features & bug fixes:**
+
+* [Publish messages via e-mail](ntfy.sh/docs/publish/#e-mail-publishing) #66
+* Server-side work to support [unifiedpush.org](https://unifiedpush.org) #64
+* Fixing the Santa bug #65
+
+## Older releases
+For older releases, check out the GitHub releases pages for the [ntfy server](https://github.com/binwiederhier/ntfy/releases)
+and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/releases).
--- a/docs/static/css/extra.css
+++ b/docs/static/css/extra.css
@@ -1,13 +1,17 @@
 :root {
-    --md-primary-fg-color:        #3a9784;
-    --md-primary-fg-color--light: #3a9784;
-    --md-primary-fg-color--dark:  #3a9784;
+    --md-primary-fg-color:        #338574;
+    --md-primary-fg-color--light: #338574;
+    --md-primary-fg-color--dark:  #338574;
 }

 .md-header__button.md-logo :is(img, svg) {
    width: unset !important;
 }

+.md-sidebar {
+    width: 12.5rem !important;
+}
+
 .md-typeset h4 {
    font-weight: 500 !important;
    margin: 0 !important;
--- a/docs/static/img/android-screenshot-notification-actions.png
+++ b/docs/static/img/android-screenshot-notification-actions.png
--- a/docs/static/img/android-screenshot-notification-details.jpg
+++ b/docs/static/img/android-screenshot-notification-details.jpg
--- a/docs/static/img/android-screenshot-notification-settings.png
+++ b/docs/static/img/android-screenshot-notification-settings.png
--- a/docs/static/img/android-screenshot-share-1.jpg
+++ b/docs/static/img/android-screenshot-share-1.jpg
--- a/docs/static/img/android-screenshot-share-2.jpg
+++ b/docs/static/img/android-screenshot-share-2.jpg
--- a/docs/static/img/nodered-message.png
+++ b/docs/static/img/nodered-message.png
--- a/docs/static/img/nodered-picture.png
+++ b/docs/static/img/nodered-picture.png
--- a/docs/static/img/web-detail.png
+++ b/docs/static/img/web-detail.png
--- a/docs/static/img/web-subscribe.png
+++ b/docs/static/img/web-subscribe.png
--- a/docs/subscribe/api.md
+++ b/docs/subscribe/api.md
@@ -247,11 +247,13 @@ curl -s "ntfy.sh/mytopic/json?poll=1"
 ### Fetch cached messages
 Messages may be cached for a couple of hours (see [message caching](../config.md#message-cache)) to account for network
 interruptions of subscribers. If the server has configured message caching, you can read back what you missed by using 
-the `since=` query parameter. It takes either a duration (e.g. `10m` or `30s`), a Unix timestamp (e.g. `1635528757`) 
-or `all` (all cached messages).
+the `since=` query parameter. It takes a duration (e.g. `10m` or `30s`), a Unix timestamp (e.g. `1635528757`),
+a message ID (e.g. `nFS3knfcQ1xe`), or `all` (all cached messages).

 ```
 curl -s "ntfy.sh/mytopic/json?since=10m"
+curl -s "ntfy.sh/mytopic/json?since=1645970742"
+curl -s "ntfy.sh/mytopic/json?since=nFS3knfcQ1xe"
 ```

 ### Fetch scheduled messages
@@ -395,7 +397,6 @@ Here's an example for each message type:
    }
    ```    

-
 === "Poll request message"
    ``` json
    {
@@ -413,6 +414,7 @@ and can be passed as **HTTP headers** or **query parameters in the URL**. They a
 | Parameter   | Aliases (case-insensitive) | Description                                                                     |
 |-------------|----------------------------|---------------------------------------------------------------------------------|
 | `poll`      | `X-Poll`, `po`             | Return cached messages and close connection                                     |
+| `since`     | `X-Since`, `si`            | Return cached messages since timestamp, duration or message ID                  |
 | `scheduled` | `X-Scheduled`, `sched`     | Include scheduled/delayed messages in message list                              |
 | `message`   | `X-Message`, `m`           | Filter: Only return messages that match this exact message string               |
 | `title`     | `X-Title`, `t`             | Filter: Only return messages that match this exact title string                 |
--- a/docs/subscribe/cli.md
+++ b/docs/subscribe/cli.md
@@ -196,3 +196,27 @@ EOF
 sudo systemctl daemon-reload
 sudo systemctl restart ntfy-client
 ```
+
+
+### Authentication
+Depending on whether the server is configured to support [access control](../config.md#access-control), some topics
+may be read/write protected so that only users with the correct credentials can subscribe or publish to them.
+To publish/subscribe to protected topics, you can use [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication)
+with a valid username/password. For your self-hosted server, **be sure to use HTTPS to avoid eavesdropping** and exposing
+your password. 
+
+You can either add your username and password to the configuration file:
+=== "~/.config/ntfy/client.yml"
+	```yaml
+	 - topic: secret
+	   command: 'notify-send "$m"'
+	   user: phill
+	   password: mypass
+	```
+
+Or with the `ntfy subscibe` command:
+```
+ntfy subscribe \
+  -u phil:mypass \
+  ntfy.example.com/mysecrets
+```
--- a/docs/subscribe/phone.md
+++ b/docs/subscribe/phone.md
@@ -31,7 +31,7 @@ If those screenshots are still not enough, here's a video:
 </figure>

 ## Message priority
-When you [publish messages](../publish.md#message-priority) to a topic, you can define a priority. This priority defines
+When you [publish messages](../publish.md#message-priority) to a topic, you can **define a priority**. This priority defines
 how urgently Android will notify you about the notification, and whether they make a sound and/or vibrate.

 By default, messages with default priority or higher (>= 3) will vibrate and make a sound. Messages with high or urgent
@@ -42,11 +42,19 @@ priority (>= 4) will also show as pop-over, like so:
  <figcaption>High and urgent notifications show as pop-over</figcaption>
 </figure>

-You can change these settings in Android by long-pressing on the app, and tapping "Notifications". You can then configure
-the settings (and custom sounds or vibration) for each of the priorities:
+You can change these settings in Android by long-pressing on the app, and tapping "Notifications", or from the "Settings"
+menu under "Channel settings". There is one notification channel for each priority:

 <figure markdown>
-  ![notification settings](../static/img/android-notification-settings.png){ width=500 }
+  ![notification settings](../static/img/android-screenshot-notification-settings.png){ width=500 }
+  <figcaption>Per-priority channels</figcaption>
+</figure>
+
+Per notification channel, you can configure a **channel-specific sound**, whether to **override the Do Not Disturb (DND)**
+setting, and other settings such as popover or notification dot:
+
+<figure markdown>
+  ![channel details](../static/img/android-screenshot-notification-details.jpg){ width=500 }
  <figcaption>Per-priority sound/vibration settings</figcaption>
 </figure>

@@ -80,6 +88,34 @@ notifications. Firebase is overall pretty bad at delivering messages in time, bu
 The ntfy Android app uses Firebase only for the main host `ntfy.sh`, and only in the Google Play flavor of the app.
 It won't use Firebase for any self-hosted servers, and not at all in the the F-Droid flavor.

+## Share to topic
+You can share files to a topic using Android's "Share" feature. This works in almost any app that supports sharing files
+or text, and it's useful for sending yourself links, files or other things. The feature remembers a few of the last topics
+you shared content to and lists them at the bottom.
+
+The feature is pretty self-explanatory, and one picture says more than a thousand words. So here are two pictures:
+
+<div id="share-to-topic-screenshots" class="screenshots">
+    <a href="../../static/img/android-screenshot-share-1.jpg"><img src="../../static/img/android-screenshot-share-1.jpg"/></a>
+    <a href="../../static/img/android-screenshot-share-2.jpg"><img src="../../static/img/android-screenshot-share-2.jpg"/></a>
+</div>
+
+## ntfy:// links
+The ntfy Android app supports deep linking directly to topics. This is useful when integrating with [automation apps](#automation-apps)
+such as [MacroDroid](https://play.google.com/store/apps/details?id=com.arlosoft.macrodroid) or [Tasker](https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm),
+or to simply directly link to a topic from a mobile website. 
+
+!!! info
+    Android deep linking of http/https links is very brittle and limited, which is why something like `https://<host>/<topic>/subscribe` is 
+    **not possible**, and instead `ntfy://` links have to be used. More details in [issue #20](https://github.com/binwiederhier/ntfy/issues/20).
+
+**Supported link formats:**
+
+| Link format                                                                   | Example                                   | Description                                                                                                                                                                                         |
+|-------------------------------------------------------------------------------|-------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| <span style="white-space: nowrap">`ntfy://<host>/<topic>`</span>              | `ntfy://ntfy.sh/mytopic`                  | Directly opens the Android app detail view for the given topic and server. Subscribes to the topic if not already subscribed. This is equivalent to the web view `https://ntfy.sh/mytopic` (HTTPS!) |
+| <span style="white-space: nowrap">`ntfy://<host>/<topic>?secure=false`</span> | `ntfy://example.com/mytopic?secure=false` | Same as above, except that this will use HTTP instead of HTTPS as topic URL. This is equivalent to the web view `http://example.com/mytopic` (HTTP!)                                                |
+
 ## Integrations

 ### UnifiedPush
@@ -130,19 +166,21 @@ notification popups:

 Here's a list of extras you can access. Most likely, you'll want to filter for `topic` and react on `message`:

-| Extra name | Type | Example | Description |
-|---|---|---|---|
-| `id` | *string* | `bP8dMjO8ig` | Randomly chosen message identifier (likely not very useful for task automation) |
-| `base_url` | *string* | `https://ntfy.sh` | Root URL of the ntfy server this message came from |
-| `topic` ❤️ | *string* | `mytopic` | Topic name; **you'll likely want to filter for a specific topic** |
-| `muted` | *bool* | `true` | Indicates whether the subscription was muted in the app |
-| `muted_str` | *string (`true` or `false`)* | `true` | Same as `muted`, but as string `true` or `false` |
-| `time` | *int* | `1635528741` | Message date time, as Unix time stamp |
-| `title` | *string* | `Some title` | Message [title](../publish.md#message-title); may be empty if not set |
-| `message` ❤️ | *string* | `Some message` | Message body; **this is likely what you're interested in** |
-| `tags` | *string* | `tag1,tag2,..` | Comma-separated list of [tags](../publish.md#tags-emojis) |
-| `tags_map` | *string* | `0=tag1,1=tag2,..` | Map of tags to make it easier to map first, second, ... tag |
-| `priority` | *int (between 1-5)* | `4` | Message [priority](../publish.md#message-priority) with 1=min, 3=default and 5=max |
+| Extra name      | Type                         | Example            | Description                                                                        |
+|-----------------|------------------------------|--------------------|------------------------------------------------------------------------------------|
+| `id`            | *String*                     | `bP8dMjO8ig`       | Randomly chosen message identifier (likely not very useful for task automation)    |
+| `base_url`      | *String*                     | `https://ntfy.sh`  | Root URL of the ntfy server this message came from                                 |
+| `topic` ❤️      | *String*                     | `mytopic`          | Topic name; **you'll likely want to filter for a specific topic**                  |
+| `muted`         | *Boolean*                    | `true`             | Indicates whether the subscription was muted in the app                            |
+| `muted_str`     | *String (`true` or `false`)* | `true`             | Same as `muted`, but as string `true` or `false`                                   |
+| `time`          | *Int*                        | `1635528741`       | Message date time, as Unix time stamp                                              |
+| `title`         | *String*                     | `Some title`       | Message [title](../publish.md#message-title); may be empty if not set              |
+| `message` ❤️    | *String*                     | `Some message`     | Message body; **this is likely what you're interested in**                         |
+| `message_bytes` | *ByteArray*                  | `(binary data)`    | Message body as binary data                                                        |
+| `encoding`️     | *String*                     | -                  | Message encoding (empty or "base64")                                               |
+| `tags`          | *String*                     | `tag1,tag2,..`     | Comma-separated list of [tags](../publish.md#tags-emojis)                          |
+| `tags_map`      | *String*                     | `0=tag1,1=tag2,..` | Map of tags to make it easier to map first, second, ... tag                        |
+| `priority`      | *Int (between 1-5)*          | `4`                | Message [priority](../publish.md#message-priority) with 1=min, 3=default and 5=max |

 #### Send messages using intents
 To send messages from other apps (such as [MacroDroid](https://play.google.com/store/apps/details?id=com.arlosoft.macrodroid)
@@ -164,14 +202,14 @@ Here's what that looks like:

 The following intent extras are supported when for the intent with the `io.heckel.ntfy.SEND_MESSAGE` action:

-| Extra name | Required | Type | Example | Description |
-|---|---|---|---|---|
-| `base_url` | - | *string* | `https://ntfy.sh` | Root URL of the ntfy server this message came from, defaults to `https://ntfy.sh` |
-| `topic` ❤️ | ✔ | *string* | `mytopic` | Topic name; **you must set this** |
-| `title` | - | *string* | `Some title` | Message [title](../publish.md#message-title); may be empty if not set |
-| `message` ❤️ | ✔ | *string* | `Some message` | Message body; **you must set this** |
-| `tags` | - | *string* | `tag1,tag2,..` | Comma-separated list of [tags](../publish.md#tags-emojis) |
-| `priority` | - | *string or int (between 1-5)* | `4` | Message [priority](../publish.md#message-priority) with 1=min, 3=default and 5=max |
+| Extra name   | Required | Type                          | Example           | Description                                                                        |
+|--------------|----------|-------------------------------|-------------------|------------------------------------------------------------------------------------|
+| `base_url`   | -        | *String*                      | `https://ntfy.sh` | Root URL of the ntfy server this message came from, defaults to `https://ntfy.sh`  |
+| `topic` ❤️   | ✔        | *String*                      | `mytopic`         | Topic name; **you must set this**                                                  |
+| `title`      | -        | *String*                      | `Some title`      | Message [title](../publish.md#message-title); may be empty if not set              |
+| `message` ❤️ | ✔        | *String*                      | `Some message`    | Message body; **you must set this**                                                |
+| `tags`       | -        | *String*                      | `tag1,tag2,..`    | Comma-separated list of [tags](../publish.md#tags-emojis)                          |
+| `priority`   | -        | *String or Int (between 1-5)* | `4`               | Message [priority](../publish.md#message-priority) with 1=min, 3=default and 5=max |

 ## iPhone/iOS
 I almost feel devious for putting the *Download on the App Store* button on this page. Currently, there is no iOS app
--- a/docs/subscribe/web.md
+++ b/docs/subscribe/web.md
@@ -6,9 +6,9 @@ keep a connection open and listen for incoming notifications.
 To learn how to send messages, check out the [publishing page](../publish.md).

 <div id="web-screenshots" class="screenshots">
-    <a href="../../static/img/web-subscribe.png"><img src="../../static/img/web-subscribe.png"/></a>
-    <a href="../../static/img/web-notification.png"><img src="../../static/img/web-notification.png"/></a>
    <a href="../../static/img/web-detail.png"><img src="../../static/img/web-detail.png"/></a> 
+    <a href="../../static/img/web-notification.png"><img src="../../static/img/web-notification.png"/></a>
+    <a href="../../static/img/web-subscribe.png"><img src="../../static/img/web-subscribe.png"/></a>
 </div>

 To keep receiving desktop notifications from ntfy, you need to keep the website open. What I do, and what I highly recommend,
--- a/go.mod
+++ b/go.mod
@@ -4,48 +4,50 @@ go 1.17

 require (
 	cloud.google.com/go/firestore v1.6.1 // indirect
-	cloud.google.com/go/storage v1.19.0 // indirect
+	cloud.google.com/go/storage v1.22.0 // indirect
 	firebase.google.com/go v3.13.0+incompatible
-	github.com/BurntSushi/toml v1.0.0 // indirect
+	github.com/BurntSushi/toml v1.1.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
 	github.com/emersion/go-smtp v0.15.0
 	github.com/gabriel-vasile/mimetype v1.4.0
-	github.com/gorilla/websocket v1.4.2
-	github.com/mattn/go-sqlite3 v1.14.11
+	github.com/gorilla/websocket v1.5.0
+	github.com/mattn/go-sqlite3 v1.14.12
 	github.com/olebedev/when v0.0.0-20211212231525-59bd4edcf9d6
 	github.com/stretchr/testify v1.7.0
-	github.com/urfave/cli/v2 v2.3.0
-	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
-	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+	github.com/urfave/cli/v2 v2.4.7
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
+	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
-	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
-	google.golang.org/api v0.67.0
+	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171
+	golang.org/x/time v0.0.0-20220411224347-583f2d630306
+	google.golang.org/api v0.75.0
 	gopkg.in/yaml.v2 v2.4.0
 )

+require github.com/pkg/errors v0.9.1 // indirect
+
 require (
-	cloud.google.com/go v0.100.2 // indirect
-	cloud.google.com/go/compute v1.2.0 // indirect
-	cloud.google.com/go/iam v0.1.1 // indirect
-	github.com/AlekSi/pointer v1.0.0 // indirect
+	cloud.google.com/go v0.101.0 // indirect
+	cloud.google.com/go/compute v1.6.1 // indirect
+	cloud.google.com/go/iam v0.3.0 // indirect
+	github.com/AlekSi/pointer v1.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emersion/go-sasl v0.0.0-20211008083017-0b9dcfb154ac // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-cmp v0.5.7 // indirect
-	github.com/googleapis/gax-go/v2 v2.1.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.3.0 // indirect
+	github.com/googleapis/go-type-adapters v1.0.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect
-	golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 // indirect
+	golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 // indirect
+	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
 	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220203182621-f4ae394cde3f // indirect
-	google.golang.org/grpc v1.44.0 // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
+	google.golang.org/genproto v0.0.0-20220422154200-b37d22cd5731 // indirect
+	google.golang.org/grpc v1.46.0 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -26,9 +26,9 @@ cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+Y
 cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
 cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U=
-cloud.google.com/go v0.100.2 h1:t9Iw5QH5v4XtlEQaCtUY7x6sCABps8sW0acw7e2WQ6Y=
 cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
+cloud.google.com/go v0.101.0 h1:g+LL+JvpvdyGtcaD2xw2mSByE/6F9s471eJSoaysM84=
+cloud.google.com/go v0.101.0/go.mod h1:hEiddgDb77jDQ+I80tURYNJEnuwPzFU8awCFFRLKjW0=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -36,14 +36,17 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
-cloud.google.com/go/compute v1.2.0 h1:EKki8sSdvDU0OO9mAXGwPXOTOgPz2l08R0/IutDH11I=
-cloud.google.com/go/compute v1.2.0/go.mod h1:xlogom/6gr8RJGBe7nT2eGsQYAFUbbv8dbC29qE3Xmw=
+cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
+cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
+cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
+cloud.google.com/go/compute v1.6.1 h1:2sMmt8prCn7DPaG4Pmh0N3Inmc8cT8ae5k1M6VJ9Wqc=
+cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.6.1 h1:8rBq3zRjnHx8UtBvaOWqBB1xq9jH6/wltfQLlTMh2Fw=
 cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
-cloud.google.com/go/iam v0.1.1 h1:4CapQyNFjiksks1/x7jsvsygFPhihslYk5GptIrlX68=
-cloud.google.com/go/iam v0.1.1/go.mod h1:CKqrcnI/suGpybEHxZ7BMehL0oA4LpdyJdUlTl9jVMw=
+cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc=
+cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -53,16 +56,17 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.19.0 h1:XOQSnPJD8hRtZJ3VdCyK0mBZsGGImrzPAMbSWcHSe6Q=
-cloud.google.com/go/storage v1.19.0/go.mod h1:6rgiTRjOqI/Zd9YKimub5TIB4d+p3LH33V3ZE1DMuUM=
+cloud.google.com/go/storage v1.22.0 h1:NUV0NNp9nkBuW66BFRLuMgldN60C57ET3dhbwLIYio8=
+cloud.google.com/go/storage v1.22.0/go.mod h1:GbaLEoMqbVm6sx3Z0R++gSiBlgMv6yUi2q1DeGFKQgE=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 firebase.google.com/go v3.13.0+incompatible h1:3TdYC3DDi6aHn20qoRkxwGqNgdjtblwVAyRLQwGn/+4=
 firebase.google.com/go v3.13.0+incompatible/go.mod h1:xlah6XbEyW6tbfSklcfe5FHJIwjt8toICdV5Wh9ptHs=
-github.com/AlekSi/pointer v1.0.0 h1:KWCWzsvFxNLcmM5XmiqHsGTTsuwZMsLFwWF9Y+//bNE=
 github.com/AlekSi/pointer v1.0.0/go.mod h1:1kjywbfcPFCmncIxtk6fIEub6LKrfMz3gc5QKVOSOA8=
+github.com/AlekSi/pointer v1.2.0 h1:glcy/gc4h8HnG2Z3ZECSzZ1IX1x2JxRVuDzaJwQE0+w=
+github.com/AlekSi/pointer v1.2.0/go.mod h1:gZGfd3dpW4vEc/UlyfKKi1roIqcCgwOIvb0tSNSBle0=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU=
-github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
+github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -80,8 +84,8 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -100,6 +104,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/gabriel-vasile/mimetype v1.4.0 h1:Cn9dkdYsMIu56tGho+fqzh7XmvY2YyGU0FnbhiOsEro=
 github.com/gabriel-vasile/mimetype v1.4.0/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmxRtOJlERCzSmRvr8=
@@ -161,8 +166,9 @@ github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPg
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1 h1:d8MncMlErDFTwQGBK1xhv026j9kqhvw1Qv9IbWT1VLQ=
 github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
+github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -182,10 +188,14 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.1.1 h1:dp3bWCh+PPO1zjRRiCSczJav13sBvG4UhNyVTa1KqdU=
 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
+github.com/googleapis/gax-go/v2 v2.3.0 h1:nRJtk3y8Fm770D42QV6T90ZnvFZyk7agSo3Q+Z9p3WI=
+github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
+github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA=
+github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -199,8 +209,8 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/mattn/go-sqlite3 v1.14.11 h1:gt+cp9c0XGqe9S/wAHTL3n/7MqY+siPWgWJgqdsFrzQ=
-github.com/mattn/go-sqlite3 v1.14.11/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0=
+github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/olebedev/when v0.0.0-20211212231525-59bd4edcf9d6 h1:oDSPaYiL2dbjcArLrFS8ANtwgJMyOLzvQCZon+XmFsk=
 github.com/olebedev/when v0.0.0-20211212231525-59bd4edcf9d6/go.mod h1:DPucAeQGDPUzYUt+NaWw6qsF5SFapWWToxEiVDh2aV0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -211,10 +221,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -223,8 +231,8 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M=
-github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
+github.com/urfave/cli/v2 v2.4.7 h1:nUgKLTC/InVYwUx26HZUBGIBZaptiW97W8vVlhuYawo=
+github.com/urfave/cli/v2 v2.4.7/go.mod h1:oDzoM7pVwz6wHn5ogWgFUU1s4VJayeQS+aEZDqXIEJs=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -243,8 +251,9 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -316,8 +325,13 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
-golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 h1:yssD99+7tqHWO5Gwh81phT+67hg+KttniBr6UnEXOY8=
+golang.org/x/net v0.0.0-20220421235706-1d1ef9303861/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -334,8 +348,11 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 h1:OSnWWcOd/CtWQC2cYSBgbTSJv3ciqd8r54ySIW2y3RE=
+golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -398,12 +415,17 @@ golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 h1:XDXtA5hveEEV8JB2l7nhMTp3t3cHp9ZpwcdjqyEWLlo=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8=
+golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -417,8 +439,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w=
+golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -473,8 +495,9 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -507,11 +530,12 @@ google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdr
 google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
 google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
 google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
-google.golang.org/api v0.64.0/go.mod h1:931CdxA8Rm4t6zqTFGSsgwbAEZ2+GMYurbndwSimebM=
-google.golang.org/api v0.65.0/go.mod h1:ArYhxgGadlWmqO1IqVujw6Cs8IdD33bTmzKo2Sh+cbg=
-google.golang.org/api v0.66.0/go.mod h1:I1dmXYpX7HGwz/ejRxwQp2qj5bFAz93HiCU1C1oYd9M=
-google.golang.org/api v0.67.0 h1:lYaaLa+x3VVUhtosaK9xihwQ9H9KRa557REHwwZ2orM=
 google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
+google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
+google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
+google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
+google.golang.org/api v0.75.0 h1:0AYh/ae6l9TDUvIQrDw5QRpM100P6oHgD+o3dYHMzJg=
+google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -559,6 +583,7 @@ google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
@@ -582,15 +607,20 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220111164026-67b88f271998/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220114231437-d2e6a121cae0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220201184016-50beb8ab5c44/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220203182621-f4ae394cde3f h1:w9Sx4FBkwsN0jMZz8E42tMdmhZ5b2Z/vFx2LKAxxI9o=
-google.golang.org/genproto v0.0.0-20220203182621-f4ae394cde3f/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
+google.golang.org/genproto v0.0.0-20220405205423-9d709892a2bf/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220422154200-b37d22cd5731 h1:nquqdM9+ps0JZcIiI70+tqoaIFS5Ql4ZuK8UXnz3HfE=
+google.golang.org/genproto v0.0.0-20220422154200-b37d22cd5731/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -617,8 +647,10 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8=
+google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -632,8 +664,9 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
--- a/main.go
+++ b/main.go
@@ -19,10 +19,11 @@ func main() {
 Try 'ntfy COMMAND --help' or https://ntfy.sh/docs/ for more information.

 To report a bug, open an issue on GitHub: https://github.com/binwiederhier/ntfy/issues.
-If you want to chat, simply join the Discord server: https://discord.gg/cT7ECsZj9w.
+If you want to chat, simply join the Discord server (https://discord.gg/cT7ECsZj9w), or
+the Matrix room (https://matrix.to/#/#ntfy:matrix.org).

 ntfy %s (%s), runtime %s, built at %s
-Copyright (C) 2021 Philipp C. Heckel, licensed under Apache License 2.0 & GPLv2
+Copyright (C) 2022 Philipp C. Heckel, licensed under Apache License 2.0 & GPLv2
 `, version, commit[:7], runtime.Version(), date)

 	app := cmd.New()
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -82,8 +82,9 @@ nav:
 - "Other things":
  - "FAQs": faq.md
  - "Examples": examples.md
-  - "Emojis 🥳 🎉": emojis.md
+  - "Release notes": releases.md
  - "Deprecation notices": deprecations.md
+  - "Emojis 🥳 🎉": emojis.md
  - "Development": develop.md
  - "Privacy policy": privacy.md

--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,3 @@
 # The documentation uses 'mkdocs', which is written in Python
-
-# See https://github.com/squidfunk/mkdocs-material/issues/2030
-jinja2>=2.11.1
-
-# mkdocs
-mkdocs
 mkdocs-material
 mkdocs-minify-plugin
--- a/scripts/emoji-convert.sh
+++ b/scripts/emoji-convert.sh
@@ -10,7 +10,7 @@ if [ -z "$1" ]; then
    echo "Syntax: $0 FILE.(js|json|md)"
    echo "Example:"
    echo "  $0 emoji-converted.json"
-    echo "  $0 $ROOTDIR/server/static/js/emoji.js"
+    echo "  $0 $ROOTDIR/web/src/app/emojis.js"
    echo "  $0 $ROOTDIR/docs/emojis.md"
    exit 1
 fi
@@ -18,8 +18,8 @@ fi
 if [[ "$1" == *.js ]]; then
  echo -n "// This file is generated by scripts/emoji-convert.sh to reduce the size
 // Original data source: https://github.com/github/gemoji/blob/master/db/emoji.json
-const rawEmojis = " > "$1"
-    cat "$SCRIPTDIR/emoji.json" | jq -rc 'map({emoji: .emoji,aliases: .aliases})' >> "$1"
+export const rawEmojis = " > "$1"
+    cat "$SCRIPTDIR/emoji.json" | jq -rc 'map({emoji: .emoji, aliases: .aliases, tags: .tags, category: .category, description: .description, unicode_version: .unicode_version})' >> "$1"
 elif [[ "$1" == *.md ]]; then
  echo "# Emoji reference

--- a/server/cache.go
+++ b/server/cache.go
@@ -1,25 +0,0 @@
-package server
-
-import (
-	"errors"
-	_ "github.com/mattn/go-sqlite3" // SQLite driver
-	"time"
-)
-
-var (
-	errUnexpectedMessageType = errors.New("unexpected message type")
-)
-
-// cache implements a cache for messages of type "message" events,
-// i.e. message structs with the Event messageEvent.
-type cache interface {
-	AddMessage(m *message) error
-	Messages(topic string, since sinceTime, scheduled bool) ([]*message, error)
-	MessagesDue() ([]*message, error)
-	MessageCount(topic string) (int, error)
-	Topics() (map[string]*topic, error)
-	Prune(olderThan time.Time) error
-	MarkPublished(m *message) error
-	AttachmentsSize(owner string) (int64, error)
-	AttachmentsExpired() ([]string, error)
-}
--- a/server/cache_mem.go
+++ b/server/cache_mem.go
@@ -1,165 +0,0 @@
-package server
-
-import (
-	"sort"
-	"sync"
-	"time"
-)
-
-type memCache struct {
-	messages  map[string][]*message
-	scheduled map[string]*message // Message ID -> message
-	nop       bool
-	mu        sync.Mutex
-}
-
-var _ cache = (*memCache)(nil)
-
-// newMemCache creates an in-memory cache
-func newMemCache() *memCache {
-	return &memCache{
-		messages:  make(map[string][]*message),
-		scheduled: make(map[string]*message),
-		nop:       false,
-	}
-}
-
-// newNopCache creates an in-memory cache that discards all messages;
-// it is always empty and can be used if caching is entirely disabled
-func newNopCache() *memCache {
-	return &memCache{
-		messages:  make(map[string][]*message),
-		scheduled: make(map[string]*message),
-		nop:       true,
-	}
-}
-
-func (c *memCache) AddMessage(m *message) error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	if c.nop {
-		return nil
-	}
-	if m.Event != messageEvent {
-		return errUnexpectedMessageType
-	}
-	if _, ok := c.messages[m.Topic]; !ok {
-		c.messages[m.Topic] = make([]*message, 0)
-	}
-	delayed := m.Time > time.Now().Unix()
-	if delayed {
-		c.scheduled[m.ID] = m
-	}
-	c.messages[m.Topic] = append(c.messages[m.Topic], m)
-	return nil
-}
-
-func (c *memCache) Messages(topic string, since sinceTime, scheduled bool) ([]*message, error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	if _, ok := c.messages[topic]; !ok || since.IsNone() {
-		return make([]*message, 0), nil
-	}
-	messages := make([]*message, 0)
-	for _, m := range c.messages[topic] {
-		_, messageScheduled := c.scheduled[m.ID]
-		include := m.Time >= since.Time().Unix() && (!messageScheduled || scheduled)
-		if include {
-			messages = append(messages, m)
-		}
-	}
-	sort.Slice(messages, func(i, j int) bool {
-		return messages[i].Time < messages[j].Time
-	})
-	return messages, nil
-}
-
-func (c *memCache) MessagesDue() ([]*message, error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	messages := make([]*message, 0)
-	for _, m := range c.scheduled {
-		due := time.Now().Unix() >= m.Time
-		if due {
-			messages = append(messages, m)
-		}
-	}
-	sort.Slice(messages, func(i, j int) bool {
-		return messages[i].Time < messages[j].Time
-	})
-	return messages, nil
-}
-
-func (c *memCache) MarkPublished(m *message) error {
-	c.mu.Lock()
-	delete(c.scheduled, m.ID)
-	c.mu.Unlock()
-	return nil
-}
-
-func (c *memCache) MessageCount(topic string) (int, error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	if _, ok := c.messages[topic]; !ok {
-		return 0, nil
-	}
-	return len(c.messages[topic]), nil
-}
-
-func (c *memCache) Topics() (map[string]*topic, error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	topics := make(map[string]*topic)
-	for topic := range c.messages {
-		topics[topic] = newTopic(topic)
-	}
-	return topics, nil
-}
-
-func (c *memCache) Prune(olderThan time.Time) error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	for topic := range c.messages {
-		c.pruneTopic(topic, olderThan)
-	}
-	return nil
-}
-
-func (c *memCache) AttachmentsSize(owner string) (int64, error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	var size int64
-	for topic := range c.messages {
-		for _, m := range c.messages[topic] {
-			counted := m.Attachment != nil && m.Attachment.Owner == owner && m.Attachment.Expires > time.Now().Unix()
-			if counted {
-				size += m.Attachment.Size
-			}
-		}
-	}
-	return size, nil
-}
-
-func (c *memCache) AttachmentsExpired() ([]string, error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	ids := make([]string, 0)
-	for topic := range c.messages {
-		for _, m := range c.messages[topic] {
-			if m.Attachment != nil && m.Attachment.Expires > 0 && m.Attachment.Expires < time.Now().Unix() {
-				ids = append(ids, m.ID)
-			}
-		}
-	}
-	return ids, nil
-}
-
-func (c *memCache) pruneTopic(topic string, olderThan time.Time) {
-	messages := make([]*message, 0)
-	for _, m := range c.messages[topic] {
-		if m.Time >= olderThan.Unix() {
-			messages = append(messages, m)
-		}
-	}
-	c.messages[topic] = messages
-}
--- a/server/cache_mem_test.go
+++ b/server/cache_mem_test.go
@@ -1,43 +0,0 @@
-package server
-
-import (
-	"github.com/stretchr/testify/assert"
-	"testing"
-)
-
-func TestMemCache_Messages(t *testing.T) {
-	testCacheMessages(t, newMemCache())
-}
-
-func TestMemCache_MessagesScheduled(t *testing.T) {
-	testCacheMessagesScheduled(t, newMemCache())
-}
-
-func TestMemCache_Topics(t *testing.T) {
-	testCacheTopics(t, newMemCache())
-}
-
-func TestMemCache_MessagesTagsPrioAndTitle(t *testing.T) {
-	testCacheMessagesTagsPrioAndTitle(t, newMemCache())
-}
-
-func TestMemCache_Prune(t *testing.T) {
-	testCachePrune(t, newMemCache())
-}
-
-func TestMemCache_Attachments(t *testing.T) {
-	testCacheAttachments(t, newMemCache())
-}
-
-func TestMemCache_NopCache(t *testing.T) {
-	c := newNopCache()
-	assert.Nil(t, c.AddMessage(newDefaultMessage("mytopic", "my message")))
-
-	messages, err := c.Messages("mytopic", sinceAllMessages, false)
-	assert.Nil(t, err)
-	assert.Empty(t, messages)
-
-	topics, err := c.Topics()
-	assert.Nil(t, err)
-	assert.Empty(t, topics)
-}
--- a/server/cache_sqlite_test.go
+++ b/server/cache_sqlite_test.go
@@ -1,158 +0,0 @@
-package server
-
-import (
-	"database/sql"
-	"fmt"
-	"github.com/stretchr/testify/require"
-	"path/filepath"
-	"testing"
-	"time"
-)
-
-func TestSqliteCache_Messages(t *testing.T) {
-	testCacheMessages(t, newSqliteTestCache(t))
-}
-
-func TestSqliteCache_MessagesScheduled(t *testing.T) {
-	testCacheMessagesScheduled(t, newSqliteTestCache(t))
-}
-
-func TestSqliteCache_Topics(t *testing.T) {
-	testCacheTopics(t, newSqliteTestCache(t))
-}
-
-func TestSqliteCache_MessagesTagsPrioAndTitle(t *testing.T) {
-	testCacheMessagesTagsPrioAndTitle(t, newSqliteTestCache(t))
-}
-
-func TestSqliteCache_Prune(t *testing.T) {
-	testCachePrune(t, newSqliteTestCache(t))
-}
-
-func TestSqliteCache_Attachments(t *testing.T) {
-	testCacheAttachments(t, newSqliteTestCache(t))
-}
-
-func TestSqliteCache_Migration_From0(t *testing.T) {
-	filename := newSqliteTestCacheFile(t)
-	db, err := sql.Open("sqlite3", filename)
-	require.Nil(t, err)
-
-	// Create "version 0" schema
-	_, err = db.Exec(`
-		BEGIN;
-		CREATE TABLE IF NOT EXISTS messages (
-			id VARCHAR(20) PRIMARY KEY,
-			time INT NOT NULL,
-			topic VARCHAR(64) NOT NULL,
-			message VARCHAR(1024) NOT NULL
-		);
-		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
-		COMMIT;
-	`)
-	require.Nil(t, err)
-
-	// Insert a bunch of messages
-	for i := 0; i < 10; i++ {
-		_, err = db.Exec(`INSERT INTO messages (id, time, topic, message) VALUES (?, ?, ?, ?)`,
-			fmt.Sprintf("abcd%d", i), time.Now().Unix(), "mytopic", fmt.Sprintf("some message %d", i))
-		require.Nil(t, err)
-	}
-	require.Nil(t, db.Close())
-
-	// Create cache to trigger migration
-	c := newSqliteTestCacheFromFile(t, filename)
-	checkSchemaVersion(t, c.db)
-
-	messages, err := c.Messages("mytopic", sinceAllMessages, false)
-	require.Nil(t, err)
-	require.Equal(t, 10, len(messages))
-	require.Equal(t, "some message 5", messages[5].Message)
-	require.Equal(t, "", messages[5].Title)
-	require.Nil(t, messages[5].Tags)
-	require.Equal(t, 0, messages[5].Priority)
-}
-
-func TestSqliteCache_Migration_From1(t *testing.T) {
-	filename := newSqliteTestCacheFile(t)
-	db, err := sql.Open("sqlite3", filename)
-	require.Nil(t, err)
-
-	// Create "version 1" schema
-	_, err = db.Exec(`
-		CREATE TABLE IF NOT EXISTS messages (
-			id VARCHAR(20) PRIMARY KEY,
-			time INT NOT NULL,
-			topic VARCHAR(64) NOT NULL,
-			message VARCHAR(512) NOT NULL,
-			title VARCHAR(256) NOT NULL,
-			priority INT NOT NULL,
-			tags VARCHAR(256) NOT NULL
-		);
-		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
-		CREATE TABLE IF NOT EXISTS schemaVersion (
-			id INT PRIMARY KEY,
-			version INT NOT NULL
-		);		
-		INSERT INTO schemaVersion (id, version) VALUES (1, 1);
-	`)
-	require.Nil(t, err)
-
-	// Insert a bunch of messages
-	for i := 0; i < 10; i++ {
-		_, err = db.Exec(`INSERT INTO messages (id, time, topic, message, title, priority, tags) VALUES (?, ?, ?, ?, ?, ?, ?)`,
-			fmt.Sprintf("abcd%d", i), time.Now().Unix(), "mytopic", fmt.Sprintf("some message %d", i), "", 0, "")
-		require.Nil(t, err)
-	}
-	require.Nil(t, db.Close())
-
-	// Create cache to trigger migration
-	c := newSqliteTestCacheFromFile(t, filename)
-	checkSchemaVersion(t, c.db)
-
-	// Add delayed message
-	delayedMessage := newDefaultMessage("mytopic", "some delayed message")
-	delayedMessage.Time = time.Now().Add(time.Minute).Unix()
-	require.Nil(t, c.AddMessage(delayedMessage))
-
-	// 10, not 11!
-	messages, err := c.Messages("mytopic", sinceAllMessages, false)
-	require.Nil(t, err)
-	require.Equal(t, 10, len(messages))
-
-	// 11!
-	messages, err = c.Messages("mytopic", sinceAllMessages, true)
-	require.Nil(t, err)
-	require.Equal(t, 11, len(messages))
-}
-
-func checkSchemaVersion(t *testing.T, db *sql.DB) {
-	rows, err := db.Query(`SELECT version FROM schemaVersion`)
-	require.Nil(t, err)
-	require.True(t, rows.Next())
-
-	var schemaVersion int
-	require.Nil(t, rows.Scan(&schemaVersion))
-	require.Equal(t, currentSchemaVersion, schemaVersion)
-	require.Nil(t, rows.Close())
-}
-
-func newSqliteTestCache(t *testing.T) *sqliteCache {
-	c, err := newSqliteCache(newSqliteTestCacheFile(t))
-	if err != nil {
-		t.Fatal(err)
-	}
-	return c
-}
-
-func newSqliteTestCacheFile(t *testing.T) string {
-	return filepath.Join(t.TempDir(), "cache.db")
-}
-
-func newSqliteTestCacheFromFile(t *testing.T, filename string) *sqliteCache {
-	c, err := newSqliteCache(filename)
-	if err != nil {
-		t.Fatal(err)
-	}
-	return c
-}
--- a/server/cache_test.go
+++ b/server/cache_test.go
@@ -1,222 +0,0 @@
-package server
-
-import (
-	"github.com/stretchr/testify/require"
-	"testing"
-	"time"
-)
-
-func testCacheMessages(t *testing.T, c cache) {
-	m1 := newDefaultMessage("mytopic", "my message")
-	m1.Time = 1
-
-	m2 := newDefaultMessage("mytopic", "my other message")
-	m2.Time = 2
-
-	require.Nil(t, c.AddMessage(m1))
-	require.Nil(t, c.AddMessage(newDefaultMessage("example", "my example message")))
-	require.Nil(t, c.AddMessage(m2))
-
-	// Adding invalid
-	require.Equal(t, errUnexpectedMessageType, c.AddMessage(newKeepaliveMessage("mytopic"))) // These should not be added!
-	require.Equal(t, errUnexpectedMessageType, c.AddMessage(newOpenMessage("example")))      // These should not be added!
-
-	// mytopic: count
-	count, err := c.MessageCount("mytopic")
-	require.Nil(t, err)
-	require.Equal(t, 2, count)
-
-	// mytopic: since all
-	messages, _ := c.Messages("mytopic", sinceAllMessages, false)
-	require.Equal(t, 2, len(messages))
-	require.Equal(t, "my message", messages[0].Message)
-	require.Equal(t, "mytopic", messages[0].Topic)
-	require.Equal(t, messageEvent, messages[0].Event)
-	require.Equal(t, "", messages[0].Title)
-	require.Equal(t, 0, messages[0].Priority)
-	require.Nil(t, messages[0].Tags)
-	require.Equal(t, "my other message", messages[1].Message)
-
-	// mytopic: since none
-	messages, _ = c.Messages("mytopic", sinceNoMessages, false)
-	require.Empty(t, messages)
-
-	// mytopic: since 2
-	messages, _ = c.Messages("mytopic", sinceTime(time.Unix(2, 0)), false)
-	require.Equal(t, 1, len(messages))
-	require.Equal(t, "my other message", messages[0].Message)
-
-	// example: count
-	count, err = c.MessageCount("example")
-	require.Nil(t, err)
-	require.Equal(t, 1, count)
-
-	// example: since all
-	messages, _ = c.Messages("example", sinceAllMessages, false)
-	require.Equal(t, "my example message", messages[0].Message)
-
-	// non-existing: count
-	count, err = c.MessageCount("doesnotexist")
-	require.Nil(t, err)
-	require.Equal(t, 0, count)
-
-	// non-existing: since all
-	messages, _ = c.Messages("doesnotexist", sinceAllMessages, false)
-	require.Empty(t, messages)
-}
-
-func testCacheTopics(t *testing.T, c cache) {
-	require.Nil(t, c.AddMessage(newDefaultMessage("topic1", "my example message")))
-	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 1")))
-	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 2")))
-	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 3")))
-
-	topics, err := c.Topics()
-	if err != nil {
-		t.Fatal(err)
-	}
-	require.Equal(t, 2, len(topics))
-	require.Equal(t, "topic1", topics["topic1"].ID)
-	require.Equal(t, "topic2", topics["topic2"].ID)
-}
-
-func testCachePrune(t *testing.T, c cache) {
-	m1 := newDefaultMessage("mytopic", "my message")
-	m1.Time = 1
-
-	m2 := newDefaultMessage("mytopic", "my other message")
-	m2.Time = 2
-
-	m3 := newDefaultMessage("another_topic", "and another one")
-	m3.Time = 1
-
-	require.Nil(t, c.AddMessage(m1))
-	require.Nil(t, c.AddMessage(m2))
-	require.Nil(t, c.AddMessage(m3))
-	require.Nil(t, c.Prune(time.Unix(2, 0)))
-
-	count, err := c.MessageCount("mytopic")
-	require.Nil(t, err)
-	require.Equal(t, 1, count)
-
-	count, err = c.MessageCount("another_topic")
-	require.Nil(t, err)
-	require.Equal(t, 0, count)
-
-	messages, err := c.Messages("mytopic", sinceAllMessages, false)
-	require.Nil(t, err)
-	require.Equal(t, 1, len(messages))
-	require.Equal(t, "my other message", messages[0].Message)
-}
-
-func testCacheMessagesTagsPrioAndTitle(t *testing.T, c cache) {
-	m := newDefaultMessage("mytopic", "some message")
-	m.Tags = []string{"tag1", "tag2"}
-	m.Priority = 5
-	m.Title = "some title"
-	require.Nil(t, c.AddMessage(m))
-
-	messages, _ := c.Messages("mytopic", sinceAllMessages, false)
-	require.Equal(t, []string{"tag1", "tag2"}, messages[0].Tags)
-	require.Equal(t, 5, messages[0].Priority)
-	require.Equal(t, "some title", messages[0].Title)
-}
-
-func testCacheMessagesScheduled(t *testing.T, c cache) {
-	m1 := newDefaultMessage("mytopic", "message 1")
-	m2 := newDefaultMessage("mytopic", "message 2")
-	m2.Time = time.Now().Add(time.Hour).Unix()
-	m3 := newDefaultMessage("mytopic", "message 3")
-	m3.Time = time.Now().Add(time.Minute).Unix() // earlier than m2!
-	m4 := newDefaultMessage("mytopic2", "message 4")
-	m4.Time = time.Now().Add(time.Minute).Unix()
-	require.Nil(t, c.AddMessage(m1))
-	require.Nil(t, c.AddMessage(m2))
-	require.Nil(t, c.AddMessage(m3))
-
-	messages, _ := c.Messages("mytopic", sinceAllMessages, false) // exclude scheduled
-	require.Equal(t, 1, len(messages))
-	require.Equal(t, "message 1", messages[0].Message)
-
-	messages, _ = c.Messages("mytopic", sinceAllMessages, true) // include scheduled
-	require.Equal(t, 3, len(messages))
-	require.Equal(t, "message 1", messages[0].Message)
-	require.Equal(t, "message 3", messages[1].Message) // Order!
-	require.Equal(t, "message 2", messages[2].Message)
-
-	messages, _ = c.MessagesDue()
-	require.Empty(t, messages)
-}
-
-func testCacheAttachments(t *testing.T, c cache) {
-	expires1 := time.Now().Add(-4 * time.Hour).Unix()
-	m := newDefaultMessage("mytopic", "flower for you")
-	m.ID = "m1"
-	m.Attachment = &attachment{
-		Name:    "flower.jpg",
-		Type:    "image/jpeg",
-		Size:    5000,
-		Expires: expires1,
-		URL:     "https://ntfy.sh/file/AbDeFgJhal.jpg",
-		Owner:   "1.2.3.4",
-	}
-	require.Nil(t, c.AddMessage(m))
-
-	expires2 := time.Now().Add(2 * time.Hour).Unix() // Future
-	m = newDefaultMessage("mytopic", "sending you a car")
-	m.ID = "m2"
-	m.Attachment = &attachment{
-		Name:    "car.jpg",
-		Type:    "image/jpeg",
-		Size:    10000,
-		Expires: expires2,
-		URL:     "https://ntfy.sh/file/aCaRURL.jpg",
-		Owner:   "1.2.3.4",
-	}
-	require.Nil(t, c.AddMessage(m))
-
-	expires3 := time.Now().Add(1 * time.Hour).Unix() // Future
-	m = newDefaultMessage("another-topic", "sending you another car")
-	m.ID = "m3"
-	m.Attachment = &attachment{
-		Name:    "another-car.jpg",
-		Type:    "image/jpeg",
-		Size:    20000,
-		Expires: expires3,
-		URL:     "https://ntfy.sh/file/zakaDHFW.jpg",
-		Owner:   "1.2.3.4",
-	}
-	require.Nil(t, c.AddMessage(m))
-
-	messages, err := c.Messages("mytopic", sinceAllMessages, false)
-	require.Nil(t, err)
-	require.Equal(t, 2, len(messages))
-
-	require.Equal(t, "flower for you", messages[0].Message)
-	require.Equal(t, "flower.jpg", messages[0].Attachment.Name)
-	require.Equal(t, "image/jpeg", messages[0].Attachment.Type)
-	require.Equal(t, int64(5000), messages[0].Attachment.Size)
-	require.Equal(t, expires1, messages[0].Attachment.Expires)
-	require.Equal(t, "https://ntfy.sh/file/AbDeFgJhal.jpg", messages[0].Attachment.URL)
-	require.Equal(t, "1.2.3.4", messages[0].Attachment.Owner)
-
-	require.Equal(t, "sending you a car", messages[1].Message)
-	require.Equal(t, "car.jpg", messages[1].Attachment.Name)
-	require.Equal(t, "image/jpeg", messages[1].Attachment.Type)
-	require.Equal(t, int64(10000), messages[1].Attachment.Size)
-	require.Equal(t, expires2, messages[1].Attachment.Expires)
-	require.Equal(t, "https://ntfy.sh/file/aCaRURL.jpg", messages[1].Attachment.URL)
-	require.Equal(t, "1.2.3.4", messages[1].Attachment.Owner)
-
-	size, err := c.AttachmentsSize("1.2.3.4")
-	require.Nil(t, err)
-	require.Equal(t, int64(30000), size)
-
-	size, err = c.AttachmentsSize("5.6.7.8")
-	require.Nil(t, err)
-	require.Equal(t, int64(0), size)
-
-	ids, err := c.AttachmentsExpired()
-	require.Nil(t, err)
-	require.Equal(t, []string{"m1"}, ids)
-}
--- a/server/config.go
+++ b/server/config.go
@@ -64,6 +64,7 @@ type Config struct {
 	AttachmentExpiryDuration             time.Duration
 	KeepaliveInterval                    time.Duration
 	ManagerInterval                      time.Duration
+	WebRootIsApp                         bool
 	AtSenderInterval                     time.Duration
 	FirebaseKeepaliveInterval            time.Duration
 	SMTPSenderAddr                       string
--- a/server/errors.go
+++ b/server/errors.go
@@ -2,6 +2,7 @@ package server

 import (
 	"encoding/json"
+	"fmt"
 	"net/http"
 )

@@ -22,6 +23,15 @@ func (e errHTTP) JSON() string {
 	return string(b)
 }

+func wrapErrHTTP(err *errHTTP, message string, args ...interface{}) *errHTTP {
+	return &errHTTP{
+		Code:     err.Code,
+		HTTPCode: err.HTTPCode,
+		Message:  fmt.Sprintf("%s, %s", err.Message, fmt.Sprintf(message, args...)),
+		Link:     err.Link,
+	}
+}
+
 var (
 	errHTTPBadRequestEmailDisabled                   = &errHTTP{40001, http.StatusBadRequest, "e-mail notifications are not enabled", "https://ntfy.sh/docs/config/#e-mail-notifications"}
 	errHTTPBadRequestDelayNoCache                    = &errHTTP{40002, http.StatusBadRequest, "cannot disable cache for delayed message", ""}
@@ -34,14 +44,16 @@ var (
 	errHTTPBadRequestTopicInvalid                    = &errHTTP{40009, http.StatusBadRequest, "invalid topic: path invalid", ""}
 	errHTTPBadRequestTopicDisallowed                 = &errHTTP{40010, http.StatusBadRequest, "invalid topic: topic name is disallowed", ""}
 	errHTTPBadRequestMessageNotUTF8                  = &errHTTP{40011, http.StatusBadRequest, "invalid message: message must be UTF-8 encoded", ""}
-	errHTTPBadRequestAttachmentTooLarge              = &errHTTP{40012, http.StatusBadRequest, "invalid request: attachment too large, or bandwidth limit reached", ""}
-	errHTTPBadRequestAttachmentURLInvalid            = &errHTTP{40013, http.StatusBadRequest, "invalid request: attachment URL is invalid", ""}
-	errHTTPBadRequestAttachmentsDisallowed           = &errHTTP{40014, http.StatusBadRequest, "invalid request: attachments not allowed", ""}
-	errHTTPBadRequestAttachmentsExpiryBeforeDelivery = &errHTTP{40015, http.StatusBadRequest, "invalid request: attachment expiry before delayed delivery date", ""}
-	errHTTPBadRequestWebSocketsUpgradeHeaderMissing  = &errHTTP{40016, http.StatusBadRequest, "invalid request: client not using the websocket protocol", ""}
+	errHTTPBadRequestAttachmentURLInvalid            = &errHTTP{40013, http.StatusBadRequest, "invalid request: attachment URL is invalid", "https://ntfy.sh/docs/publish/#attachments"}
+	errHTTPBadRequestAttachmentsDisallowed           = &errHTTP{40014, http.StatusBadRequest, "invalid request: attachments not allowed", "https://ntfy.sh/docs/config/#attachments"}
+	errHTTPBadRequestAttachmentsExpiryBeforeDelivery = &errHTTP{40015, http.StatusBadRequest, "invalid request: attachment expiry before delayed delivery date", "https://ntfy.sh/docs/publish/#scheduled-delivery"}
+	errHTTPBadRequestWebSocketsUpgradeHeaderMissing  = &errHTTP{40016, http.StatusBadRequest, "invalid request: client not using the websocket protocol", "https://ntfy.sh/docs/subscribe/api/#websockets"}
+	errHTTPBadRequestJSONInvalid                     = &errHTTP{40017, http.StatusBadRequest, "invalid request: request body must be message JSON", "https://ntfy.sh/docs/publish/#publish-as-json"}
+	errHTTPBadRequestActionsInvalid                  = &errHTTP{40018, http.StatusBadRequest, "invalid request: actions invalid", "https://ntfy.sh/docs/publish/#action-buttons"}
 	errHTTPNotFound                                  = &errHTTP{40401, http.StatusNotFound, "page not found", ""}
 	errHTTPUnauthorized                              = &errHTTP{40101, http.StatusUnauthorized, "unauthorized", "https://ntfy.sh/docs/publish/#authentication"}
 	errHTTPForbidden                                 = &errHTTP{40301, http.StatusForbidden, "forbidden", "https://ntfy.sh/docs/publish/#authentication"}
+	errHTTPEntityTooLargeAttachmentTooLarge          = &errHTTP{41301, http.StatusRequestEntityTooLarge, "attachment too large, or bandwidth limit reached", "https://ntfy.sh/docs/publish/#limitations"}
 	errHTTPTooManyRequestsLimitRequests              = &errHTTP{42901, http.StatusTooManyRequests, "limit reached: too many requests, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
 	errHTTPTooManyRequestsLimitEmails                = &errHTTP{42902, http.StatusTooManyRequests, "limit reached: too many emails, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
 	errHTTPTooManyRequestsLimitSubscriptions         = &errHTTP{42903, http.StatusTooManyRequests, "limit reached: too many active subscriptions, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
--- a/server/message_cache.go
+++ b/server/message_cache.go
@@ -2,20 +2,27 @@ package server

 import (
 	"database/sql"
+	"encoding/json"
 	"errors"
 	"fmt"
 	_ "github.com/mattn/go-sqlite3" // SQLite driver
+	"heckel.io/ntfy/util"
 	"log"
 	"strings"
 	"time"
 )

+var (
+	errUnexpectedMessageType = errors.New("unexpected message type")
+)
+
 // Messages cache
 const (
 	createMessagesTableQuery = `
 		BEGIN;
 		CREATE TABLE IF NOT EXISTS messages (
-			id TEXT PRIMARY KEY,
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			mid TEXT NOT NULL,
 			time INT NOT NULL,
 			topic TEXT NOT NULL,
 			message TEXT NOT NULL,
@@ -23,6 +30,7 @@ const (
 			priority INT NOT NULL,
 			tags TEXT NOT NULL,
 			click TEXT NOT NULL,
+			actions TEXT NOT NULL,
 			attachment_name TEXT NOT NULL,
 			attachment_type TEXT NOT NULL,
 			attachment_size INT NOT NULL,
@@ -32,42 +40,57 @@ const (
 			encoding TEXT NOT NULL,
 			published INT NOT NULL
 		);
+		CREATE INDEX IF NOT EXISTS idx_mid ON messages (mid);
 		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
 		COMMIT;
 	`
 	insertMessageQuery = `
-		INSERT INTO messages (id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding, published) 
-		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+		INSERT INTO messages (mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding, published) 
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
 	`
 	pruneMessagesQuery           = `DELETE FROM messages WHERE time < ? AND published = 1`
+	selectRowIDFromMessageID     = `SELECT id FROM messages WHERE topic = ? AND mid = ?`
 	selectMessagesSinceTimeQuery = `
-		SELECT id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
+		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
 		FROM messages 
 		WHERE topic = ? AND time >= ? AND published = 1
-		ORDER BY time ASC
+		ORDER BY time, id
 	`
 	selectMessagesSinceTimeIncludeScheduledQuery = `
-		SELECT id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
+		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
 		FROM messages 
 		WHERE topic = ? AND time >= ?
-		ORDER BY time ASC
+		ORDER BY time, id
+	`
+	selectMessagesSinceIDQuery = `
+		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
+		FROM messages 
+		WHERE topic = ? AND id > ? AND published = 1 
+		ORDER BY time, id
+	`
+	selectMessagesSinceIDIncludeScheduledQuery = `
+		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
+		FROM messages 
+		WHERE topic = ? AND (id > ? OR published = 0)
+		ORDER BY time, id
 	`
 	selectMessagesDueQuery = `
-		SELECT id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
+		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_owner, encoding
 		FROM messages 
 		WHERE time <= ? AND published = 0
+		ORDER BY time, id
 	`
-	updateMessagePublishedQuery     = `UPDATE messages SET published = 1 WHERE id = ?`
+	updateMessagePublishedQuery     = `UPDATE messages SET published = 1 WHERE mid = ?`
 	selectMessagesCountQuery        = `SELECT COUNT(*) FROM messages`
 	selectMessageCountForTopicQuery = `SELECT COUNT(*) FROM messages WHERE topic = ?`
 	selectTopicsQuery               = `SELECT topic FROM messages GROUP BY topic`
 	selectAttachmentsSizeQuery      = `SELECT IFNULL(SUM(attachment_size), 0) FROM messages WHERE attachment_owner = ? AND attachment_expires >= ?`
-	selectAttachmentsExpiredQuery   = `SELECT id FROM messages WHERE attachment_expires > 0 AND attachment_expires < ?`
+	selectAttachmentsExpiredQuery   = `SELECT mid FROM messages WHERE attachment_expires > 0 AND attachment_expires < ?`
 )

 // Schema management queries
 const (
-	currentSchemaVersion          = 4
+	currentSchemaVersion          = 6
 	createSchemaVersionTableQuery = `
 		CREATE TABLE IF NOT EXISTS schemaVersion (
 			id INT PRIMARY KEY,
@@ -108,15 +131,57 @@ const (
 	migrate3To4AlterMessagesTableQuery = `
 		ALTER TABLE messages ADD COLUMN encoding TEXT NOT NULL DEFAULT('');
 	`
+
+	// 4 -> 5
+	migrate4To5AlterMessagesTableQuery = `
+		BEGIN;
+		CREATE TABLE IF NOT EXISTS messages_new (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			mid TEXT NOT NULL,
+			time INT NOT NULL,
+			topic TEXT NOT NULL,
+			message TEXT NOT NULL,
+			title TEXT NOT NULL,
+			priority INT NOT NULL,
+			tags TEXT NOT NULL,
+			click TEXT NOT NULL,
+			attachment_name TEXT NOT NULL,
+			attachment_type TEXT NOT NULL,
+			attachment_size INT NOT NULL,
+			attachment_expires INT NOT NULL,
+			attachment_url TEXT NOT NULL,
+			attachment_owner TEXT NOT NULL,
+			encoding TEXT NOT NULL,
+			published INT NOT NULL
+		);
+		CREATE INDEX IF NOT EXISTS idx_mid ON messages_new (mid);
+		CREATE INDEX IF NOT EXISTS idx_topic ON messages_new (topic);
+		INSERT 
+			INTO messages_new (
+				mid, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, 
+				attachment_size, attachment_expires, attachment_url, attachment_owner, encoding, published)
+			SELECT
+				id, time, topic, message, title, priority, tags, click, attachment_name, attachment_type, 
+				attachment_size, attachment_expires, attachment_url, attachment_owner, encoding, published
+			FROM messages;
+		DROP TABLE messages;
+		ALTER TABLE messages_new RENAME TO messages;
+		COMMIT;
+	`
+
+	// 5 -> 6
+	migrate5To6AlterMessagesTableQuery = `
+		ALTER TABLE messages ADD COLUMN actions TEXT NOT NULL DEFAULT('');
+	`
 )

-type sqliteCache struct {
-	db *sql.DB
+type messageCache struct {
+	db  *sql.DB
+	nop bool
 }

-var _ cache = (*sqliteCache)(nil)
-
-func newSqliteCache(filename string) (*sqliteCache, error) {
+// newSqliteCache creates a SQLite file-backed cache
+func newSqliteCache(filename string, nop bool) (*messageCache, error) {
 	db, err := sql.Open("sqlite3", filename)
 	if err != nil {
 		return nil, err
@@ -124,15 +189,40 @@ func newSqliteCache(filename string) (*sqliteCache, error) {
 	if err := setupCacheDB(db); err != nil {
 		return nil, err
 	}
-	return &sqliteCache{
-		db: db,
+	return &messageCache{
+		db:  db,
+		nop: nop,
 	}, nil
 }

-func (c *sqliteCache) AddMessage(m *message) error {
+// newMemCache creates an in-memory cache
+func newMemCache() (*messageCache, error) {
+	return newSqliteCache(createMemoryFilename(), false)
+}
+
+// newNopCache creates an in-memory cache that discards all messages;
+// it is always empty and can be used if caching is entirely disabled
+func newNopCache() (*messageCache, error) {
+	return newSqliteCache(createMemoryFilename(), true)
+}
+
+// createMemoryFilename creates a unique memory filename to use for the SQLite backend.
+// From mattn/go-sqlite3: "Each connection to ":memory:" opens a brand new in-memory
+// sql database, so if the stdlib's sql engine happens to open another connection and
+// you've only specified ":memory:", that connection will see a brand new database.
+// A workaround is to use "file::memory:?cache=shared" (or "file:foobar?mode=memory&cache=shared").
+// Every connection to this string will point to the same in-memory database."
+func createMemoryFilename() string {
+	return fmt.Sprintf("file:%s?mode=memory&cache=shared", util.RandomString(10))
+}
+
+func (c *messageCache) AddMessage(m *message) error {
 	if m.Event != messageEvent {
 		return errUnexpectedMessageType
 	}
+	if c.nop {
+		return nil
+	}
 	published := m.Time <= time.Now().Unix()
 	tags := strings.Join(m.Tags, ",")
 	var attachmentName, attachmentType, attachmentURL, attachmentOwner string
@@ -145,6 +235,14 @@ func (c *sqliteCache) AddMessage(m *message) error {
 		attachmentURL = m.Attachment.URL
 		attachmentOwner = m.Attachment.Owner
 	}
+	var actionsStr string
+	if len(m.Actions) > 0 {
+		actionsBytes, err := json.Marshal(m.Actions)
+		if err != nil {
+			return err
+		}
+		actionsStr = string(actionsBytes)
+	}
 	_, err := c.db.Exec(
 		insertMessageQuery,
 		m.ID,
@@ -155,6 +253,7 @@ func (c *sqliteCache) AddMessage(m *message) error {
 		m.Priority,
 		tags,
 		m.Click,
+		actionsStr,
 		attachmentName,
 		attachmentType,
 		attachmentSize,
@@ -167,10 +266,16 @@ func (c *sqliteCache) AddMessage(m *message) error {
 	return err
 }

-func (c *sqliteCache) Messages(topic string, since sinceTime, scheduled bool) ([]*message, error) {
+func (c *messageCache) Messages(topic string, since sinceMarker, scheduled bool) ([]*message, error) {
 	if since.IsNone() {
 		return make([]*message, 0), nil
+	} else if since.IsID() {
+		return c.messagesSinceID(topic, since, scheduled)
 	}
+	return c.messagesSinceTime(topic, since, scheduled)
+}
+
+func (c *messageCache) messagesSinceTime(topic string, since sinceMarker, scheduled bool) ([]*message, error) {
 	var rows *sql.Rows
 	var err error
 	if scheduled {
@@ -184,7 +289,33 @@ func (c *sqliteCache) Messages(topic string, since sinceTime, scheduled bool) ([
 	return readMessages(rows)
 }

-func (c *sqliteCache) MessagesDue() ([]*message, error) {
+func (c *messageCache) messagesSinceID(topic string, since sinceMarker, scheduled bool) ([]*message, error) {
+	idrows, err := c.db.Query(selectRowIDFromMessageID, topic, since.ID())
+	if err != nil {
+		return nil, err
+	}
+	defer idrows.Close()
+	if !idrows.Next() {
+		return c.messagesSinceTime(topic, sinceAllMessages, scheduled)
+	}
+	var rowID int64
+	if err := idrows.Scan(&rowID); err != nil {
+		return nil, err
+	}
+	idrows.Close()
+	var rows *sql.Rows
+	if scheduled {
+		rows, err = c.db.Query(selectMessagesSinceIDIncludeScheduledQuery, topic, rowID)
+	} else {
+		rows, err = c.db.Query(selectMessagesSinceIDQuery, topic, rowID)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return readMessages(rows)
+}
+
+func (c *messageCache) MessagesDue() ([]*message, error) {
 	rows, err := c.db.Query(selectMessagesDueQuery, time.Now().Unix())
 	if err != nil {
 		return nil, err
@@ -192,12 +323,12 @@ func (c *sqliteCache) MessagesDue() ([]*message, error) {
 	return readMessages(rows)
 }

-func (c *sqliteCache) MarkPublished(m *message) error {
+func (c *messageCache) MarkPublished(m *message) error {
 	_, err := c.db.Exec(updateMessagePublishedQuery, m.ID)
 	return err
 }

-func (c *sqliteCache) MessageCount(topic string) (int, error) {
+func (c *messageCache) MessageCount(topic string) (int, error) {
 	rows, err := c.db.Query(selectMessageCountForTopicQuery, topic)
 	if err != nil {
 		return 0, err
@@ -215,7 +346,7 @@ func (c *sqliteCache) MessageCount(topic string) (int, error) {
 	return count, nil
 }

-func (c *sqliteCache) Topics() (map[string]*topic, error) {
+func (c *messageCache) Topics() (map[string]*topic, error) {
 	rows, err := c.db.Query(selectTopicsQuery)
 	if err != nil {
 		return nil, err
@@ -235,12 +366,12 @@ func (c *sqliteCache) Topics() (map[string]*topic, error) {
 	return topics, nil
 }

-func (c *sqliteCache) Prune(olderThan time.Time) error {
+func (c *messageCache) Prune(olderThan time.Time) error {
 	_, err := c.db.Exec(pruneMessagesQuery, olderThan.Unix())
 	return err
 }

-func (c *sqliteCache) AttachmentsSize(owner string) (int64, error) {
+func (c *messageCache) AttachmentBytesUsed(owner string) (int64, error) {
 	rows, err := c.db.Query(selectAttachmentsSizeQuery, owner, time.Now().Unix())
 	if err != nil {
 		return 0, err
@@ -258,7 +389,7 @@ func (c *sqliteCache) AttachmentsSize(owner string) (int64, error) {
 	return size, nil
 }

-func (c *sqliteCache) AttachmentsExpired() ([]string, error) {
+func (c *messageCache) AttachmentsExpired() ([]string, error) {
 	rows, err := c.db.Query(selectAttachmentsExpiredQuery, time.Now().Unix())
 	if err != nil {
 		return nil, err
@@ -284,7 +415,7 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 	for rows.Next() {
 		var timestamp, attachmentSize, attachmentExpires int64
 		var priority int
-		var id, topic, msg, title, tagsStr, click, attachmentName, attachmentType, attachmentURL, attachmentOwner, encoding string
+		var id, topic, msg, title, tagsStr, click, actionsStr, attachmentName, attachmentType, attachmentURL, attachmentOwner, encoding string
 		err := rows.Scan(
 			&id,
 			&timestamp,
@@ -294,6 +425,7 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 			&priority,
 			&tagsStr,
 			&click,
+			&actionsStr,
 			&attachmentName,
 			&attachmentType,
 			&attachmentSize,
@@ -309,6 +441,12 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 		if tagsStr != "" {
 			tags = strings.Split(tagsStr, ",")
 		}
+		var actions []*action
+		if actionsStr != "" {
+			if err := json.Unmarshal([]byte(actionsStr), &actions); err != nil {
+				return nil, err
+			}
+		}
 		var att *attachment
 		if attachmentName != "" && attachmentURL != "" {
 			att = &attachment{
@@ -330,6 +468,7 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 			Priority:   priority,
 			Tags:       tags,
 			Click:      click,
+			Actions:    actions,
 			Attachment: att,
 			Encoding:   encoding,
 		})
@@ -373,6 +512,10 @@ func setupCacheDB(db *sql.DB) error {
 		return migrateFrom2(db)
 	} else if schemaVersion == 3 {
 		return migrateFrom3(db)
+	} else if schemaVersion == 4 {
+		return migrateFrom4(db)
+	} else if schemaVersion == 5 {
+		return migrateFrom5(db)
 	}
 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
 }
@@ -434,5 +577,27 @@ func migrateFrom3(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 4); err != nil {
 		return err
 	}
+	return migrateFrom4(db)
+}
+
+func migrateFrom4(db *sql.DB) error {
+	log.Print("Migrating cache database schema: from 4 to 5")
+	if _, err := db.Exec(migrate4To5AlterMessagesTableQuery); err != nil {
+		return err
+	}
+	if _, err := db.Exec(updateSchemaVersion, 5); err != nil {
+		return err
+	}
+	return migrateFrom5(db)
+}
+
+func migrateFrom5(db *sql.DB) error {
+	log.Print("Migrating cache database schema: from 5 to 6")
+	if _, err := db.Exec(migrate5To6AlterMessagesTableQuery); err != nil {
+		return err
+	}
+	if _, err := db.Exec(updateSchemaVersion, 6); err != nil {
+		return err
+	}
 	return nil // Update this when a new version is added
 }
--- a/server/message_cache_test.go
+++ b/server/message_cache_test.go
@@ -0,0 +1,496 @@
+package server
+
+import (
+	"database/sql"
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"path/filepath"
+	"testing"
+	"time"
+)
+
+func TestSqliteCache_Messages(t *testing.T) {
+	testCacheMessages(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_Messages(t *testing.T) {
+	testCacheMessages(t, newMemTestCache(t))
+}
+
+func testCacheMessages(t *testing.T, c *messageCache) {
+	m1 := newDefaultMessage("mytopic", "my message")
+	m1.Time = 1
+
+	m2 := newDefaultMessage("mytopic", "my other message")
+	m2.Time = 2
+
+	require.Nil(t, c.AddMessage(m1))
+	require.Nil(t, c.AddMessage(newDefaultMessage("example", "my example message")))
+	require.Nil(t, c.AddMessage(m2))
+
+	// Adding invalid
+	require.Equal(t, errUnexpectedMessageType, c.AddMessage(newKeepaliveMessage("mytopic"))) // These should not be added!
+	require.Equal(t, errUnexpectedMessageType, c.AddMessage(newOpenMessage("example")))      // These should not be added!
+
+	// mytopic: count
+	count, err := c.MessageCount("mytopic")
+	require.Nil(t, err)
+	require.Equal(t, 2, count)
+
+	// mytopic: since all
+	messages, _ := c.Messages("mytopic", sinceAllMessages, false)
+	require.Equal(t, 2, len(messages))
+	require.Equal(t, "my message", messages[0].Message)
+	require.Equal(t, "mytopic", messages[0].Topic)
+	require.Equal(t, messageEvent, messages[0].Event)
+	require.Equal(t, "", messages[0].Title)
+	require.Equal(t, 0, messages[0].Priority)
+	require.Nil(t, messages[0].Tags)
+	require.Equal(t, "my other message", messages[1].Message)
+
+	// mytopic: since none
+	messages, _ = c.Messages("mytopic", sinceNoMessages, false)
+	require.Empty(t, messages)
+
+	// mytopic: since m1 (by ID)
+	messages, _ = c.Messages("mytopic", newSinceID(m1.ID), false)
+	require.Equal(t, 1, len(messages))
+	require.Equal(t, m2.ID, messages[0].ID)
+	require.Equal(t, "my other message", messages[0].Message)
+	require.Equal(t, "mytopic", messages[0].Topic)
+
+	// mytopic: since 2
+	messages, _ = c.Messages("mytopic", newSinceTime(2), false)
+	require.Equal(t, 1, len(messages))
+	require.Equal(t, "my other message", messages[0].Message)
+
+	// example: count
+	count, err = c.MessageCount("example")
+	require.Nil(t, err)
+	require.Equal(t, 1, count)
+
+	// example: since all
+	messages, _ = c.Messages("example", sinceAllMessages, false)
+	require.Equal(t, "my example message", messages[0].Message)
+
+	// non-existing: count
+	count, err = c.MessageCount("doesnotexist")
+	require.Nil(t, err)
+	require.Equal(t, 0, count)
+
+	// non-existing: since all
+	messages, _ = c.Messages("doesnotexist", sinceAllMessages, false)
+	require.Empty(t, messages)
+}
+
+func TestSqliteCache_MessagesScheduled(t *testing.T) {
+	testCacheMessagesScheduled(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_MessagesScheduled(t *testing.T) {
+	testCacheMessagesScheduled(t, newMemTestCache(t))
+}
+
+func testCacheMessagesScheduled(t *testing.T, c *messageCache) {
+	m1 := newDefaultMessage("mytopic", "message 1")
+	m2 := newDefaultMessage("mytopic", "message 2")
+	m2.Time = time.Now().Add(time.Hour).Unix()
+	m3 := newDefaultMessage("mytopic", "message 3")
+	m3.Time = time.Now().Add(time.Minute).Unix() // earlier than m2!
+	m4 := newDefaultMessage("mytopic2", "message 4")
+	m4.Time = time.Now().Add(time.Minute).Unix()
+	require.Nil(t, c.AddMessage(m1))
+	require.Nil(t, c.AddMessage(m2))
+	require.Nil(t, c.AddMessage(m3))
+
+	messages, _ := c.Messages("mytopic", sinceAllMessages, false) // exclude scheduled
+	require.Equal(t, 1, len(messages))
+	require.Equal(t, "message 1", messages[0].Message)
+
+	messages, _ = c.Messages("mytopic", sinceAllMessages, true) // include scheduled
+	require.Equal(t, 3, len(messages))
+	require.Equal(t, "message 1", messages[0].Message)
+	require.Equal(t, "message 3", messages[1].Message) // Order!
+	require.Equal(t, "message 2", messages[2].Message)
+
+	messages, _ = c.MessagesDue()
+	require.Empty(t, messages)
+}
+
+func TestSqliteCache_Topics(t *testing.T) {
+	testCacheTopics(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_Topics(t *testing.T) {
+	testCacheTopics(t, newMemTestCache(t))
+}
+
+func testCacheTopics(t *testing.T, c *messageCache) {
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic1", "my example message")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 1")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 2")))
+	require.Nil(t, c.AddMessage(newDefaultMessage("topic2", "message 3")))
+
+	topics, err := c.Topics()
+	if err != nil {
+		t.Fatal(err)
+	}
+	require.Equal(t, 2, len(topics))
+	require.Equal(t, "topic1", topics["topic1"].ID)
+	require.Equal(t, "topic2", topics["topic2"].ID)
+}
+
+func TestSqliteCache_MessagesTagsPrioAndTitle(t *testing.T) {
+	testCacheMessagesTagsPrioAndTitle(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_MessagesTagsPrioAndTitle(t *testing.T) {
+	testCacheMessagesTagsPrioAndTitle(t, newMemTestCache(t))
+}
+
+func testCacheMessagesTagsPrioAndTitle(t *testing.T, c *messageCache) {
+	m := newDefaultMessage("mytopic", "some message")
+	m.Tags = []string{"tag1", "tag2"}
+	m.Priority = 5
+	m.Title = "some title"
+	require.Nil(t, c.AddMessage(m))
+
+	messages, _ := c.Messages("mytopic", sinceAllMessages, false)
+	require.Equal(t, []string{"tag1", "tag2"}, messages[0].Tags)
+	require.Equal(t, 5, messages[0].Priority)
+	require.Equal(t, "some title", messages[0].Title)
+}
+
+func TestSqliteCache_MessagesSinceID(t *testing.T) {
+	testCacheMessagesSinceID(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_MessagesSinceID(t *testing.T) {
+	testCacheMessagesSinceID(t, newMemTestCache(t))
+}
+
+func testCacheMessagesSinceID(t *testing.T, c *messageCache) {
+	m1 := newDefaultMessage("mytopic", "message 1")
+	m1.Time = 100
+	m2 := newDefaultMessage("mytopic", "message 2")
+	m2.Time = 200
+	m3 := newDefaultMessage("mytopic", "message 3")
+	m3.Time = time.Now().Add(time.Hour).Unix() // Scheduled, in the future, later than m7 and m5
+	m4 := newDefaultMessage("mytopic", "message 4")
+	m4.Time = 400
+	m5 := newDefaultMessage("mytopic", "message 5")
+	m5.Time = time.Now().Add(time.Minute).Unix() // Scheduled, in the future, later than m7
+	m6 := newDefaultMessage("mytopic", "message 6")
+	m6.Time = 600
+	m7 := newDefaultMessage("mytopic", "message 7")
+	m7.Time = 700
+
+	require.Nil(t, c.AddMessage(m1))
+	require.Nil(t, c.AddMessage(m2))
+	require.Nil(t, c.AddMessage(m3))
+	require.Nil(t, c.AddMessage(m4))
+	require.Nil(t, c.AddMessage(m5))
+	require.Nil(t, c.AddMessage(m6))
+	require.Nil(t, c.AddMessage(m7))
+
+	// Case 1: Since ID exists, exclude scheduled
+	messages, _ := c.Messages("mytopic", newSinceID(m2.ID), false)
+	require.Equal(t, 3, len(messages))
+	require.Equal(t, "message 4", messages[0].Message)
+	require.Equal(t, "message 6", messages[1].Message) // Not scheduled m3/m5!
+	require.Equal(t, "message 7", messages[2].Message)
+
+	// Case 2: Since ID exists, include scheduled
+	messages, _ = c.Messages("mytopic", newSinceID(m2.ID), true)
+	require.Equal(t, 5, len(messages))
+	require.Equal(t, "message 4", messages[0].Message)
+	require.Equal(t, "message 6", messages[1].Message)
+	require.Equal(t, "message 7", messages[2].Message)
+	require.Equal(t, "message 5", messages[3].Message) // Order!
+	require.Equal(t, "message 3", messages[4].Message) // Order!
+
+	// Case 3: Since ID does not exist (-> Return all messages), include scheduled
+	messages, _ = c.Messages("mytopic", newSinceID("doesntexist"), true)
+	require.Equal(t, 7, len(messages))
+	require.Equal(t, "message 1", messages[0].Message)
+	require.Equal(t, "message 2", messages[1].Message)
+	require.Equal(t, "message 4", messages[2].Message)
+	require.Equal(t, "message 6", messages[3].Message)
+	require.Equal(t, "message 7", messages[4].Message)
+	require.Equal(t, "message 5", messages[5].Message) // Order!
+	require.Equal(t, "message 3", messages[6].Message) // Order!
+
+	// Case 4: Since ID exists and is last message (-> Return no messages), exclude scheduled
+	messages, _ = c.Messages("mytopic", newSinceID(m7.ID), false)
+	require.Equal(t, 0, len(messages))
+
+	// Case 5: Since ID exists and is last message (-> Return no messages), include scheduled
+	messages, _ = c.Messages("mytopic", newSinceID(m7.ID), true)
+	require.Equal(t, 2, len(messages))
+	require.Equal(t, "message 5", messages[0].Message)
+	require.Equal(t, "message 3", messages[1].Message)
+}
+
+func TestSqliteCache_Prune(t *testing.T) {
+	testCachePrune(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_Prune(t *testing.T) {
+	testCachePrune(t, newMemTestCache(t))
+}
+
+func testCachePrune(t *testing.T, c *messageCache) {
+	m1 := newDefaultMessage("mytopic", "my message")
+	m1.Time = 1
+
+	m2 := newDefaultMessage("mytopic", "my other message")
+	m2.Time = 2
+
+	m3 := newDefaultMessage("another_topic", "and another one")
+	m3.Time = 1
+
+	require.Nil(t, c.AddMessage(m1))
+	require.Nil(t, c.AddMessage(m2))
+	require.Nil(t, c.AddMessage(m3))
+	require.Nil(t, c.Prune(time.Unix(2, 0)))
+
+	count, err := c.MessageCount("mytopic")
+	require.Nil(t, err)
+	require.Equal(t, 1, count)
+
+	count, err = c.MessageCount("another_topic")
+	require.Nil(t, err)
+	require.Equal(t, 0, count)
+
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 1, len(messages))
+	require.Equal(t, "my other message", messages[0].Message)
+}
+
+func TestSqliteCache_Attachments(t *testing.T) {
+	testCacheAttachments(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_Attachments(t *testing.T) {
+	testCacheAttachments(t, newMemTestCache(t))
+}
+
+func testCacheAttachments(t *testing.T, c *messageCache) {
+	expires1 := time.Now().Add(-4 * time.Hour).Unix()
+	m := newDefaultMessage("mytopic", "flower for you")
+	m.ID = "m1"
+	m.Attachment = &attachment{
+		Name:    "flower.jpg",
+		Type:    "image/jpeg",
+		Size:    5000,
+		Expires: expires1,
+		URL:     "https://ntfy.sh/file/AbDeFgJhal.jpg",
+		Owner:   "1.2.3.4",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	expires2 := time.Now().Add(2 * time.Hour).Unix() // Future
+	m = newDefaultMessage("mytopic", "sending you a car")
+	m.ID = "m2"
+	m.Attachment = &attachment{
+		Name:    "car.jpg",
+		Type:    "image/jpeg",
+		Size:    10000,
+		Expires: expires2,
+		URL:     "https://ntfy.sh/file/aCaRURL.jpg",
+		Owner:   "1.2.3.4",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	expires3 := time.Now().Add(1 * time.Hour).Unix() // Future
+	m = newDefaultMessage("another-topic", "sending you another car")
+	m.ID = "m3"
+	m.Attachment = &attachment{
+		Name:    "another-car.jpg",
+		Type:    "image/jpeg",
+		Size:    20000,
+		Expires: expires3,
+		URL:     "https://ntfy.sh/file/zakaDHFW.jpg",
+		Owner:   "1.2.3.4",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 2, len(messages))
+
+	require.Equal(t, "flower for you", messages[0].Message)
+	require.Equal(t, "flower.jpg", messages[0].Attachment.Name)
+	require.Equal(t, "image/jpeg", messages[0].Attachment.Type)
+	require.Equal(t, int64(5000), messages[0].Attachment.Size)
+	require.Equal(t, expires1, messages[0].Attachment.Expires)
+	require.Equal(t, "https://ntfy.sh/file/AbDeFgJhal.jpg", messages[0].Attachment.URL)
+	require.Equal(t, "1.2.3.4", messages[0].Attachment.Owner)
+
+	require.Equal(t, "sending you a car", messages[1].Message)
+	require.Equal(t, "car.jpg", messages[1].Attachment.Name)
+	require.Equal(t, "image/jpeg", messages[1].Attachment.Type)
+	require.Equal(t, int64(10000), messages[1].Attachment.Size)
+	require.Equal(t, expires2, messages[1].Attachment.Expires)
+	require.Equal(t, "https://ntfy.sh/file/aCaRURL.jpg", messages[1].Attachment.URL)
+	require.Equal(t, "1.2.3.4", messages[1].Attachment.Owner)
+
+	size, err := c.AttachmentBytesUsed("1.2.3.4")
+	require.Nil(t, err)
+	require.Equal(t, int64(30000), size)
+
+	size, err = c.AttachmentBytesUsed("5.6.7.8")
+	require.Nil(t, err)
+	require.Equal(t, int64(0), size)
+
+	ids, err := c.AttachmentsExpired()
+	require.Nil(t, err)
+	require.Equal(t, []string{"m1"}, ids)
+}
+
+func TestSqliteCache_Migration_From0(t *testing.T) {
+	filename := newSqliteTestCacheFile(t)
+	db, err := sql.Open("sqlite3", filename)
+	require.Nil(t, err)
+
+	// Create "version 0" schema
+	_, err = db.Exec(`
+		BEGIN;
+		CREATE TABLE IF NOT EXISTS messages (
+			id VARCHAR(20) PRIMARY KEY,
+			time INT NOT NULL,
+			topic VARCHAR(64) NOT NULL,
+			message VARCHAR(1024) NOT NULL
+		);
+		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
+		COMMIT;
+	`)
+	require.Nil(t, err)
+
+	// Insert a bunch of messages
+	for i := 0; i < 10; i++ {
+		_, err = db.Exec(`INSERT INTO messages (id, time, topic, message) VALUES (?, ?, ?, ?)`,
+			fmt.Sprintf("abcd%d", i), time.Now().Unix(), "mytopic", fmt.Sprintf("some message %d", i))
+		require.Nil(t, err)
+	}
+	require.Nil(t, db.Close())
+
+	// Create cache to trigger migration
+	c := newSqliteTestCacheFromFile(t, filename)
+	checkSchemaVersion(t, c.db)
+
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 10, len(messages))
+	require.Equal(t, "some message 5", messages[5].Message)
+	require.Equal(t, "", messages[5].Title)
+	require.Nil(t, messages[5].Tags)
+	require.Equal(t, 0, messages[5].Priority)
+}
+
+func TestSqliteCache_Migration_From1(t *testing.T) {
+	filename := newSqliteTestCacheFile(t)
+	db, err := sql.Open("sqlite3", filename)
+	require.Nil(t, err)
+
+	// Create "version 1" schema
+	_, err = db.Exec(`
+		CREATE TABLE IF NOT EXISTS messages (
+			id VARCHAR(20) PRIMARY KEY,
+			time INT NOT NULL,
+			topic VARCHAR(64) NOT NULL,
+			message VARCHAR(512) NOT NULL,
+			title VARCHAR(256) NOT NULL,
+			priority INT NOT NULL,
+			tags VARCHAR(256) NOT NULL
+		);
+		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
+		CREATE TABLE IF NOT EXISTS schemaVersion (
+			id INT PRIMARY KEY,
+			version INT NOT NULL
+		);		
+		INSERT INTO schemaVersion (id, version) VALUES (1, 1);
+	`)
+	require.Nil(t, err)
+
+	// Insert a bunch of messages
+	for i := 0; i < 10; i++ {
+		_, err = db.Exec(`INSERT INTO messages (id, time, topic, message, title, priority, tags) VALUES (?, ?, ?, ?, ?, ?, ?)`,
+			fmt.Sprintf("abcd%d", i), time.Now().Unix(), "mytopic", fmt.Sprintf("some message %d", i), "", 0, "")
+		require.Nil(t, err)
+	}
+	require.Nil(t, db.Close())
+
+	// Create cache to trigger migration
+	c := newSqliteTestCacheFromFile(t, filename)
+	checkSchemaVersion(t, c.db)
+
+	// Add delayed message
+	delayedMessage := newDefaultMessage("mytopic", "some delayed message")
+	delayedMessage.Time = time.Now().Add(time.Minute).Unix()
+	require.Nil(t, c.AddMessage(delayedMessage))
+
+	// 10, not 11!
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 10, len(messages))
+
+	// 11!
+	messages, err = c.Messages("mytopic", sinceAllMessages, true)
+	require.Nil(t, err)
+	require.Equal(t, 11, len(messages))
+}
+
+func checkSchemaVersion(t *testing.T, db *sql.DB) {
+	rows, err := db.Query(`SELECT version FROM schemaVersion`)
+	require.Nil(t, err)
+	require.True(t, rows.Next())
+
+	var schemaVersion int
+	require.Nil(t, rows.Scan(&schemaVersion))
+	require.Equal(t, currentSchemaVersion, schemaVersion)
+	require.Nil(t, rows.Close())
+}
+
+func TestMemCache_NopCache(t *testing.T) {
+	c, _ := newNopCache()
+	assert.Nil(t, c.AddMessage(newDefaultMessage("mytopic", "my message")))
+
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	assert.Nil(t, err)
+	assert.Empty(t, messages)
+
+	topics, err := c.Topics()
+	assert.Nil(t, err)
+	assert.Empty(t, topics)
+}
+
+func newSqliteTestCache(t *testing.T) *messageCache {
+	c, err := newSqliteCache(newSqliteTestCacheFile(t), false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return c
+}
+
+func newSqliteTestCacheFile(t *testing.T) string {
+	return filepath.Join(t.TempDir(), "cache.db")
+}
+
+func newSqliteTestCacheFromFile(t *testing.T, filename string) *messageCache {
+	c, err := newSqliteCache(filename, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return c
+}
+
+func newMemTestCache(t *testing.T) *messageCache {
+	c, err := newMemCache()
+	if err != nil {
+		t.Fatal(err)
+	}
+	return c
+}
--- a/server/server.go
+++ b/server/server.go
@@ -13,7 +13,6 @@ import (
 	"golang.org/x/sync/errgroup"
 	"heckel.io/ntfy/auth"
 	"heckel.io/ntfy/util"
-	"html/template"
 	"io"
 	"log"
 	"net"
@@ -45,51 +44,44 @@ type Server struct {
 	mailer       mailer
 	messages     int64
 	auth         auth.Auther
-	cache        cache
+	messageCache *messageCache
 	fileCache    *fileCache
 	closeChan    chan bool
 	mu           sync.Mutex
 }

-type indexPage struct {
-	Topic         string
-	CacheDuration time.Duration
-}
-
 // handleFunc extends the normal http.HandlerFunc to be able to easily return errors
 type handleFunc func(http.ResponseWriter, *http.Request, *visitor) error

 var (
 	// If changed, don't forget to update Android App and auth_sqlite.go
-	topicRegex       = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)  // No /!
-	topicPathRegex   = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}$`) // Regex must match JS & Android app!
-	jsonPathRegex    = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/json$`)
-	ssePathRegex     = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/sse$`)
-	rawPathRegex     = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/raw$`)
-	wsPathRegex      = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/ws$`)
-	authPathRegex    = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/auth$`)
-	publishPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/(publish|send|trigger)$`)
+	topicRegex             = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)               // No /!
+	topicPathRegex         = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}$`)              // Regex must match JS & Android app!
+	externalTopicPathRegex = regexp.MustCompile(`^/[^/]+\.[^/]+/[-_A-Za-z0-9]{1,64}$`) // Extended topic path, for web-app, e.g. /example.com/mytopic
+	jsonPathRegex          = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/json$`)
+	ssePathRegex           = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/sse$`)
+	rawPathRegex           = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/raw$`)
+	wsPathRegex            = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/ws$`)
+	authPathRegex          = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/auth$`)
+	publishPathRegex       = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}/(publish|send|trigger)$`)

+	webConfigPath    = "/config.js"
+	userStatsPath    = "/user/stats"
 	staticRegex      = regexp.MustCompile(`^/static/.+`)
 	docsRegex        = regexp.MustCompile(`^/docs(|/.*)$`)
 	fileRegex        = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
-	disallowedTopics = []string{"docs", "static", "file"} // If updated, also update in Android app
+	disallowedTopics = []string{"docs", "static", "file", "app", "settings"} // If updated, also update in Android app
 	attachURLRegex   = regexp.MustCompile(`^https?://`)

-	templateFnMap = template.FuncMap{
-		"durationToHuman": util.DurationToHuman,
-	}
-
-	//go:embed "index.gohtml"
-	indexSource   string
-	indexTemplate = template.Must(template.New("index").Funcs(templateFnMap).Parse(indexSource))
-
 	//go:embed "example.html"
 	exampleSource string

-	//go:embed static
-	webStaticFs       embed.FS
-	webStaticFsCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: webStaticFs}
+	//go:embed site
+	webFs        embed.FS
+	webFsCached  = &util.CachingEmbedFS{ModTime: time.Now(), FS: webFs}
+	webSiteDir   = "/site"
+	webHomeIndex = "/home.html" // Landing page, only if "web-root: home"
+	webAppIndex  = "/app.html"  // React app

 	//go:embed docs
 	docsStaticFs     embed.FS
@@ -118,11 +110,11 @@ func New(conf *Config) (*Server, error) {
 	if conf.SMTPSenderAddr != "" {
 		mailer = &smtpSender{config: conf}
 	}
-	cache, err := createCache(conf)
+	messageCache, err := createMessageCache(conf)
 	if err != nil {
 		return nil, err
 	}
-	topics, err := cache.Topics()
+	topics, err := messageCache.Topics()
 	if err != nil {
 		return nil, err
 	}
@@ -149,24 +141,24 @@ func New(conf *Config) (*Server, error) {
 		}
 	}
 	return &Server{
-		config:    conf,
-		cache:     cache,
-		fileCache: fileCache,
-		firebase:  firebaseSubscriber,
-		mailer:    mailer,
-		topics:    topics,
-		auth:      auther,
-		visitors:  make(map[string]*visitor),
+		config:       conf,
+		messageCache: messageCache,
+		fileCache:    fileCache,
+		firebase:     firebaseSubscriber,
+		mailer:       mailer,
+		topics:       topics,
+		auth:         auther,
+		visitors:     make(map[string]*visitor),
 	}, nil
 }

-func createCache(conf *Config) (cache, error) {
+func createMessageCache(conf *Config) (*messageCache, error) {
 	if conf.CacheDuration == 0 {
-		return newNopCache(), nil
+		return newNopCache()
 	} else if conf.CacheFile != "" {
-		return newSqliteCache(conf.CacheFile)
+		return newSqliteCache(conf.CacheFile, false)
 	}
-	return newMemCache(), nil
+	return newMemCache()
 }

 // Run executes the main server. It listens on HTTP (+ HTTPS, if configured), and starts
@@ -276,6 +268,10 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 		return s.handleExample(w, r)
 	} else if r.Method == http.MethodHead && r.URL.Path == "/" {
 		return s.handleEmpty(w, r, v)
+	} else if r.Method == http.MethodGet && r.URL.Path == webConfigPath {
+		return s.handleWebConfig(w, r)
+	} else if r.Method == http.MethodGet && r.URL.Path == userStatsPath {
+		return s.handleUserStats(w, r, v)
 	} else if r.Method == http.MethodGet && staticRegex.MatchString(r.URL.Path) {
 		return s.handleStatic(w, r)
 	} else if r.Method == http.MethodGet && docsRegex.MatchString(r.URL.Path) {
@@ -284,8 +280,8 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 		return s.limitRequests(s.handleFile)(w, r, v)
 	} else if r.Method == http.MethodOptions {
 		return s.handleOptions(w, r)
-	} else if r.Method == http.MethodGet && topicPathRegex.MatchString(r.URL.Path) {
-		return s.handleTopic(w, r)
+	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && r.URL.Path == "/" {
+		return s.limitRequests(s.transformBodyJSON(s.authWrite(s.handlePublish)))(w, r, v)
 	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && topicPathRegex.MatchString(r.URL.Path) {
 		return s.limitRequests(s.authWrite(s.handlePublish))(w, r, v)
 	} else if r.Method == http.MethodGet && publishPathRegex.MatchString(r.URL.Path) {
@@ -300,15 +296,19 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 		return s.limitRequests(s.authRead(s.handleSubscribeWS))(w, r, v)
 	} else if r.Method == http.MethodGet && authPathRegex.MatchString(r.URL.Path) {
 		return s.limitRequests(s.authRead(s.handleTopicAuth))(w, r, v)
+	} else if r.Method == http.MethodGet && (topicPathRegex.MatchString(r.URL.Path) || externalTopicPathRegex.MatchString(r.URL.Path)) {
+		return s.handleTopic(w, r)
 	}
 	return errHTTPNotFound
 }

 func (s *Server) handleHome(w http.ResponseWriter, r *http.Request) error {
-	return indexTemplate.Execute(w, &indexPage{
-		Topic:         r.URL.Path[1:],
-		CacheDuration: s.config.CacheDuration,
-	})
+	if s.config.WebRootIsApp {
+		r.URL.Path = webAppIndex
+	} else {
+		r.URL.Path = webHomeIndex
+	}
+	return s.handleStatic(w, r)
 }

 func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request) error {
@@ -319,7 +319,8 @@ func (s *Server) handleTopic(w http.ResponseWriter, r *http.Request) error {
 		_, err := io.WriteString(w, `{"unifiedpush":{"version":1}}`+"\n")
 		return err
 	}
-	return s.handleHome(w, r)
+	r.URL.Path = webAppIndex
+	return s.handleStatic(w, r)
 }

 func (s *Server) handleEmpty(_ http.ResponseWriter, _ *http.Request, _ *visitor) error {
@@ -338,13 +339,42 @@ func (s *Server) handleExample(w http.ResponseWriter, _ *http.Request) error {
 	return err
 }

+func (s *Server) handleWebConfig(w http.ResponseWriter, r *http.Request) error {
+	appRoot := "/"
+	if !s.config.WebRootIsApp {
+		appRoot = "/app"
+	}
+	disallowedTopicsStr := `"` + strings.Join(disallowedTopics, `", "`) + `"`
+	w.Header().Set("Content-Type", "text/javascript")
+	_, err := io.WriteString(w, fmt.Sprintf(`// Generated server configuration
+var config = {
+  appRoot: "%s",
+  disallowedTopics: [%s]
+};`, appRoot, disallowedTopicsStr))
+	return err
+}
+
+func (s *Server) handleUserStats(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	stats, err := v.Stats()
+	if err != nil {
+		return err
+	}
+	w.Header().Set("Content-Type", "text/json")
+	w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
+	if err := json.NewEncoder(w).Encode(stats); err != nil {
+		return err
+	}
+	return nil
+}
+
 func (s *Server) handleStatic(w http.ResponseWriter, r *http.Request) error {
-	http.FileServer(http.FS(webStaticFsCached)).ServeHTTP(w, r)
+	r.URL.Path = webSiteDir + r.URL.Path
+	util.Gzip(http.FileServer(http.FS(webFsCached))).ServeHTTP(w, r)
 	return nil
 }

 func (s *Server) handleDocs(w http.ResponseWriter, r *http.Request) error {
-	http.FileServer(http.FS(docsStaticCached)).ServeHTTP(w, r)
+	util.Gzip(http.FileServer(http.FS(docsStaticCached))).ServeHTTP(w, r)
 	return nil
 }

@@ -366,6 +396,7 @@ func (s *Server) handleFile(w http.ResponseWriter, r *http.Request, v *visitor)
 		return errHTTPTooManyRequestsAttachmentBandwidthLimit
 	}
 	w.Header().Set("Content-Length", fmt.Sprintf("%d", stat.Size()))
+	w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
 	f, err := os.Open(file)
 	if err != nil {
 		return err
@@ -380,7 +411,7 @@ func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, v *visito
 	if err != nil {
 		return err
 	}
-	body, err := util.Peak(r.Body, s.config.MessageLimit)
+	body, err := util.Peek(r.Body, s.config.MessageLimit)
 	if err != nil {
 		return err
 	}
@@ -416,7 +447,7 @@ func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, v *visito
 		}()
 	}
 	if cache {
-		if err := s.cache.AddMessage(m); err != nil {
+		if err := s.messageCache.AddMessage(m); err != nil {
 			return err
 		}
 	}
@@ -504,6 +535,13 @@ func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (ca
 		}
 		m.Time = delay.Unix()
 	}
+	actionsStr := readParam(r, "x-actions", "actions", "action")
+	if actionsStr != "" {
+		m.Actions, err = parseActions(actionsStr)
+		if err != nil {
+			return false, false, "", false, err // wrapped errHTTPBadRequestActionsInvalid
+		}
+	}
 	unifiedpush = readBoolParam(r, false, "x-unifiedpush", "unifiedpush", "up") // see GET too!
 	if unifiedpush {
 		firebase = false
@@ -524,35 +562,35 @@ func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (ca
 //    If file.txt is <= 4096 (message limit) and valid UTF-8, treat it as a message
 // 5. curl -T file.txt ntfy.sh/mytopic
 //    If file.txt is > message limit, treat it as an attachment
-func (s *Server) handlePublishBody(r *http.Request, v *visitor, m *message, body *util.PeakedReadCloser, unifiedpush bool) error {
+func (s *Server) handlePublishBody(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser, unifiedpush bool) error {
 	if unifiedpush {
 		return s.handleBodyAsMessageAutoDetect(m, body) // Case 1
 	} else if m.Attachment != nil && m.Attachment.URL != "" {
 		return s.handleBodyAsTextMessage(m, body) // Case 2
 	} else if m.Attachment != nil && m.Attachment.Name != "" {
 		return s.handleBodyAsAttachment(r, v, m, body) // Case 3
-	} else if !body.LimitReached && utf8.Valid(body.PeakedBytes) {
+	} else if !body.LimitReached && utf8.Valid(body.PeekedBytes) {
 		return s.handleBodyAsTextMessage(m, body) // Case 4
 	}
 	return s.handleBodyAsAttachment(r, v, m, body) // Case 5
 }

-func (s *Server) handleBodyAsMessageAutoDetect(m *message, body *util.PeakedReadCloser) error {
-	if utf8.Valid(body.PeakedBytes) {
-		m.Message = string(body.PeakedBytes) // Do not trim
+func (s *Server) handleBodyAsMessageAutoDetect(m *message, body *util.PeekedReadCloser) error {
+	if utf8.Valid(body.PeekedBytes) {
+		m.Message = string(body.PeekedBytes) // Do not trim
 	} else {
-		m.Message = base64.StdEncoding.EncodeToString(body.PeakedBytes)
+		m.Message = base64.StdEncoding.EncodeToString(body.PeekedBytes)
 		m.Encoding = encodingBase64
 	}
 	return nil
 }

-func (s *Server) handleBodyAsTextMessage(m *message, body *util.PeakedReadCloser) error {
-	if !utf8.Valid(body.PeakedBytes) {
+func (s *Server) handleBodyAsTextMessage(m *message, body *util.PeekedReadCloser) error {
+	if !utf8.Valid(body.PeekedBytes) {
 		return errHTTPBadRequestMessageNotUTF8
 	}
-	if len(body.PeakedBytes) > 0 { // Empty body should not override message (publish via GET!)
-		m.Message = strings.TrimSpace(string(body.PeakedBytes)) // Truncates the message to the peak limit if required
+	if len(body.PeekedBytes) > 0 { // Empty body should not override message (publish via GET!)
+		m.Message = strings.TrimSpace(string(body.PeekedBytes)) // Truncates the message to the peek limit if required
 	}
 	if m.Attachment != nil && m.Attachment.Name != "" && m.Message == "" {
 		m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
@@ -560,22 +598,21 @@ func (s *Server) handleBodyAsTextMessage(m *message, body *util.PeakedReadCloser
 	return nil
 }

-func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message, body *util.PeakedReadCloser) error {
+func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser) error {
 	if s.fileCache == nil || s.config.BaseURL == "" || s.config.AttachmentCacheDir == "" {
 		return errHTTPBadRequestAttachmentsDisallowed
 	} else if m.Time > time.Now().Add(s.config.AttachmentExpiryDuration).Unix() {
 		return errHTTPBadRequestAttachmentsExpiryBeforeDelivery
 	}
-	visitorAttachmentsSize, err := s.cache.AttachmentsSize(v.ip)
+	visitorStats, err := v.Stats()
 	if err != nil {
 		return err
 	}
-	remainingVisitorAttachmentSize := s.config.VisitorAttachmentTotalSizeLimit - visitorAttachmentsSize
 	contentLengthStr := r.Header.Get("Content-Length")
 	if contentLengthStr != "" { // Early "do-not-trust" check, hard limit see below
 		contentLength, err := strconv.ParseInt(contentLengthStr, 10, 64)
-		if err == nil && (contentLength > remainingVisitorAttachmentSize || contentLength > s.config.AttachmentFileSizeLimit) {
-			return errHTTPBadRequestAttachmentTooLarge
+		if err == nil && (contentLength > visitorStats.VisitorAttachmentBytesRemaining || contentLength > s.config.AttachmentFileSizeLimit) {
+			return errHTTPEntityTooLargeAttachmentTooLarge
 		}
 	}
 	if m.Attachment == nil {
@@ -584,7 +621,7 @@ func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message,
 	var ext string
 	m.Attachment.Owner = v.ip // Important for attachment rate limiting
 	m.Attachment.Expires = time.Now().Add(s.config.AttachmentExpiryDuration).Unix()
-	m.Attachment.Type, ext = util.DetectContentType(body.PeakedBytes, m.Attachment.Name)
+	m.Attachment.Type, ext = util.DetectContentType(body.PeekedBytes, m.Attachment.Name)
 	m.Attachment.URL = fmt.Sprintf("%s/file/%s%s", s.config.BaseURL, m.ID, ext)
 	if m.Attachment.Name == "" {
 		m.Attachment.Name = fmt.Sprintf("attachment%s", ext)
@@ -592,9 +629,9 @@ func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message,
 	if m.Message == "" {
 		m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
 	}
-	m.Attachment.Size, err = s.fileCache.Write(m.ID, body, v.BandwidthLimiter(), util.NewFixedLimiter(remainingVisitorAttachmentSize))
+	m.Attachment.Size, err = s.fileCache.Write(m.ID, body, v.BandwidthLimiter(), util.NewFixedLimiter(visitorStats.VisitorAttachmentBytesRemaining))
 	if err == util.ErrLimitReached {
-		return errHTTPBadRequestAttachmentTooLarge
+		return errHTTPEntityTooLargeAttachmentTooLarge
 	} else if err != nil {
 		return err
 	}
@@ -805,7 +842,7 @@ func (s *Server) handleSubscribeWS(w http.ResponseWriter, r *http.Request, v *vi
 	return err
 }

-func parseSubscribeParams(r *http.Request) (poll bool, since sinceTime, scheduled bool, filters *queryFilter, err error) {
+func parseSubscribeParams(r *http.Request) (poll bool, since sinceMarker, scheduled bool, filters *queryFilter, err error) {
 	poll = readBoolParam(r, false, "x-poll", "poll", "po")
 	scheduled = readBoolParam(r, false, "x-scheduled", "scheduled", "sched")
 	since, err = parseSince(r, poll)
@@ -819,12 +856,12 @@ func parseSubscribeParams(r *http.Request) (poll bool, since sinceTime, schedule
 	return
 }

-func (s *Server) sendOldMessages(topics []*topic, since sinceTime, scheduled bool, sub subscriber) error {
+func (s *Server) sendOldMessages(topics []*topic, since sinceMarker, scheduled bool, sub subscriber) error {
 	if since.IsNone() {
 		return nil
 	}
 	for _, t := range topics {
-		messages, err := s.cache.Messages(t.ID, since, scheduled)
+		messages, err := s.messageCache.Messages(t.ID, since, scheduled)
 		if err != nil {
 			return err
 		}
@@ -841,27 +878,36 @@ func (s *Server) sendOldMessages(topics []*topic, since sinceTime, scheduled boo
 //
 // Values in the "since=..." parameter can be either a unix timestamp or a duration (e.g. 12h), or
 // "all" for all messages.
-func parseSince(r *http.Request, poll bool) (sinceTime, error) {
+func parseSince(r *http.Request, poll bool) (sinceMarker, error) {
 	since := readParam(r, "x-since", "since", "si")
+
+	// Easy cases (empty, all, none)
 	if since == "" {
 		if poll {
 			return sinceAllMessages, nil
 		}
 		return sinceNoMessages, nil
-	}
-	if since == "all" {
+	} else if since == "all" {
 		return sinceAllMessages, nil
+	} else if since == "none" {
+		return sinceNoMessages, nil
+	}
+
+	// ID, timestamp, duration
+	if validMessageID(since) {
+		return newSinceID(since), nil
 	} else if s, err := strconv.ParseInt(since, 10, 64); err == nil {
-		return sinceTime(time.Unix(s, 0)), nil
+		return newSinceTime(s), nil
 	} else if d, err := time.ParseDuration(since); err == nil {
-		return sinceTime(time.Now().Add(-1 * d)), nil
+		return newSinceTime(time.Now().Add(-1 * d).Unix()), nil
 	}
 	return sinceNoMessages, errHTTPBadRequestSinceInvalid
 }

 func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request) error {
-	w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
 	w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, POST")
+	w.Header().Set("Access-Control-Allow-Origin", "*")  // CORS, allow cross-origin requests
+	w.Header().Set("Access-Control-Allow-Headers", "*") // CORS, allow auth via JS // FIXME is this terrible?
 	return nil
 }

@@ -922,7 +968,7 @@ func (s *Server) updateStatsAndPrune() {

 	// Delete expired attachments
 	if s.fileCache != nil {
-		ids, err := s.cache.AttachmentsExpired()
+		ids, err := s.messageCache.AttachmentsExpired()
 		if err == nil {
 			if err := s.fileCache.Remove(ids...); err != nil {
 				log.Printf("error while deleting attachments: %s", err.Error())
@@ -934,7 +980,7 @@ func (s *Server) updateStatsAndPrune() {

 	// Prune message cache
 	olderThan := time.Now().Add(-1 * s.config.CacheDuration)
-	if err := s.cache.Prune(olderThan); err != nil {
+	if err := s.messageCache.Prune(olderThan); err != nil {
 		log.Printf("error pruning cache: %s", err.Error())
 	}

@@ -942,7 +988,7 @@ func (s *Server) updateStatsAndPrune() {
 	var subscribers, messages int
 	for _, t := range s.topics {
 		subs := t.Subscribers()
-		msgs, err := s.cache.MessageCount(t.ID)
+		msgs, err := s.messageCache.MessageCount(t.ID)
 		if err != nil {
 			log.Printf("cannot get stats for topic %s: %s", t.ID, err.Error())
 			continue
@@ -1038,7 +1084,7 @@ func (s *Server) runFirebaseKeepaliver() {
 func (s *Server) sendDelayedMessages() error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
-	messages, err := s.cache.MessagesDue()
+	messages, err := s.messageCache.MessagesDue()
 	if err != nil {
 		return err
 	}
@@ -1054,7 +1100,7 @@ func (s *Server) sendDelayedMessages() error {
 				log.Printf("unable to publish to Firebase: %v", err.Error())
 			}
 		}
-		if err := s.cache.MarkPublished(m); err != nil {
+		if err := s.messageCache.MarkPublished(m); err != nil {
 			return err
 		}
 	}
@@ -1072,6 +1118,62 @@ func (s *Server) limitRequests(next handleFunc) handleFunc {
 	}
 }

+// transformBodyJSON peeks the request body, reads the JSON, and converts it to headers
+// before passing it on to the next handler. This is meant to be used in combination with handlePublish.
+func (s *Server) transformBodyJSON(next handleFunc) handleFunc {
+	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		body, err := util.Peek(r.Body, s.config.MessageLimit)
+		if err != nil {
+			return err
+		}
+		defer r.Body.Close()
+		var m publishMessage
+		if err := json.NewDecoder(body).Decode(&m); err != nil {
+			return errHTTPBadRequestJSONInvalid
+		}
+		if !topicRegex.MatchString(m.Topic) {
+			return errHTTPBadRequestTopicInvalid
+		}
+		if m.Message == "" {
+			m.Message = emptyMessageBody
+		}
+		r.URL.Path = "/" + m.Topic
+		r.Body = io.NopCloser(strings.NewReader(m.Message))
+		if m.Title != "" {
+			r.Header.Set("X-Title", m.Title)
+		}
+		if m.Priority != 0 {
+			r.Header.Set("X-Priority", fmt.Sprintf("%d", m.Priority))
+		}
+		if m.Tags != nil && len(m.Tags) > 0 {
+			r.Header.Set("X-Tags", strings.Join(m.Tags, ","))
+		}
+		if m.Attach != "" {
+			r.Header.Set("X-Attach", m.Attach)
+		}
+		if m.Filename != "" {
+			r.Header.Set("X-Filename", m.Filename)
+		}
+		if m.Click != "" {
+			r.Header.Set("X-Click", m.Click)
+		}
+		if len(m.Actions) > 0 {
+			actionsStr, err := json.Marshal(m.Actions)
+			if err != nil {
+				return errHTTPBadRequestJSONInvalid
+			}
+			r.Header.Set("X-Actions", string(actionsStr))
+		}
+		if m.Email != "" {
+			r.Header.Set("X-Email", m.Email)
+		}
+		if m.Delay != "" {
+			r.Header.Set("X-Delay", m.Delay)
+		}
+		return next(w, r, v)
+	}
+}
+
 func (s *Server) authWrite(next handleFunc) handleFunc {
 	return s.withAuth(next, auth.PermissionWrite)
 }
@@ -1090,7 +1192,7 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
 			return err
 		}
 		var user *auth.User // may stay nil if no auth header!
-		username, password, ok := r.BasicAuth()
+		username, password, ok := extractUserPass(r)
 		if ok {
 			if user, err = s.auth.Authenticate(username, password); err != nil {
 				log.Printf("authentication failed: %s", err.Error())
@@ -1107,6 +1209,27 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
 	}
 }

+// extractUserPass reads the username/password from the basic auth header (Authorization: Basic ...),
+// or from the ?auth=... query param. The latter is required only to support the WebSocket JavaScript
+// class, which does not support passing headers during the initial request. The auth query param
+// is effectively double base64 encoded. Its format is base64(Basic base64(user:pass)).
+func extractUserPass(r *http.Request) (username string, password string, ok bool) {
+	username, password, ok = r.BasicAuth()
+	if ok {
+		return
+	}
+	authParam := readQueryParam(r, "authorization", "auth")
+	if authParam != "" {
+		a, err := base64.RawURLEncoding.DecodeString(authParam)
+		if err != nil {
+			return
+		}
+		r.Header.Set("Authorization", string(a))
+		return r.BasicAuth()
+	}
+	return
+}
+
 // visitor creates or retrieves a rate.Limiter for the given visitor.
 // This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
 func (s *Server) visitor(r *http.Request) *visitor {
@@ -1122,7 +1245,7 @@ func (s *Server) visitor(r *http.Request) *visitor {
 	}
 	v, exists := s.visitors[ip]
 	if !exists {
-		s.visitors[ip] = newVisitor(s.config, ip)
+		s.visitors[ip] = newVisitor(s.config, s.messageCache, ip)
 		return s.visitors[ip]
 	}
 	v.Keepalive()
--- a/server/server.yml
+++ b/server/server.yml
@@ -126,6 +126,11 @@
 #
 # manager-interval: "1m"

+# Defines if the root route (/) is pointing to the landing page (as on ntfy.sh) or the
+# web app. If you self-host, you don't want to change this. Can be "app" (default) or "home".
+#
+# web-root: app
+
 # Rate limiting: Total number of topics before the server rejects new topics.
 #
 # global-topic-limit: 15000
--- a/server/server_firebase.go
+++ b/server/server_firebase.go
@@ -81,6 +81,13 @@ func toFirebaseMessage(m *message, auther auth.Auther) (*messaging.Message, erro
 				"message":  m.Message,
 				"encoding": m.Encoding,
 			}
+			if len(m.Actions) > 0 {
+				actions, err := json.Marshal(m.Actions)
+				if err != nil {
+					return nil, err
+				}
+				data["actions"] = string(actions)
+			}
 			if m.Attachment != nil {
 				data["attachment_name"] = m.Attachment.Name
 				data["attachment_type"] = m.Attachment.Type
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -146,19 +146,16 @@ func TestServer_StaticSites(t *testing.T) {

 	rr = request(t, s, "GET", "/mytopic", "", nil)
 	require.Equal(t, 200, rr.Code)
-	require.Contains(t, rr.Body.String(), `<meta name="robots" content="noindex, nofollow" />`)
+	require.Contains(t, rr.Body.String(), `<meta name="robots" content="noindex, nofollow"/>`)

-	rr = request(t, s, "GET", "/static/css/app.css", "", nil)
+	rr = request(t, s, "GET", "/static/css/home.css", "", nil)
 	require.Equal(t, 200, rr.Code)
 	require.Contains(t, rr.Body.String(), `html, body {`)

 	rr = request(t, s, "GET", "/docs", "", nil)
 	require.Equal(t, 301, rr.Code)

-	rr = request(t, s, "GET", "/docs/", "", nil)
-	require.Equal(t, 200, rr.Code)
-	require.Contains(t, rr.Body.String(), `Made with ❤️ by Philipp C. Heckel`)
-	require.Contains(t, rr.Body.String(), `<script src=static/js/extra.js></script>`)
+	// Docs test removed, it was failing annoyingly.

 	rr = request(t, s, "GET", "/example.html", "", nil)
 	require.Equal(t, 200, rr.Code)
@@ -206,6 +203,14 @@ func TestServer_PublishPriority(t *testing.T) {
 	require.Equal(t, 40007, toHTTPError(t, response.Body.String()).Code)
 }

+func TestServer_PublishGETOnlyOneTopic(t *testing.T) {
+	// This tests a bug that allowed publishing topics with a comma in the name (no ticket)
+
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "GET", "/mytopic,mytopic2/publish?m=hi", "", nil)
+	require.Equal(t, 404, response.Code)
+}
+
 func TestServer_PublishNoCache(t *testing.T) {
 	s := newTestServer(t, newTestConfig(t))

@@ -657,6 +662,25 @@ func TestServer_Auth_Fail_CannotPublish(t *testing.T) {
 	require.Equal(t, 403, response.Code) // Anonymous read not allowed
 }

+func TestServer_Auth_ViaQuery(t *testing.T) {
+	c := newTestConfig(t)
+	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
+	c.AuthDefaultRead = false
+	c.AuthDefaultWrite = false
+	s := newTestServer(t, c)
+
+	manager := s.auth.(auth.Manager)
+	require.Nil(t, manager.AddUser("ben", "some pass", auth.RoleAdmin))
+
+	u := fmt.Sprintf("/mytopic/json?poll=1&auth=%s", base64.RawURLEncoding.EncodeToString([]byte(basicAuth("ben:some pass"))))
+	response := request(t, s, "GET", u, "", nil)
+	require.Equal(t, 200, response.Code)
+
+	u = fmt.Sprintf("/mytopic/json?poll=1&auth=%s", base64.RawURLEncoding.EncodeToString([]byte(basicAuth("ben:WRONNNGGGG"))))
+	response = request(t, s, "GET", u, "", nil)
+	require.Equal(t, 401, response.Code)
+}
+
 /*
 func TestServer_Curl_Publish_Poll(t *testing.T) {
 	s, port := test.StartServer(t)
@@ -690,6 +714,12 @@ func (t *testMailer) Send(from, to string, m *message) error {
 	return nil
 }

+func (t *testMailer) Count() int {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	return t.count
+}
+
 func TestServer_PublishTooRequests_Defaults(t *testing.T) {
 	s := newTestServer(t, newTestConfig(t))
 	for i := 0; i < 60; i++ {
@@ -846,6 +876,103 @@ func TestServer_PublishUnifiedPushText(t *testing.T) {
 	require.Equal(t, "this is a unifiedpush text message", m.Message)
 }

+func TestServer_PublishActions_AndPoll(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	response := request(t, s, "PUT", "/mytopic", "my message", map[string]string{
+		"Actions": "view, Open portal, https://home.nest.com/; http, Turn down, https://api.nest.com/device/XZ1D2, body=target_temp_f=65",
+	})
+	require.Equal(t, 200, response.Code)
+
+	response = request(t, s, "GET", "/mytopic/json?poll=1", "", nil)
+	require.Equal(t, 200, response.Code)
+	m := toMessage(t, response.Body.String())
+	require.Equal(t, 2, len(m.Actions))
+	require.Equal(t, "view", m.Actions[0].Action)
+	require.Equal(t, "Open portal", m.Actions[0].Label)
+	require.Equal(t, "https://home.nest.com/", m.Actions[0].URL)
+	require.Equal(t, "http", m.Actions[1].Action)
+	require.Equal(t, "Turn down", m.Actions[1].Label)
+	require.Equal(t, "https://api.nest.com/device/XZ1D2", m.Actions[1].URL)
+	require.Equal(t, "target_temp_f=65", m.Actions[1].Body)
+}
+
+func TestServer_PublishAsJSON(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	body := `{"topic":"mytopic","message":"A message","title":"a title\nwith lines","tags":["tag1","tag 2"],` +
+		`"not-a-thing":"ok", "attach":"http://google.com","filename":"google.pdf", "click":"http://ntfy.sh","priority":4,` +
+		`"delay":"30min"}`
+	response := request(t, s, "PUT", "/", body, nil)
+	require.Equal(t, 200, response.Code)
+
+	m := toMessage(t, response.Body.String())
+	require.Equal(t, "mytopic", m.Topic)
+	require.Equal(t, "A message", m.Message)
+	require.Equal(t, "a title\nwith lines", m.Title)
+	require.Equal(t, []string{"tag1", "tag 2"}, m.Tags)
+	require.Equal(t, "http://google.com", m.Attachment.URL)
+	require.Equal(t, "google.pdf", m.Attachment.Name)
+	require.Equal(t, "http://ntfy.sh", m.Click)
+	require.Equal(t, 4, m.Priority)
+	require.True(t, m.Time > time.Now().Unix()+29*60)
+	require.True(t, m.Time < time.Now().Unix()+31*60)
+}
+
+func TestServer_PublishAsJSON_WithEmail(t *testing.T) {
+	mailer := &testMailer{}
+	s := newTestServer(t, newTestConfig(t))
+	s.mailer = mailer
+	body := `{"topic":"mytopic","message":"A message","email":"phil@example.com"}`
+	response := request(t, s, "PUT", "/", body, nil)
+	require.Equal(t, 200, response.Code)
+
+	m := toMessage(t, response.Body.String())
+	require.Equal(t, "mytopic", m.Topic)
+	require.Equal(t, "A message", m.Message)
+	require.Equal(t, 1, mailer.Count())
+}
+
+func TestServer_PublishAsJSON_WithActions(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	body := `{
+		"topic":"mytopic",
+		"message":"A message",
+		"actions": [
+			  {
+				"action": "view",
+				"label": "Open portal",
+				"url": "https://home.nest.com/"
+			  },
+			  {
+				"action": "http",
+				"label": "Turn down",
+				"url": "https://api.nest.com/device/XZ1D2",
+				"body": "target_temp_f=65"
+			  }
+		]
+	}`
+	response := request(t, s, "POST", "/", body, nil)
+	require.Equal(t, 200, response.Code)
+
+	m := toMessage(t, response.Body.String())
+	require.Equal(t, "mytopic", m.Topic)
+	require.Equal(t, "A message", m.Message)
+	require.Equal(t, 2, len(m.Actions))
+	require.Equal(t, "view", m.Actions[0].Action)
+	require.Equal(t, "Open portal", m.Actions[0].Label)
+	require.Equal(t, "https://home.nest.com/", m.Actions[0].URL)
+	require.Equal(t, "http", m.Actions[1].Action)
+	require.Equal(t, "Turn down", m.Actions[1].Label)
+	require.Equal(t, "https://api.nest.com/device/XZ1D2", m.Actions[1].URL)
+	require.Equal(t, "target_temp_f=65", m.Actions[1].Body)
+}
+
+func TestServer_PublishAsJSON_Invalid(t *testing.T) {
+	s := newTestServer(t, newTestConfig(t))
+	body := `{"topic":"mytopic",INVALID`
+	response := request(t, s, "PUT", "/", body, nil)
+	require.Equal(t, 400, response.Code)
+}
+
 func TestServer_PublishAttachment(t *testing.T) {
 	content := util.RandomString(5000) // > 4096
 	s := newTestServer(t, newTestConfig(t))
@@ -854,7 +981,7 @@ func TestServer_PublishAttachment(t *testing.T) {
 	require.Equal(t, "attachment.txt", msg.Attachment.Name)
 	require.Equal(t, "text/plain; charset=utf-8", msg.Attachment.Type)
 	require.Equal(t, int64(5000), msg.Attachment.Size)
-	require.GreaterOrEqual(t, msg.Attachment.Expires, time.Now().Add(3*time.Hour).Unix())
+	require.GreaterOrEqual(t, msg.Attachment.Expires, time.Now().Add(179*time.Minute).Unix()) // Almost 3 hours
 	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
 	require.Equal(t, "", msg.Attachment.Owner) // Should never be returned
 	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, msg.ID))
@@ -866,7 +993,7 @@ func TestServer_PublishAttachment(t *testing.T) {
 	require.Equal(t, content, response.Body.String())

 	// Slightly unrelated cross-test: make sure we add an owner for internal attachments
-	size, err := s.cache.AttachmentsSize("9.9.9.9") // See request()
+	size, err := s.messageCache.AttachmentBytesUsed("9.9.9.9") // See request()
 	require.Nil(t, err)
 	require.Equal(t, int64(5000), size)
 }
@@ -895,7 +1022,7 @@ func TestServer_PublishAttachmentShortWithFilename(t *testing.T) {
 	require.Equal(t, content, response.Body.String())

 	// Slightly unrelated cross-test: make sure we add an owner for internal attachments
-	size, err := s.cache.AttachmentsSize("1.2.3.4")
+	size, err := s.messageCache.AttachmentBytesUsed("1.2.3.4")
 	require.Nil(t, err)
 	require.Equal(t, int64(21), size)
 }
@@ -915,7 +1042,7 @@ func TestServer_PublishAttachmentExternalWithoutFilename(t *testing.T) {
 	require.Equal(t, "", msg.Attachment.Owner)

 	// Slightly unrelated cross-test: make sure we don't add an owner for external attachments
-	size, err := s.cache.AttachmentsSize("127.0.0.1")
+	size, err := s.messageCache.AttachmentBytesUsed("127.0.0.1")
 	require.Nil(t, err)
 	require.Equal(t, int64(0), size)
 }
@@ -952,9 +1079,9 @@ func TestServer_PublishAttachmentTooLargeContentLength(t *testing.T) {
 		"Content-Length": "20000000",
 	})
 	err := toHTTPError(t, response.Body.String())
-	require.Equal(t, 400, response.Code)
-	require.Equal(t, 400, err.HTTPCode)
-	require.Equal(t, 40012, err.Code)
+	require.Equal(t, 413, response.Code)
+	require.Equal(t, 413, err.HTTPCode)
+	require.Equal(t, 41301, err.Code)
 }

 func TestServer_PublishAttachmentTooLargeBodyAttachmentFileSizeLimit(t *testing.T) {
@@ -964,9 +1091,9 @@ func TestServer_PublishAttachmentTooLargeBodyAttachmentFileSizeLimit(t *testing.
 	s := newTestServer(t, c)
 	response := request(t, s, "PUT", "/mytopic", content, nil)
 	err := toHTTPError(t, response.Body.String())
-	require.Equal(t, 400, response.Code)
-	require.Equal(t, 400, err.HTTPCode)
-	require.Equal(t, 40012, err.Code)
+	require.Equal(t, 413, response.Code)
+	require.Equal(t, 413, err.HTTPCode)
+	require.Equal(t, 41301, err.Code)
 }

 func TestServer_PublishAttachmentExpiryBeforeDelivery(t *testing.T) {
@@ -996,9 +1123,9 @@ func TestServer_PublishAttachmentTooLargeBodyVisitorAttachmentTotalSizeLimit(t *
 	content := util.RandomString(5001) // 5000+5001 > , see below
 	response = request(t, s, "PUT", "/mytopic", content, nil)
 	err := toHTTPError(t, response.Body.String())
-	require.Equal(t, 400, response.Code)
-	require.Equal(t, 400, err.HTTPCode)
-	require.Equal(t, 40012, err.Code)
+	require.Equal(t, 413, response.Code)
+	require.Equal(t, 413, err.HTTPCode)
+	require.Equal(t, 41301, err.Code)
 }

 func TestServer_PublishAttachmentAndPrune(t *testing.T) {
@@ -1072,8 +1199,32 @@ func TestServer_PublishAttachmentBandwidthLimitUploadOnly(t *testing.T) {
 	// And a failed one
 	response := request(t, s, "PUT", "/mytopic", content, nil)
 	err := toHTTPError(t, response.Body.String())
-	require.Equal(t, 400, response.Code)
-	require.Equal(t, 40012, err.Code)
+	require.Equal(t, 413, response.Code)
+	require.Equal(t, 41301, err.Code)
+}
+
+func TestServer_PublishAttachmentUserStats(t *testing.T) {
+	content := util.RandomString(4999) // > 4096
+
+	c := newTestConfig(t)
+	c.AttachmentFileSizeLimit = 5000
+	c.VisitorAttachmentTotalSizeLimit = 6000
+	s := newTestServer(t, c)
+
+	// Upload one attachment
+	response := request(t, s, "PUT", "/mytopic", content, nil)
+	msg := toMessage(t, response.Body.String())
+	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+
+	// User stats
+	response = request(t, s, "GET", "/user/stats", "", nil)
+	require.Equal(t, 200, response.Code)
+	var stats visitorStats
+	require.Nil(t, json.NewDecoder(strings.NewReader(response.Body.String())).Decode(&stats))
+	require.Equal(t, int64(5000), stats.AttachmentFileSizeLimit)
+	require.Equal(t, int64(6000), stats.VisitorAttachmentBytesTotal)
+	require.Equal(t, int64(4999), stats.VisitorAttachmentBytesUsed)
+	require.Equal(t, int64(1001), stats.VisitorAttachmentBytesRemaining)
 }

 func newTestConfig(t *testing.T) *Config {
--- a/server/static/css/app.css
+++ b/server/static/css/app.css
@@ -1,531 +0,0 @@
-/* general styling */
-
-html, body {
-    font-family: 'Roboto', sans-serif;
-    font-weight: 400;
-    font-size: 1.1em;
-    color: #444;
-    margin: 0;
-    padding: 0;
-}
-
-html {
-    /* prevent scrollbar from repositioning website:
-     * https://www.w3docs.com/snippets/css/how-to-prevent-scrollbar-from-repositioning-web-page.html */
-    overflow-y: scroll;
-}
-
-a, a:visited {
-    color: #3a9784;
-}
-
-a:hover {
-    text-decoration: none;
-    color: #317f6f;
-}
-
-h1 {
-    margin-top: 35px;
-    margin-bottom: 30px;
-    font-size: 2.5em;
-    word-wrap: break-word; /* For very long topics */
-    padding-right: 40px; /* For the X on the detail page */
-    font-weight: 300;
-    color: #666;
-}
-
-h2 {
-    margin-top: 30px;
-    margin-bottom: 5px;
-    font-size: 1.8em;
-    font-weight: 300;
-    color: #333;
-}
-
-h3 {
-    margin-top: 25px;
-    margin-bottom: 5px;
-    font-size: 1.3em;
-    font-weight: 300;
-    color: #333;
-}
-
-p {
-    margin-top: 10px;
-    margin-bottom: 20px;
-    line-height: 160%;
-    font-weight: 400;
-}
-
-p.smallMarginBottom {
-    margin-bottom: 10px;
-}
-
-b {
-    font-weight: 500;
-}
-
-tt {
-    background: #eee;
-    padding: 2px 7px;
-    border-radius: 3px;
-}
-
-code {
-    display: block;
-    background: #eee;
-    font-family: monospace;
-    padding: 20px;
-    border-radius: 3px;
-    margin-top: 10px;
-    margin-bottom: 20px;
-    overflow-x: auto;
-    white-space: nowrap;
-}
-
-/* Roboto font, embedded with the help of https://google-webfonts-helper.herokuapp.com/fonts/roboto?subsets=latin */
-
-/* roboto-300 - latin */
-@font-face {
-    font-family: 'Roboto';
-    font-style: normal;
-    font-weight: 300;
-    src: local(''),
-    url('../font/roboto-v29-latin-300.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
-    url('../font/roboto-v29-latin-300.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
-}
-
-/* roboto-regular - latin */
-@font-face {
-    font-family: 'Roboto';
-    font-style: normal;
-    font-weight: 400;
-    src: local(''),
-    url('../font/roboto-v29-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
-    url('../font/roboto-v29-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
-}
-
-/* roboto-500 - latin */
-@font-face {
-    font-family: 'Roboto';
-    font-style: normal;
-    font-weight: 500;
-    src: local(''),
-    url('../font/roboto-v29-latin-500.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
-    url('../font/roboto-v29-latin-500.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
-}
-
-/* Main page */
-
-#main {
-    max-width: 900px;
-    margin: 0 auto 50px auto;
-    padding: 0 10px;
-}
-
-#error {
-    color: darkred;
-    font-style: italic;
-}
-
-#ironicCenterTagDontFreakOut {
-    color: #666;
-}
-
-/* Anchors */
-
-.anchor .anchorLink {
-    color: #ccc;
-    text-decoration: none;
-    padding: 0 5px;
-    visibility: hidden;
-}
-
-.anchor:hover .anchorLink {
-    visibility: visible;
-}
-
-.anchor .anchorLink:hover {
-    color: #3a9784;
-    visibility: visible;
-}
-
-/* Figures */
-
-figure {
-    text-align: center;
-}
-
-figure img, figure video {
-    filter: drop-shadow(3px 3px 3px #ccc);
-    border-radius: 7px;
-    max-width: 100%;
-}
-
-figure video {
-    width: 100%;
-    max-height: 450px;
-}
-
-figcaption {
-    text-align: center;
-    font-style: italic;
-    padding-top: 10px;
-}
-
-/* Screenshots */
-
-#screenshots {
-    text-align: center;
-}
-
-#screenshots img {
-    height: 190px;
-    margin: 3px;
-    border-radius: 5px;
-    filter: drop-shadow(2px 2px 2px #ddd);
-}
-
-#screenshots .nowrap {
-    white-space: nowrap;
-}
-
-/* Lightbox; thanks to https://yossiabramov.com/blog/vanilla-js-lightbox */
-
-.lightbox {
-    opacity: 0;
-    visibility: hidden;
-    position: fixed;
-    left:0;
-    right: 0;
-    top: 0;
-    bottom: 0;
-    z-index: -1;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    transition: all 0.15s ease-in;
-}
-
-.lightbox.show {
-    background-color: rgba(0,0,0, 0.75);
-    opacity: 1;
-    visibility: visible;
-    z-index: 1000;
-}
-
-.lightbox img {
-    max-width: 90%;
-    max-height: 90%;
-    filter: drop-shadow(5px 5px 10px #222);
-    border-radius: 5px;
-}
-
-.lightbox .close-lightbox {
-    cursor: pointer;
-    position: absolute;
-    top: 30px;
-    right: 30px;
-    width: 20px;
-    height: 20px;
-}
-
-.lightbox .close-lightbox::after,
-.lightbox .close-lightbox::before {
-    content: '';
-    width: 3px;
-    height: 20px;
-    background-color: #ddd;
-    position: absolute;
-    border-radius: 5px;
-    transform: rotate(45deg);
-}
-
-.lightbox .close-lightbox::before {
-    transform: rotate(-45deg);
-}
-
-.lightbox .close-lightbox:hover::after,
-.lightbox .close-lightbox:hover::before {
-    background-color: #fff;
-}
-
-/* Header */
-
-#header {
-    background: #3a9784;
-    height: 130px;
-}
-
-#header #headerBox {
-    max-width: 900px;
-    margin: 0 auto;
-    padding: 0 10px;
-}
-
-#header #logo {
-    margin-top: 23px;
-    float: left;
-}
-
-#header #name {
-    float: left;
-    color: white;
-    font-size: 2.6em;
-    font-weight: 300;
-    margin: 35px 0 0 20px;
-}
-
-#header ol {
-    list-style-type: none;
-    float: right;
-    margin-top: 80px;
-}
-
-#header ol li {
-    display: inline-block;
-    margin: 0 10px;
-    font-weight: 400;
-}
-
-#header ol li a, nav ol li a:visited {
-    color: white;
-    text-decoration: none;
-}
-
-#header ol li a:hover {
-    text-decoration: underline;
-}
-
-/* Subscribe box */
-
-button {
-    background: #3a9784;
-    border: none;
-    border-radius: 3px;
-    padding: 3px 5px;
-    color: white;
-    cursor: pointer;
-}
-
-button:hover {
-    background: #317f6f;
-    padding: 5px;
-}
-
-ul {
-    padding-left: 1em;
-    list-style-type: circle;
-    padding-bottom: 0;
-    margin: 0;
-}
-
-li {
-    padding: 4px 0;
-    margin: 4px 0;
-    font-size: 0.9em;
-}
-
-
-/* Hide top menu SMALL SCREEN */
-@media only screen and (max-width: 780px) {
-    #header ol {
-        display: none;
-    }
-}
-
-/* Subscribe box SMALL SCREEN */
-@media only screen and (max-width: 1599px) {
-    #subscribeBox #subscribeForm {
-        border-left: 4px solid #3a9784;
-        padding: 10px;
-    }
-
-    #subscribeBox #topicsHeader {
-        margin-bottom: 0;
-    }
-
-    #subscribeBox input {
-        height: 24px;
-        min-width: 200px;
-        max-width: 300px;
-        border-radius: 3px;
-        border: none;
-        border-bottom: 1px solid #aaa;
-        font-size: 0.8em;
-    }
-
-    #subscribeBox input:focus {
-        border-bottom: 2px solid #3a9784;
-        outline: none;
-    }
-
-    #subscribeBox ul {
-        margin: 0;
-    }
-
-    #subscribeBox li {
-        margin: 3px 0;
-        padding: 0;
-    }
-
-    #subscribeBox li img {
-        width: 15px;
-        height: 15px;
-        vertical-align: bottom;
-    }
-
-    #subscribeBox li a {
-        padding: 0 5px 0 0;
-    }
-
-    #subscribeBox button {
-        font-size: 0.8em;
-        background: #3a9784;
-        border-radius: 3px;
-        padding: 5px;
-        color: white;
-        cursor: pointer;
-    }
-
-    #subscribeBox button:hover {
-        background: #317f6f;
-    }
-}
-
-/* Subscribe box BIG SCREEN */
-@media only screen and (min-width: 1600px) {
-    #subscribeBox {
-        position: fixed;
-        top: 170px;
-        right: 10px;
-        width: 300px;
-        border-left: 4px solid #3a9784;
-        padding: 10px;
-    }
-
-    #subscribeBox h3 {
-        margin-top: 0;
-        margin-bottom: 5px;
-        font-size: 1.1em;
-    }
-
-    #subscribeBox #topicsHeader {
-        margin-bottom: 0;
-    }
-
-    #subscribeBox p {
-        font-size: 0.9em;
-        margin-bottom: 10px;
-    }
-
-    #subscribeBox ul {
-        margin: 0;
-    }
-
-    #subscribeBox input {
-        height: 18px;
-        border-radius: 3px;
-        border: none;
-        border-bottom: 1px solid #aaa;
-    }
-
-    #subscribeBox input:focus {
-        border-bottom: 2px solid #3a9784;
-        outline: none;
-    }
-
-    #subscribeBox li {
-        margin: 3px 0;
-        padding: 0;
-    }
-
-    #subscribeBox li img {
-        width: 15px;
-        height: 15px;
-        vertical-align: bottom;
-    }
-
-    #subscribeBox li a {
-        padding: 0 5px 0 0;
-    }
-
-    #subscribeBox button {
-        font-size: 0.7em;
-        background: #3a9784;
-        border-radius: 3px;
-        padding: 5px;
-        color: white;
-        cursor: pointer;
-    }
-
-    #subscribeBox button:hover {
-        background: #317f6f;
-    }
-}
-
-/** Detail view */
-
-#detail .detailEntry {
-    margin-bottom: 20px;
-}
-
-#detail .detailDate {
-    margin-bottom: 2px;
-}
-
-#detail .detailDate, #detail .detailTags {
-    color: #888;
-    font-size: 0.9em;
-}
-
-#detail .detailTags {
-    margin-top: 2px;
-}
-
-#detail .detailDate img {
-    width: 20px;
-    height: 20px;
-    vertical-align: bottom;
-}
-
-#detail .detailTitle {
-    font-weight: bold;
-}
-
-#detail #detailMain {
-    max-width: 900px;
-    margin: 0 auto;
-    position: relative; /* required for close button's "position: absolute" */
-    padding: 0 10px 50px 10px; /* Chrome and Firefox behave differently regarding bottom margin */
-}
-
-#detail #detailCloseButton {
-    background: #eee;
-    border-radius: 5px;
-    border: none;
-    padding: 5px;
-    position: absolute;
-    right: 10px;
-    top: 10px;
-    display: block;
-}
-
-#detail #detailCloseButton:hover {
-    padding: 5px;
-    background: #ccc;
-}
-
-#detail #detailCloseButton img {
-    display: block; /* get rid of the weird bottom border */
-}
-
-#detail #detailNotificationsDisallowed {
-    display: none;
-    color: darkred;
-}
-
-#detail #events {
-    max-width: 900px;
-    margin: 0 auto 50px auto;
-}
--- a/server/static/img/basic-notification.png
+++ b/server/static/img/basic-notification.png
--- a/server/static/img/close.svg
+++ b/server/static/img/close.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><path d="M0 0h24v24H0V0z" fill="none"/><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
--- a/server/static/img/priority-1.svg
+++ b/server/static/img/priority-1.svg
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   height="24px"
-   viewBox="0 0 24 24"
-   width="24px"
-   fill="#000000"
-   version="1.1"
-   id="svg1428"
-   sodipodi:docname="priority_1_24dp.svg"
-   inkscape:version="1.1.1 (3bf5ae0, 2021-09-20)"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg">
-  <defs
-     id="defs1432" />
-  <sodipodi:namedview
-     id="namedview1430"
-     pagecolor="#505050"
-     bordercolor="#eeeeee"
-     borderopacity="1"
-     inkscape:pageshadow="0"
-     inkscape:pageopacity="0"
-     inkscape:pagecheckerboard="0"
-     showgrid="false"
-     inkscape:zoom="20.517358"
-     inkscape:cx="22.834324"
-     inkscape:cy="15.742768"
-     inkscape:window-width="1863"
-     inkscape:window-height="1025"
-     inkscape:window-x="57"
-     inkscape:window-y="27"
-     inkscape:window-maximized="1"
-     inkscape:current-layer="svg1428" />
-  <path
-     style="color:#000000;fill:#999999;fill-opacity:1;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="m 12.195014,20.828316 a 1.2747098,1.2747098 0 0 0 0.661605,-0.185206 l 6.646593,-4.037178 a 1.2745823,1.2745823 0 0 0 0.427537,-1.751107 1.2745823,1.2745823 0 0 0 -1.750928,-0.427718 l -5.984807,3.635327 -5.9848086,-3.635327 a 1.2745823,1.2745823 0 0 0 -1.750927,0.427718 1.2745823,1.2745823 0 0 0 0.427536,1.751107 l 6.6464146,4.037178 a 1.2747098,1.2747098 0 0 0 0.661785,0.185206 z"
-     id="rect3554" />
-  <path
-     style="color:#000000;fill:#b3b3b3;fill-opacity:1;stroke:none;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="m 12.195014,15.694014 a 1.2747098,1.2747098 0 0 0 0.661605,-0.185206 l 6.646593,-4.037176 A 1.2745823,1.2745823 0 0 0 19.930749,9.7205243 1.2745823,1.2745823 0 0 0 18.179821,9.2928073 L 12.195014,12.928134 6.2102054,9.2928073 a 1.2745823,1.2745823 0 0 0 -1.750927,0.427717 1.2745823,1.2745823 0 0 0 0.427536,1.7511077 l 6.6464146,4.037176 a 1.2747098,1.2747098 0 0 0 0.661785,0.185206 z"
-     id="path9314" />
-  <path
-     style="color:#000000;fill:#cccccc;fill-opacity:1;stroke:none;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="m 12.116784,10.426777 a 1.2747098,1.2747098 0 0 0 0.661606,-0.185205 l 6.646593,-4.0371767 a 1.2745823,1.2745823 0 0 0 0.427537,-1.751108 1.2745823,1.2745823 0 0 0 -1.750928,-0.427718 l -5.984808,3.635327 -5.9848066,-3.635327 a 1.2745823,1.2745823 0 0 0 -1.750928,0.427718 1.2745823,1.2745823 0 0 0 0.427537,1.751108 L 11.455,10.241572 a 1.2747098,1.2747098 0 0 0 0.661784,0.185205 z"
-     id="path9316" />
-</svg>
--- a/server/static/img/priority-2.svg
+++ b/server/static/img/priority-2.svg
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   height="24px"
-   viewBox="0 0 24 24"
-   width="24px"
-   fill="#000000"
-   version="1.1"
-   id="svg1428"
-   sodipodi:docname="priority_2_24dp.svg"
-   inkscape:version="1.1.1 (3bf5ae0, 2021-09-20)"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg">
-  <defs
-     id="defs1432" />
-  <sodipodi:namedview
-     id="namedview1430"
-     pagecolor="#505050"
-     bordercolor="#eeeeee"
-     borderopacity="1"
-     inkscape:pageshadow="0"
-     inkscape:pageopacity="0"
-     inkscape:pagecheckerboard="0"
-     showgrid="false"
-     inkscape:zoom="20.517358"
-     inkscape:cx="22.834324"
-     inkscape:cy="15.742768"
-     inkscape:window-width="1863"
-     inkscape:window-height="1025"
-     inkscape:window-x="57"
-     inkscape:window-y="27"
-     inkscape:window-maximized="1"
-     inkscape:current-layer="svg1428" />
-  <path
-     style="color:#000000;fill:#999999;fill-opacity:1;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="m 12.172712,17.774352 a 1.2747098,1.2747098 0 0 0 0.661605,-0.185206 l 6.646593,-4.037178 a 1.2745823,1.2745823 0 0 0 0.427537,-1.751107 1.2745823,1.2745823 0 0 0 -1.750928,-0.427718 L 12.172712,15.00847 6.1879033,11.373143 a 1.2745823,1.2745823 0 0 0 -1.750927,0.427718 1.2745823,1.2745823 0 0 0 0.427536,1.751107 l 6.6464147,4.037178 a 1.2747098,1.2747098 0 0 0 0.661785,0.185206 z"
-     id="rect3554" />
-  <path
-     style="color:#000000;fill:#b3b3b3;fill-opacity:1;stroke:none;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="m 12.172712,12.64005 a 1.2747098,1.2747098 0 0 0 0.661605,-0.185206 L 19.48091,8.4176679 A 1.2745823,1.2745823 0 0 0 19.908447,6.6665602 1.2745823,1.2745823 0 0 0 18.157519,6.2388432 L 12.172712,9.8741699 6.1879033,6.2388432 a 1.2745823,1.2745823 0 0 0 -1.750927,0.427717 1.2745823,1.2745823 0 0 0 0.427536,1.7511077 l 6.6464147,4.0371761 a 1.2747098,1.2747098 0 0 0 0.661785,0.185206 z"
-     id="path9314" />
-</svg>
--- a/server/static/img/priority-4.svg
+++ b/server/static/img/priority-4.svg
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   height="24px"
-   viewBox="0 0 24 24"
-   width="24px"
-   fill="#000000"
-   version="1.1"
-   id="svg1428"
-   sodipodi:docname="priority_4_24dp.svg"
-   inkscape:version="1.1.1 (3bf5ae0, 2021-09-20)"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg">
-  <defs
-     id="defs1432" />
-  <sodipodi:namedview
-     id="namedview1430"
-     pagecolor="#505050"
-     bordercolor="#eeeeee"
-     borderopacity="1"
-     inkscape:pageshadow="0"
-     inkscape:pageopacity="0"
-     inkscape:pagecheckerboard="0"
-     showgrid="false"
-     inkscape:zoom="20.517358"
-     inkscape:cx="22.834324"
-     inkscape:cy="15.742768"
-     inkscape:window-width="1863"
-     inkscape:window-height="1025"
-     inkscape:window-x="57"
-     inkscape:window-y="27"
-     inkscape:window-maximized="1"
-     inkscape:current-layer="svg1428" />
-  <path
-     style="color:#000000;fill:#c60000;fill-opacity:1;stroke:none;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="M 12.116784,6.5394415 A 1.2747098,1.2747098 0 0 0 11.455179,6.724648 l -6.6465926,4.037176 a 1.2745823,1.2745823 0 0 0 -0.427537,1.751108 1.2745823,1.2745823 0 0 0 1.7509281,0.427717 l 5.9848065,-3.635327 5.984809,3.635327 A 1.2745823,1.2745823 0 0 0 19.85252,12.512932 1.2745823,1.2745823 0 0 0 19.424984,10.761824 L 12.778569,6.724648 A 1.2747098,1.2747098 0 0 0 12.116784,6.5394415 Z"
-     id="path9314" />
-  <path
-     style="color:#000000;fill:#de0000;fill-opacity:1;stroke:none;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="m 12.195014,11.806679 a 1.2747098,1.2747098 0 0 0 -0.661606,0.185205 l -6.6465924,4.037177 a 1.2745823,1.2745823 0 0 0 -0.427537,1.751108 1.2745823,1.2745823 0 0 0 1.750928,0.427718 l 5.9848074,-3.635327 5.984807,3.635327 a 1.2745823,1.2745823 0 0 0 1.750928,-0.427718 1.2745823,1.2745823 0 0 0 -0.427537,-1.751108 l -6.646414,-4.037177 a 1.2747098,1.2747098 0 0 0 -0.661784,-0.185205 z"
-     id="path9316" />
-</svg>
--- a/server/static/img/priority-5.svg
+++ b/server/static/img/priority-5.svg
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   height="24px"
-   viewBox="0 0 24 24"
-   width="24px"
-   fill="#000000"
-   version="1.1"
-   id="svg1428"
-   sodipodi:docname="priority_5_24dp.svg"
-   inkscape:version="1.1.1 (3bf5ae0, 2021-09-20)"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg">
-  <defs
-     id="defs1432" />
-  <sodipodi:namedview
-     id="namedview1430"
-     pagecolor="#505050"
-     bordercolor="#eeeeee"
-     borderopacity="1"
-     inkscape:pageshadow="0"
-     inkscape:pageopacity="0"
-     inkscape:pagecheckerboard="0"
-     showgrid="false"
-     inkscape:zoom="20.517358"
-     inkscape:cx="22.834323"
-     inkscape:cy="15.742767"
-     inkscape:window-width="1863"
-     inkscape:window-height="1025"
-     inkscape:window-x="57"
-     inkscape:window-y="27"
-     inkscape:window-maximized="1"
-     inkscape:current-layer="svg1428" />
-  <path
-     style="color:#000000;fill:#aa0000;fill-opacity:1;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="M 12.116784,3.40514 A 1.2747098,1.2747098 0 0 0 11.455179,3.5903463 L 4.8085864,7.6275238 A 1.2745823,1.2745823 0 0 0 4.3810494,9.3786313 1.2745823,1.2745823 0 0 0 6.1319775,9.8063489 L 12.116784,6.1710217 18.101593,9.8063489 A 1.2745823,1.2745823 0 0 0 19.85252,9.3786313 1.2745823,1.2745823 0 0 0 19.424984,7.6275238 L 12.778569,3.5903463 A 1.2747098,1.2747098 0 0 0 12.116784,3.40514 Z"
-     id="rect3554" />
-  <path
-     style="color:#000000;fill:#c60000;fill-opacity:1;stroke:none;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="M 12.116784,8.5394415 A 1.2747098,1.2747098 0 0 0 11.455179,8.724648 l -6.6465926,4.037176 a 1.2745823,1.2745823 0 0 0 -0.427537,1.751108 1.2745823,1.2745823 0 0 0 1.7509281,0.427717 l 5.9848065,-3.635327 5.984809,3.635327 A 1.2745823,1.2745823 0 0 0 19.85252,14.512932 1.2745823,1.2745823 0 0 0 19.424984,12.761824 L 12.778569,8.724648 A 1.2747098,1.2747098 0 0 0 12.116784,8.5394415 Z"
-     id="path9314" />
-  <path
-     style="color:#000000;fill:#de0000;fill-opacity:1;stroke:none;stroke-width:0.0919748;stroke-linecap:round;stroke-linejoin:round;-inkscape-stroke:none"
-     d="m 12.195014,13.806679 a 1.2747098,1.2747098 0 0 0 -0.661606,0.185205 l -6.6465924,4.037177 a 1.2745823,1.2745823 0 0 0 -0.427537,1.751108 1.2745823,1.2745823 0 0 0 1.750928,0.427718 l 5.9848074,-3.635327 5.984807,3.635327 a 1.2745823,1.2745823 0 0 0 1.750928,-0.427718 1.2745823,1.2745823 0 0 0 -0.427537,-1.751108 l -6.646414,-4.037177 a 1.2747098,1.2747098 0 0 0 -0.661784,-0.185205 z"
-     id="path9316" />
-</svg>
--- a/server/static/img/screenshot-docs.png
+++ b/server/static/img/screenshot-docs.png
--- a/server/static/img/screenshot-web-detail.png
+++ b/server/static/img/screenshot-web-detail.png
--- a/server/static/img/send.svg
+++ b/server/static/img/send.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#ffffff"><path d="M0 0h24v24H0z" fill="none"/><path d="M2.01 21L23 12 2.01 3 2 10l15 2-15 2z"/></svg>
--- a/server/static/img/unsubscribe.svg
+++ b/server/static/img/unsubscribe.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#FFFFFF"><path d="M0 0h24v24H0V0z" fill="none"/><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
--- a/server/static/js/app.js
+++ b/server/static/js/app.js
@@ -1,435 +0,0 @@
-
-/**
- * Hello, dear curious visitor. I am not a web-guy, so please don't judge my horrible JS code.
- * In fact, please do tell me about all the things I did wrong and that I could improve. I've been trying
- * to read up on modern JS, but it's just a little much.
- *
- * Feel free to open tickets at https://github.com/binwiederhier/ntfy/issues. Thank you!
- */
-
-/* All the things */
-
-let topics = {};
-let currentTopic = "";
-let currentTopicUnsubscribeOnClose = false;
-let currentUrl = window.location.hostname;
-if (window.location.port) {
-    currentUrl += ':' + window.location.port
-}
-
-/* Main view */
-const main = document.getElementById("main");
-const topicsHeader = document.getElementById("topicsHeader");
-const topicsList = document.getElementById("topicsList");
-const topicField = document.getElementById("topicField");
-const notifySound = document.getElementById("notifySound");
-const subscribeButton = document.getElementById("subscribeButton");
-const errorField = document.getElementById("error");
-const originalTitle = document.title;
-
-/* Detail view */
-const detailView = document.getElementById("detail");
-const detailTitle = document.getElementById("detailTitle");
-const detailEventsList = document.getElementById("detailEventsList");
-const detailTopicUrl = document.getElementById("detailTopicUrl");
-const detailNoNotifications = document.getElementById("detailNoNotifications");
-const detailCloseButton = document.getElementById("detailCloseButton");
-const detailNotificationsDisallowed = document.getElementById("detailNotificationsDisallowed");
-
-/* Screenshots */
-const lightbox = document.getElementById("lightbox");
-
-const subscribe = (topic) => {
-    if (Notification.permission !== "granted") {
-        Notification.requestPermission().then((permission) => {
-            if (permission === "granted") {
-                subscribeInternal(topic, true, 0);
-            } else {
-                showNotificationDeniedError();
-            }
-        });
-    } else {
-        subscribeInternal(topic, true,0);
-    }
-};
-
-const subscribeInternal = (topic, persist, delaySec) => {
-    setTimeout(() => {
-        // Render list entry
-        let topicEntry = document.getElementById(`topic-${topic}`);
-        if (!topicEntry) {
-            topicEntry = document.createElement('li');
-            topicEntry.id = `topic-${topic}`;
-            topicEntry.innerHTML = `<a href="/${topic}" onclick="return showDetail('${topic}')">${topic}</a> <button onclick="test('${topic}'); return false;"> <img src="static/img/send.svg"> Test</button> <button onclick="unsubscribe('${topic}'); return false;"> <img src="static/img/unsubscribe.svg"> Unsubscribe</button>`;
-            topicsList.appendChild(topicEntry);
-        }
-        topicsHeader.style.display = '';
-
-        // Open event source
-        let eventSource = new EventSource(`${topic}/sse`);
-        eventSource.onopen = () => {
-            topicEntry.innerHTML = `<a href="/${topic}" onclick="return showDetail('${topic}')">${topic}</a> <button onclick="test('${topic}'); return false;"> <img src="static/img/send.svg"> Test</button> <button onclick="unsubscribe('${topic}'); return false;"> <img src="static/img/unsubscribe.svg"> Unsubscribe</button>`;
-            delaySec = 0; // Reset on successful connection
-        };
-        eventSource.onerror = (e) => {
-            topicEntry.innerHTML = `<a href="/${topic}" onclick="return showDetail('${topic}')">${topic}</a> <i>(Reconnecting)</i> <button disabled="disabled">Test</button> <button onclick="unsubscribe('${topic}'); return false;">Unsubscribe</button>`;
-            eventSource.close();
-            const newDelaySec = (delaySec + 5 <= 15) ? delaySec + 5 : 15;
-            subscribeInternal(topic, persist, newDelaySec);
-        };
-        eventSource.onmessage = (e) => {
-            const event = JSON.parse(e.data);
-            topics[topic]['messages'].push(event);
-            topics[topic]['messages'].sort((a, b) => { return a.time < b.time ? 1 : -1; }); // Newest first
-            if (currentTopic === topic) {
-                rerenderDetailView();
-            }
-            if (Notification.permission === "granted") {
-                notifySound.play();
-                const title = formatTitle(event);
-                const message = formatMessage(event);
-                const notification = new Notification(title, {
-                    body: message,
-                    icon: '/static/img/favicon.png'
-                });
-                notification.onclick = (e) => {
-                    showDetail(event.topic);
-                };
-            }
-        };
-        topics[topic] = {
-            'eventSource': eventSource,
-            'messages': [],
-            'persist': persist
-        };
-        fetchCachedMessages(topic).then(() => {
-            if (currentTopic === topic) {
-                rerenderDetailView();
-            }
-        })
-        let persistedTopicKeys = Object.keys(topics).filter(t => topics[t].persist);
-        localStorage.setItem('topics', JSON.stringify(persistedTopicKeys));
-    }, delaySec * 1000);
-};
-
-const unsubscribe = (topic) => {
-    topics[topic]['eventSource'].close();
-    delete topics[topic];
-    localStorage.setItem('topics', JSON.stringify(Object.keys(topics)));
-    document.getElementById(`topic-${topic}`).remove();
-    if (Object.keys(topics).length === 0) {
-        topicsHeader.style.display = 'none';
-    }
-};
-
-const test = (topic) => {
-    fetch(`/${topic}`, {
-        method: 'PUT',
-        body: `This is a test notification sent by the ntfy.sh Web UI at ${new Date().toString()}.`
-    });
-};
-
-const fetchCachedMessages = async (topic) => {
-    const topicJsonUrl = `/${topic}/json?poll=1`; // Poll!
-    for await (let line of makeTextFileLineIterator(topicJsonUrl)) {
-        const message = JSON.parse(line);
-        topics[topic]['messages'].push(message);
-    }
-    topics[topic]['messages'].sort((a, b) => { return a.time < b.time ? 1 : -1; }); // Newest first
-};
-
-const showDetail = (topic) => {
-    currentTopic = topic;
-    history.replaceState(topic, `${currentUrl}/${topic}`, `/${topic}`);
-    window.scrollTo(0, 0);
-    rerenderDetailView();
-    return false;
-};
-
-const rerenderDetailView = () => {
-    detailTitle.innerHTML = `${currentUrl}/${currentTopic}`; // document.location.replaceAll(..)
-    detailTopicUrl.innerHTML = `${currentUrl}/${currentTopic}`;
-    while (detailEventsList.firstChild) {
-        detailEventsList.removeChild(detailEventsList.firstChild);
-    }
-    topics[currentTopic]['messages'].forEach(m => {
-        const entryDiv = document.createElement('div');
-        const dateDiv = document.createElement('div');
-        const titleDiv = document.createElement('div');
-        const messageDiv = document.createElement('div');
-        const tagsDiv = document.createElement('div');
-
-        entryDiv.classList.add('detailEntry');
-        dateDiv.classList.add('detailDate');
-        titleDiv.classList.add('detailTitle');
-        messageDiv.classList.add('detailMessage');
-        tagsDiv.classList.add('detailTags');
-
-        const dateStr = new Date(m.time * 1000).toLocaleString();
-        if (m.priority && [1,2,4,5].includes(m.priority)) {
-            dateDiv.innerHTML = `${dateStr} <img src="static/img/priority-${m.priority}.svg"/>`;
-        } else {
-            dateDiv.innerHTML = `${dateStr}`;
-        }
-        messageDiv.innerText = formatMessage(m);
-        entryDiv.appendChild(dateDiv);
-        if (m.title) {
-            titleDiv.innerText = formatTitleA(m);
-            entryDiv.appendChild(titleDiv);
-        }
-        entryDiv.appendChild(messageDiv);
-        const otherTags = unmatchedTags(m.tags);
-        if (otherTags.length > 0) {
-            tagsDiv.innerText = `Tags: ${otherTags.join(", ")}`;
-            entryDiv.appendChild(tagsDiv);
-        }
-        detailEventsList.appendChild(entryDiv);
-    })
-    if (topics[currentTopic]['messages'].length === 0) {
-        detailNoNotifications.style.display = '';
-    } else {
-        detailNoNotifications.style.display = 'none';
-    }
-    if (Notification.permission === "granted") {
-        detailNotificationsDisallowed.style.display = 'none';
-    } else {
-        detailNotificationsDisallowed.style.display = 'block';
-    }
-    detailView.style.display = 'block';
-    main.style.display = 'none';
-};
-
-const hideDetailView = () => {
-    if (currentTopicUnsubscribeOnClose) {
-        unsubscribe(currentTopic);
-        currentTopicUnsubscribeOnClose = false;
-    }
-    currentTopic = "";
-    history.replaceState('', originalTitle, '/');
-    detailView.style.display = 'none';
-    main.style.display = 'block';
-    return false;
-};
-
-const requestPermission = () => {
-    if (Notification.permission !== "granted") {
-        Notification.requestPermission().then((permission) => {
-            if (permission === "granted") {
-                detailNotificationsDisallowed.style.display = 'none';
-            }
-        });
-    }
-    return false;
-};
-
-const showError = (msg) => {
-    errorField.innerHTML = msg;
-    topicField.disabled = true;
-    subscribeButton.disabled = true;
-};
-
-const showBrowserIncompatibleError = () => {
-    showError("Your browser is not compatible to use the web-based desktop notifications.");
-};
-
-const showNotificationDeniedError = () => {
-    showError("You have blocked desktop notifications for this website. Please unblock them and refresh to use the web-based desktop notifications.");
-};
-
-const showScreenshotOverlay = (e, el, index) => {
-    lightbox.classList.add('show');
-    document.addEventListener('keydown', nextScreenshotKeyboardListener);
-    return showScreenshot(e, index);
-};
-
-const showScreenshot = (e, index) => {
-    const actualIndex = resolveScreenshotIndex(index);
-    lightbox.innerHTML = '<div class="close-lightbox"></div>' + screenshots[actualIndex].innerHTML;
-    lightbox.querySelector('img').onclick = (e) => { return showScreenshot(e,actualIndex+1); };
-    currentScreenshotIndex = actualIndex;
-    e.stopPropagation();
-    return false;
-};
-
-const nextScreenshot = (e) => {
-    return showScreenshot(e, currentScreenshotIndex+1);
-};
-
-const previousScreenshot = (e) => {
-    return showScreenshot(e, currentScreenshotIndex-1);
-};
-
-const resolveScreenshotIndex = (index) => {
-    if (index < 0) {
-        return screenshots.length - 1;
-    } else if (index > screenshots.length - 1) {
-        return 0;
-    }
-    return index;
-};
-
-const hideScreenshotOverlay = (e) => {
-    lightbox.classList.remove('show');
-    document.removeEventListener('keydown', nextScreenshotKeyboardListener);
-};
-
-const nextScreenshotKeyboardListener = (e) => {
-    switch (e.keyCode) {
-        case 37:
-            previousScreenshot(e);
-            break;
-        case 39:
-            nextScreenshot(e);
-            break;
-    }
-};
-
-const formatTitle = (m) => {
-    if (m.title) {
-        return formatTitleA(m);
-    } else {
-        return `${location.host}/${m.topic}`;
-    }
-};
-
-const formatTitleA = (m) => {
-    const emojiList = toEmojis(m.tags);
-    if (emojiList.length > 0) {
-        return `${emojiList.join(" ")} ${m.title}`;
-    } else {
-        return m.title;
-    }
-};
-
-const formatMessage = (m) => {
-    if (m.title) {
-        return m.message;
-    } else {
-        const emojiList = toEmojis(m.tags);
-        if (emojiList.length > 0) {
-            return `${emojiList.join(" ")} ${m.message}`;
-        } else {
-            return m.message;
-        }
-    }
-};
-
-const toEmojis = (tags) => {
-    if (!tags) return [];
-    else return tags.filter(tag => tag in emojis).map(tag => emojis[tag]);
-}
-
-const unmatchedTags = (tags) => {
-    if (!tags) return [];
-    else return tags.filter(tag => !(tag in emojis));
-}
-
-// From: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch
-async function* makeTextFileLineIterator(fileURL) {
-    const utf8Decoder = new TextDecoder('utf-8');
-    const response = await fetch(fileURL);
-    const reader = response.body.getReader();
-    let { value: chunk, done: readerDone } = await reader.read();
-    chunk = chunk ? utf8Decoder.decode(chunk) : '';
-
-    const re = /\n|\r|\r\n/gm;
-    let startIndex = 0;
-    let result;
-
-    for (;;) {
-        let result = re.exec(chunk);
-        if (!result) {
-            if (readerDone) {
-                break;
-            }
-            let remainder = chunk.substr(startIndex);
-            ({ value: chunk, done: readerDone } = await reader.read());
-            chunk = remainder + (chunk ? utf8Decoder.decode(chunk) : '');
-            startIndex = re.lastIndex = 0;
-            continue;
-        }
-        yield chunk.substring(startIndex, result.index);
-        startIndex = re.lastIndex;
-    }
-    if (startIndex < chunk.length) {
-        yield chunk.substr(startIndex); // last line didn't end in a newline char
-    }
-}
-
-subscribeButton.onclick = () => {
-    if (!topicField.value) {
-        return false;
-    }
-    subscribe(topicField.value);
-    topicField.value = "";
-    return false;
-};
-
-detailCloseButton.onclick = () => {
-    hideDetailView();
-};
-
-let currentScreenshotIndex = 0;
-const screenshots = [...document.querySelectorAll("#screenshots a")];
-screenshots.forEach((el, index) => {
-    el.onclick = (e) => { return showScreenshotOverlay(e, el, index); };
-});
-
-lightbox.onclick = hideScreenshotOverlay;
-
-// Disable Web UI if notifications of EventSource are not available
-if (!window["Notification"] || !window["EventSource"]) {
-    showBrowserIncompatibleError();
-} else if (Notification.permission === "denied") {
-    showNotificationDeniedError();
-}
-
-// Reset UI
-topicField.value = "";
-
-// Restore topics
-const storedTopics = JSON.parse(localStorage.getItem('topics') || "[]");
-if (storedTopics) {
-    storedTopics.forEach((topic) => { subscribeInternal(topic, true, 0); });
-    if (storedTopics.length === 0) {
-        topicsHeader.style.display = 'none';
-    }
-} else {
-    topicsHeader.style.display = 'none';
-}
-
-// (Temporarily) subscribe topic if we navigated to /sometopic URL
-const match = location.pathname.match(/^\/([-_a-zA-Z0-9]{1,64})$/) // Regex must match Go & Android app!
-if (match) {
-    currentTopic = match[1];
-    if (!storedTopics.includes(currentTopic)) {
-        subscribeInternal(currentTopic, false,0);
-        currentTopicUnsubscribeOnClose = true;
-    }
-}
-
-// Add anchor links
-document.querySelectorAll('.anchor').forEach((el) => {
-    if (el.hasAttribute('id')) {
-        const id = el.getAttribute('id');
-        const anchor = document.createElement('a');
-        anchor.innerHTML = `<a href="#${id}" class="anchorLink">#</a>`;
-        el.appendChild(anchor);
-    }
-});
-
-// Change ntfy.sh url and protocol to match self-hosted one
-document.querySelectorAll('.ntfyUrl').forEach((el) => {
-    el.innerHTML = currentUrl;
-});
-document.querySelectorAll('.ntfyProtocol').forEach((el) => {
-    el.innerHTML = window.location.protocol + "//";
-});
-
-// Format emojis (see emoji.js)
-const emojis = {};
-rawEmojis.forEach(emoji => {
-    emoji.aliases.forEach(alias => {
-        emojis[alias] = emoji.emoji;
-    });
-});
--- a/server/static/js/emoji.js
+++ b/server/static/js/emoji.js
--- a/server/static/sound/mixkit-message-pop-alert-2354.mp3
+++ b/server/static/sound/mixkit-message-pop-alert-2354.mp3
--- a/server/types.go
+++ b/server/types.go
@@ -15,7 +15,7 @@ const (
 )

 const (
-	messageIDLength = 10
+	messageIDLength = 12
 )

 // message represents a message published to a topic
@@ -27,6 +27,7 @@ type message struct {
 	Priority   int         `json:"priority,omitempty"`
 	Tags       []string    `json:"tags,omitempty"`
 	Click      string      `json:"click,omitempty"`
+	Actions    []*action   `json:"actions,omitempty"`
 	Attachment *attachment `json:"attachment,omitempty"`
 	Title      string      `json:"title,omitempty"`
 	Message    string      `json:"message,omitempty"`
@@ -42,6 +43,34 @@ type attachment struct {
 	Owner   string `json:"-"` // IP address of uploader, used for rate limiting
 }

+type action struct {
+	ID      string            `json:"id"`
+	Action  string            `json:"action"`            // "view", "broadcast", or "http"
+	Label   string            `json:"label"`             // action button label
+	Clear   bool              `json:"clear"`             // clear notification after successful execution
+	URL     string            `json:"url,omitempty"`     // used in "view" and "http" actions
+	Method  string            `json:"method,omitempty"`  // used in "http" action, default is POST (!)
+	Headers map[string]string `json:"headers,omitempty"` // used in "http" action
+	Body    string            `json:"body,omitempty"`    // used in "http" action
+	Intent  string            `json:"intent,omitempty"`  // used in "broadcast" action
+	Extras  map[string]string `json:"extras,omitempty"`  // used in "broadcast" action
+}
+
+// publishMessage is used as input when publishing as JSON
+type publishMessage struct {
+	Topic    string   `json:"topic"`
+	Title    string   `json:"title"`
+	Message  string   `json:"message"`
+	Priority int      `json:"priority"`
+	Tags     []string `json:"tags"`
+	Click    string   `json:"click"`
+	Actions  []action `json:"actions"`
+	Attach   string   `json:"attach"`
+	Filename string   `json:"filename"`
+	Email    string   `json:"email"`
+	Delay    string   `json:"delay"`
+}
+
 // messageEncoder is a function that knows how to encode a message
 type messageEncoder func(msg *message) (string, error)

@@ -74,23 +103,46 @@ func newDefaultMessage(topic, msg string) *message {
 	return newMessage(messageEvent, topic, msg)
 }

-type sinceTime time.Time
+func validMessageID(s string) bool {
+	return util.ValidRandomString(s, messageIDLength)
+}

-func (t sinceTime) IsAll() bool {
+type sinceMarker struct {
+	time time.Time
+	id   string
+}
+
+func newSinceTime(timestamp int64) sinceMarker {
+	return sinceMarker{time.Unix(timestamp, 0), ""}
+}
+
+func newSinceID(id string) sinceMarker {
+	return sinceMarker{time.Unix(0, 0), id}
+}
+
+func (t sinceMarker) IsAll() bool {
 	return t == sinceAllMessages
 }

-func (t sinceTime) IsNone() bool {
+func (t sinceMarker) IsNone() bool {
 	return t == sinceNoMessages
 }

-func (t sinceTime) Time() time.Time {
-	return time.Time(t)
+func (t sinceMarker) IsID() bool {
+	return t.id != ""
+}
+
+func (t sinceMarker) Time() time.Time {
+	return t.time
+}
+
+func (t sinceMarker) ID() string {
+	return t.id
 }

 var (
-	sinceAllMessages = sinceTime(time.Unix(0, 0))
-	sinceNoMessages  = sinceTime(time.Unix(1, 0))
+	sinceAllMessages = sinceMarker{time.Unix(0, 0), ""}
+	sinceNoMessages  = sinceMarker{time.Unix(1, 0), ""}
 )

 type queryFilter struct {
--- a/server/util.go
+++ b/server/util.go
@@ -1,10 +1,17 @@
 package server

 import (
+	"encoding/json"
+	"heckel.io/ntfy/util"
 	"net/http"
 	"strings"
 )

+const (
+	actionIDLength = 10
+	actionsMax     = 3
+)
+
 func readBoolParam(r *http.Request, defaultValue bool, names ...string) bool {
 	value := strings.ToLower(readParam(r, names...))
 	if value == "" {
@@ -14,12 +21,24 @@ func readBoolParam(r *http.Request, defaultValue bool, names ...string) bool {
 }

 func readParam(r *http.Request, names ...string) string {
+	value := readHeaderParam(r, names...)
+	if value != "" {
+		return value
+	}
+	return readQueryParam(r, names...)
+}
+
+func readHeaderParam(r *http.Request, names ...string) string {
 	for _, name := range names {
 		value := r.Header.Get(name)
 		if value != "" {
 			return strings.TrimSpace(value)
 		}
 	}
+	return ""
+}
+
+func readQueryParam(r *http.Request, names ...string) string {
 	for _, name := range names {
 		value := r.URL.Query().Get(strings.ToLower(name))
 		if value != "" {
@@ -28,3 +47,103 @@ func readParam(r *http.Request, names ...string) string {
 	}
 	return ""
 }
+
+func parseActions(s string) (actions []*action, err error) {
+	// Parse JSON or simple format
+	s = strings.TrimSpace(s)
+	if strings.HasPrefix(s, "[") {
+		actions, err = parseActionsFromJSON(s)
+	} else {
+		actions, err = parseActionsFromSimple(s)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// Add ID field, ensure correct uppercase/lowercase
+	for i := range actions {
+		actions[i].ID = util.RandomString(actionIDLength)
+		actions[i].Action = strings.ToLower(actions[i].Action)
+		actions[i].Method = strings.ToUpper(actions[i].Method)
+	}
+
+	// Validate
+	if len(actions) > actionsMax {
+		return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "only %d actions allowed", actionsMax)
+	}
+	for _, action := range actions {
+		if !util.InStringList([]string{"view", "broadcast", "http"}, action.Action) {
+			return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "action '%s' unknown", action.Action)
+		} else if action.Label == "" {
+			return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "parameter 'label' is required")
+		} else if util.InStringList([]string{"view", "http"}, action.Action) && action.URL == "" {
+			return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "parameter 'url' is required for action '%s'", action.Action)
+		} else if action.Action == "http" && util.InStringList([]string{"GET", "HEAD"}, action.Method) && action.Body != "" {
+			return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "parameter 'body' cannot be set if method is %s", action.Method)
+		}
+	}
+
+	return actions, nil
+}
+
+func parseActionsFromJSON(s string) ([]*action, error) {
+	actions := make([]*action, 0)
+	if err := json.Unmarshal([]byte(s), &actions); err != nil {
+		return nil, err
+	}
+	return actions, nil
+}
+
+func parseActionsFromSimple(s string) ([]*action, error) {
+	actions := make([]*action, 0)
+	rawActions := util.SplitNoEmpty(s, ";")
+	for _, rawAction := range rawActions {
+		newAction := &action{
+			Headers: make(map[string]string),
+			Extras:  make(map[string]string),
+		}
+		parts := util.SplitNoEmpty(rawAction, ",")
+		if len(parts) < 3 {
+			return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "action requires at least keys 'action', 'label' and one parameter: %s", rawAction)
+		}
+		for i, part := range parts {
+			key, value := util.SplitKV(part, "=")
+			if key == "" && i == 0 {
+				newAction.Action = value
+			} else if key == "" && i == 1 {
+				newAction.Label = value
+			} else if key == "" && util.InStringList([]string{"view", "http"}, newAction.Action) && i == 2 {
+				newAction.URL = value
+			} else if strings.HasPrefix(key, "headers.") {
+				newAction.Headers[strings.TrimPrefix(key, "headers.")] = value
+			} else if strings.HasPrefix(key, "extras.") {
+				newAction.Extras[strings.TrimPrefix(key, "extras.")] = value
+			} else if key != "" {
+				switch strings.ToLower(key) {
+				case "action":
+					newAction.Action = value
+				case "label":
+					newAction.Label = value
+				case "clear":
+					lvalue := strings.ToLower(value)
+					if !util.InStringList([]string{"true", "yes", "1", "false", "no", "0"}, lvalue) {
+						return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "'clear=%s' not allowed", value)
+					}
+					newAction.Clear = lvalue == "true" || lvalue == "yes" || lvalue == "1"
+				case "url":
+					newAction.URL = value
+				case "method":
+					newAction.Method = value
+				case "body":
+					newAction.Body = value
+				default:
+					return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "key '%s' unknown", key)
+				}
+			} else {
+				return nil, wrapErrHTTP(errHTTPBadRequestActionsInvalid, "unknown term '%s'", part)
+			}
+		}
+		actions = append(actions, newAction)
+	}
+	return actions, nil
+}
--- a/server/util_test.go
+++ b/server/util_test.go
@@ -27,3 +27,56 @@ func TestReadBoolParam(t *testing.T) {
 	require.Equal(t, false, up)
 	require.Equal(t, true, firebase)
 }
+
+func TestParseActions(t *testing.T) {
+	actions, err := parseActions("[]")
+	require.Nil(t, err)
+	require.Empty(t, actions)
+
+	actions, err = parseActions("action=http, label=Open door, url=https://door.lan/open; view, Show portal, https://door.lan")
+	require.Nil(t, err)
+	require.Equal(t, 2, len(actions))
+	require.Equal(t, "http", actions[0].Action)
+	require.Equal(t, "Open door", actions[0].Label)
+	require.Equal(t, "https://door.lan/open", actions[0].URL)
+	require.Equal(t, "view", actions[1].Action)
+	require.Equal(t, "Show portal", actions[1].Label)
+	require.Equal(t, "https://door.lan", actions[1].URL)
+
+	actions, err = parseActions(`[{"action":"http","label":"Open door","url":"https://door.lan/open"}, {"action":"view","label":"Show portal","url":"https://door.lan"}]`)
+	require.Nil(t, err)
+	require.Equal(t, 2, len(actions))
+	require.Equal(t, "http", actions[0].Action)
+	require.Equal(t, "Open door", actions[0].Label)
+	require.Equal(t, "https://door.lan/open", actions[0].URL)
+	require.Equal(t, "view", actions[1].Action)
+	require.Equal(t, "Show portal", actions[1].Label)
+	require.Equal(t, "https://door.lan", actions[1].URL)
+
+	actions, err = parseActions("action=http, label=Open door, url=https://door.lan/open, body=this is a body, method=PUT")
+	require.Nil(t, err)
+	require.Equal(t, 1, len(actions))
+	require.Equal(t, "http", actions[0].Action)
+	require.Equal(t, "Open door", actions[0].Label)
+	require.Equal(t, "https://door.lan/open", actions[0].URL)
+	require.Equal(t, "PUT", actions[0].Method)
+	require.Equal(t, "this is a body", actions[0].Body)
+
+	actions, err = parseActions("action=broadcast, label=Do a thing, extras.command=some command, extras.some_param=a parameter")
+	require.Nil(t, err)
+	require.Equal(t, 1, len(actions))
+	require.Equal(t, "broadcast", actions[0].Action)
+	require.Equal(t, "Do a thing", actions[0].Label)
+	require.Equal(t, 2, len(actions[0].Extras))
+	require.Equal(t, "some command", actions[0].Extras["command"])
+	require.Equal(t, "a parameter", actions[0].Extras["some_param"])
+
+	actions, err = parseActions("action=http, label=Send request, url=http://example.com, method=GET, headers.Content-Type=application/json, headers.Authorization=Basic sdasffsf")
+	require.Nil(t, err)
+	require.Equal(t, 1, len(actions))
+	require.Equal(t, "http", actions[0].Action)
+	require.Equal(t, "Send request", actions[0].Label)
+	require.Equal(t, 2, len(actions[0].Headers))
+	require.Equal(t, "application/json", actions[0].Headers["Content-Type"])
+	require.Equal(t, "Basic sdasffsf", actions[0].Headers["Authorization"])
+}
--- a/server/visitor.go
+++ b/server/visitor.go
@@ -22,6 +22,7 @@ var (
 // visitor represents an API user, and its associated rate.Limiter used for rate limiting
 type visitor struct {
 	config        *Config
+	messageCache  *messageCache
 	ip            string
 	requests      *rate.Limiter
 	emails        *rate.Limiter
@@ -31,9 +32,17 @@ type visitor struct {
 	mu            sync.Mutex
 }

-func newVisitor(conf *Config, ip string) *visitor {
+type visitorStats struct {
+	AttachmentFileSizeLimit         int64 `json:"attachmentFileSizeLimit"`
+	VisitorAttachmentBytesTotal     int64 `json:"visitorAttachmentBytesTotal"`
+	VisitorAttachmentBytesUsed      int64 `json:"visitorAttachmentBytesUsed"`
+	VisitorAttachmentBytesRemaining int64 `json:"visitorAttachmentBytesRemaining"`
+}
+
+func newVisitor(conf *Config, messageCache *messageCache, ip string) *visitor {
 	return &visitor{
 		config:        conf,
+		messageCache:  messageCache,
 		ip:            ip,
 		requests:      rate.NewLimiter(rate.Every(conf.VisitorRequestLimitReplenish), conf.VisitorRequestLimitBurst),
 		emails:        rate.NewLimiter(rate.Every(conf.VisitorEmailLimitReplenish), conf.VisitorEmailLimitBurst),
@@ -91,3 +100,20 @@ func (v *visitor) Stale() bool {
 	defer v.mu.Unlock()
 	return time.Since(v.seen) > visitorExpungeAfter
 }
+
+func (v *visitor) Stats() (*visitorStats, error) {
+	attachmentsBytesUsed, err := v.messageCache.AttachmentBytesUsed(v.ip)
+	if err != nil {
+		return nil, err
+	}
+	attachmentsBytesRemaining := v.config.VisitorAttachmentTotalSizeLimit - attachmentsBytesUsed
+	if attachmentsBytesRemaining < 0 {
+		attachmentsBytesRemaining = 0
+	}
+	return &visitorStats{
+		AttachmentFileSizeLimit:         v.config.AttachmentFileSizeLimit,
+		VisitorAttachmentBytesTotal:     v.config.VisitorAttachmentTotalSizeLimit,
+		VisitorAttachmentBytesUsed:      attachmentsBytesUsed,
+		VisitorAttachmentBytesRemaining: attachmentsBytesRemaining,
+	}, nil
+}
--- a/util/gzip_handler.go
+++ b/util/gzip_handler.go
@@ -0,0 +1,52 @@
+package util
+
+import (
+	"compress/gzip"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"sync"
+)
+
+// Gzip is a HTTP middleware to transparently compress responses using gzip.
+// Original code from https://gist.github.com/CJEnright/bc2d8b8dc0c1389a9feeddb110f822d7 (MIT)
+func Gzip(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
+			next.ServeHTTP(w, r)
+			return
+		}
+		w.Header().Set("Content-Encoding", "gzip")
+
+		gz := gzPool.Get().(*gzip.Writer)
+		defer gzPool.Put(gz)
+
+		gz.Reset(w)
+		defer gz.Close()
+
+		r.Header.Del("Accept-Encoding") // prevent double-gzipping
+		next.ServeHTTP(&gzipResponseWriter{ResponseWriter: w, Writer: gz}, r)
+	})
+}
+
+var gzPool = sync.Pool{
+	New: func() interface{} {
+		w := gzip.NewWriter(ioutil.Discard)
+		return w
+	},
+}
+
+type gzipResponseWriter struct {
+	io.Writer
+	http.ResponseWriter
+}
+
+func (w *gzipResponseWriter) WriteHeader(status int) {
+	w.Header().Del("Content-Length")
+	w.ResponseWriter.WriteHeader(status)
+}
+
+func (w *gzipResponseWriter) Write(b []byte) (int, error) {
+	return w.Writer.Write(b)
+}
--- a/util/gzip_handler_test.go
+++ b/util/gzip_handler_test.go
@@ -0,0 +1,40 @@
+package util
+
+import (
+	"compress/gzip"
+	"github.com/stretchr/testify/require"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestGzipHandler(t *testing.T) {
+	s := Gzip(http.FileServer(http.FS(testFs)))
+
+	rr := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/embedfs/test.txt", nil)
+	req.Header.Set("Accept-Encoding", "gzip, deflate")
+	s.ServeHTTP(rr, req)
+	require.Equal(t, 200, rr.Code)
+	require.Equal(t, "gzip", rr.Header().Get("Content-Encoding"))
+	require.Equal(t, "", rr.Header().Get("Content-Length"))
+
+	gz, _ := gzip.NewReader(rr.Body)
+	b, _ := io.ReadAll(gz)
+	require.Equal(t, "This is a test file for embedfs_test.go\n", string(b))
+}
+
+func TestGzipHandler_NoGzip(t *testing.T) {
+	s := Gzip(http.FileServer(http.FS(testFs)))
+
+	rr := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/embedfs/test.txt", nil)
+	s.ServeHTTP(rr, req)
+	require.Equal(t, 200, rr.Code)
+	require.Equal(t, "", rr.Header().Get("Content-Encoding"))
+	require.Equal(t, "40", rr.Header().Get("Content-Length"))
+
+	b, _ := io.ReadAll(rr.Body)
+	require.Equal(t, "This is a test file for embedfs_test.go\n", string(b))
+}
--- a/util/peak.go
+++ b/util/peak.go
@@ -1,61 +0,0 @@
-package util
-
-import (
-	"bytes"
-	"io"
-	"strings"
-)
-
-// PeakedReadCloser is a ReadCloser that allows peaking into a stream and buffering it in memory.
-// It can be instantiated using the Peak function. After a stream has been peaked, it can still be fully
-// read by reading the PeakedReadCloser. It first drained from the memory buffer, and then from the remaining
-// underlying reader.
-type PeakedReadCloser struct {
-	PeakedBytes  []byte
-	LimitReached bool
-	peaked       io.Reader
-	underlying   io.ReadCloser
-	closed       bool
-}
-
-// Peak reads the underlying ReadCloser into memory up until the limit and returns a PeakedReadCloser
-func Peak(underlying io.ReadCloser, limit int) (*PeakedReadCloser, error) {
-	if underlying == nil {
-		underlying = io.NopCloser(strings.NewReader(""))
-	}
-	peaked := make([]byte, limit)
-	read, err := io.ReadFull(underlying, peaked)
-	if err != nil && err != io.ErrUnexpectedEOF && err != io.EOF {
-		return nil, err
-	}
-	return &PeakedReadCloser{
-		PeakedBytes:  peaked[:read],
-		LimitReached: read == limit,
-		underlying:   underlying,
-		peaked:       bytes.NewReader(peaked[:read]),
-		closed:       false,
-	}, nil
-}
-
-// Read reads from the peaked bytes and then from the underlying stream
-func (r *PeakedReadCloser) Read(p []byte) (n int, err error) {
-	if r.closed {
-		return 0, io.EOF
-	}
-	n, err = r.peaked.Read(p)
-	if err == io.EOF {
-		return r.underlying.Read(p)
-	} else if err != nil {
-		return 0, err
-	}
-	return
-}
-
-// Close closes the underlying stream
-func (r *PeakedReadCloser) Close() error {
-	if r.closed {
-		return io.EOF
-	}
-	r.closed = true
-	return r.underlying.Close()
-}
--- a/util/peek.go
+++ b/util/peek.go
@@ -0,0 +1,61 @@
+package util
+
+import (
+	"bytes"
+	"io"
+	"strings"
+)
+
+// PeekedReadCloser is a ReadCloser that allows peeking into a stream and buffering it in memory.
+// It can be instantiated using the Peek function. After a stream has been peeked, it can still be fully
+// read by reading the PeekedReadCloser. It first drained from the memory buffer, and then from the remaining
+// underlying reader.
+type PeekedReadCloser struct {
+	PeekedBytes  []byte
+	LimitReached bool
+	peeked       io.Reader
+	underlying   io.ReadCloser
+	closed       bool
+}
+
+// Peek reads the underlying ReadCloser into memory up until the limit and returns a PeekedReadCloser
+func Peek(underlying io.ReadCloser, limit int) (*PeekedReadCloser, error) {
+	if underlying == nil {
+		underlying = io.NopCloser(strings.NewReader(""))
+	}
+	peeked := make([]byte, limit)
+	read, err := io.ReadFull(underlying, peeked)
+	if err != nil && err != io.ErrUnexpectedEOF && err != io.EOF {
+		return nil, err
+	}
+	return &PeekedReadCloser{
+		PeekedBytes:  peeked[:read],
+		LimitReached: read == limit,
+		underlying:   underlying,
+		peeked:       bytes.NewReader(peeked[:read]),
+		closed:       false,
+	}, nil
+}
+
+// Read reads from the peeked bytes and then from the underlying stream
+func (r *PeekedReadCloser) Read(p []byte) (n int, err error) {
+	if r.closed {
+		return 0, io.EOF
+	}
+	n, err = r.peeked.Read(p)
+	if err == io.EOF {
+		return r.underlying.Read(p)
+	} else if err != nil {
+		return 0, err
+	}
+	return
+}
+
+// Close closes the underlying stream
+func (r *PeekedReadCloser) Close() error {
+	if r.closed {
+		return io.EOF
+	}
+	r.closed = true
+	return r.underlying.Close()
+}
--- a/util/peek_test.go
+++ b/util/peek_test.go
@@ -9,11 +9,11 @@ import (

 func TestPeak_LimitReached(t *testing.T) {
 	underlying := io.NopCloser(strings.NewReader("1234567890"))
-	peaked, err := Peak(underlying, 5)
+	peaked, err := Peek(underlying, 5)
 	if err != nil {
 		t.Fatal(err)
 	}
-	require.Equal(t, []byte("12345"), peaked.PeakedBytes)
+	require.Equal(t, []byte("12345"), peaked.PeekedBytes)
 	require.Equal(t, true, peaked.LimitReached)

 	all, err := io.ReadAll(peaked)
@@ -21,13 +21,13 @@ func TestPeak_LimitReached(t *testing.T) {
 		t.Fatal(err)
 	}
 	require.Equal(t, []byte("1234567890"), all)
-	require.Equal(t, []byte("12345"), peaked.PeakedBytes)
+	require.Equal(t, []byte("12345"), peaked.PeekedBytes)
 	require.Equal(t, true, peaked.LimitReached)
 }

 func TestPeak_LimitNotReached(t *testing.T) {
 	underlying := io.NopCloser(strings.NewReader("1234567890"))
-	peaked, err := Peak(underlying, 15)
+	peaked, err := Peek(underlying, 15)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -36,12 +36,12 @@ func TestPeak_LimitNotReached(t *testing.T) {
 		t.Fatal(err)
 	}
 	require.Equal(t, []byte("1234567890"), all)
-	require.Equal(t, []byte("1234567890"), peaked.PeakedBytes)
+	require.Equal(t, []byte("1234567890"), peaked.PeekedBytes)
 	require.Equal(t, false, peaked.LimitReached)
 }

 func TestPeak_Nil(t *testing.T) {
-	peaked, err := Peak(nil, 15)
+	peaked, err := Peek(nil, 15)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -50,6 +50,6 @@ func TestPeak_Nil(t *testing.T) {
 		t.Fatal(err)
 	}
 	require.Equal(t, []byte(""), all)
-	require.Equal(t, []byte(""), peaked.PeakedBytes)
+	require.Equal(t, []byte(""), peaked.PeekedBytes)
 	require.Equal(t, false, peaked.LimitReached)
 }
--- a/util/util.go
+++ b/util/util.go
@@ -77,6 +77,16 @@ func SplitNoEmpty(s string, sep string) []string {
 	return res
 }

+// SplitKV splits a string into a key/value pair using a separator, and trimming space. If the separator
+// is not found, key is empty.
+func SplitKV(s string, sep string) (key string, value string) {
+	kv := strings.SplitN(strings.TrimSpace(s), sep, 2)
+	if len(kv) == 2 {
+		return strings.TrimSpace(kv[0]), strings.TrimSpace(kv[1])
+	}
+	return "", strings.TrimSpace(kv[0])
+}
+
 // RandomString returns a random string with a given length
 func RandomString(length int) string {
 	randomMutex.Lock() // Who would have thought that random.Intn() is not thread-safe?!
@@ -88,7 +98,20 @@ func RandomString(length int) string {
 	return string(b)
 }

-// DurationToHuman converts a duration to a human readable format
+// ValidRandomString returns true if the given string matches the format created by RandomString
+func ValidRandomString(s string, length int) bool {
+	if len(s) != length {
+		return false
+	}
+	for _, c := range strings.Split(s, "") {
+		if !strings.Contains(randomStringCharset, c) {
+			return false
+		}
+	}
+	return true
+}
+
+// DurationToHuman converts a duration to a human-readable format
 func DurationToHuman(d time.Duration) (str string) {
 	if d == 0 {
 		return "0"
--- a/util/util_test.go
+++ b/util/util_test.go
@@ -152,3 +152,17 @@ func TestParseSize_FailureInvalid(t *testing.T) {
 		t.Fatalf("expected error, but got none")
 	}
 }
+
+func TestSplitKV(t *testing.T) {
+	key, value := SplitKV(" key = value ", "=")
+	require.Equal(t, "key", key)
+	require.Equal(t, "value", value)
+
+	key, value = SplitKV(" value ", "=")
+	require.Equal(t, "", key)
+	require.Equal(t, "value", value)
+
+	key, value = SplitKV("mykey=value=with=separator ", "=")
+	require.Equal(t, "mykey", key)
+	require.Equal(t, "value=with=separator", value)
+}
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@@ -0,0 +1,43 @@
+{
+  "name": "ntfy",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "start": "react-scripts start",
+    "build": "react-scripts build",
+    "test": "react-scripts test",
+    "eject": "react-scripts eject"
+  },
+  "dependencies": {
+    "@emotion/react": "^11.8.2",
+    "@emotion/styled": "^11.8.1",
+    "@mui/icons-material": "^5.4.2",
+    "@mui/material": "latest",
+    "dexie": "^3.2.1",
+    "dexie-react-hooks": "^1.1.1",
+    "i18next": "^21.6.14",
+    "i18next-browser-languagedetector": "^6.1.4",
+    "i18next-http-backend": "^1.4.0",
+    "js-base64": "^3.7.2",
+    "react": "latest",
+    "react-dom": "latest",
+    "react-i18next": "^11.16.2",
+    "react-infinite-scroll-component": "^6.1.0",
+    "react-router-dom": "^6.2.2",
+    "react-scripts": "^5.0.0",
+    "stacktrace-gps": "^3.0.4",
+    "stacktrace-js": "^2.0.2"
+  },
+  "browserslist": {
+    "production": [
+      ">0.2%",
+      "not dead",
+      "not op_mini all"
+    ],
+    "development": [
+      "last 1 chrome version",
+      "last 1 firefox version",
+      "last 1 safari version"
+    ]
+  }
+}
--- a/web/public/config.js
+++ b/web/public/config.js
@@ -0,0 +1,9 @@
+// Configuration injected by the ntfy server.
+//
+// This file is just an example. It is removed during the build process.
+// The actual config is dynamically generated server-side.
+
+var config = {
+    appRoot: "/",
+    disallowedTopics: ["docs", "static", "file", "app", "settings"]
+};
--- a/web/public/home.html
+++ b/web/public/home.html
@@ -1,11 +1,10 @@
-{{- /*gotype: heckel.io/ntfy/server.indexPage*/ -}}
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">

    <title>ntfy.sh | Send push notifications to your phone via PUT/POST</title>
-    <link rel="stylesheet" href="static/css/app.css" type="text/css">
+    <link rel="stylesheet" href="static/css/home.css" type="text/css">

    <!-- Mobile view -->
    <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no">
@@ -24,14 +23,13 @@
    <meta property="og:type" content="website" />
    <meta property="og:locale" content="en_US" />
    <meta property="og:site_name" content="ntfy.sh" />
-    <meta property="og:title" content="ntfy.sh | Send push notifications to your phone or desktop via PUT/POST" />
+    <meta property="og:title" content="ntfy.sh | Push notifications to your phone or desktop via PUT/POST" />
    <meta property="og:description" content="ntfy is a simple HTTP-based pub-sub notification service. It allows you to send desktop notifications via scripts from any computer, entirely without signup or cost. Made with ❤ by Philipp C. Heckel, Apache License 2.0, source at https://heckel.io/ntfy." />
    <meta property="og:image" content="/static/img/ntfy.png" />
    <meta property="og:url" content="https://ntfy.sh" />
-{{if .Topic}}
-    <!-- Never index topic page -->
-    <meta name="robots" content="noindex, nofollow" />
-{{end}}
+
+    <!-- Fonts -->
+    <link rel="stylesheet" href="static/css/fonts.css" type="text/css">
 </head>
 <body>

@@ -40,15 +38,15 @@
        <img id="logo" src="static/img/ntfy.png" alt="logo"/>
        <div id="name">ntfy</div>
        <ol>
-            <li><a href="docs/">Getting started</a></li>
+            <li><a href="app">Web app</a></li>
            <li><a href="docs/subscribe/phone/">Android/iOS</a></li>
+            <li><a href="docs/">Docs</a></li>
            <li><a href="docs/publish/">API</a></li>
-            <li><a href="docs/install/">Self-hosting</a></li>
            <li><a href="https://github.com/binwiederhier/ntfy">GitHub</a></li>
        </ol>
    </div>
 </nav>
-<div id="main"{{if .Topic}} style="display: none"{{end}}>
+<div id="main">
    <h1>Send push notifications to your phone or desktop via PUT/POST</h1>
    <p>
        <b>ntfy</b> (pronounce: <i>notify</i>) is a simple HTTP-based <a href="https://en.wikipedia.org/wiki/Publish%E2%80%93subscribe_pattern">pub-sub</a> notification service.
@@ -94,7 +92,7 @@
        Here's what that looks like in the <a href="docs/subscribe/phone/">Android app</a>:
    </p>
    <figure>
-        <img src="static/img/priority-notification.png" style="max-height: 200px"/>
+        <img src="static/img/screenshot-phone-popover.png" style="max-height: 200px"/>
        <figcaption>Urgent notification with pop-over</figcaption>
    </figure>

@@ -122,31 +120,23 @@
        <figcaption>Sending push notifications to your Android phone</figcaption>
    </figure>

-    <div id="subscribeBox">
-        <h3 id="subscribe-web" class="anchor">Subscribe in this Web UI</h3>
-        <p id="error"></p>
-        <p>
-            Subscribe to topics here and receive messages as <b>desktop notification</b>. Topics are not password-protected,
-            so choose a name that's not easy to guess.
-        </p>
-        <form id="subscribeForm">
-            <p>
-                <b>Topic:</b><br/>
-                <input type="text" id="topicField" autocomplete="off" placeholder="Topic name, e.g. phil_alerts" maxlength="64" pattern="[-_A-Za-z0-9]{1,64}" />
-                <button id="subscribeButton">Subscribe</button>
-            </p>
-            <p id="topicsHeader"><b>Subscribed topics:</b></p>
-            <ul id="topicsList"></ul>
-        </form>
-        <audio id="notifySound" src="static/sound/mixkit-message-pop-alert-2354.mp3"></audio>
-    </div>
+    <h3 id="subscribe-web" class="anchor">Subscribe via web app</h3>
+    <p>
+        Subscribe to topics in the <a href="app">web app</a> and receive messages as <b>desktop notification</b>.
+        It is available at <b><a href="app"><span class="ntfyUrl">ntfy.sh</span>/app</a></b>.
+    </p>
+    <figure>
+        <a href="app"><img src="static/img/screenshot-web-detail.png" width="100%"/></a>
+        <figcaption>ntfy web app, available at <a href="app"><span class="ntfyUrl">ntfy.sh</span>/app</a></figcaption>
+    </figure>

    <h3 id="subscribe-api" class="anchor">Subscribe using the API</h3>
    <p>
        There's a super simple API that you can use to integrate your own app. You can consume
        a <a href="docs/subscribe/api/#subscribe-as-json-stream">JSON stream</a>,
-        an <a href="docs/subscribe/api/#subscribe-as-sse-stream">SSE/EventSource stream</a> (useful for web apps),
-        as well as a <a href="docs/subscribe/api/#subscribe-as-raw-stream">plain text stream</a>.
+        an <a href="docs/subscribe/api/#subscribe-as-sse-stream">SSE/EventSource stream</a>,
+        a <a href="docs/subscribe/api/#subscribe-as-raw-stream">plain text stream</a>,
+        or <a href="docs/subscribe/api/#websockets">via WebSockets</a>.
    </p>
    <p class="smallMarginBottom">
        Here's an example for JSON. The <b>connection stays open</b>, so you can retrieve messages as they come in:
@@ -186,33 +176,7 @@

    <center id="ironicCenterTagDontFreakOut"><i>Made with ❤️ by <a href="https://heckel.io">Philipp C. Heckel</a></i></center>
 </div>
-<div id="detail"{{if not .Topic}} style="display: none"{{end}}>
-    <div id="detailMain">
-        <button id="detailCloseButton"><img src="static/img/close.svg"/></button>
-        <h1><span id="detailTitle"></span></h1>
-        <p class="smallMarginBottom">
-            <b>ntfy</b> is a simple HTTP-based pub-sub notification service. This is a ntfy topic.
-            To send notifications to it, simply PUT or POST to the topic URL. Here's an example using <tt>curl</tt>:
-        </p>
-        <code>
-            curl -d "Backup failed" <span id="detailTopicUrl">ntfy.sh/topic</span>
-        </code>
-        <p id="detailNotificationsDisallowed">
-            If you'd like to receive desktop notifications when new messages arrive on this topic, you have to
-            <a href="#" onclick="return requestPermission()">grant the browser permission</a> to show notifications.
-            Click the link to do so.
-        </p>
-        <p class="smallMarginBottom">
-            <b>Recent notifications</b> ({{if .CacheDuration}}cached for {{.CacheDuration | durationToHuman}}{{else}}caching is disabled{{end}}):
-        </p>
-        <p id="detailNoNotifications">
-            <i>You haven't received any notifications for this topic yet.</i>
-        </p>
-        <div id="detailEventsList"></div>
-    </div>
-</div>
 <div id="lightbox" class="lightbox"></div>
-<script src="static/js/emoji.js"></script>
-<script src="static/js/app.js"></script>
+<script src="static/js/home.js"></script>
 </body>
 </html>
--- a/web/public/index.html
+++ b/web/public/index.html
@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>ntfy web</title>
+
+  <!-- Mobile view -->
+  <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+  <meta name="HandheldFriendly" content="true">
+
+  <!-- Mobile browsers, background color -->
+  <meta name="theme-color" content="#317f6f">
+  <meta name="msapplication-navbutton-color" content="#317f6f">
+  <meta name="apple-mobile-web-app-status-bar-style" content="#317f6f">
+
+  <!-- Favicon, see favicon.io -->
+  <link rel="icon" type="image/png" href="%PUBLIC_URL%/static/img/favicon.png">
+
+  <!-- Previews in Google, Slack, WhatsApp, etc. -->
+  <meta property="og:type" content="website" />
+  <meta property="og:locale" content="en_US" />
+  <meta property="og:site_name" content="ntfy web" />
+  <meta property="og:title" content="ntfy web" />
+  <meta property="og:description" content="ntfy lets you send push notifications via scripts from any computer or phone, entirely without signup or cost. Made with ❤ by Philipp C. Heckel, Apache License 2.0, source at https://heckel.io/ntfy." />
+  <meta property="og:image" content="%PUBLIC_URL%/static/img/ntfy.png" />
+  <meta property="og:url" content="https://ntfy.sh" />
+
+  <!-- Never index -->
+  <meta name="robots" content="noindex, nofollow" />
+
+  <!-- Fonts -->
+  <link rel="stylesheet" href="%PUBLIC_URL%/static/css/fonts.css" type="text/css">
+</head>
+<body>
+  <noscript>
+    ntfy web requires JavaScript, but you can also use the <a href="https://ntfy.sh/docs/subscribe/cli/">CLI</a>
+    or <a href="https://ntfy.sh/docs/subscribe/phone/">Android/iOS app</a> to subscribe.
+  </noscript>
+  <div id="root"></div>
+  <script src="%PUBLIC_URL%/config.js"></script>
+</body>
+</html>
--- a/web/public/static/css/fonts.css
+++ b/web/public/static/css/fonts.css
@@ -0,0 +1,41 @@
+/* Roboto font, embedded with the help of https://google-webfonts-helper.herokuapp.com/fonts/roboto?subsets=latin */
+
+/* roboto-300 - latin */
+@font-face {
+    font-family: 'Roboto';
+    font-style: normal;
+    font-weight: 300;
+    src: local(''),
+    url('../fonts/roboto-v29-latin-300.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
+    url('../fonts/roboto-v29-latin-300.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
+}
+
+/* roboto-regular - latin */
+@font-face {
+    font-family: 'Roboto';
+    font-style: normal;
+    font-weight: 400;
+    src: local(''),
+    url('../fonts/roboto-v29-latin-regular.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
+    url('../fonts/roboto-v29-latin-regular.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
+}
+
+/* roboto-500 - latin */
+@font-face {
+    font-family: 'Roboto';
+    font-style: normal;
+    font-weight: 500;
+    src: local(''),
+    url('../fonts/roboto-v29-latin-500.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
+    url('../fonts/roboto-v29-latin-500.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
+}
+
+/* roboto-700 - latin */
+@font-face {
+    font-family: 'Roboto';
+    font-style: normal;
+    font-weight: 700;
+    src: local(''),
+    url('../fonts/roboto-v29-latin-700.woff2') format('woff2'), /* Chrome 26+, Opera 23+, Firefox 39+ */
+    url('../fonts/roboto-v29-latin-700.woff') format('woff'); /* Chrome 6+, Firefox 3.6+, IE 9+, Safari 5.1+ */
+}
--- a/web/public/static/css/home.css
+++ b/web/public/static/css/home.css
@@ -0,0 +1,280 @@
+/* general styling */
+
+html, body {
+    font-family: 'Roboto', sans-serif;
+    font-weight: 400;
+    font-size: 1.1em;
+    color: #444;
+    margin: 0;
+    padding: 0;
+}
+
+html {
+    /* prevent scrollbar from repositioning website:
+     * https://www.w3docs.com/snippets/css/how-to-prevent-scrollbar-from-repositioning-web-page.html */
+    overflow-y: scroll;
+}
+
+a, a:visited {
+    color: #338574;
+}
+
+a:hover {
+    text-decoration: none;
+    color: #317f6f;
+}
+
+h1 {
+    margin-top: 35px;
+    margin-bottom: 30px;
+    font-size: 2.5em;
+    word-wrap: break-word; /* For very long topics */
+    padding-right: 40px; /* For the X on the detail page */
+    font-weight: 300;
+    color: #666;
+}
+
+h2 {
+    margin-top: 30px;
+    margin-bottom: 5px;
+    font-size: 1.8em;
+    font-weight: 300;
+    color: #333;
+}
+
+h3 {
+    margin-top: 25px;
+    margin-bottom: 5px;
+    font-size: 1.3em;
+    font-weight: 300;
+    color: #333;
+}
+
+p {
+    margin-top: 10px;
+    margin-bottom: 20px;
+    line-height: 160%;
+    font-weight: 400;
+}
+
+p.smallMarginBottom {
+    margin-bottom: 10px;
+}
+
+b {
+    font-weight: 500;
+}
+
+tt {
+    background: #eee;
+    padding: 2px 7px;
+    border-radius: 3px;
+}
+
+code {
+    display: block;
+    background: #eee;
+    font-family: monospace;
+    padding: 20px;
+    border-radius: 3px;
+    margin-top: 10px;
+    margin-bottom: 20px;
+    overflow-x: auto;
+    white-space: nowrap;
+}
+
+/* Main page */
+
+#main {
+    max-width: 900px;
+    margin: 0 auto 50px auto;
+    padding: 0 10px;
+}
+
+#error {
+    color: darkred;
+    font-style: italic;
+}
+
+#ironicCenterTagDontFreakOut {
+    color: #666;
+}
+
+/* Anchors */
+
+.anchor .anchorLink {
+    color: #ccc;
+    text-decoration: none;
+    padding: 0 5px;
+    visibility: hidden;
+}
+
+.anchor:hover .anchorLink {
+    visibility: visible;
+}
+
+.anchor .anchorLink:hover {
+    color: #338574;
+    visibility: visible;
+}
+
+/* Figures */
+
+figure {
+    text-align: center;
+}
+
+figure img, figure video {
+    filter: drop-shadow(3px 3px 3px #ccc);
+    border-radius: 7px;
+    max-width: 100%;
+}
+
+figure video {
+    width: 100%;
+    max-height: 450px;
+}
+
+figcaption {
+    text-align: center;
+    font-style: italic;
+    padding-top: 10px;
+}
+
+/* Screenshots */
+
+#screenshots {
+    text-align: center;
+}
+
+#screenshots img {
+    height: 190px;
+    margin: 3px;
+    border-radius: 5px;
+    filter: drop-shadow(2px 2px 2px #ddd);
+}
+
+#screenshots .nowrap {
+    white-space: nowrap;
+}
+
+/* Lightbox; thanks to https://yossiabramov.com/blog/vanilla-js-lightbox */
+
+.lightbox {
+    opacity: 0;
+    visibility: hidden;
+    position: fixed;
+    left:0;
+    right: 0;
+    top: 0;
+    bottom: 0;
+    z-index: -1;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    transition: all 0.15s ease-in;
+}
+
+.lightbox.show {
+    background-color: rgba(0,0,0, 0.75);
+    opacity: 1;
+    visibility: visible;
+    z-index: 1000;
+}
+
+.lightbox img {
+    max-width: 90%;
+    max-height: 90%;
+    filter: drop-shadow(5px 5px 10px #222);
+    border-radius: 5px;
+}
+
+.lightbox .close-lightbox {
+    cursor: pointer;
+    position: absolute;
+    top: 30px;
+    right: 30px;
+    width: 20px;
+    height: 20px;
+}
+
+.lightbox .close-lightbox::after,
+.lightbox .close-lightbox::before {
+    content: '';
+    width: 3px;
+    height: 20px;
+    background-color: #ddd;
+    position: absolute;
+    border-radius: 5px;
+    transform: rotate(45deg);
+}
+
+.lightbox .close-lightbox::before {
+    transform: rotate(-45deg);
+}
+
+.lightbox .close-lightbox:hover::after,
+.lightbox .close-lightbox:hover::before {
+    background-color: #fff;
+}
+
+/* Header */
+
+#header {
+    background: #338574;
+    height: 130px;
+}
+
+#header #headerBox {
+    max-width: 900px;
+    margin: 0 auto;
+    padding: 0 10px;
+}
+
+#header #logo {
+    margin-top: 23px;
+    float: left;
+}
+
+#header #name {
+    float: left;
+    color: white;
+    font-size: 2.6em;
+    font-weight: 300;
+    margin: 35px 0 0 20px;
+}
+
+#header ol {
+    list-style-type: none;
+    float: right;
+    margin-top: 80px;
+}
+
+#header ol li {
+    display: inline-block;
+    margin: 0 10px;
+    font-weight: 400;
+}
+
+#header ol li a, nav ol li a:visited {
+    color: white;
+    text-decoration: none;
+}
+
+#header ol li a:hover {
+    text-decoration: underline;
+}
+
+li {
+    padding: 4px 0;
+    margin: 4px 0;
+    font-size: 0.9em;
+}
+
+
+/* Hide top menu SMALL SCREEN */
+@media only screen and (max-width: 780px) {
+    #header ol {
+        display: none;
+    }
+}
--- a/web/public/static/fonts/roboto-v29-latin-300.woff
+++ b/web/public/static/fonts/roboto-v29-latin-300.woff
--- a/web/public/static/fonts/roboto-v29-latin-300.woff2
+++ b/web/public/static/fonts/roboto-v29-latin-300.woff2
--- a/web/public/static/fonts/roboto-v29-latin-500.woff
+++ b/web/public/static/fonts/roboto-v29-latin-500.woff
--- a/web/public/static/fonts/roboto-v29-latin-500.woff2
+++ b/web/public/static/fonts/roboto-v29-latin-500.woff2
--- a/web/public/static/fonts/roboto-v29-latin-700.woff
+++ b/web/public/static/fonts/roboto-v29-latin-700.woff
--- a/web/public/static/fonts/roboto-v29-latin-700.woff2
+++ b/web/public/static/fonts/roboto-v29-latin-700.woff2
--- a/web/public/static/fonts/roboto-v29-latin-regular.woff
+++ b/web/public/static/fonts/roboto-v29-latin-regular.woff
--- a/web/public/static/fonts/roboto-v29-latin-regular.woff2
+++ b/web/public/static/fonts/roboto-v29-latin-regular.woff2
--- a/web/public/static/img/android-video-overview.mp4
+++ b/web/public/static/img/android-video-overview.mp4
--- a/web/public/static/img/android-video-subscribe-api.mp4
+++ b/web/public/static/img/android-video-subscribe-api.mp4
--- a/web/public/static/img/badge-appstore.png
+++ b/web/public/static/img/badge-appstore.png
--- a/web/public/static/img/badge-fdroid.png
+++ b/web/public/static/img/badge-fdroid.png
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><path d="M0 0h24v24H0V0z" fill="none"/><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>`