Payments webhook test, delete attachments/messages when reservations are removed,

Deleting account deletes subscription
Allow mocking the Stripe API
2026-01-19 00:27:25 +01:00 · 2023-01-20 22:47:37 -05:00 · 2023-01-19 14:03:39 -05:00 · 2023-01-18 23:01:26 -05:00 · 2023-01-18 15:50:06 -05:00 · 2023-01-18 13:46:40 -05:00
144 changed files with 16276 additions and 6570 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+github: [binwiederhier]
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -13,7 +13,7 @@ jobs:
        name: Install node
        uses: actions/setup-node@v2
        with:
-          node-version: '16'
+          node-version: '17'
      -
        name: Checkout code
        uses: actions/checkout@v2
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@@ -0,0 +1,36 @@
+name: docs
+on:
+  push:
+    branches:
+      - main
+jobs:
+  publish-docs:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout ntfy code
+        uses: actions/checkout@v3
+      -
+        name: Checkout docs pages code
+        uses: actions/checkout@v3
+        with:
+          repository: binwiederhier/ntfy-docs.github.io
+          path: build/ntfy-docs.github.io
+          token: ${{secrets.NTFY_DOCS_PUSH_TOKEN}}
+          # Expires after 1 year, re-generate via
+          # User -> Settings -> Developer options -> Personal Access Tokens -> Fine Grained Token
+      -
+        name: Build docs
+        run: make docs
+      -
+        name: Copy generated docs
+        run: rsync -av --exclude CNAME --delete server/docs/ build/ntfy-docs.github.io/docs/
+      -
+        name: Publish docs
+        run: |
+          cd build/ntfy-docs.github.io
+          git config user.name "GitHub Actions Bot"
+          git config user.email "<>"          
+          git add docs/
+          git commit -m "Updated docs"
+          git push origin main
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -16,7 +16,7 @@ jobs:
        name: Install node
        uses: actions/setup-node@v2
        with:
-          node-version: '16'
+          node-version: '17'
      -
        name: Checkout code
        uses: actions/checkout@v2
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -3,7 +3,7 @@ on: [push, pull_request]
 jobs:
  test:
    runs-on: ubuntu-latest
-    steps: 
+    steps:
      -
        name: Install Go
        uses: actions/setup-go@v2
@@ -13,7 +13,7 @@ jobs:
        name: Install node
        uses: actions/setup-node@v2
        with:
-          node-version: '16'
+          node-version: '17'
      -
        name: Checkout code
        uses: actions/checkout@v2
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -0,0 +1,28 @@
+tasks:
+  - name: docs
+    before: make docs-deps
+    command: mkdocs serve
+  - name: binary
+    before: |
+      npm install --global nodemon
+      make cli-deps-static-sites
+    command: |
+      nodemon --watch './**/*.go' --ext go --signal SIGTERM --exec "CGO_ENABLED=1 go run main.go serve --listen-http :2586 --debug --base-url $(gp url 2586)"
+    openMode: split-right
+  - name: web
+    before: make web-deps
+    command: cd web && npm start
+    openMode: split-right
+
+vscode:
+  extensions:
+    - golang.go
+    - ms-azuretools.vscode-docker
+
+ports:
+  - name: docs
+    port: 8000
+  - name: binary
+    port: 2586
+  - name: web
+    port: 3000
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -13,9 +13,6 @@ builds:
      - "-linkmode=external -extldflags=-static -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}"
    goos: [linux]
    goarch: [amd64]
-    hooks:
-      post:
-        - upx "{{ .Path }}" # apt install upx
  -
    id: ntfy_linux_armv6
    binary: ntfy
@@ -28,7 +25,6 @@ builds:
    goos: [linux]
    goarch: [arm]
    goarm: [6]
-    # No "upx" for ARM, see https://github.com/binwiederhier/ntfy/issues/191#issuecomment-1083406546
  -
    id: ntfy_linux_armv7
    binary: ntfy
@@ -41,7 +37,6 @@ builds:
    goos: [linux]
    goarch: [arm]
    goarm: [7]
-    # No "upx" for ARM, see https://github.com/binwiederhier/ntfy/issues/191#issuecomment-1083406546
  -
    id: ntfy_linux_arm64
    binary: ntfy
@@ -53,7 +48,6 @@ builds:
      - "-linkmode=external -extldflags=-static -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}"
    goos: [linux]
    goarch: [arm64]
-    # No "upx" for ARM, see https://github.com/binwiederhier/ntfy/issues/191#issuecomment-1083406546
  -
    id: ntfy_windows_amd64
    binary: ntfy
@@ -64,9 +58,6 @@ builds:
      - "-X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}"
    goos: [windows]
    goarch: [amd64]
-    hooks:
-      post:
-        - upx "{{ .Path }}" # apt install upx
  -
    id: ntfy_darwin_all
    binary: ntfy
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,133 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement via Discord/Matrix (binwiederhier),
+or email (ntfy@heckel.io). All complaints will be reviewed and investigated promptly 
+and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
+
--- a/2
+++ b/2
@@ -3,5 +3,7 @@ MAINTAINER Philipp C. Heckel <philipp.heckel@gmail.com>

 COPY ntfy /usr/bin

+HEALTHCHECK --interval=60s --timeout=10s CMD wget -q --tries=1 http://localhost/v1/health -O - | grep -Eo '"healthy"\s*:\s*true' || exit 1
+
 EXPOSE 80/tcp
 ENTRYPOINT ["ntfy"]
--- a/7
+++ b/7
@@ -1,5 +1,6 @@
 MAKEFLAGS := --jobs=1
 VERSION := $(shell git describe --tag)
+COMMIT := $(shell git rev-parse --short HEAD)

 .PHONY:

@@ -169,7 +170,7 @@ cli-linux-server: cli-deps-static-sites
 		-o dist/ntfy_linux_server/ntfy \
 		-tags sqlite_omit_load_extension,osusergo,netgo \
 		-ldflags \
-		"-linkmode=external -extldflags=-static -s -w -X main.version=$(VERSION) -X main.commit=$(shell git rev-parse --short HEAD) -X main.date=$(shell date +%s)"
+		"-linkmode=external -extldflags=-static -s -w -X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.date=$(shell date +%s)"

 cli-darwin-server: cli-deps-static-sites
 	# This is a target to build the CLI (including the server) manually.
@@ -179,7 +180,7 @@ cli-darwin-server: cli-deps-static-sites
 		-o dist/ntfy_darwin_server/ntfy \
 		-tags sqlite_omit_load_extension,osusergo,netgo \
 		-ldflags \
-		"-linkmode=external -s -w -X main.version=$(VERSION) -X main.commit=$(shell git rev-parse --short HEAD) -X main.date=$(shell date +%s)"
+		"-linkmode=external -s -w -X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.date=$(shell date +%s)"

 cli-client: cli-deps-static-sites
 	# This is a target to build the CLI (excluding the server) manually. This should work on Linux/macOS/Windows.
@@ -189,7 +190,7 @@ cli-client: cli-deps-static-sites
 		-o dist/ntfy_client/ntfy \
 		-tags noserver \
 		-ldflags \
-		"-X main.version=$(VERSION) -X main.commit=$(shell git rev-parse --short HEAD) -X main.date=$(shell date +%s)"
+		"-X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.date=$(shell date +%s)"

 cli-deps: cli-deps-static-sites cli-deps-all cli-deps-gcc

--- a/README.md
+++ b/README.md
@@ -9,7 +9,9 @@
 [![Discord](https://img.shields.io/discord/874398661709295626?label=Discord)](https://discord.gg/cT7ECsZj9w)
 [![Matrix](https://img.shields.io/matrix/ntfy:matrix.org?label=Matrix)](https://matrix.to/#/#ntfy:matrix.org)
 [![Matrix space](https://img.shields.io/matrix/ntfy-space:matrix.org?label=Matrix+space)](https://matrix.to/#/#ntfy-space:matrix.org)
+[![Reddit](https://img.shields.io/reddit/subreddit-subscribers/ntfy?color=%23317f6f&label=-%20r%2Fntfy&style=social)](https://www.reddit.com/r/ntfy/)
 [![Healthcheck](https://healthchecks.io/badge/68b65976-b3b0-4102-aec9-980921/kcoEgrLY.svg)](https://ntfy.statuspage.io/)
+[![Gitpod](https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod)](https://gitpod.io/#https://github.com/binwiederhier/ntfy)

 **ntfy** (pronounce: *notify*) is a simple HTTP-based [pub-sub](https://en.wikipedia.org/wiki/Publish%E2%80%93subscribe_pattern) notification service.
 It allows you to **send notifications to your phone or desktop via scripts** from any computer, entirely **without signup or cost**.
@@ -33,10 +35,15 @@ I run a free version of it at **[ntfy.sh](https://ntfy.sh)**. There's also an [o
 [Install / Self-hosting](https://ntfy.sh/docs/install/) |
 [Building](https://ntfy.sh/docs/develop/)

-## Chat
-You can directly contact me **[on Discord](https://discord.gg/cT7ECsZj9w)** or [on Matrix](https://matrix.to/#/#ntfy:matrix.org) 
-(bridged from Discord), or via the [GitHub issues](https://github.com/binwiederhier/ntfy/issues), or find more contact information
-[on my website](https://heckel.io/about).
+## Chat / forum
+There are a few ways to get in touch with me and/or the rest of the community. Feel free to use any of these methods. Whatever
+works best for you:
+
+* [Discord server](https://discord.gg/cT7ECsZj9w) - direct chat with the community
+* [Matrix room #ntfy](https://matrix.to/#/#ntfy:matrix.org) (+ [Matrix space](https://matrix.to/#/#ntfy-space:matrix.org)) - same chat, bridged from Discord
+* [Reddit r/ntfy](https://www.reddit.com/r/ntfy/) - asynchronous forum (_new as of October 2022_)
+* [GitHub issues](https://github.com/binwiederhier/ntfy/issues) - questions, features, bugs
+* [Email](https://heckel.io/about) - reach me directly (_I usually prefer the other methods_)

 ## Announcements / beta testers
 For announcements of new releases and cutting-edge beta versions, please subscribe to the [ntfy.sh/announcements](https://ntfy.sh/announcements) 
@@ -44,21 +51,84 @@ topic. If you'd like to test the iOS app, join [TestFlight](https://testflight.a
 join Discord/Matrix (I'll eventually make a testing channel in Google Play).

 ## Contributing
-I welcome any and all contributions. Just create a PR or an issue. To contribute code, check out 
-the [build instructions](https://ntfy.sh/docs/develop/) for the server and the Android app.
-Or, if you'd like to help translate 🇩🇪 🇺🇸 🇧🇬, you can start immediately in
+I welcome any and all contributions. Just create a PR or an issue. For larger features/ideas, please reach out
+on Discord/Matrix first to see if I'd accept them. To contribute code, check out the [build instructions](https://ntfy.sh/docs/develop/) 
+for the server and the Android app. Or, if you'd like to help translate 🇩🇪 🇺🇸 🇧🇬, you can start immediately in
 [Hosted Weblate](https://hosted.weblate.org/projects/ntfy/).

 <a href="https://hosted.weblate.org/engage/ntfy/">
 <img src="https://hosted.weblate.org/widgets/ntfy/-/multi-blue.svg" alt="Translation status" />
 </a>

+## Sponsors
+I have just very recently started accepting donations via [GitHub Sponsors](https://github.com/sponsors/binwiederhier). 
+I would be humbled if you helped me carry the server and developer account costs. Even small donations are very much 
+appreciated. A big fat **Thank You** to the folks already sponsoring ntfy:
+
+<a href="https://github.com/neutralinsomniac"><img src="https://github.com/neutralinsomniac.png" width="40px" /></a>
+<a href="https://github.com/aspyct"><img src="https://github.com/aspyct.png" width="40px" /></a>
+<a href="https://github.com/nickexyz"><img src="https://github.com/nickexyz.png" width="40px" /></a>
+<a href="https://github.com/qcasey"><img src="https://github.com/qcasey.png" width="40px" /></a>
+<a href="https://github.com/mckay115"><img src="https://github.com/mckay115.png" width="40px" /></a>
+<a href="https://github.com/Salamafet"><img src="https://github.com/Salamafet.png" width="40px" /></a>
+<a href="https://github.com/codinghipster"><img src="https://github.com/codinghipster.png" width="40px" /></a>
+<a href="https://github.com/HinFort"><img src="https://github.com/HinFort.png" width="40px" /></a>
+<a href="https://github.com/Lexevolution"><img src="https://github.com/Lexevolution.png" width="40px" /></a>
+<a href="https://github.com/johnnyip"><img src="https://github.com/johnnyip.png" width="40px" /></a>
+<a href="https://github.com/JonDerThan"><img src="https://github.com/JonDerThan.png" width="40px" /></a>
+<a href="https://github.com/12nick12"><img src="https://github.com/12nick12.png" width="40px" /></a>
+<a href="https://github.com/eanplatter"><img src="https://github.com/eanplatter.png" width="40px" /></a>
+<a href="https://github.com/fnoelscher"><img src="https://github.com/fnoelscher.png" width="40px" /></a>
+<a href="https://github.com/bnorick"><img src="https://github.com/bnorick.png" width="40px" /></a>
+<a href="https://github.com/snh"><img src="https://github.com/snh.png" width="40px" /></a>
+<a href="https://github.com/hen-x"><img src="https://github.com/hen-x.png" width="40px" /></a>
+<a href="https://github.com/JamieGoodson"><img src="https://github.com/JamieGoodson.png" width="40px" /></a>
+<a href="https://github.com/cremesk"><img src="https://github.com/cremesk.png" width="40px" /></a>
+<a href="https://github.com/dangowans"><img src="https://github.com/dangowans.png" width="40px" /></a>
+<a href="https://github.com/mnault"><img src="https://github.com/mnault.png" width="40px" /></a>
+<a href="https://github.com/nwithan8"><img src="https://github.com/nwithan8.png" width="40px" /></a>
+<a href="https://github.com/peterleiser"><img src="https://github.com/peterleiser.png" width="40px" /></a>
+<a href="https://github.com/portothree"><img src="https://github.com/portothree.png" width="40px" /></a>
+<a href="https://github.com/finngreig"><img src="https://github.com/finngreig.png" width="40px" /></a>
+<a href="https://github.com/skrollme"><img src="https://github.com/skrollme.png" width="40px" /></a>
+<a href="https://github.com/gergepalfi"><img src="https://github.com/gergepalfi.png" width="40px" /></a>
+<a href="https://github.com/tonyakwei"><img src="https://github.com/tonyakwei.png" width="40px" /></a>
+<a href="https://github.com/crosbyh"><img src="https://github.com/crosbyh.png" width="40px" /></a>
+<a href="https://github.com/mdlnr"><img src="https://github.com/mdlnr.png" width="40px" /></a>
+<a href="https://github.com/p-samuel"><img src="https://github.com/p-samuel.png" width="40px" /></a>
+<a href="https://github.com/zugaldia"><img src="https://github.com/zugaldia.png" width="40px" /></a>
+<a href="https://github.com/NathanSweet"><img src="https://github.com/NathanSweet.png" width="40px" /></a>
+<a href="https://github.com/msdeibel"><img src="https://github.com/msdeibel.png" width="40px" /></a>
+<a href="https://github.com/ksurl"><img src="https://github.com/ksurl.png" width="40px" /></a>
+<a href="https://github.com/CodingTimeDEV"><img src="https://github.com/CodingTimeDEV.png" width="40px" /></a>
+<a href="https://github.com/Terrormixer3000"><img src="https://github.com/Terrormixer3000.png" width="40px" /></a>
+<a href="https://github.com/voroskoi"><img src="https://github.com/voroskoi.png" width="40px" /></a>
+<a href="https://github.com/Nickwasused"><img src="https://github.com/Nickwasused.png" width="40px" /></a>
+<a href="https://github.com/bahur142"><img src="https://github.com/bahur142.png" width="40px" /></a>
+<a href="https://github.com/vinhdizzo"><img src="https://github.com/vinhdizzo.png" width="40px" /></a>
+<a href="https://github.com/Ge0rg3"><img src="https://github.com/Ge0rg3.png" width="40px" /></a>
+<a href="https://github.com/biopsin"><img src="https://github.com/biopsin.png" width="40px" /></a>
+<a href="https://github.com/thebino"><img src="https://github.com/thebino.png" width="40px" /></a>
+<a href="https://github.com/sky4055"><img src="https://github.com/sky4055.png" width="40px" /></a>
+
+I'd also like to thank JetBrains for providing their awesome [IntelliJ IDEA](https://www.jetbrains.com/idea/) to me for free,
+and [DigitalOcean](https://www.digitalocean.com/) for supporting the project:
+
+<a href="https://www.digitalocean.com/"><img src="https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg" width="201px"></a>
+
+## Code of Conduct
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
+
+**We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.**
+
+_Please be sure to read the complete [Code of Conduct](CODE_OF_CONDUCT.md)._    
+
 ## License
 Made with ❤️ by [Philipp C. Heckel](https://heckel.io).   
 The project is dual licensed under the [Apache License 2.0](LICENSE) and the [GPLv2 License](LICENSE.GPLv2).

 Third party libraries and resources:
-* [github.com/urfave/cli/v2](https://github.com/urfave/cli/v2) (MIT) is used to drive the CLI
+* [github.com/urfave/cli](https://github.com/urfave/cli) (MIT) is used to drive the CLI
 * [Mixkit sounds](https://mixkit.co/free-sound-effects/notification/) (Mixkit Free License) are used as notification sounds
 * [Sounds from notificationsounds.com](https://notificationsounds.com) (Creative Commons Attribution) are used as notification sounds
 * [Roboto Font](https://fonts.google.com/specimen/Roboto) (Apache 2.0) is used as a font in everything web
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -1,122 +0,0 @@
-// Package auth deals with authentication and authorization against topics
-package auth
-
-import (
-	"errors"
-	"regexp"
-)
-
-// Auther is a generic interface to implement password-based authentication and authorization
-type Auther interface {
-	// Authenticate checks username and password and returns a user if correct. The method
-	// returns in constant-ish time, regardless of whether the user exists or the password is
-	// correct or incorrect.
-	Authenticate(username, password string) (*User, error)
-
-	// Authorize returns nil if the given user has access to the given topic using the desired
-	// permission. The user param may be nil to signal an anonymous user.
-	Authorize(user *User, topic string, perm Permission) error
-}
-
-// Manager is an interface representing user and access management
-type Manager interface {
-	// AddUser adds a user with the given username, password and role. The password should be hashed
-	// before it is stored in a persistence layer.
-	AddUser(username, password string, role Role) error
-
-	// RemoveUser deletes the user with the given username. The function returns nil on success, even
-	// if the user did not exist in the first place.
-	RemoveUser(username string) error
-
-	// Users returns a list of users. It always also returns the Everyone user ("*").
-	Users() ([]*User, error)
-
-	// User returns the user with the given username if it exists, or ErrNotFound otherwise.
-	// You may also pass Everyone to retrieve the anonymous user and its Grant list.
-	User(username string) (*User, error)
-
-	// ChangePassword changes a user's password
-	ChangePassword(username, password string) error
-
-	// ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
-	// all existing access control entries (Grant) are removed, since they are no longer needed.
-	ChangeRole(username string, role Role) error
-
-	// AllowAccess adds or updates an entry in th access control list for a specific user. It controls
-	// read/write access to a topic. The parameter topicPattern may include wildcards (*).
-	AllowAccess(username string, topicPattern string, read bool, write bool) error
-
-	// ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
-	// empty) for an entire user. The parameter topicPattern may include wildcards (*).
-	ResetAccess(username string, topicPattern string) error
-
-	// DefaultAccess returns the default read/write access if no access control entry matches
-	DefaultAccess() (read bool, write bool)
-}
-
-// User is a struct that represents a user
-type User struct {
-	Name   string
-	Hash   string // password hash (bcrypt)
-	Role   Role
-	Grants []Grant
-}
-
-// Grant is a struct that represents an access control entry to a topic
-type Grant struct {
-	TopicPattern string // May include wildcard (*)
-	AllowRead    bool
-	AllowWrite   bool
-}
-
-// Permission represents a read or write permission to a topic
-type Permission int
-
-// Permissions to a topic
-const (
-	PermissionRead  = Permission(1)
-	PermissionWrite = Permission(2)
-)
-
-// Role represents a user's role, either admin or regular user
-type Role string
-
-// User roles
-const (
-	RoleAdmin     = Role("admin")
-	RoleUser      = Role("user")
-	RoleAnonymous = Role("anonymous")
-)
-
-// Everyone is a special username representing anonymous users
-const (
-	Everyone = "*"
-)
-
-var (
-	allowedUsernameRegex     = regexp.MustCompile(`^[-_.@a-zA-Z0-9]+$`)     // Does not include Everyone (*)
-	allowedTopicPatternRegex = regexp.MustCompile(`^[-_*A-Za-z0-9]{1,64}$`) // Adds '*' for wildcards!
-)
-
-// AllowedRole returns true if the given role can be used for new users
-func AllowedRole(role Role) bool {
-	return role == RoleUser || role == RoleAdmin
-}
-
-// AllowedUsername returns true if the given username is valid
-func AllowedUsername(username string) bool {
-	return allowedUsernameRegex.MatchString(username)
-}
-
-// AllowedTopicPattern returns true if the given topic pattern is valid; this includes the wildcard character (*)
-func AllowedTopicPattern(username string) bool {
-	return allowedTopicPatternRegex.MatchString(username)
-}
-
-// Error constants used by the package
-var (
-	ErrUnauthenticated = errors.New("unauthenticated")
-	ErrUnauthorized    = errors.New("unauthorized")
-	ErrInvalidArgument = errors.New("invalid argument")
-	ErrNotFound        = errors.New("not found")
-)
--- a/auth/auth_sqlite.go
+++ b/auth/auth_sqlite.go
@@ -1,399 +0,0 @@
-package auth
-
-import (
-	"database/sql"
-	"errors"
-	"fmt"
-	_ "github.com/mattn/go-sqlite3" // SQLite driver
-	"golang.org/x/crypto/bcrypt"
-	"strings"
-)
-
-const (
-	bcryptCost              = 10
-	intentionalSlowDownHash = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match bcryptCost
-)
-
-// Auther-related queries
-const (
-	createAuthTablesQueries = `
-		BEGIN;
-		CREATE TABLE IF NOT EXISTS user (
-			user TEXT NOT NULL PRIMARY KEY,
-			pass TEXT NOT NULL,
-			role TEXT NOT NULL
-		);
-		CREATE TABLE IF NOT EXISTS access (
-			user TEXT NOT NULL,		
-			topic TEXT NOT NULL,
-			read INT NOT NULL,
-			write INT NOT NULL,
-			PRIMARY KEY (topic, user)
-		);
-		CREATE TABLE IF NOT EXISTS schemaVersion (
-			id INT PRIMARY KEY,
-			version INT NOT NULL
-		);
-		COMMIT;
-	`
-	selectUserQuery       = `SELECT pass, role FROM user WHERE user = ?`
-	selectTopicPermsQuery = `
-		SELECT read, write 
-		FROM access 
-		WHERE user IN ('*', ?) AND ? LIKE topic
-		ORDER BY user DESC
-	`
-)
-
-// Manager-related queries
-const (
-	insertUserQuery      = `INSERT INTO user (user, pass, role) VALUES (?, ?, ?)`
-	selectUsernamesQuery = `SELECT user FROM user ORDER BY role, user`
-	updateUserPassQuery  = `UPDATE user SET pass = ? WHERE user = ?`
-	updateUserRoleQuery  = `UPDATE user SET role = ? WHERE user = ?`
-	deleteUserQuery      = `DELETE FROM user WHERE user = ?`
-
-	upsertUserAccessQuery = `
-		INSERT INTO access (user, topic, read, write) 
-		VALUES (?, ?, ?, ?)
-		ON CONFLICT (user, topic) DO UPDATE SET read=excluded.read, write=excluded.write
-	`
-	selectUserAccessQuery  = `SELECT topic, read, write FROM access WHERE user = ?`
-	deleteAllAccessQuery   = `DELETE FROM access`
-	deleteUserAccessQuery  = `DELETE FROM access WHERE user = ?`
-	deleteTopicAccessQuery = `DELETE FROM access WHERE user = ? AND topic = ?`
-)
-
-// Schema management queries
-const (
-	currentSchemaVersion     = 1
-	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
-	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
-)
-
-// SQLiteAuth is an implementation of Auther and Manager. It stores users and access control list
-// in a SQLite database.
-type SQLiteAuth struct {
-	db           *sql.DB
-	defaultRead  bool
-	defaultWrite bool
-}
-
-var _ Auther = (*SQLiteAuth)(nil)
-var _ Manager = (*SQLiteAuth)(nil)
-
-// NewSQLiteAuth creates a new SQLiteAuth instance
-func NewSQLiteAuth(filename string, defaultRead, defaultWrite bool) (*SQLiteAuth, error) {
-	db, err := sql.Open("sqlite3", filename)
-	if err != nil {
-		return nil, err
-	}
-	if err := setupAuthDB(db); err != nil {
-		return nil, err
-	}
-	return &SQLiteAuth{
-		db:           db,
-		defaultRead:  defaultRead,
-		defaultWrite: defaultWrite,
-	}, nil
-}
-
-// Authenticate checks username and password and returns a user if correct. The method
-// returns in constant-ish time, regardless of whether the user exists or the password is
-// correct or incorrect.
-func (a *SQLiteAuth) Authenticate(username, password string) (*User, error) {
-	if username == Everyone {
-		return nil, ErrUnauthenticated
-	}
-	user, err := a.User(username)
-	if err != nil {
-		bcrypt.CompareHashAndPassword([]byte(intentionalSlowDownHash),
-			[]byte("intentional slow-down to avoid timing attacks"))
-		return nil, ErrUnauthenticated
-	}
-	if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
-		return nil, ErrUnauthenticated
-	}
-	return user, nil
-}
-
-// Authorize returns nil if the given user has access to the given topic using the desired
-// permission. The user param may be nil to signal an anonymous user.
-func (a *SQLiteAuth) Authorize(user *User, topic string, perm Permission) error {
-	if user != nil && user.Role == RoleAdmin {
-		return nil // Admin can do everything
-	}
-	username := Everyone
-	if user != nil {
-		username = user.Name
-	}
-	// Select the read/write permissions for this user/topic combo. The query may return two
-	// rows (one for everyone, and one for the user), but prioritizes the user. The value for
-	// user.Name may be empty (= everyone).
-	rows, err := a.db.Query(selectTopicPermsQuery, username, topic)
-	if err != nil {
-		return err
-	}
-	defer rows.Close()
-	if !rows.Next() {
-		return a.resolvePerms(a.defaultRead, a.defaultWrite, perm)
-	}
-	var read, write bool
-	if err := rows.Scan(&read, &write); err != nil {
-		return err
-	} else if err := rows.Err(); err != nil {
-		return err
-	}
-	return a.resolvePerms(read, write, perm)
-}
-
-func (a *SQLiteAuth) resolvePerms(read, write bool, perm Permission) error {
-	if perm == PermissionRead && read {
-		return nil
-	} else if perm == PermissionWrite && write {
-		return nil
-	}
-	return ErrUnauthorized
-}
-
-// AddUser adds a user with the given username, password and role. The password should be hashed
-// before it is stored in a persistence layer.
-func (a *SQLiteAuth) AddUser(username, password string, role Role) error {
-	if !AllowedUsername(username) || !AllowedRole(role) {
-		return ErrInvalidArgument
-	}
-	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
-	if err != nil {
-		return err
-	}
-	if _, err = a.db.Exec(insertUserQuery, username, hash, role); err != nil {
-		return err
-	}
-	return nil
-}
-
-// RemoveUser deletes the user with the given username. The function returns nil on success, even
-// if the user did not exist in the first place.
-func (a *SQLiteAuth) RemoveUser(username string) error {
-	if !AllowedUsername(username) {
-		return ErrInvalidArgument
-	}
-	if _, err := a.db.Exec(deleteUserQuery, username); err != nil {
-		return err
-	}
-	if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Users returns a list of users. It always also returns the Everyone user ("*").
-func (a *SQLiteAuth) Users() ([]*User, error) {
-	rows, err := a.db.Query(selectUsernamesQuery)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	usernames := make([]string, 0)
-	for rows.Next() {
-		var username string
-		if err := rows.Scan(&username); err != nil {
-			return nil, err
-		} else if err := rows.Err(); err != nil {
-			return nil, err
-		}
-		usernames = append(usernames, username)
-	}
-	rows.Close()
-	users := make([]*User, 0)
-	for _, username := range usernames {
-		user, err := a.User(username)
-		if err != nil {
-			return nil, err
-		}
-		users = append(users, user)
-	}
-	everyone, err := a.everyoneUser()
-	if err != nil {
-		return nil, err
-	}
-	users = append(users, everyone)
-	return users, nil
-}
-
-// User returns the user with the given username if it exists, or ErrNotFound otherwise.
-// You may also pass Everyone to retrieve the anonymous user and its Grant list.
-func (a *SQLiteAuth) User(username string) (*User, error) {
-	if username == Everyone {
-		return a.everyoneUser()
-	}
-	rows, err := a.db.Query(selectUserQuery, username)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var hash, role string
-	if !rows.Next() {
-		return nil, ErrNotFound
-	}
-	if err := rows.Scan(&hash, &role); err != nil {
-		return nil, err
-	} else if err := rows.Err(); err != nil {
-		return nil, err
-	}
-	grants, err := a.readGrants(username)
-	if err != nil {
-		return nil, err
-	}
-	return &User{
-		Name:   username,
-		Hash:   hash,
-		Role:   Role(role),
-		Grants: grants,
-	}, nil
-}
-
-func (a *SQLiteAuth) everyoneUser() (*User, error) {
-	grants, err := a.readGrants(Everyone)
-	if err != nil {
-		return nil, err
-	}
-	return &User{
-		Name:   Everyone,
-		Hash:   "",
-		Role:   RoleAnonymous,
-		Grants: grants,
-	}, nil
-}
-
-func (a *SQLiteAuth) readGrants(username string) ([]Grant, error) {
-	rows, err := a.db.Query(selectUserAccessQuery, username)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	grants := make([]Grant, 0)
-	for rows.Next() {
-		var topic string
-		var read, write bool
-		if err := rows.Scan(&topic, &read, &write); err != nil {
-			return nil, err
-		} else if err := rows.Err(); err != nil {
-			return nil, err
-		}
-		grants = append(grants, Grant{
-			TopicPattern: fromSQLWildcard(topic),
-			AllowRead:    read,
-			AllowWrite:   write,
-		})
-	}
-	return grants, nil
-}
-
-// ChangePassword changes a user's password
-func (a *SQLiteAuth) ChangePassword(username, password string) error {
-	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
-	if err != nil {
-		return err
-	}
-	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
-		return err
-	}
-	return nil
-}
-
-// ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
-// all existing access control entries (Grant) are removed, since they are no longer needed.
-func (a *SQLiteAuth) ChangeRole(username string, role Role) error {
-	if !AllowedUsername(username) || !AllowedRole(role) {
-		return ErrInvalidArgument
-	}
-	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
-		return err
-	}
-	if role == RoleAdmin {
-		if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// AllowAccess adds or updates an entry in th access control list for a specific user. It controls
-// read/write access to a topic. The parameter topicPattern may include wildcards (*).
-func (a *SQLiteAuth) AllowAccess(username string, topicPattern string, read bool, write bool) error {
-	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopicPattern(topicPattern) {
-		return ErrInvalidArgument
-	}
-	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), read, write); err != nil {
-		return err
-	}
-	return nil
-}
-
-// ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
-// empty) for an entire user. The parameter topicPattern may include wildcards (*).
-func (a *SQLiteAuth) ResetAccess(username string, topicPattern string) error {
-	if !AllowedUsername(username) && username != Everyone && username != "" {
-		return ErrInvalidArgument
-	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
-		return ErrInvalidArgument
-	}
-	if username == "" && topicPattern == "" {
-		_, err := a.db.Exec(deleteAllAccessQuery, username)
-		return err
-	} else if topicPattern == "" {
-		_, err := a.db.Exec(deleteUserAccessQuery, username)
-		return err
-	}
-	_, err := a.db.Exec(deleteTopicAccessQuery, username, toSQLWildcard(topicPattern))
-	return err
-}
-
-// DefaultAccess returns the default read/write access if no access control entry matches
-func (a *SQLiteAuth) DefaultAccess() (read bool, write bool) {
-	return a.defaultRead, a.defaultWrite
-}
-
-func toSQLWildcard(s string) string {
-	return strings.ReplaceAll(s, "*", "%")
-}
-
-func fromSQLWildcard(s string) string {
-	return strings.ReplaceAll(s, "%", "*")
-}
-
-func setupAuthDB(db *sql.DB) error {
-	// If 'schemaVersion' table does not exist, this must be a new database
-	rowsSV, err := db.Query(selectSchemaVersionQuery)
-	if err != nil {
-		return setupNewAuthDB(db)
-	}
-	defer rowsSV.Close()
-
-	// If 'schemaVersion' table exists, read version and potentially upgrade
-	schemaVersion := 0
-	if !rowsSV.Next() {
-		return errors.New("cannot determine schema version: database file may be corrupt")
-	}
-	if err := rowsSV.Scan(&schemaVersion); err != nil {
-		return err
-	}
-	rowsSV.Close()
-
-	// Do migrations
-	if schemaVersion == currentSchemaVersion {
-		return nil
-	}
-	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
-}
-
-func setupNewAuthDB(db *sql.DB) error {
-	if _, err := db.Exec(createAuthTablesQueries); err != nil {
-		return err
-	}
-	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
-		return err
-	}
-	return nil
-}
--- a/auth/auth_sqlite_test.go
+++ b/auth/auth_sqlite_test.go
@@ -1,243 +0,0 @@
-package auth_test
-
-import (
-	"github.com/stretchr/testify/require"
-	"heckel.io/ntfy/auth"
-	"path/filepath"
-	"strings"
-	"testing"
-	"time"
-)
-
-const minBcryptTimingMillis = int64(50) // Ideally should be >100ms, but this should also run on a Raspberry Pi without massive resources
-
-func TestSQLiteAuth_FullScenario_Default_DenyAll(t *testing.T) {
-	a := newTestAuth(t, false, false)
-	require.Nil(t, a.AddUser("phil", "phil", auth.RoleAdmin))
-	require.Nil(t, a.AddUser("ben", "ben", auth.RoleUser))
-	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true))
-	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
-	require.Nil(t, a.AllowAccess("ben", "writeme", false, true))
-	require.Nil(t, a.AllowAccess("ben", "everyonewrite", false, false)) // How unfair!
-	require.Nil(t, a.AllowAccess(auth.Everyone, "announcements", true, false))
-	require.Nil(t, a.AllowAccess(auth.Everyone, "everyonewrite", true, true))
-	require.Nil(t, a.AllowAccess(auth.Everyone, "up*", false, true)) // Everyone can write to /up*
-
-	phil, err := a.Authenticate("phil", "phil")
-	require.Nil(t, err)
-	require.Equal(t, "phil", phil.Name)
-	require.True(t, strings.HasPrefix(phil.Hash, "$2a$10$"))
-	require.Equal(t, auth.RoleAdmin, phil.Role)
-	require.Equal(t, []auth.Grant{}, phil.Grants)
-
-	ben, err := a.Authenticate("ben", "ben")
-	require.Nil(t, err)
-	require.Equal(t, "ben", ben.Name)
-	require.True(t, strings.HasPrefix(ben.Hash, "$2a$10$"))
-	require.Equal(t, auth.RoleUser, ben.Role)
-	require.Equal(t, []auth.Grant{
-		{"mytopic", true, true},
-		{"readme", true, false},
-		{"writeme", false, true},
-		{"everyonewrite", false, false},
-	}, ben.Grants)
-
-	notben, err := a.Authenticate("ben", "this is wrong")
-	require.Nil(t, notben)
-	require.Equal(t, auth.ErrUnauthenticated, err)
-
-	// Admin can do everything
-	require.Nil(t, a.Authorize(phil, "sometopic", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(phil, "mytopic", auth.PermissionRead))
-	require.Nil(t, a.Authorize(phil, "readme", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(phil, "writeme", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(phil, "announcements", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(phil, "everyonewrite", auth.PermissionWrite))
-
-	// User cannot do everything
-	require.Nil(t, a.Authorize(ben, "mytopic", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(ben, "mytopic", auth.PermissionRead))
-	require.Nil(t, a.Authorize(ben, "readme", auth.PermissionRead))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "readme", auth.PermissionWrite))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "writeme", auth.PermissionRead))
-	require.Nil(t, a.Authorize(ben, "writeme", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(ben, "writeme", auth.PermissionWrite))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "everyonewrite", auth.PermissionRead))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "everyonewrite", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(ben, "announcements", auth.PermissionRead))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "announcements", auth.PermissionWrite))
-
-	// Everyone else can do barely anything
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", auth.PermissionRead))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", auth.PermissionWrite))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "mytopic", auth.PermissionRead))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "mytopic", auth.PermissionWrite))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "readme", auth.PermissionRead))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "readme", auth.PermissionWrite))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "writeme", auth.PermissionRead))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "writeme", auth.PermissionWrite))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(nil, "announcements", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(nil, "announcements", auth.PermissionRead))
-	require.Nil(t, a.Authorize(nil, "everyonewrite", auth.PermissionRead))
-	require.Nil(t, a.Authorize(nil, "everyonewrite", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(nil, "up1234", auth.PermissionWrite)) // Wildcard permission
-	require.Nil(t, a.Authorize(nil, "up5678", auth.PermissionWrite))
-}
-
-func TestSQLiteAuth_AddUser_Invalid(t *testing.T) {
-	a := newTestAuth(t, false, false)
-	require.Equal(t, auth.ErrInvalidArgument, a.AddUser("  invalid  ", "pass", auth.RoleAdmin))
-	require.Equal(t, auth.ErrInvalidArgument, a.AddUser("validuser", "pass", "invalid-role"))
-}
-
-func TestSQLiteAuth_AddUser_Timing(t *testing.T) {
-	a := newTestAuth(t, false, false)
-	start := time.Now().UnixMilli()
-	require.Nil(t, a.AddUser("user", "pass", auth.RoleAdmin))
-	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
-}
-
-func TestSQLiteAuth_Authenticate_Timing(t *testing.T) {
-	a := newTestAuth(t, false, false)
-	require.Nil(t, a.AddUser("user", "pass", auth.RoleAdmin))
-
-	// Timing a correct attempt
-	start := time.Now().UnixMilli()
-	_, err := a.Authenticate("user", "pass")
-	require.Nil(t, err)
-	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
-
-	// Timing an incorrect attempt
-	start = time.Now().UnixMilli()
-	_, err = a.Authenticate("user", "INCORRECT")
-	require.Equal(t, auth.ErrUnauthenticated, err)
-	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
-
-	// Timing a non-existing user attempt
-	start = time.Now().UnixMilli()
-	_, err = a.Authenticate("DOES-NOT-EXIST", "hithere")
-	require.Equal(t, auth.ErrUnauthenticated, err)
-	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
-}
-
-func TestSQLiteAuth_UserManagement(t *testing.T) {
-	a := newTestAuth(t, false, false)
-	require.Nil(t, a.AddUser("phil", "phil", auth.RoleAdmin))
-	require.Nil(t, a.AddUser("ben", "ben", auth.RoleUser))
-	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true))
-	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
-	require.Nil(t, a.AllowAccess("ben", "writeme", false, true))
-	require.Nil(t, a.AllowAccess("ben", "everyonewrite", false, false)) // How unfair!
-	require.Nil(t, a.AllowAccess(auth.Everyone, "announcements", true, false))
-	require.Nil(t, a.AllowAccess(auth.Everyone, "everyonewrite", true, true))
-
-	// Query user details
-	phil, err := a.User("phil")
-	require.Nil(t, err)
-	require.Equal(t, "phil", phil.Name)
-	require.True(t, strings.HasPrefix(phil.Hash, "$2a$10$"))
-	require.Equal(t, auth.RoleAdmin, phil.Role)
-	require.Equal(t, []auth.Grant{}, phil.Grants)
-
-	ben, err := a.User("ben")
-	require.Nil(t, err)
-	require.Equal(t, "ben", ben.Name)
-	require.True(t, strings.HasPrefix(ben.Hash, "$2a$10$"))
-	require.Equal(t, auth.RoleUser, ben.Role)
-	require.Equal(t, []auth.Grant{
-		{"mytopic", true, true},
-		{"readme", true, false},
-		{"writeme", false, true},
-		{"everyonewrite", false, false},
-	}, ben.Grants)
-
-	everyone, err := a.User(auth.Everyone)
-	require.Nil(t, err)
-	require.Equal(t, "*", everyone.Name)
-	require.Equal(t, "", everyone.Hash)
-	require.Equal(t, auth.RoleAnonymous, everyone.Role)
-	require.Equal(t, []auth.Grant{
-		{"announcements", true, false},
-		{"everyonewrite", true, true},
-	}, everyone.Grants)
-
-	// Ben: Before revoking
-	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true))
-	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
-	require.Nil(t, a.AllowAccess("ben", "writeme", false, true))
-	require.Nil(t, a.Authorize(ben, "mytopic", auth.PermissionRead))
-	require.Nil(t, a.Authorize(ben, "mytopic", auth.PermissionWrite))
-	require.Nil(t, a.Authorize(ben, "readme", auth.PermissionRead))
-	require.Nil(t, a.Authorize(ben, "writeme", auth.PermissionWrite))
-
-	// Revoke access for "ben" to "mytopic", then check again
-	require.Nil(t, a.ResetAccess("ben", "mytopic"))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "mytopic", auth.PermissionWrite)) // Revoked
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "mytopic", auth.PermissionRead))  // Revoked
-	require.Nil(t, a.Authorize(ben, "readme", auth.PermissionRead))                           // Unchanged
-	require.Nil(t, a.Authorize(ben, "writeme", auth.PermissionWrite))                         // Unchanged
-
-	// Revoke rest of the access
-	require.Nil(t, a.ResetAccess("ben", ""))
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "readme", auth.PermissionRead))    // Revoked
-	require.Equal(t, auth.ErrUnauthorized, a.Authorize(ben, "wrtiteme", auth.PermissionWrite)) // Revoked
-
-	// User list
-	users, err := a.Users()
-	require.Nil(t, err)
-	require.Equal(t, 3, len(users))
-	require.Equal(t, "phil", users[0].Name)
-	require.Equal(t, "ben", users[1].Name)
-	require.Equal(t, "*", users[2].Name)
-
-	// Remove user
-	require.Nil(t, a.RemoveUser("ben"))
-	_, err = a.User("ben")
-	require.Equal(t, auth.ErrNotFound, err)
-
-	users, err = a.Users()
-	require.Nil(t, err)
-	require.Equal(t, 2, len(users))
-	require.Equal(t, "phil", users[0].Name)
-	require.Equal(t, "*", users[1].Name)
-}
-
-func TestSQLiteAuth_ChangePassword(t *testing.T) {
-	a := newTestAuth(t, false, false)
-	require.Nil(t, a.AddUser("phil", "phil", auth.RoleAdmin))
-
-	_, err := a.Authenticate("phil", "phil")
-	require.Nil(t, err)
-
-	require.Nil(t, a.ChangePassword("phil", "newpass"))
-	_, err = a.Authenticate("phil", "phil")
-	require.Equal(t, auth.ErrUnauthenticated, err)
-	_, err = a.Authenticate("phil", "newpass")
-	require.Nil(t, err)
-}
-
-func TestSQLiteAuth_ChangeRole(t *testing.T) {
-	a := newTestAuth(t, false, false)
-	require.Nil(t, a.AddUser("ben", "ben", auth.RoleUser))
-	require.Nil(t, a.AllowAccess("ben", "mytopic", true, true))
-	require.Nil(t, a.AllowAccess("ben", "readme", true, false))
-
-	ben, err := a.User("ben")
-	require.Nil(t, err)
-	require.Equal(t, auth.RoleUser, ben.Role)
-	require.Equal(t, 2, len(ben.Grants))
-
-	require.Nil(t, a.ChangeRole("ben", auth.RoleAdmin))
-
-	ben, err = a.User("ben")
-	require.Nil(t, err)
-	require.Equal(t, auth.RoleAdmin, ben.Role)
-	require.Equal(t, 0, len(ben.Grants))
-}
-
-func newTestAuth(t *testing.T, defaultRead, defaultWrite bool) *auth.SQLiteAuth {
-	filename := filepath.Join(t.TempDir(), "user.db")
-	a, err := auth.NewSQLiteAuth(filename, defaultRead, defaultWrite)
-	require.Nil(t, err)
-	return a
-}
--- a/client/client.go
+++ b/client/client.go
@@ -47,6 +47,7 @@ type Message struct { // TODO combine with server.message
 	Priority   int
 	Tags       []string
 	Click      string
+	Icon       string
 	Attachment *Attachment

 	// Additional fields
@@ -163,11 +164,12 @@ func (c *Client) Poll(topic string, options ...SubscribeOption) ([]*Message, err
 // The method returns a unique subscriptionID that can be used in Unsubscribe.
 //
 // Example:
-//   c := client.New(client.NewConfig())
-//   subscriptionID := c.Subscribe("mytopic")
-//   for m := range c.Messages {
-//     fmt.Printf("New message: %s", m.Message)
-//   }
+//
+//	c := client.New(client.NewConfig())
+//	subscriptionID := c.Subscribe("mytopic")
+//	for m := range c.Messages {
+//	  fmt.Printf("New message: %s", m.Message)
+//	}
 func (c *Client) Subscribe(topic string, options ...SubscribeOption) string {
 	c.mu.Lock()
 	defer c.mu.Unlock()
--- a/client/client.yml
+++ b/client/client.yml
@@ -5,6 +5,16 @@
 #
 # default-host: https://ntfy.sh

+# Default username and password will be used with "ntfy publish" if no credentials are provided on command line
+# Default username and password will be used with "ntfy subscribe" if no credentials are provided in subscription below
+# For an empty password, use empty double-quotes ("")
+#
+# default-user:
+# default-password:
+
+# Default command will execute after "ntfy subscribe" receives a message if no command is provided in subscription below
+# default-command:
+
 # Subscriptions to topics and their actions. This option is primarily used by the systemd service,
 # or if you cann "ntfy subscribe --from-config" directly.
 #
--- a/client/config.go
+++ b/client/config.go
@@ -12,11 +12,14 @@ const (

 // Config is the config struct for a Client
 type Config struct {
-	DefaultHost string `yaml:"default-host"`
-	Subscribe   []struct {
+	DefaultHost     string  `yaml:"default-host"`
+	DefaultUser     string  `yaml:"default-user"`
+	DefaultPassword *string `yaml:"default-password"`
+	DefaultCommand  string  `yaml:"default-command"`
+	Subscribe       []struct {
 		Topic    string            `yaml:"topic"`
 		User     string            `yaml:"user"`
-		Password string            `yaml:"password"`
+		Password *string           `yaml:"password"`
 		Command  string            `yaml:"command"`
 		If       map[string]string `yaml:"if"`
 	} `yaml:"subscribe"`
@@ -25,8 +28,11 @@ type Config struct {
 // NewConfig creates a new Config struct for a Client
 func NewConfig() *Config {
 	return &Config{
-		DefaultHost: DefaultBaseURL,
-		Subscribe:   nil,
+		DefaultHost:     DefaultBaseURL,
+		DefaultUser:     "",
+		DefaultPassword: nil,
+		DefaultCommand:  "",
+		Subscribe:       nil,
 	}
 }

--- a/client/config_test.go
+++ b/client/config_test.go
@@ -12,6 +12,9 @@ func TestConfig_Load(t *testing.T) {
 	filename := filepath.Join(t.TempDir(), "client.yml")
 	require.Nil(t, os.WriteFile(filename, []byte(`
 default-host: http://localhost
+default-user: philipp
+default-password: mypass
+default-command: 'echo "Got the message: $message"'
 subscribe:
  - topic: no-command-with-auth
    user: phil
@@ -22,19 +25,94 @@ subscribe:
    command: notify-send -i /usr/share/ntfy/logo.png "Important" "$m"
    if:
            priority: high,urgent
+  - topic: defaults
 `), 0600))

 	conf, err := client.LoadConfig(filename)
 	require.Nil(t, err)
 	require.Equal(t, "http://localhost", conf.DefaultHost)
-	require.Equal(t, 3, len(conf.Subscribe))
+	require.Equal(t, "philipp", conf.DefaultUser)
+	require.Equal(t, "mypass", *conf.DefaultPassword)
+	require.Equal(t, `echo "Got the message: $message"`, conf.DefaultCommand)
+	require.Equal(t, 4, len(conf.Subscribe))
 	require.Equal(t, "no-command-with-auth", conf.Subscribe[0].Topic)
 	require.Equal(t, "", conf.Subscribe[0].Command)
 	require.Equal(t, "phil", conf.Subscribe[0].User)
-	require.Equal(t, "mypass", conf.Subscribe[0].Password)
+	require.Equal(t, "mypass", *conf.Subscribe[0].Password)
 	require.Equal(t, "echo-this", conf.Subscribe[1].Topic)
 	require.Equal(t, `echo "Message received: $message"`, conf.Subscribe[1].Command)
 	require.Equal(t, "alerts", conf.Subscribe[2].Topic)
 	require.Equal(t, `notify-send -i /usr/share/ntfy/logo.png "Important" "$m"`, conf.Subscribe[2].Command)
 	require.Equal(t, "high,urgent", conf.Subscribe[2].If["priority"])
+	require.Equal(t, "defaults", conf.Subscribe[3].Topic)
+}
+
+func TestConfig_EmptyPassword(t *testing.T) {
+	filename := filepath.Join(t.TempDir(), "client.yml")
+	require.Nil(t, os.WriteFile(filename, []byte(`
+default-host: http://localhost
+default-user: philipp
+default-password: ""
+subscribe:
+  - topic: no-command-with-auth
+    user: phil
+    password: ""
+`), 0600))
+
+	conf, err := client.LoadConfig(filename)
+	require.Nil(t, err)
+	require.Equal(t, "http://localhost", conf.DefaultHost)
+	require.Equal(t, "philipp", conf.DefaultUser)
+	require.Equal(t, "", *conf.DefaultPassword)
+	require.Equal(t, 1, len(conf.Subscribe))
+	require.Equal(t, "no-command-with-auth", conf.Subscribe[0].Topic)
+	require.Equal(t, "", conf.Subscribe[0].Command)
+	require.Equal(t, "phil", conf.Subscribe[0].User)
+	require.Equal(t, "", *conf.Subscribe[0].Password)
+}
+
+func TestConfig_NullPassword(t *testing.T) {
+	filename := filepath.Join(t.TempDir(), "client.yml")
+	require.Nil(t, os.WriteFile(filename, []byte(`
+default-host: http://localhost
+default-user: philipp
+default-password: ~
+subscribe:
+  - topic: no-command-with-auth
+    user: phil
+    password: ~
+`), 0600))
+
+	conf, err := client.LoadConfig(filename)
+	require.Nil(t, err)
+	require.Equal(t, "http://localhost", conf.DefaultHost)
+	require.Equal(t, "philipp", conf.DefaultUser)
+	require.Nil(t, conf.DefaultPassword)
+	require.Equal(t, 1, len(conf.Subscribe))
+	require.Equal(t, "no-command-with-auth", conf.Subscribe[0].Topic)
+	require.Equal(t, "", conf.Subscribe[0].Command)
+	require.Equal(t, "phil", conf.Subscribe[0].User)
+	require.Nil(t, conf.Subscribe[0].Password)
+}
+
+func TestConfig_NoPassword(t *testing.T) {
+	filename := filepath.Join(t.TempDir(), "client.yml")
+	require.Nil(t, os.WriteFile(filename, []byte(`
+default-host: http://localhost
+default-user: philipp
+subscribe:
+  - topic: no-command-with-auth
+    user: phil
+`), 0600))
+
+	conf, err := client.LoadConfig(filename)
+	require.Nil(t, err)
+	require.Equal(t, "http://localhost", conf.DefaultHost)
+	require.Equal(t, "philipp", conf.DefaultUser)
+	require.Nil(t, conf.DefaultPassword)
+	require.Equal(t, 1, len(conf.Subscribe))
+	require.Equal(t, "no-command-with-auth", conf.Subscribe[0].Topic)
+	require.Equal(t, "", conf.Subscribe[0].Command)
+	require.Equal(t, "phil", conf.Subscribe[0].User)
+	require.Nil(t, conf.Subscribe[0].Password)
 }
--- a/client/options.go
+++ b/client/options.go
@@ -56,6 +56,11 @@ func WithClick(url string) PublishOption {
 	return WithHeader("X-Click", url)
 }

+// WithIcon makes the notification use the given URL as its icon
+func WithIcon(icon string) PublishOption {
+	return WithHeader("X-Icon", icon)
+}
+
 // WithActions adds custom user actions to the notification. The value can be either a JSON array or the
 // simple format definition. See https://ntfy.sh/docs/publish/#action-buttons for details.
 func WithActions(value string) PublishOption {
--- a/cmd/access.go
+++ b/cmd/access.go
@@ -6,7 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/urfave/cli/v2"
-	"heckel.io/ntfy/auth"
+	"heckel.io/ntfy/user"
 	"heckel.io/ntfy/util"
 )

@@ -71,13 +71,13 @@ func execUserAccess(c *cli.Context) error {
 	if c.NArg() > 3 {
 		return errors.New("too many arguments, please check 'ntfy access --help' for usage details")
 	}
-	manager, err := createAuthManager(c)
+	manager, err := createUserManager(c)
 	if err != nil {
 		return err
 	}
 	username := c.Args().Get(0)
 	if username == userEveryone {
-		username = auth.Everyone
+		username = user.Everyone
 	}
 	topic := c.Args().Get(1)
 	perms := c.Args().Get(2)
@@ -96,26 +96,28 @@ func execUserAccess(c *cli.Context) error {
 	return changeAccess(c, manager, username, topic, perms)
 }

-func changeAccess(c *cli.Context, manager auth.Manager, username string, topic string, perms string) error {
-	if !util.InStringList([]string{"", "read-write", "rw", "read-only", "read", "ro", "write-only", "write", "wo", "none", "deny"}, perms) {
+func changeAccess(c *cli.Context, manager *user.Manager, username string, topic string, perms string) error {
+	if !util.Contains([]string{"", "read-write", "rw", "read-only", "read", "ro", "write-only", "write", "wo", "none", "deny"}, perms) {
 		return errors.New("permission must be one of: read-write, read-only, write-only, or deny (or the aliases: read, ro, write, wo, none)")
 	}
-	read := util.InStringList([]string{"read-write", "rw", "read-only", "read", "ro"}, perms)
-	write := util.InStringList([]string{"read-write", "rw", "write-only", "write", "wo"}, perms)
-	user, err := manager.User(username)
-	if err == auth.ErrNotFound {
-		return fmt.Errorf("user %s does not exist", username)
-	} else if user.Role == auth.RoleAdmin {
-		return fmt.Errorf("user %s is an admin user, access control entries have no effect", username)
-	}
-	if err := manager.AllowAccess(username, topic, read, write); err != nil {
+	permission, err := user.ParsePermission(perms)
+	if err != nil {
 		return err
 	}
-	if read && write {
+	u, err := manager.User(username)
+	if err == user.ErrUserNotFound {
+		return fmt.Errorf("user %s does not exist", username)
+	} else if u.Role == user.RoleAdmin {
+		return fmt.Errorf("user %s is an admin user, access control entries have no effect", username)
+	}
+	if err := manager.AllowAccess(username, topic, permission); err != nil {
+		return err
+	}
+	if permission.IsReadWrite() {
 		fmt.Fprintf(c.App.ErrWriter, "granted read-write access to topic %s\n\n", topic)
-	} else if read {
+	} else if permission.IsRead() {
 		fmt.Fprintf(c.App.ErrWriter, "granted read-only access to topic %s\n\n", topic)
-	} else if write {
+	} else if permission.IsWrite() {
 		fmt.Fprintf(c.App.ErrWriter, "granted write-only access to topic %s\n\n", topic)
 	} else {
 		fmt.Fprintf(c.App.ErrWriter, "revoked all access to topic %s\n\n", topic)
@@ -123,7 +125,7 @@ func changeAccess(c *cli.Context, manager auth.Manager, username string, topic s
 	return showUserAccess(c, manager, username)
 }

-func resetAccess(c *cli.Context, manager auth.Manager, username, topic string) error {
+func resetAccess(c *cli.Context, manager *user.Manager, username, topic string) error {
 	if username == "" {
 		return resetAllAccess(c, manager)
 	} else if topic == "" {
@@ -132,7 +134,7 @@ func resetAccess(c *cli.Context, manager auth.Manager, username, topic string) e
 	return resetUserTopicAccess(c, manager, username, topic)
 }

-func resetAllAccess(c *cli.Context, manager auth.Manager) error {
+func resetAllAccess(c *cli.Context, manager *user.Manager) error {
 	if err := manager.ResetAccess("", ""); err != nil {
 		return err
 	}
@@ -140,7 +142,7 @@ func resetAllAccess(c *cli.Context, manager auth.Manager) error {
 	return nil
 }

-func resetUserAccess(c *cli.Context, manager auth.Manager, username string) error {
+func resetUserAccess(c *cli.Context, manager *user.Manager, username string) error {
 	if err := manager.ResetAccess(username, ""); err != nil {
 		return err
 	}
@@ -148,7 +150,7 @@ func resetUserAccess(c *cli.Context, manager auth.Manager, username string) erro
 	return showUserAccess(c, manager, username)
 }

-func resetUserTopicAccess(c *cli.Context, manager auth.Manager, username string, topic string) error {
+func resetUserTopicAccess(c *cli.Context, manager *user.Manager, username string, topic string) error {
 	if err := manager.ResetAccess(username, topic); err != nil {
 		return err
 	}
@@ -156,14 +158,14 @@ func resetUserTopicAccess(c *cli.Context, manager auth.Manager, username string,
 	return showUserAccess(c, manager, username)
 }

-func showAccess(c *cli.Context, manager auth.Manager, username string) error {
+func showAccess(c *cli.Context, manager *user.Manager, username string) error {
 	if username == "" {
 		return showAllAccess(c, manager)
 	}
 	return showUserAccess(c, manager, username)
 }

-func showAllAccess(c *cli.Context, manager auth.Manager) error {
+func showAllAccess(c *cli.Context, manager *user.Manager) error {
 	users, err := manager.Users()
 	if err != nil {
 		return err
@@ -171,28 +173,32 @@ func showAllAccess(c *cli.Context, manager auth.Manager) error {
 	return showUsers(c, manager, users)
 }

-func showUserAccess(c *cli.Context, manager auth.Manager, username string) error {
+func showUserAccess(c *cli.Context, manager *user.Manager, username string) error {
 	users, err := manager.User(username)
-	if err == auth.ErrNotFound {
+	if err == user.ErrUserNotFound {
 		return fmt.Errorf("user %s does not exist", username)
 	} else if err != nil {
 		return err
 	}
-	return showUsers(c, manager, []*auth.User{users})
+	return showUsers(c, manager, []*user.User{users})
 }

-func showUsers(c *cli.Context, manager auth.Manager, users []*auth.User) error {
-	for _, user := range users {
-		fmt.Fprintf(c.App.ErrWriter, "user %s (%s)\n", user.Name, user.Role)
-		if user.Role == auth.RoleAdmin {
+func showUsers(c *cli.Context, manager *user.Manager, users []*user.User) error {
+	for _, u := range users {
+		grants, err := manager.Grants(u.Name)
+		if err != nil {
+			return err
+		}
+		fmt.Fprintf(c.App.ErrWriter, "user %s (%s)\n", u.Name, u.Role)
+		if u.Role == user.RoleAdmin {
 			fmt.Fprintf(c.App.ErrWriter, "- read-write access to all topics (admin role)\n")
-		} else if len(user.Grants) > 0 {
-			for _, grant := range user.Grants {
-				if grant.AllowRead && grant.AllowWrite {
+		} else if len(grants) > 0 {
+			for _, grant := range grants {
+				if grant.Allow.IsReadWrite() {
 					fmt.Fprintf(c.App.ErrWriter, "- read-write access to topic %s\n", grant.TopicPattern)
-				} else if grant.AllowRead {
+				} else if grant.Allow.IsRead() {
 					fmt.Fprintf(c.App.ErrWriter, "- read-only access to topic %s\n", grant.TopicPattern)
-				} else if grant.AllowWrite {
+				} else if grant.Allow.IsWrite() {
 					fmt.Fprintf(c.App.ErrWriter, "- write-only access to topic %s\n", grant.TopicPattern)
 				} else {
 					fmt.Fprintf(c.App.ErrWriter, "- no access to topic %s\n", grant.TopicPattern)
@@ -201,13 +207,13 @@ func showUsers(c *cli.Context, manager auth.Manager, users []*auth.User) error {
 		} else {
 			fmt.Fprintf(c.App.ErrWriter, "- no topic-specific permissions\n")
 		}
-		if user.Name == auth.Everyone {
-			defaultRead, defaultWrite := manager.DefaultAccess()
-			if defaultRead && defaultWrite {
+		if u.Name == user.Everyone {
+			access := manager.DefaultAccess()
+			if access.IsReadWrite() {
 				fmt.Fprintln(c.App.ErrWriter, "- read-write access to all (other) topics (server config)")
-			} else if defaultRead {
+			} else if access.IsRead() {
 				fmt.Fprintln(c.App.ErrWriter, "- read-only access to all (other) topics (server config)")
-			} else if defaultWrite {
+			} else if access.IsWrite() {
 				fmt.Fprintln(c.App.ErrWriter, "- write-only access to all (other) topics (server config)")
 			} else {
 				fmt.Fprintln(c.App.ErrWriter, "- no access to any (other) topics (server config)")
--- a/cmd/access_test.go
+++ b/cmd/access_test.go
@@ -81,7 +81,7 @@ func runAccessCommand(app *cli.App, conf *server.Config, args ...string) error {
 		"ntfy",
 		"access",
 		"--auth-file=" + conf.AuthFile,
-		"--auth-default-access=" + confToDefaultAccess(conf),
+		"--auth-default-access=" + conf.AuthDefault.String(),
 	}
 	return app.Run(append(userArgs, args...))
 }
--- a/cmd/config_loader.go
+++ b/cmd/config_loader.go
@@ -40,7 +40,7 @@ func initConfigFileInputSourceFunc(configFlag string, flags []cli.Flag, next cli
 // This function also maps aliases, so a .yml file can contain short options, or options with underscores
 // instead of dashes. See https://github.com/binwiederhier/ntfy/issues/255.
 func newYamlSourceFromFile(file string, flags []cli.Flag) (altsrc.InputSourceContext, error) {
-	var rawConfig map[interface{}]interface{}
+	var rawConfig map[any]any
 	b, err := os.ReadFile(file)
 	if err != nil {
 		return nil, err
--- a/cmd/publish.go
+++ b/cmd/publish.go
@@ -28,17 +28,18 @@ var flagsPublish = append(
 	&cli.StringFlag{Name: "tags", Aliases: []string{"tag", "T"}, EnvVars: []string{"NTFY_TAGS"}, Usage: "comma separated list of tags and emojis"},
 	&cli.StringFlag{Name: "delay", Aliases: []string{"at", "in", "D"}, EnvVars: []string{"NTFY_DELAY"}, Usage: "delay/schedule message"},
 	&cli.StringFlag{Name: "click", Aliases: []string{"U"}, EnvVars: []string{"NTFY_CLICK"}, Usage: "URL to open when notification is clicked"},
+	&cli.StringFlag{Name: "icon", Aliases: []string{"i"}, EnvVars: []string{"NTFY_ICON"}, Usage: "URL to use as notification icon"},
 	&cli.StringFlag{Name: "actions", Aliases: []string{"A"}, EnvVars: []string{"NTFY_ACTIONS"}, Usage: "actions JSON array or simple definition"},
 	&cli.StringFlag{Name: "attach", Aliases: []string{"a"}, EnvVars: []string{"NTFY_ATTACH"}, Usage: "URL to send as an external attachment"},
 	&cli.StringFlag{Name: "filename", Aliases: []string{"name", "n"}, EnvVars: []string{"NTFY_FILENAME"}, Usage: "filename for the attachment"},
 	&cli.StringFlag{Name: "file", Aliases: []string{"f"}, EnvVars: []string{"NTFY_FILE"}, Usage: "file to upload as an attachment"},
 	&cli.StringFlag{Name: "email", Aliases: []string{"mail", "e"}, EnvVars: []string{"NTFY_EMAIL"}, Usage: "also send to e-mail address"},
 	&cli.StringFlag{Name: "user", Aliases: []string{"u"}, EnvVars: []string{"NTFY_USER"}, Usage: "username[:password] used to auth against the server"},
-	&cli.IntFlag{Name: "wait-pid", Aliases: []string{"pid"}, EnvVars: []string{"NTFY_WAIT_PID"}, Usage: "wait until PID exits before publishing"},
-	&cli.BoolFlag{Name: "wait-cmd", Aliases: []string{"cmd", "done"}, EnvVars: []string{"NTFY_WAIT_CMD"}, Usage: "run command and wait until it finishes before publishing"},
-	&cli.BoolFlag{Name: "no-cache", Aliases: []string{"C"}, EnvVars: []string{"NTFY_NO_CACHE"}, Usage: "do not cache message server-side"},
-	&cli.BoolFlag{Name: "no-firebase", Aliases: []string{"F"}, EnvVars: []string{"NTFY_NO_FIREBASE"}, Usage: "do not forward message to Firebase"},
-	&cli.BoolFlag{Name: "env-topic", Aliases: []string{"P"}, EnvVars: []string{"NTFY_ENV_TOPIC"}, Usage: "use topic from NTFY_TOPIC env variable"},
+	&cli.IntFlag{Name: "wait-pid", Aliases: []string{"wait_pid", "pid"}, EnvVars: []string{"NTFY_WAIT_PID"}, Usage: "wait until PID exits before publishing"},
+	&cli.BoolFlag{Name: "wait-cmd", Aliases: []string{"wait_cmd", "cmd", "done"}, EnvVars: []string{"NTFY_WAIT_CMD"}, Usage: "run command and wait until it finishes before publishing"},
+	&cli.BoolFlag{Name: "no-cache", Aliases: []string{"no_cache", "C"}, EnvVars: []string{"NTFY_NO_CACHE"}, Usage: "do not cache message server-side"},
+	&cli.BoolFlag{Name: "no-firebase", Aliases: []string{"no_firebase", "F"}, EnvVars: []string{"NTFY_NO_FIREBASE"}, Usage: "do not forward message to Firebase"},
+	&cli.BoolFlag{Name: "env-topic", Aliases: []string{"env_topic", "P"}, EnvVars: []string{"NTFY_ENV_TOPIC"}, Usage: "use topic from NTFY_TOPIC env variable"},
 	&cli.BoolFlag{Name: "quiet", Aliases: []string{"q"}, EnvVars: []string{"NTFY_QUIET"}, Usage: "do not print message"},
 )

@@ -48,7 +49,7 @@ var cmdPublish = &cli.Command{
 	Usage:   "Send message via a ntfy server",
 	UsageText: `ntfy publish [OPTIONS..] TOPIC [MESSAGE...]
 ntfy publish [OPTIONS..] --wait-cmd COMMAND...
-NTFY_TOPIC=.. ntfy publish [OPTIONS..] -P [MESSAGE...]`,
+NTFY_TOPIC=.. ntfy publish [OPTIONS..] [MESSAGE...]`,
 	Action:   execPublish,
 	Category: categoryClient,
 	Flags:    flagsPublish,
@@ -64,13 +65,14 @@ Examples:
  ntfy pub --at=8:30am delayed_topic Laterzz              # Send message at 8:30am
  ntfy pub -e phil@example.com alerts 'App is down!'      # Also send email to phil@example.com
  ntfy pub --click="https://reddit.com" redd 'New msg'    # Opens Reddit when notification is clicked
+  ntfy pub --icon="http://some.tld/icon.png" 'Icon!'      # Send notification with custom icon
  ntfy pub --attach="http://some.tld/file.zip" files      # Send ZIP archive from URL as attachment
  ntfy pub --file=flower.jpg flowers 'Nice!'              # Send image.jpg as attachment
  ntfy pub -u phil:mypass secret Psst                     # Publish with username/password
  ntfy pub --wait-pid 1234 mytopic                        # Wait for process 1234 to exit before publishing
  ntfy pub --wait-cmd mytopic rsync -av ./ /tmp/a         # Run command and publish after it completes
  NTFY_USER=phil:mypass ntfy pub secret Psst              # Use env variables to set username/password
-  NTFY_TOPIC=mytopic ntfy pub -P "some message"           # Use NTFY_TOPIC variable as topic 
+  NTFY_TOPIC=mytopic ntfy pub "some message"              # Use NTFY_TOPIC variable as topic 
  cat flower.jpg | ntfy pub --file=- flowers 'Nice!'      # Same as above, send image.jpg as attachment
  ntfy trigger mywebhook                                  # Sending without message, useful for webhooks
 
@@ -90,6 +92,7 @@ func execPublish(c *cli.Context) error {
 	tags := c.String("tags")
 	delay := c.String("delay")
 	click := c.String("click")
+	icon := c.String("icon")
 	actions := c.String("actions")
 	attach := c.String("attach")
 	filename := c.String("filename")
@@ -120,6 +123,9 @@ func execPublish(c *cli.Context) error {
 	if click != "" {
 		options = append(options, client.WithClick(click))
 	}
+	if icon != "" {
+		options = append(options, client.WithIcon(icon))
+	}
 	if actions != "" {
 		options = append(options, client.WithActions(strings.ReplaceAll(actions, "\n", " ")))
 	}
@@ -154,6 +160,8 @@ func execPublish(c *cli.Context) error {
 			fmt.Fprintf(c.App.ErrWriter, "\r%s\r", strings.Repeat(" ", 20))
 		}
 		options = append(options, client.WithBasicAuth(user, pass))
+	} else if conf.DefaultUser != "" && conf.DefaultPassword != nil {
+		options = append(options, client.WithBasicAuth(conf.DefaultUser, *conf.DefaultPassword))
 	}
 	if pid > 0 {
 		newMessage, err := waitForProcess(pid)
@@ -206,10 +214,11 @@ func execPublish(c *cli.Context) error {
 // parseTopicMessageCommand reads the topic and the remaining arguments from the context.

 // There are a few cases to consider:
-//   ntfy publish <topic> [<message>]
-//   ntfy publish --wait-cmd <topic> <command>
-//   NTFY_TOPIC=.. ntfy publish [<message>]
-//   NTFY_TOPIC=.. ntfy publish --wait-cmd <command>
+//
+//	ntfy publish <topic> [<message>]
+//	ntfy publish --wait-cmd <topic> <command>
+//	NTFY_TOPIC=.. ntfy publish [<message>]
+//	NTFY_TOPIC=.. ntfy publish --wait-cmd <command>
 func parseTopicMessageCommand(c *cli.Context) (topic string, message string, command []string, err error) {
 	var args []string
 	topic, args, err = parseTopicAndArgs(c)
@@ -232,13 +241,9 @@ func parseTopicMessageCommand(c *cli.Context) (topic string, message string, com
 }

 func parseTopicAndArgs(c *cli.Context) (topic string, args []string, err error) {
-	envTopic := c.Bool("env-topic")
-	if envTopic {
-		fmt.Fprintln(c.App.ErrWriter, "\x1b[1;33mDeprecation notice: The --env-topic/-P flag will be removed in July 2022, see https://ntfy.sh/docs/deprecations/ for details.\x1b[0m")
-		topic = os.Getenv("NTFY_TOPIC")
-		if topic == "" {
-			return "", nil, errors.New("when --env-topic is passed, must define NTFY_TOPIC environment variable")
-		}
+	envTopic := os.Getenv("NTFY_TOPIC")
+	if envTopic != "" {
+		topic = envTopic
 		return topic, remainingArgs(c, 0), nil
 	}
 	if c.NArg() < 1 {
--- a/cmd/publish_darwin.go
+++ b/cmd/publish_darwin.go
@@ -1,8 +0,0 @@
-package cmd
-
-import "syscall"
-
-func processExists(pid int) bool {
-	err := syscall.Kill(pid, syscall.Signal(0))
-	return err == nil
-}
--- a/cmd/publish_test.go
+++ b/cmd/publish_test.go
@@ -17,6 +17,7 @@ func TestCLI_Publish_Subscribe_Poll_Real_Server(t *testing.T) {

 	app, _, _, _ := newTestApp()
 	require.Nil(t, app.Run([]string{"ntfy", "publish", "ntfytest", "ntfy unit test " + testMessage}))
+	time.Sleep(3 * time.Second) // Since #502, ntfy.sh writes messages to the cache asynchronously, after a timeout of ~1.5s

 	app2, _, stdout, _ := newTestApp()
 	require.Nil(t, app2.Run([]string{"ntfy", "subscribe", "--poll", "ntfytest"}))
@@ -52,6 +53,7 @@ func TestCLI_Publish_All_The_Things(t *testing.T) {
 		"--tags", "tag1,tag2",
 		// No --delay, --email
 		"--click", "https://ntfy.sh",
+		"--icon", "https://ntfy.sh/static/img/ntfy.png",
 		"--attach", "https://f-droid.org/F-Droid.apk",
 		"--filename", "fdroid.apk",
 		"--no-cache",
@@ -73,6 +75,7 @@ func TestCLI_Publish_All_The_Things(t *testing.T) {
 	require.Equal(t, "", m.Attachment.Owner)
 	require.Equal(t, int64(0), m.Attachment.Expires)
 	require.Equal(t, "", m.Attachment.Type)
+	require.Equal(t, "https://ntfy.sh/static/img/ntfy.png", m.Icon)
 }

 func TestCLI_Publish_Wait_PID_And_Cmd(t *testing.T) {
--- a/cmd/publish_linux.go
+++ b/cmd/publish_linux.go
@@ -1,3 +1,6 @@
+//go:build darwin || linux || dragonfly || freebsd || netbsd || openbsd
+// +build darwin linux dragonfly freebsd netbsd openbsd
+
 package cmd

 import "syscall"
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -5,15 +5,20 @@ package cmd
 import (
 	"errors"
 	"fmt"
-	"heckel.io/ntfy/log"
+	"github.com/stripe/stripe-go/v74"
+	"heckel.io/ntfy/user"
+	"io/fs"
 	"math"
 	"net"
+	"net/netip"
 	"os"
 	"os/signal"
 	"strings"
 	"syscall"
 	"time"

+	"heckel.io/ntfy/log"
+
 	"github.com/urfave/cli/v2"
 	"github.com/urfave/cli/v2/altsrc"
 	"heckel.io/ntfy/server"
@@ -35,13 +40,17 @@ var flagsServe = append(
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-http", Aliases: []string{"listen_http", "l"}, EnvVars: []string{"NTFY_LISTEN_HTTP"}, Value: server.DefaultListenHTTP, Usage: "ip:port used to as HTTP listen address"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-https", Aliases: []string{"listen_https", "L"}, EnvVars: []string{"NTFY_LISTEN_HTTPS"}, Usage: "ip:port used to as HTTPS listen address"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "listen-unix", Aliases: []string{"listen_unix", "U"}, EnvVars: []string{"NTFY_LISTEN_UNIX"}, Usage: "listen on unix socket path"}),
+	altsrc.NewIntFlag(&cli.IntFlag{Name: "listen-unix-mode", Aliases: []string{"listen_unix_mode"}, EnvVars: []string{"NTFY_LISTEN_UNIX_MODE"}, DefaultText: "system default", Usage: "file permissions of unix socket, e.g. 0700"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "key-file", Aliases: []string{"key_file", "K"}, EnvVars: []string{"NTFY_KEY_FILE"}, Usage: "private key file, if listen-https is set"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "cert-file", Aliases: []string{"cert_file", "E"}, EnvVars: []string{"NTFY_CERT_FILE"}, Usage: "certificate file, if listen-https is set"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "firebase-key-file", Aliases: []string{"firebase_key_file", "F"}, EnvVars: []string{"NTFY_FIREBASE_KEY_FILE"}, Usage: "Firebase credentials file; if set additionally publish to FCM topic"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "cache-file", Aliases: []string{"cache_file", "C"}, EnvVars: []string{"NTFY_CACHE_FILE"}, Usage: "cache file used for message caching"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "cache-duration", Aliases: []string{"cache_duration", "b"}, EnvVars: []string{"NTFY_CACHE_DURATION"}, Value: server.DefaultCacheDuration, Usage: "buffer messages for this time to allow `since` requests"}),
+	altsrc.NewIntFlag(&cli.IntFlag{Name: "cache-batch-size", Aliases: []string{"cache_batch_size"}, EnvVars: []string{"NTFY_BATCH_SIZE"}, Usage: "max size of messages to batch together when writing to message cache (if zero, writes are synchronous)"}),
+	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "cache-batch-timeout", Aliases: []string{"cache_batch_timeout"}, EnvVars: []string{"NTFY_CACHE_BATCH_TIMEOUT"}, Usage: "timeout for batched async writes to the message cache (if zero, writes are synchronous)"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "cache-startup-queries", Aliases: []string{"cache_startup_queries"}, EnvVars: []string{"NTFY_CACHE_STARTUP_QUERIES"}, Usage: "queries run when the cache database is initialized"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-file", Aliases: []string{"auth_file", "H"}, EnvVars: []string{"NTFY_AUTH_FILE"}, Usage: "auth database file used for access control"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-startup-queries", Aliases: []string{"auth_startup_queries"}, EnvVars: []string{"NTFY_AUTH_STARTUP_QUERIES"}, Usage: "queries run when the auth database is initialized"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-default-access", Aliases: []string{"auth_default_access", "p"}, EnvVars: []string{"NTFY_AUTH_DEFAULT_ACCESS"}, Value: "read-write", Usage: "default permissions if no matching entries in the auth database are found"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-cache-dir", Aliases: []string{"attachment_cache_dir"}, EnvVars: []string{"NTFY_ATTACHMENT_CACHE_DIR"}, Usage: "cache directory for attached files"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "attachment-total-size-limit", Aliases: []string{"attachment_total_size_limit", "A"}, EnvVars: []string{"NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT"}, DefaultText: "5G", Usage: "limit of the on-disk attachment cache"}),
@@ -50,6 +59,9 @@ var flagsServe = append(
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "keepalive-interval", Aliases: []string{"keepalive_interval", "k"}, EnvVars: []string{"NTFY_KEEPALIVE_INTERVAL"}, Value: server.DefaultKeepaliveInterval, Usage: "interval of keepalive messages"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "manager-interval", Aliases: []string{"manager_interval", "m"}, EnvVars: []string{"NTFY_MANAGER_INTERVAL"}, Value: server.DefaultManagerInterval, Usage: "interval of for message pruning and stats printing"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "web-root", Aliases: []string{"web_root"}, EnvVars: []string{"NTFY_WEB_ROOT"}, Value: "app", Usage: "sets web root to landing page (home), web app (app) or disabled (disable)"}),
+	altsrc.NewBoolFlag(&cli.BoolFlag{Name: "enable-signup", Aliases: []string{"enable_signup"}, EnvVars: []string{"NTFY_ENABLE_SIGNUP"}, Value: false, Usage: "allows users to sign up via the web app, or API"}),
+	altsrc.NewBoolFlag(&cli.BoolFlag{Name: "enable-login", Aliases: []string{"enable_login"}, EnvVars: []string{"NTFY_ENABLE_LOGIN"}, Value: false, Usage: "allows users to log in via the web app, or API"}),
+	altsrc.NewBoolFlag(&cli.BoolFlag{Name: "enable-reservations", Aliases: []string{"enable_reservations"}, EnvVars: []string{"NTFY_ENABLE_RESERVATIONS"}, Value: false, Usage: "allows users to reserve topics (if their tier allows it)"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "upstream-base-url", Aliases: []string{"upstream_base_url"}, EnvVars: []string{"NTFY_UPSTREAM_BASE_URL"}, Value: "", Usage: "forward poll request to an upstream server, this is needed for iOS push notifications for self-hosted servers"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-addr", Aliases: []string{"smtp_sender_addr"}, EnvVars: []string{"NTFY_SMTP_SENDER_ADDR"}, Usage: "SMTP server address (host:port) for outgoing emails"}),
 	altsrc.NewStringFlag(&cli.StringFlag{Name: "smtp-sender-user", Aliases: []string{"smtp_sender_user"}, EnvVars: []string{"NTFY_SMTP_SENDER_USER"}, Usage: "SMTP user (if e-mail sending is enabled)"}),
@@ -68,6 +80,8 @@ var flagsServe = append(
 	altsrc.NewIntFlag(&cli.IntFlag{Name: "visitor-email-limit-burst", Aliases: []string{"visitor_email_limit_burst"}, EnvVars: []string{"NTFY_VISITOR_EMAIL_LIMIT_BURST"}, Value: server.DefaultVisitorEmailLimitBurst, Usage: "initial limit of e-mails per visitor"}),
 	altsrc.NewDurationFlag(&cli.DurationFlag{Name: "visitor-email-limit-replenish", Aliases: []string{"visitor_email_limit_replenish"}, EnvVars: []string{"NTFY_VISITOR_EMAIL_LIMIT_REPLENISH"}, Value: server.DefaultVisitorEmailLimitReplenish, Usage: "interval at which burst limit is replenished (one per x)"}),
 	altsrc.NewBoolFlag(&cli.BoolFlag{Name: "behind-proxy", Aliases: []string{"behind_proxy", "P"}, EnvVars: []string{"NTFY_BEHIND_PROXY"}, Value: false, Usage: "if set, use X-Forwarded-For header to determine visitor IP address (for rate limiting)"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "stripe-secret-key", Aliases: []string{"stripe_secret_key"}, EnvVars: []string{"NTFY_STRIPE_SECRET_KEY"}, Value: "", Usage: "key used for the Stripe API communication, this enables payments"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "stripe-webhook-key", Aliases: []string{"stripe_webhook_key"}, EnvVars: []string{"NTFY_STRIPE_WEBHOOK_KEY"}, Value: "", Usage: "key required to validate the authenticity of incoming webhooks from Stripe"}),
 )

 var cmdServe = &cli.Command{
@@ -99,13 +113,17 @@ func execServe(c *cli.Context) error {
 	listenHTTP := c.String("listen-http")
 	listenHTTPS := c.String("listen-https")
 	listenUnix := c.String("listen-unix")
+	listenUnixMode := c.Int("listen-unix-mode")
 	keyFile := c.String("key-file")
 	certFile := c.String("cert-file")
 	firebaseKeyFile := c.String("firebase-key-file")
 	cacheFile := c.String("cache-file")
 	cacheDuration := c.Duration("cache-duration")
 	cacheStartupQueries := c.String("cache-startup-queries")
+	cacheBatchSize := c.Int("cache-batch-size")
+	cacheBatchTimeout := c.Duration("cache-batch-timeout")
 	authFile := c.String("auth-file")
+	authStartupQueries := c.String("auth-startup-queries")
 	authDefaultAccess := c.String("auth-default-access")
 	attachmentCacheDir := c.String("attachment-cache-dir")
 	attachmentTotalSizeLimitStr := c.String("attachment-total-size-limit")
@@ -114,6 +132,9 @@ func execServe(c *cli.Context) error {
 	keepaliveInterval := c.Duration("keepalive-interval")
 	managerInterval := c.Duration("manager-interval")
 	webRoot := c.String("web-root")
+	enableSignup := c.Bool("enable-signup")
+	enableLogin := c.Bool("enable-login")
+	enableReservations := c.Bool("enable-reservations")
 	upstreamBaseURL := c.String("upstream-base-url")
 	smtpSenderAddr := c.String("smtp-sender-addr")
 	smtpSenderUser := c.String("smtp-sender-user")
@@ -132,6 +153,8 @@ func execServe(c *cli.Context) error {
 	visitorEmailLimitBurst := c.Int("visitor-email-limit-burst")
 	visitorEmailLimitReplenish := c.Duration("visitor-email-limit-replenish")
 	behindProxy := c.Bool("behind-proxy")
+	stripeSecretKey := c.String("stripe-secret-key")
+	stripeWebhookKey := c.String("stripe-webhook-key")

 	// Check values
 	if firebaseKeyFile != "" && !util.FileExists(firebaseKeyFile) {
@@ -154,26 +177,36 @@ func execServe(c *cli.Context) error {
 		return errors.New("if smtp-server-listen is set, smtp-server-domain must also be set")
 	} else if attachmentCacheDir != "" && baseURL == "" {
 		return errors.New("if attachment-cache-dir is set, base-url must also be set")
-	} else if baseURL != "" && !strings.HasPrefix(baseURL, "http://") && !strings.HasPrefix(baseURL, "https://") && strings.HasSuffix(baseURL, "/") {
-		return errors.New("if set, base-url must start with http:// or https://, and must not end with a slash (/)")
-	} else if !util.InStringList([]string{"read-write", "read-only", "write-only", "deny-all"}, authDefaultAccess) {
-		return errors.New("if set, auth-default-access must start set to 'read-write', 'read-only', 'write-only' or 'deny-all'")
-	} else if !util.InStringList([]string{"app", "home", "disable"}, webRoot) {
+	} else if baseURL != "" && !strings.HasPrefix(baseURL, "http://") && !strings.HasPrefix(baseURL, "https://") {
+		return errors.New("if set, base-url must start with http:// or https://")
+	} else if baseURL != "" && strings.HasSuffix(baseURL, "/") {
+		return errors.New("if set, base-url must not end with a slash (/)")
+	} else if !util.Contains([]string{"app", "home", "disable"}, webRoot) {
 		return errors.New("if set, web-root must be 'home' or 'app'")
 	} else if upstreamBaseURL != "" && !strings.HasPrefix(upstreamBaseURL, "http://") && !strings.HasPrefix(upstreamBaseURL, "https://") {
 		return errors.New("if set, upstream-base-url must start with http:// or https://")
+	} else if upstreamBaseURL != "" && strings.HasSuffix(upstreamBaseURL, "/") {
+		return errors.New("if set, upstream-base-url must not end with a slash (/)")
 	} else if upstreamBaseURL != "" && baseURL == "" {
 		return errors.New("if upstream-base-url is set, base-url must also be set")
 	} else if upstreamBaseURL != "" && baseURL != "" && baseURL == upstreamBaseURL {
 		return errors.New("base-url and upstream-base-url cannot be identical, you'll likely want to set upstream-base-url to https://ntfy.sh, see https://ntfy.sh/docs/config/#ios-instant-notifications")
+	} else if authFile == "" && (enableSignup || enableLogin || enableReservations || stripeSecretKey != "") {
+		return errors.New("cannot set enable-signup, enable-login, enable-reserve-topics, or stripe-secret-key if auth-file is not set")
+	} else if enableSignup && !enableLogin {
+		return errors.New("cannot set enable-signup without also setting enable-login")
+	} else if stripeSecretKey != "" && (stripeWebhookKey == "" || baseURL == "") {
+		return errors.New("if stripe-secret-key is set, stripe-webhook-key and base-url must also be set")
 	}

 	webRootIsApp := webRoot == "app"
 	enableWeb := webRoot != "disable"

 	// Default auth permissions
-	authDefaultRead := authDefaultAccess == "read-write" || authDefaultAccess == "read-only"
-	authDefaultWrite := authDefaultAccess == "read-write" || authDefaultAccess == "write-only"
+	authDefault, err := user.ParsePermission(authDefaultAccess)
+	if err != nil {
+		return errors.New("if set, auth-default-access must start set to 'read-write', 'read-only', 'write-only' or 'deny-all'")
+	}

 	// Special case: Unset default
 	if listenHTTP == "-" {
@@ -201,16 +234,19 @@ func execServe(c *cli.Context) error {
 	}

 	// Resolve hosts
-	visitorRequestLimitExemptIPs := make([]string, 0)
+	visitorRequestLimitExemptIPs := make([]netip.Prefix, 0)
 	for _, host := range visitorRequestLimitExemptHosts {
-		ips, err := net.LookupIP(host)
+		ips, err := parseIPHostPrefix(host)
 		if err != nil {
 			log.Warn("cannot resolve host %s: %s, ignoring visitor request exemption", host, err.Error())
 			continue
 		}
-		for _, ip := range ips {
-			visitorRequestLimitExemptIPs = append(visitorRequestLimitExemptIPs, ip.String())
-		}
+		visitorRequestLimitExemptIPs = append(visitorRequestLimitExemptIPs, ips...)
+	}
+
+	// Stripe things
+	if stripeSecretKey != "" {
+		stripe.Key = stripeSecretKey
 	}

 	// Run server
@@ -219,15 +255,18 @@ func execServe(c *cli.Context) error {
 	conf.ListenHTTP = listenHTTP
 	conf.ListenHTTPS = listenHTTPS
 	conf.ListenUnix = listenUnix
+	conf.ListenUnixMode = fs.FileMode(listenUnixMode)
 	conf.KeyFile = keyFile
 	conf.CertFile = certFile
 	conf.FirebaseKeyFile = firebaseKeyFile
 	conf.CacheFile = cacheFile
 	conf.CacheDuration = cacheDuration
 	conf.CacheStartupQueries = cacheStartupQueries
+	conf.CacheBatchSize = cacheBatchSize
+	conf.CacheBatchTimeout = cacheBatchTimeout
 	conf.AuthFile = authFile
-	conf.AuthDefaultRead = authDefaultRead
-	conf.AuthDefaultWrite = authDefaultWrite
+	conf.AuthStartupQueries = authStartupQueries
+	conf.AuthDefault = authDefault
 	conf.AttachmentCacheDir = attachmentCacheDir
 	conf.AttachmentTotalSizeLimit = attachmentTotalSizeLimit
 	conf.AttachmentFileSizeLimit = attachmentFileSizeLimit
@@ -253,7 +292,12 @@ func execServe(c *cli.Context) error {
 	conf.VisitorEmailLimitBurst = visitorEmailLimitBurst
 	conf.VisitorEmailLimitReplenish = visitorEmailLimitReplenish
 	conf.BehindProxy = behindProxy
+	conf.StripeSecretKey = stripeSecretKey
+	conf.StripeWebhookKey = stripeWebhookKey
 	conf.EnableWeb = enableWeb
+	conf.EnableSignup = enableSignup
+	conf.EnableLogin = enableLogin
+	conf.EnableReservations = enableReservations
 	conf.Version = c.App.Version

 	// Set up hot-reloading of config
@@ -295,6 +339,31 @@ func sigHandlerConfigReload(config string) {
 	}
 }

+func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) {
+	// Try parsing as prefix, e.g. 10.0.1.0/24
+	prefix, err := netip.ParsePrefix(host)
+	if err == nil {
+		prefixes = append(prefixes, prefix.Masked())
+		return prefixes, nil
+	}
+	// Not a prefix, parse as host or IP (LookupHost passes through an IP as is)
+	ips, err := net.LookupHost(host)
+	if err != nil {
+		return nil, err
+	}
+	for _, ipStr := range ips {
+		ip, err := netip.ParseAddr(ipStr)
+		if err == nil {
+			prefix, err := ip.Prefix(ip.BitLen())
+			if err != nil {
+				return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error())
+			}
+			prefixes = append(prefixes, prefix.Masked())
+		}
+	}
+	return
+}
+
 func reloadLogLevel(inputSource altsrc.InputSourceContext) {
 	newLevelStr, err := inputSource.String("log-level")
 	if err != nil {
--- a/cmd/serve_test.go
+++ b/cmd/serve_test.go
@@ -2,17 +2,19 @@ package cmd

 import (
 	"fmt"
-	"github.com/gorilla/websocket"
-	"github.com/stretchr/testify/require"
-	"heckel.io/ntfy/client"
-	"heckel.io/ntfy/test"
-	"heckel.io/ntfy/util"
 	"math/rand"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"testing"
 	"time"
+
+	"github.com/gorilla/websocket"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"heckel.io/ntfy/client"
+	"heckel.io/ntfy/test"
+	"heckel.io/ntfy/util"
 )

 func init() {
@@ -70,6 +72,22 @@ func TestCLI_Serve_WebSocket(t *testing.T) {
 	require.Equal(t, "mytopic", m.Topic)
 }

+func TestIP_Host_Parsing(t *testing.T) {
+	cases := map[string]string{
+		"1.1.1.1":          "1.1.1.1/32",
+		"fd00::1234":       "fd00::1234/128",
+		"192.168.0.3/24":   "192.168.0.0/24",
+		"10.1.2.3/8":       "10.0.0.0/8",
+		"201:be93::4a6/21": "201:b800::/21",
+	}
+	for q, expectedAnswer := range cases {
+		ips, err := parseIPHostPrefix(q)
+		require.Nil(t, err)
+		assert.Equal(t, 1, len(ips))
+		assert.Equal(t, expectedAnswer, ips[0].String())
+	}
+}
+
 func newEmptyFile(t *testing.T) string {
 	filename := filepath.Join(t.TempDir(), "empty")
 	require.Nil(t, os.WriteFile(filename, []byte{}, 0600))
--- a/cmd/subscribe.go
+++ b/cmd/subscribe.go
@@ -29,8 +29,8 @@ var flagsSubscribe = append(
 	flagsDefault,
 	&cli.StringFlag{Name: "config", Aliases: []string{"c"}, Usage: "client config file"},
 	&cli.StringFlag{Name: "since", Aliases: []string{"s"}, Usage: "return events since `SINCE` (Unix timestamp, or all)"},
-	&cli.StringFlag{Name: "user", Aliases: []string{"u"}, Usage: "username[:password] used to auth against the server"},
-	&cli.BoolFlag{Name: "from-config", Aliases: []string{"C"}, Usage: "read subscriptions from config file (service mode)"},
+	&cli.StringFlag{Name: "user", Aliases: []string{"u"}, EnvVars: []string{"NTFY_USER"}, Usage: "username[:password] used to auth against the server"},
+	&cli.BoolFlag{Name: "from-config", Aliases: []string{"from_config", "C"}, Usage: "read subscriptions from config file (service mode)"},
 	&cli.BoolFlag{Name: "poll", Aliases: []string{"p"}, Usage: "return events and exit, do not listen for new events"},
 	&cli.BoolFlag{Name: "scheduled", Aliases: []string{"sched", "S"}, Usage: "also return scheduled/delayed events"},
 )
@@ -175,11 +175,29 @@ func doSubscribe(c *cli.Context, cl *client.Client, conf *client.Config, topic,
 		for filter, value := range s.If {
 			topicOptions = append(topicOptions, client.WithFilter(filter, value))
 		}
-		if s.User != "" && s.Password != "" {
-			topicOptions = append(topicOptions, client.WithBasicAuth(s.User, s.Password))
+		var user string
+		var password *string
+		if s.User != "" {
+			user = s.User
+		} else if conf.DefaultUser != "" {
+			user = conf.DefaultUser
+		}
+		if s.Password != nil {
+			password = s.Password
+		} else if conf.DefaultPassword != nil {
+			password = conf.DefaultPassword
+		}
+		if user != "" && password != nil {
+			topicOptions = append(topicOptions, client.WithBasicAuth(user, *password))
 		}
 		subscriptionID := cl.Subscribe(s.Topic, topicOptions...)
-		cmds[subscriptionID] = s.Command
+		if s.Command != "" {
+			cmds[subscriptionID] = s.Command
+		} else if conf.DefaultCommand != "" {
+			cmds[subscriptionID] = conf.DefaultCommand
+		} else {
+			cmds[subscriptionID] = ""
+		}
 	}
 	if topic != "" {
 		subscriptionID := cl.Subscribe(topic, options...)
--- a/cmd/subscribe_linux.go
+++ b/cmd/subscribe_linux.go
@@ -1,3 +1,5 @@
+//go:build linux || dragonfly || freebsd || netbsd || openbsd
+
 package cmd

 const (
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -6,24 +6,29 @@ import (
 	"crypto/subtle"
 	"errors"
 	"fmt"
+	"heckel.io/ntfy/user"
 	"os"
 	"strings"

 	"github.com/urfave/cli/v2"
 	"github.com/urfave/cli/v2/altsrc"
-	"heckel.io/ntfy/auth"
 	"heckel.io/ntfy/util"
 )

+const (
+	tierReset    = "-"
+	createdByCLI = "cli"
+)
+
 func init() {
 	commands = append(commands, cmdUser)
 }

 var flagsUser = append(
 	flagsDefault,
-	&cli.StringFlag{Name: "config", Aliases: []string{"c"}, EnvVars: []string{"NTFY_CONFIG_FILE"}, Value: "/etc/ntfy/server.yml", DefaultText: "/etc/ntfy/server.yml", Usage: "config file"},
-	altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-file", Aliases: []string{"H"}, EnvVars: []string{"NTFY_AUTH_FILE"}, Usage: "auth database file used for access control"}),
-	altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-default-access", Aliases: []string{"p"}, EnvVars: []string{"NTFY_AUTH_DEFAULT_ACCESS"}, Value: "read-write", Usage: "default permissions if no matching entries in the auth database are found"}),
+	&cli.StringFlag{Name: "config", Aliases: []string{"c"}, EnvVars: []string{"NTFY_CONFIG_FILE"}, Value: defaultServerConfigFile, DefaultText: defaultServerConfigFile, Usage: "config file"},
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-file", Aliases: []string{"auth_file", "H"}, EnvVars: []string{"NTFY_AUTH_FILE"}, Usage: "auth database file used for access control"}),
+	altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-default-access", Aliases: []string{"auth_default_access", "p"}, EnvVars: []string{"NTFY_AUTH_DEFAULT_ACCESS"}, Value: "read-write", Usage: "default permissions if no matching entries in the auth database are found"}),
 )

 var cmdUser = &cli.Command{
@@ -41,7 +46,7 @@ var cmdUser = &cli.Command{
 			UsageText: "ntfy user add [--role=admin|user] USERNAME\nNTFY_PASSWORD=... ntfy user add [--role=admin|user] USERNAME",
 			Action:    execUserAdd,
 			Flags: []cli.Flag{
-				&cli.StringFlag{Name: "role", Aliases: []string{"r"}, Value: string(auth.RoleUser), Usage: "user role"},
+				&cli.StringFlag{Name: "role", Aliases: []string{"r"}, Value: string(user.RoleUser), Usage: "user role"},
 			},
 			Description: `Add a new user to the ntfy user database.

@@ -110,6 +115,22 @@ user are removed, since they are no longer necessary.
 Example:
  ntfy user change-role phil admin   # Make user phil an admin 
  ntfy user change-role phil user    # Remove admin role from user phil 
+`,
+		},
+		{
+			Name:      "change-tier",
+			Aliases:   []string{"cht"},
+			Usage:     "Changes the tier of a user",
+			UsageText: "ntfy user change-tier USERNAME (TIER|-)",
+			Action:    execUserChangeTier,
+			Description: `Change the tier for the given user.
+
+This command can be used to change the tier of a user. Tiers define usage limits, such
+as messages per day, attachment file sizes, etc.
+
+Example:
+  ntfy user change-tier phil pro   # Change tier to "pro" for user "phil"  
+  ntfy user change-tier phil -     # Remove tier from user "phil" entirely 
 `,
 		},
 		{
@@ -152,16 +173,16 @@ variable to pass the new password. This is useful if you are creating/updating u

 func execUserAdd(c *cli.Context) error {
 	username := c.Args().Get(0)
-	role := auth.Role(c.String("role"))
+	role := user.Role(c.String("role"))
 	password := os.Getenv("NTFY_PASSWORD")
 	if username == "" {
 		return errors.New("username expected, type 'ntfy user add --help' for help")
 	} else if username == userEveryone {
 		return errors.New("username not allowed")
-	} else if !auth.AllowedRole(role) {
+	} else if !user.AllowedRole(role) {
 		return errors.New("role must be either 'user' or 'admin'")
 	}
-	manager, err := createAuthManager(c)
+	manager, err := createUserManager(c)
 	if err != nil {
 		return err
 	}
@@ -176,7 +197,7 @@ func execUserAdd(c *cli.Context) error {

 		password = p
 	}
-	if err := manager.AddUser(username, password, role); err != nil {
+	if err := manager.AddUser(username, password, role, createdByCLI); err != nil {
 		return err
 	}
 	fmt.Fprintf(c.App.ErrWriter, "user %s added with role %s\n", username, role)
@@ -190,11 +211,11 @@ func execUserDel(c *cli.Context) error {
 	} else if username == userEveryone {
 		return errors.New("username not allowed")
 	}
-	manager, err := createAuthManager(c)
+	manager, err := createUserManager(c)
 	if err != nil {
 		return err
 	}
-	if _, err := manager.User(username); err == auth.ErrNotFound {
+	if _, err := manager.User(username); err == user.ErrUserNotFound {
 		return fmt.Errorf("user %s does not exist", username)
 	}
 	if err := manager.RemoveUser(username); err != nil {
@@ -212,11 +233,11 @@ func execUserChangePass(c *cli.Context) error {
 	} else if username == userEveryone {
 		return errors.New("username not allowed")
 	}
-	manager, err := createAuthManager(c)
+	manager, err := createUserManager(c)
 	if err != nil {
 		return err
 	}
-	if _, err := manager.User(username); err == auth.ErrNotFound {
+	if _, err := manager.User(username); err == user.ErrUserNotFound {
 		return fmt.Errorf("user %s does not exist", username)
 	}
 	if password == "" {
@@ -234,17 +255,17 @@ func execUserChangePass(c *cli.Context) error {

 func execUserChangeRole(c *cli.Context) error {
 	username := c.Args().Get(0)
-	role := auth.Role(c.Args().Get(1))
-	if username == "" || !auth.AllowedRole(role) {
+	role := user.Role(c.Args().Get(1))
+	if username == "" || !user.AllowedRole(role) {
 		return errors.New("username and new role expected, type 'ntfy user change-role --help' for help")
 	} else if username == userEveryone {
 		return errors.New("username not allowed")
 	}
-	manager, err := createAuthManager(c)
+	manager, err := createUserManager(c)
 	if err != nil {
 		return err
 	}
-	if _, err := manager.User(username); err == auth.ErrNotFound {
+	if _, err := manager.User(username); err == user.ErrUserNotFound {
 		return fmt.Errorf("user %s does not exist", username)
 	}
 	if err := manager.ChangeRole(username, role); err != nil {
@@ -254,8 +275,39 @@ func execUserChangeRole(c *cli.Context) error {
 	return nil
 }

+func execUserChangeTier(c *cli.Context) error {
+	username := c.Args().Get(0)
+	tier := c.Args().Get(1)
+	if username == "" {
+		return errors.New("username and new tier expected, type 'ntfy user change-tier --help' for help")
+	} else if !user.AllowedTier(tier) && tier != tierReset {
+		return errors.New("invalid tier, must be tier code, or - to reset")
+	} else if username == userEveryone {
+		return errors.New("username not allowed")
+	}
+	manager, err := createUserManager(c)
+	if err != nil {
+		return err
+	}
+	if _, err := manager.User(username); err == user.ErrUserNotFound {
+		return fmt.Errorf("user %s does not exist", username)
+	}
+	if tier == tierReset {
+		if err := manager.ResetTier(username); err != nil {
+			return err
+		}
+		fmt.Fprintf(c.App.ErrWriter, "removed tier from user %s\n", username)
+	} else {
+		if err := manager.ChangeTier(username, tier); err != nil {
+			return err
+		}
+		fmt.Fprintf(c.App.ErrWriter, "changed tier for user %s to %s\n", username, tier)
+	}
+	return nil
+}
+
 func execUserList(c *cli.Context) error {
-	manager, err := createAuthManager(c)
+	manager, err := createUserManager(c)
 	if err != nil {
 		return err
 	}
@@ -266,19 +318,20 @@ func execUserList(c *cli.Context) error {
 	return showUsers(c, manager, users)
 }

-func createAuthManager(c *cli.Context) (auth.Manager, error) {
+func createUserManager(c *cli.Context) (*user.Manager, error) {
 	authFile := c.String("auth-file")
+	authStartupQueries := c.String("auth-startup-queries")
 	authDefaultAccess := c.String("auth-default-access")
 	if authFile == "" {
 		return nil, errors.New("option auth-file not set; auth is unconfigured for this server")
 	} else if !util.FileExists(authFile) {
 		return nil, errors.New("auth-file does not exist; please start the server at least once to create it")
-	} else if !util.InStringList([]string{"read-write", "read-only", "write-only", "deny-all"}, authDefaultAccess) {
-		return nil, errors.New("if set, auth-default-access must start set to 'read-write', 'read-only' or 'deny-all'")
 	}
-	authDefaultRead := authDefaultAccess == "read-write" || authDefaultAccess == "read-only"
-	authDefaultWrite := authDefaultAccess == "read-write" || authDefaultAccess == "write-only"
-	return auth.NewSQLiteAuth(authFile, authDefaultRead, authDefaultWrite)
+	authDefault, err := user.ParsePermission(authDefaultAccess)
+	if err != nil {
+		return nil, errors.New("if set, auth-default-access must start set to 'read-write', 'read-only', 'write-only' or 'deny-all'")
+	}
+	return user.NewManager(authFile, authStartupQueries, authDefault)
 }

 func readPasswordAndConfirm(c *cli.Context) (string, error) {
--- a/cmd/user_test.go
+++ b/cmd/user_test.go
@@ -5,6 +5,7 @@ import (
 	"github.com/urfave/cli/v2"
 	"heckel.io/ntfy/server"
 	"heckel.io/ntfy/test"
+	"heckel.io/ntfy/user"
 	"path/filepath"
 	"testing"
 )
@@ -114,8 +115,7 @@ func TestCLI_User_Delete(t *testing.T) {
 func newTestServerWithAuth(t *testing.T) (s *server.Server, conf *server.Config, port int) {
 	conf = server.NewConfig()
 	conf.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	conf.AuthDefaultRead = false
-	conf.AuthDefaultWrite = false
+	conf.AuthDefault = user.PermissionDenyAll
 	s, port = test.StartServerWithConfig(t, conf)
 	return
 }
@@ -125,21 +125,7 @@ func runUserCommand(app *cli.App, conf *server.Config, args ...string) error {
 		"ntfy",
 		"user",
 		"--auth-file=" + conf.AuthFile,
-		"--auth-default-access=" + confToDefaultAccess(conf),
+		"--auth-default-access=" + conf.AuthDefault.String(),
 	}
 	return app.Run(append(userArgs, args...))
 }
-
-func confToDefaultAccess(conf *server.Config) string {
-	var defaultAccess string
-	if conf.AuthDefaultRead && conf.AuthDefaultWrite {
-		defaultAccess = "read-write"
-	} else if conf.AuthDefaultRead && !conf.AuthDefaultWrite {
-		defaultAccess = "read-only"
-	} else if !conf.AuthDefaultRead && conf.AuthDefaultWrite {
-		defaultAccess = "write-only"
-	} else if !conf.AuthDefaultRead && !conf.AuthDefaultWrite {
-		defaultAccess = "deny-all"
-	}
-	return defaultAccess
-}
--- a/docs/config.md
+++ b/docs/config.md
@@ -309,6 +309,25 @@ with the given username/password. Be sure to use HTTPS to avoid eavesdropping an
    ]));
    ```

+### Example: UnifiedPush
+[UnifiedPush](https://unifiedpush.org) requires that the [application server](https://unifiedpush.org/spec/definitions/#application-server) (e.g. Synapse, Fediverse Server, …) 
+has anonymous write access to the [topic](https://unifiedpush.org/spec/definitions/#endpoint) used for push messages. 
+The topic names used by UnifiedPush all start with the `up*` prefix. Please refer to the 
+**[UnifiedPush documentation](https://unifiedpush.org/users/distributors/ntfy/#limit-access-to-some-users)** for more details.
+
+To enable support for UnifiedPush for private servers (i.e. `auth-default-access: "deny-all"`), you should either 
+allow anonymous write access for the entire prefix or explicitly per topic:
+
+=== "Prefix"
+    ```
+    $ ntfy access '*' 'up*' write-only
+    ```
+
+=== "Explicitly"
+    ```
+    $ ntfy access '*' upYzMtZGZiYTY5 write-only
+    ```
+
 ## E-mail notifications
 To allow forwarding messages via e-mail, you can configure an **SMTP server for outgoing messages**. Once configured, 
 you can set the `X-Email` header to [send messages via e-mail](publish.md#e-mail-notifications) (e.g. 
@@ -441,8 +460,16 @@ by forwarding the `Connection` and `Upgrade` headers accordingly.
 In this example, ntfy runs on `:2586` and we proxy traffic to it. We also redirect HTTP to HTTPS for GET requests against a topic
 or the root domain:

-=== "nginx (/etc/nginx/sites-*/ntfy)"
+=== "nginx (convenient)"
    ```
+    # /etc/nginx/sites-*/ntfy
+    #
+    # This config allows insecure HTTP POST/PUT requests against topics to allow a short curl syntax (without -L
+    # and "https://" prefix). It also disables output buffering, which has worked well for the ntfy.sh server.
+    #
+    # This is pretty much how ntfy.sh is configured. To see the exact configuration,
+    # see https://github.com/binwiederhier/ntfy-ansible/
+
    server {
      listen 80;
      server_name ntfy.sh;
@@ -482,14 +509,17 @@ or the root domain:
    }
    
    server {
-      listen 443 ssl;
+      listen 443 ssl http2;
      server_name ntfy.sh;
    
-      ssl_session_cache builtin:1000 shared:SSL:10m;
-      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-      ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
-      ssl_prefer_server_ciphers on;
-    
+      # See https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=intermediate&openssl=1.1.1k&hsts=false&ocsp=false&guideline=5.6see https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=intermediate&openssl=1.1.1k&hsts=false&ocsp=false&guideline=5.6
+      ssl_session_timeout 1d;
+      ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+      ssl_session_tickets off;
+      ssl_protocols TLSv1.2 TLSv1.3;
+      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+      ssl_prefer_server_ciphers off;
+ 
      ssl_certificate /etc/letsencrypt/live/ntfy.sh/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/ntfy.sh/privkey.pem;
    
@@ -515,8 +545,73 @@ or the root domain:
    }
    ```

-=== "Apache2 (/etc/apache2/sites-*/ntfy.conf)"
+=== "nginx (more secure)"
    ```
+    # /etc/nginx/sites-*/ntfy
+    #
+    # This config requires the use of the -L flag in curl to redirect to HTTPS, and it keeps nginx output buffering
+    # enabled. While recommended, I have had issues with that in the past.
+    
+    server {
+      listen 80;
+      server_name ntfy.sh;
+
+      location / {
+        return 302 https://$http_host$request_uri$is_args$query_string;
+
+        proxy_pass http://127.0.0.1:2586;
+        proxy_http_version 1.1;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_connect_timeout 3m;
+        proxy_send_timeout 3m;
+        proxy_read_timeout 3m;
+
+        client_max_body_size 20m; # Must be >= attachment-file-size-limit in /etc/ntfy/server.yml
+      }
+    }
+    
+    server {
+      listen 443 ssl http2;
+      server_name ntfy.sh;
+    
+      # See https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=intermediate&openssl=1.1.1k&hsts=false&ocsp=false&guideline=5.6see https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=intermediate&openssl=1.1.1k&hsts=false&ocsp=false&guideline=5.6
+      ssl_session_timeout 1d;
+      ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+      ssl_session_tickets off;
+      ssl_protocols TLSv1.2 TLSv1.3;
+      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+      ssl_prefer_server_ciphers off;
+    
+      ssl_certificate /etc/letsencrypt/live/ntfy.sh/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/ntfy.sh/privkey.pem;
+    
+      location / {
+        proxy_pass http://127.0.0.1:2586;
+        proxy_http_version 1.1;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_connect_timeout 3m;
+        proxy_send_timeout 3m;
+        proxy_read_timeout 3m;
+
+        client_max_body_size 20m; # Must be >= attachment-file-size-limit in /etc/ntfy/server.yml
+      }
+    }
+    ```
+
+=== "Apache2"
+    ```
+    # /etc/apache2/sites-*/ntfy.conf
+
    <VirtualHost *:80>
        ServerName ntfy.sh

@@ -655,6 +750,10 @@ curl -X POST -H "X-Poll-ID: s4PdJozxM8na" https://ntfy.sh/6de73be8dfb7d69e32fb2c
 {"id":"4HsClFEuCIcs","time":1654087955,"event":"poll_request","topic":"6de73be8dfb7d69e32fb2c00c23fe7adbd8b5504406e3068c273aa24cef4055b","message":"New message","poll_id":"s4PdJozxM8na"}
 ```

+Note that the self-hosted server literally sends the message `New message` for every message, even if your message 
+may be `Some other message`. This is so that if iOS cannot talk to the self-hosted server (in time, or at all), 
+it'll show `New message` as a popup.
+
 ## Rate limiting
 !!! info
    Be aware that if you are running ntfy behind a proxy, you must set the `behind-proxy` flag. 
@@ -733,19 +832,27 @@ out [this discussion on Reddit](https://www.reddit.com/r/golang/comments/r9u4ee/

 Depending on *how you run it*, here are a few limits that are relevant:

-### WAL for message cache
+### Message cache
 By default, the [message cache](#message-cache) (defined by `cache-file`) uses the SQLite default settings, which means it
 syncs to disk on every write. For personal servers, this is perfectly adequate. For larger installations, such as ntfy.sh,
 the [write-ahead log (WAL)](https://sqlite.org/wal.html) should be enabled, and the sync mode should be adjusted. 
 See [this article](https://phiresky.github.io/blog/2020/sqlite-performance-tuning/) for details.

+In addition to that, for very high load servers (such as ntfy.sh), it may be beneficial to write messages to the cache
+in batches, and asynchronously. This can be enabled with the `cache-batch-size` and `cache-batch-timeout`. If you start
+seeing `database locked` messages in the logs, you should probably enable that.
+
 Here's how ntfy.sh has been tuned in the `server.yml` file:

 ``` yaml
+cache-batch-size: 25
+cache-batch-timeout: "1s"
 cache-startup-queries: |
    pragma journal_mode = WAL;
    pragma synchronous = normal;
    pragma temp_store = memory;
+    pragma busy_timeout = 15000;
+    vacuum;
 ```

 ### For systemd services
@@ -805,8 +912,24 @@ and [here](https://easyengine.io/tutorials/nginx/block-wp-login-php-bruteforce-a

 === "/etc/nginx/nginx.conf"
    ```
+    # Rate limit all IP addresses
    http {
-	  limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
+	  limit_req_zone $binary_remote_addr zone=one:10m rate=45r/m;
+    }
+
+    # Alternatively, whitelist certain IP addresses
+    http {
+      geo $limited {
+        default 1;
+        116.203.112.46/32 0;
+        132.226.42.65/32 0;
+        ...
+      }
+      map $limited $limitkey {
+        1 $binary_remote_addr;
+        0 "";
+      }
+      limit_req_zone $limitkey zone=one:10m rate=45r/m;
    }
    ```

@@ -835,7 +958,7 @@ and [here](https://easyengine.io/tutorials/nginx/block-wp-login-php-bruteforce-a
    action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
    logpath = /var/log/nginx/error.log
    findtime = 600
-    bantime = 7200
+    bantime = 14400
    maxretry = 10
    ```

@@ -875,12 +998,15 @@ variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`).
 | `listen-http`                              | `NTFY_LISTEN_HTTP`                              | `[host]:port`                                       | `:80`             | Listen address for the HTTP web server                                                                                                                                                                                          |
 | `listen-https`                             | `NTFY_LISTEN_HTTPS`                             | `[host]:port`                                       | -                 | Listen address for the HTTPS web server. If set, you also need to set `key-file` and `cert-file`.                                                                                                                               |
 | `listen-unix`                              | `NTFY_LISTEN_UNIX`                              | *filename*                                          | -                 | Path to a Unix socket to listen on                                                                                                                                                                                              |
+| `listen-unix-mode`                         | `NTFY_LISTEN_UNIX_MODE`                         | *file mode*                                         | *system default*  | File mode of the Unix socket, e.g. 0700 or 0777                                                                                                                                                                                 |
 | `key-file`                                 | `NTFY_KEY_FILE`                                 | *filename*                                          | -                 | HTTPS/TLS private key file, only used if `listen-https` is set.                                                                                                                                                                 |
 | `cert-file`                                | `NTFY_CERT_FILE`                                | *filename*                                          | -                 | HTTPS/TLS certificate file, only used if `listen-https` is set.                                                                                                                                                                 |
 | `firebase-key-file`                        | `NTFY_FIREBASE_KEY_FILE`                        | *filename*                                          | -                 | If set, also publish messages to a Firebase Cloud Messaging (FCM) topic for your app. This is optional and only required to save battery when using the Android app. See [Firebase (FCM](#firebase-fcm).                        |
 | `cache-file`                               | `NTFY_CACHE_FILE`                               | *filename*                                          | -                 | If set, messages are cached in a local SQLite database instead of only in-memory. This allows for service restarts without losing messages in support of the since= parameter. See [message cache](#message-cache).             |
 | `cache-duration`                           | `NTFY_CACHE_DURATION`                           | *duration*                                          | 12h               | Duration for which messages will be buffered before they are deleted. This is required to support the `since=...` and `poll=1` parameter. Set this to `0` to disable the cache entirely.                                        |
 | `cache-startup-queries`                    | `NTFY_CACHE_STARTUP_QUERIES`                    | *string (SQL queries)*                              | -                 | SQL queries to run during database startup; this is useful for tuning and [enabling WAL mode](#wal-for-message-cache)                                                                                                           |
+| `cache-batch-size`                         | `NTFY_CACHE_BATCH_SIZE`                         | *int*                                               | 0                 | Max size of messages to batch together when writing to message cache (if zero, writes are synchronous)                                                                                                                          |
+| `cache-batch-timeout`                      | `NTFY_CACHE_BATCH_TIMEOUT`                      | *duration*                                          | 0s                | Timeout for batched async writes to the message cache (if zero, writes are synchronous)                                                                                                                                         |
 | `auth-file`                                | `NTFY_AUTH_FILE`                                | *filename*                                          | -                 | Auth database file used for access control. If set, enables authentication and access control. See [access control](#access-control).                                                                                           |
 | `auth-default-access`                      | `NTFY_AUTH_DEFAULT_ACCESS`                      | `read-write`, `read-only`, `write-only`, `deny-all` | `read-write`      | Default permissions if no matching entries in the auth database are found. Default is `read-write`.                                                                                                                             |
 | `behind-proxy`                             | `NTFY_BEHIND_PROXY`                             | *bool*                                              | false             | If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection.                                                                                                 |
@@ -894,9 +1020,9 @@ variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`).
 | `smtp-sender-from`                         | `NTFY_SMTP_SENDER_FROM`                         | *e-mail address*                                    | -                 | SMTP sender e-mail address; only used if e-mail sending is enabled                                                                                                                                                              |
 | `smtp-server-listen`                       | `NTFY_SMTP_SERVER_LISTEN`                       | `[ip]:port`                                         | -                 | Defines the IP address and port the SMTP server will listen on, e.g. `:25` or `1.2.3.4:25`                                                                                                                                      |
 | `smtp-server-domain`                       | `NTFY_SMTP_SERVER_DOMAIN`                       | *domain name*                                       | -                 | SMTP server e-mail domain, e.g. `ntfy.sh`                                                                                                                                                                                       |
-| `smtp-server-addr-prefix`                  | `NTFY_SMTP_SERVER_ADDR_PREFIX`                  | `[ip]:port`                                         | -                 | Optional prefix for the e-mail addresses to prevent spam, e.g. `ntfy-`                                                                                                                                                          |
+| `smtp-server-addr-prefix`                  | `NTFY_SMTP_SERVER_ADDR_PREFIX`                  | *string*                                            | -                 | Optional prefix for the e-mail addresses to prevent spam, e.g. `ntfy-`                                                                                                                                                          |
 | `keepalive-interval`                       | `NTFY_KEEPALIVE_INTERVAL`                       | *duration*                                          | 45s               | Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that. |
-| `manager-interval`                         | `$NTFY_MANAGER_INTERVAL`                        | *duration*                                          | 1m                | Interval in which the manager prunes old messages, deletes topics and prints the stats.                                                                                                                                         |
+| `manager-interval`                         | `NTFY_MANAGER_INTERVAL`                         | *duration*                                          | 1m                | Interval in which the manager prunes old messages, deletes topics and prints the stats.                                                                                                                                         |
 | `global-topic-limit`                       | `NTFY_GLOBAL_TOPIC_LIMIT`                       | *number*                                            | 15,000            | Rate limiting: Total number of topics before the server rejects new topics.                                                                                                                                                     |
 | `upstream-base-url`                        | `NTFY_UPSTREAM_BASE_URL`                        | *URL*                                               | `https://ntfy.sh` | Forward poll request to an upstream server, this is needed for iOS push notifications for self-hosted servers                                                                                                                   |
 | `visitor-attachment-total-size-limit`      | `NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT`      | *size*                                              | 100M              | Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See `attachment-expiry-duration`.                                                 |
@@ -908,6 +1034,11 @@ variable before running the `ntfy` command (e.g. `export NTFY_LISTEN_HTTP=:80`).
 | `visitor-request-limit-exempt-hosts`       | `NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS`       | *comma-separated host/IP list*                      | -                 | Rate limiting: List of hostnames and IPs to be exempt from request rate limiting                                                                                                                                                |
 | `visitor-subscription-limit`               | `NTFY_VISITOR_SUBSCRIPTION_LIMIT`               | *number*                                            | 30                | Rate limiting: Number of subscriptions per visitor (IP address)                                                                                                                                                                 |
 | `web-root`                                 | `NTFY_WEB_ROOT`                                 | `app`, `home` or `disable`                          | `app`             | Sets web root to landing page (home), web app (app) or disables the web app entirely (disable)                                                                                                                                  |
+| `enable-signup`                            | `NTFY_SIGNUP`                                   | *boolean* (`true` or `false`)                       | `false`           | Allows users to sign up via the web app, or API                                                                                                                                                                                 |
+| `enable-login`                             | `NTFY_LOGIN`                                    | *boolean* (`true` or `false`)                       | `false`           | Allows users to log in via the web app, or API                                                                                                                                                                                  |
+| `enable-reservations`                      | `NTFY_RESERVATIONS`                             | *boolean* (`true` or `false`)                       | `false`           | Allows users to reserve topics (if their tier allows it)                                                                                                                                                                        |
+| `stripe-secret-key`                        | `NTFY_STRIPE_SECRET_KEY`                        | *string*                                            | -                 | Payments: Key used for the Stripe API communication, this enables payments                                                                                                                                                      |
+| `stripe-webhook-key`                       | `NTFY_STRIPE_WEBHOOK_KEY`                       | *string*                                            | -                 | Payments: Key required to validate the authenticity of incoming webhooks from Stripe                                                                                                                                            |

 The format for a *duration* is: `<number>(smh)`, e.g. 30s, 20m or 1h.   
 The format for a *size* is: `<number>(GMK)`, e.g. 1G, 200M or 4000k.
@@ -945,6 +1076,8 @@ OPTIONS:
   --behind-proxy, --behind_proxy, -P                                                                  if set, use X-Forwarded-For header to determine visitor IP address (for rate limiting) (default: false) [$NTFY_BEHIND_PROXY]
   --cache-duration since, --cache_duration since, -b since                                            buffer messages for this time to allow since requests (default: 12h0m0s) [$NTFY_CACHE_DURATION]
   --cache-file value, --cache_file value, -C value                                                    cache file used for message caching [$NTFY_CACHE_FILE]
+   --cache-batch-size value, --cache_batch_size value                                                  max size of messages to batch together when writing to message cache (if zero, writes are synchronous) (default: 0) [$NTFY_BATCH_SIZE]
+   --cache-batch-timeout value, --cache_batch_timeout value                                            timeout for batched async writes to the message cache (if zero, writes are synchronous) (default: 0s) [$NTFY_CACHE_BATCH_TIMEOUT]   
   --cache-startup-queries value, --cache_startup_queries value                                        queries run when the cache database is initialized [$NTFY_CACHE_STARTUP_QUERIES]
   --cert-file value, --cert_file value, -E value                                                      certificate file, if listen-https is set [$NTFY_CERT_FILE]
   --config value, -c value                                                                            config file (default: /etc/ntfy/server.yml) [$NTFY_CONFIG_FILE]
--- a/docs/deprecations.md
+++ b/docs/deprecations.md
@@ -4,11 +4,14 @@ This page is used to list deprecation notices for ntfy. Deprecated commands and
 before the behavior is changed depends on the severity of the change, and how prominent the feature is.

 ## Active deprecations
+_No active deprecations_
+
+## Previous deprecations

 ### ntfy CLI: `ntfy publish --env-topic` will be removed
-> Active since 2022-06-20, behavior will change end of **July 2022**
+> Active since 2022-06-20, behavior changed with v1.30.1

-The `ntfy publish --env-topic` option will be removed. It'll still be possible to specify a topic via the 
+The `ntfy publish --env-topic` option will be removed. It'll still be possible to specify a topic via the
 `NTFY_TOPIC` environment variable, but it won't be necessary anymore to specify the `--env-topic` flag.

 === "Before"
@@ -21,8 +24,6 @@ The `ntfy publish --env-topic` option will be removed. It'll still be possible t
    $ NTFY_TOPIC=mytopic ntfy publish "this is the message"
    ```

-## Previous deprecations
-
 ### <del>Android app: WebSockets will become the default connection protocol</del>
 > Active since 2022-03-13, behavior will not change (deprecation removed 2022-06-20)

--- a/docs/develop.md
+++ b/docs/develop.md
@@ -43,6 +43,13 @@ Build related:
 The `web/` and `docs/` folder are the sources for web app and documentation. During the build process,
 the generated output is copied to `server/site` (web app and landing page) and `server/docs` (documentation).

+### Build/test on Gitpod
+To get a quick working development environment you can use [Gitpod](https://gitpod.io), an in-browser IDE 
+that makes it easy to develop ntfy without having to set up a desktop IDE. For any real development,
+I do suggest a proper IDE like [IntelliJ IDEA](https://www.jetbrains.com/idea/).
+
+[![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/binwiederhier/ntfy)
+
 ### Build requirements

 * [Go](https://go.dev/) (required for main server)
@@ -58,8 +65,8 @@ These steps **assume Ubuntu**. Steps may vary on different Linux distributions.

 First, install [Go](https://go.dev/) (see [official instructions](https://go.dev/doc/install)):
 ``` shell
-wget https://go.dev/dl/go1.18.linux-amd64.tar.gz
-rm -rf /usr/local/go && tar -C /usr/local -xzf go1.18.linux-amd64.tar.gz
+wget https://go.dev/dl/go1.19.1.linux-amd64.tar.gz
+sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.19.1.linux-amd64.tar.gz
 export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin
 go version   # verifies that it worked
 ```
@@ -72,7 +79,7 @@ goreleaser -v   # verifies that it worked

 Install [nodejs](https://nodejs.org/en/) (see [official instructions](https://nodejs.org/en/download/package-manager/)):
 ``` shell
-curl -fsSL https://deb.nodesource.com/setup_17.x | sudo -E bash -
+curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
 sudo apt-get install -y nodejs
 npm -v   # verifies that it worked
 ```
--- a/docs/examples.md
+++ b/docs/examples.md
@@ -101,7 +101,7 @@ It looked something like this:
 You can easily integrate ntfy into Ansible, Salt, or Puppet to notify you when runs are done or are highstated.
 One of my co-workers uses the following Ansible task to let him know when things are done:

-```yml
+``` yaml
 - name: Send ntfy.sh update
  uri:
    url: "https://ntfy.sh/{{ ntfy_channel }}"
@@ -109,12 +109,38 @@ One of my co-workers uses the following Ansible task to let him know when things
    body: "{{ inventory_hostname }} reseeding complete"
 ```

+There's also a dedicated Ansible action plugin (one which runs on the Ansible controller) called
+[ansible-ntfy](https://github.com/jpmens/ansible-ntfy). The following task posts a message
+to ntfy at its default URL (`attrs` and other attributes are optional):
+
+``` yaml
+- name: "Notify ntfy that we're done"
+  ntfy:
+       msg: "deployment on {{ inventory_hostname }} is complete. 🐄"
+       attrs:
+          tags: [ heavy_check_mark ]
+          priority: 1
+```
+
+## GitHub Actions
+You can send a message during a workflow run with curl. Here is an example sending info about the repo, commit and job status.
+``` yaml
+- name: Actions Ntfy
+  run: |
+    curl \
+      -u ${{ secrets.NTFY_CRED }} \
+      -H "Title: Title here" \
+      -H "Content-Type: text/plain" \
+      -d $'Repo: ${{ github.repository }}\nCommit: ${{ github.sha }}\nRef: ${{ github.ref }}\nStatus: ${{ job.status}}' \
+      ${{ secrets.NTFY_URL }}
+```
+
 ## Watchtower (shoutrrr)
 You can use [shoutrrr](https://github.com/containrrr/shoutrrr) generic webhook support to send 
 [Watchtower](https://github.com/containrrr/watchtower/) notifications to your ntfy topic.

 Example docker-compose.yml:
-```yml
+``` yaml
 services:
  watchtower:
    image: containrrr/watchtower
@@ -342,9 +368,22 @@ You can use the HTTP request node to send messages with [Node-RED](https://noder
 ![Node red picture flow](static/img/nodered-picture.png)

 ## Gatus
+To use ntfy with [Gatus](https://github.com/TwiN/gatus), you can use the `ntfy` alerting provider like so:

-An example for a custom alert with [Gatus](https://github.com/TwiN/gatus):
-``` yaml
+```yaml
+alerting:
+  ntfy:
+    url: "https://ntfy.sh"
+    topic: "YOUR_NTFY_TOPIC"
+    priority: 3
+```
+
+For more information on using ntfy with Gatus, refer to [Configuring ntfy alerts](https://github.com/TwiN/gatus#configuring-ntfy-alerts).
+
+<details>
+  <summary>Alternative: Using the custom alerting provider</summary>
+
+```yaml
 alerting:
  custom:
    url: "https://ntfy.sh"
@@ -369,6 +408,9 @@ alerting:
        RESOLVED: "white_check_mark"
 ```

+</details>
+
+
 ## Jellyseerr/Overseerr webhook
 Here is an example for [jellyseerr](https://github.com/Fallenbagel/jellyseerr)/[overseerr](https://overseerr.dev/) webhook
 JSON payload. Remember to change the `https://requests.example.com` to your jellyseerr/overseerr URL.
@@ -449,6 +491,43 @@ You can now test the notifications and apply them to monitors:
    <a href="../static/img/uptimekuma-ios-up.jpg"><img src="../static/img/uptimekuma-ios-up.jpg"/></a>
 </div>

+## UptimeRobot
+Go to your [UptimeRobot](https://github.com/uptimerobot) My Settings > Alert Contacts > Add Alert Contact
+Select **Alert Contact Type** = Webhook. Then set your desired **Friendly Name** (e.g. "ntfy-sh-UP"), **URL to Notify**, **POST value** and select checkbox **Send as JSON (application/json)**. Make sure to send the JSON POST request to ntfy.domain.com without the topic name in the url and include the "topic" name in the JSON body.
+
+<div id="uptimerobot-monitor-setup" class="screenshots">
+    <a href="../static/img/uptimerobot-setup.jpg"><img src="../static/img/uptimerobot-setup.jpg"/></a>
+</div>
+
+``` json
+{
+    "topic":"myTopic",
+    "title": "*monitorFriendlyName* *alertTypeFriendlyName*",
+    "message": "*alertDetails*", 
+    "tags": ["green_circle"],
+    "priority": 3,
+    "click": https://uptimerobot.com/dashboard#*monitorID*
+}
+```
+You can create two Alert Contacts each with a different icon and priority, for example:
+
+``` json
+{
+    "topic":"myTopic",
+    "title": "*monitorFriendlyName* *alertTypeFriendlyName*",
+    "message": "*alertDetails*", 
+    "tags": ["red_circle"],
+    "priority": 3,
+    "click": https://uptimerobot.com/dashboard#*monitorID*
+}
+```
+You can now add the created Alerts Contact(s) to the monitor(s) and test the notifications:
+
+<div id="uptimerobot-monitor-screenshots" class="screenshots">
+    <a href="../static/img/uptimerobot-test.jpg"><img src="../static/img/uptimerobot-test.jpg"/></a>
+</div>
+
+
 ## Apprise
 ntfy is integrated natively into [Apprise](https://github.com/caronc/apprise) (also check out the 
 [Apprise/ntfy wiki page](https://github.com/caronc/apprise/wiki/Notify_ntfy)).
@@ -467,3 +546,29 @@ apprise -vv -t "Test Message Title" -b "Test Message Body" \
   ntfy://ntfy.example.com/mytopic
 ```

+
+## Rundeck
+Rundeck by default sends only HTML email which is not processed by ntfy SMTP server. Append following configurations to 
+[rundeck-config.properties](https://docs.rundeck.com/docs/administration/configuration/config-file-reference.html) :
+
+```
+# Template
+rundeck.mail.template.file=/path/to/template.html
+rundeck.mail.template.log.formatted=false
+```
+
+Example `template.html`:
+```html
+<div>Execution ${execution.id} was <b>${execution.status}</b></div>
+<ul>
+    <li><a href="${execution.href}">Execution result</a></li>
+    <li><a href="${job.href}">Job</a></li>
+    <li><a href="${execution.projectHref}">Project: ${execution.project}</a></li>
+    <li><a href="${rundeck.href}">Rundeck</a></li>
+</ul>
+```
+
+Add notification on Rundeck (attachment type must be: `Attached as file to email`):
+![Rundeck](static/img/rundeck.png)
+
+
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -4,11 +4,20 @@
 Who knows. I didn't do a lot of research before making this. It was fun making it.

 ## Can I use this in my app? Will it stay free?
-Yes. As long as you don't abuse it, it'll be available and free of charge. I do not plan on monetizing
-the service.
+Yes. As long as you don't abuse it, it'll be available and free of charge. While I will always allow usage of the ntfy.sh
+server without signup and free of charge, I may also offer paid plans in the future.

 ## What are the uptime guarantees?
-Best effort.
+Best effort. 
+
+ntfy currently runs on a single DigitalOcean droplet, without any scale out strategy or redundancies. When the time comes,
+I'll add scale out features, but for now it is what it is.
+
+In the first year of its life, and to this day (Dec'22), ntfy had **no outages** that I can remember. Other than short 
+blips and some HTTP 500 spikes, it has been rock solid.   
+
+There is a [status page](https://ntfy.statuspage.io/) which is updated based on some automated checks via the amazingly 
+awesome [healthchecks.io](https://healthchecks.io/) (_no affiliation, just a fan_).

 ## What happens if there are multiple subscribers to the same topic?
 As per usual with pub-sub, all subscribers receive notifications if they are subscribed to a topic.
@@ -23,7 +32,7 @@ to facilitate service restarts, message polling and to overcome client network d
 Yes. The server (including this Web UI) can be self-hosted, and the Android/iOS app supports adding topics from
 your own server as well. Check out the [install instructions](install.md).

-## Why is Firebase used?
+## Is Firebase used?
 In addition to caching messages locally and delivering them to long-polling subscribers, all messages are also
 published to Firebase Cloud Messaging (FCM) (if `FirebaseKeyFile` is set, which it is on ntfy.sh). This
 is to facilitate notifications on Android. 
@@ -43,9 +52,26 @@ decent now.
 server and listens for incoming notifications. This consumes additional battery (see above),
 but delivers notifications instantly.

-## Where can I donate?
-Many people have asked (thanks for that!), but I am currently not accepting any donations. The cost is manageable 
-($25/month for hosting, and $99/year for the Apple cert) right now, and I don't want to have to feel obligated to 
-anyone by accepting their money.
+## Can you implement feature X?
+Yes, maybe. Check out [existing GitHub issues](https://github.com/binwiederhier/ntfy/issues) to see if somebody else had
+the same idea before you, or file a new issue. I'll likely get back to you within a few days.

-I may ask for donations in the future, though. After all, $400 per year isn't nothing... 
+## I'm having issues with iOS, can you help? The iOS app is behind compared to the Android app, can you fix that?
+The iOS is very bare bones and quite frankly a little buggy. I wanted to get something out the door to make the iOS users
+happy, but halfway through I got frustrated with iOS development and paused development. I will eventually get back to
+it, or hopefully, somebody else will come along and help out. Please review the [known issues](known-issues.md) for details.
+
+## Can I disable the web app? Can I protect it with a login screen?
+The web app is a static website without a backend (other than the ntfy API). All data is stored locally in the browser
+cache and local storage. That means it does not need to be protected with a login screen, and it poses no additional 
+security risk. So technically, it does not need to be disabled.
+
+However, if you still want to disable it, you can do so with the `web-root: disable` option in the `server.yml` file. 
+
+Think of the ntfy web app like an Android/iOS app. It is freely available and accessible to anyone, yet useless without
+a proper backend. So as long as you secure your backend with ACLs, exposing the ntfy web app to the Internet is harmless.
+
+## Where can I donate?
+I have just very recently started accepting donations via [GitHub Sponsors](https://github.com/sponsors/binwiederhier).
+I would be humbled if you helped me carry the server and developer account costs. Even small donations are very much
+appreciated.
--- a/docs/install.md
+++ b/docs/install.md
@@ -14,10 +14,10 @@ We support amd64, armv7 and arm64.

 1. Install ntfy using one of the methods described below
 2. Then (optionally) edit `/etc/ntfy/server.yml` for the server (Linux only, see [configuration](config.md) or [sample server.yml](https://github.com/binwiederhier/ntfy/blob/main/server/server.yml))
-3. Or (optionally) create/edit `~/.config/ntfy/client.yml` (or `/etc/ntfy/client.yml`, see [sample client.yml](https://github.com/binwiederhier/ntfy/blob/main/client/client.yml))
+3. Or (optionally) create/edit `~/.config/ntfy/client.yml` (for the non-root user) or `/etc/ntfy/client.yml` (for the root user), see [sample client.yml](https://github.com/binwiederhier/ntfy/blob/main/client/client.yml))

 To run the ntfy server, then just run `ntfy serve` (or `systemctl start ntfy` when using the deb/rpm).
-To send messages, use `ntfy publish`. To subscribe to topics, use `ntfy subscribe` (see [subscribing via CLI][subscribe/cli.md]
+To send messages, use `ntfy publish`. To subscribe to topics, use `ntfy subscribe` (see [subscribing via CLI](subscribe/cli.md)
 for details). 

 ## Linux binaries
@@ -26,37 +26,37 @@ deb/rpm packages.

 === "x86_64/amd64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_x86_64.tar.gz
-    tar zxvf ntfy_1.27.1_linux_x86_64.tar.gz
-    sudo cp -a ntfy_1.27.1_linux_x86_64/ntfy /usr/bin/ntfy
-    sudo mkdir /etc/ntfy && sudo cp ntfy_1.27.1_linux_x86_64/{client,server}/*.yml /etc/ntfy
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_x86_64.tar.gz
+    tar zxvf ntfy_1.30.1_linux_x86_64.tar.gz
+    sudo cp -a ntfy_1.30.1_linux_x86_64/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.30.1_linux_x86_64/{client,server}/*.yml /etc/ntfy
    sudo ntfy serve
    ```

 === "armv6"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_armv6.tar.gz
-    tar zxvf ntfy_1.27.1_linux_armv6.tar.gz
-    sudo cp -a ntfy_1.27.1_linux_armv6/ntfy /usr/bin/ntfy
-    sudo mkdir /etc/ntfy && sudo cp ntfy_1.27.1_linux_armv6/{client,server}/*.yml /etc/ntfy
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_armv6.tar.gz
+    tar zxvf ntfy_1.30.1_linux_armv6.tar.gz
+    sudo cp -a ntfy_1.30.1_linux_armv6/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.30.1_linux_armv6/{client,server}/*.yml /etc/ntfy
    sudo ntfy serve
    ```

 === "armv7/armhf"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_armv7.tar.gz
-    tar zxvf ntfy_1.27.1_linux_armv7.tar.gz
-    sudo cp -a ntfy_1.27.1_linux_armv7/ntfy /usr/bin/ntfy
-    sudo mkdir /etc/ntfy && sudo cp ntfy_1.27.1_linux_armv7/{client,server}/*.yml /etc/ntfy
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_armv7.tar.gz
+    tar zxvf ntfy_1.30.1_linux_armv7.tar.gz
+    sudo cp -a ntfy_1.30.1_linux_armv7/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.30.1_linux_armv7/{client,server}/*.yml /etc/ntfy
    sudo ntfy serve
    ```

 === "arm64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_arm64.tar.gz
-    tar zxvf ntfy_1.27.1_linux_arm64.tar.gz
-    sudo cp -a ntfy_1.27.1_linux_arm64/ntfy /usr/bin/ntfy
-    sudo mkdir /etc/ntfy && sudo cp ntfy_1.27.1_linux_arm64/{client,server}/*.yml /etc/ntfy
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_arm64.tar.gz
+    tar zxvf ntfy_1.30.1_linux_arm64.tar.gz
+    sudo cp -a ntfy_1.30.1_linux_arm64/ntfy /usr/bin/ntfy
+    sudo mkdir /etc/ntfy && sudo cp ntfy_1.30.1_linux_arm64/{client,server}/*.yml /etc/ntfy
    sudo ntfy serve
    ```

@@ -65,9 +65,10 @@ Installation via Debian repository:

 === "x86_64/amd64"
    ```bash
-    curl -sSL https://archive.heckel.io/apt/pubkey.txt | sudo apt-key add -
+    sudo mkdir -p /etc/apt/keyrings
+    curl -fsSL https://archive.heckel.io/apt/pubkey.txt | sudo gpg --dearmor -o /etc/apt/keyrings/archive.heckel.io.gpg
    sudo apt install apt-transport-https
-    sudo sh -c "echo 'deb [arch=amd64] https://archive.heckel.io/apt debian main' \
+    sudo sh -c "echo 'deb [arch=amd64 signed-by=/etc/apt/keyrings/archive.heckel.io.gpg] https://archive.heckel.io/apt debian main' \
        > /etc/apt/sources.list.d/archive.heckel.io.list"  
    sudo apt update
    sudo apt install ntfy
@@ -77,10 +78,11 @@ Installation via Debian repository:

 === "armv7/armhf"
    ```bash
-    curl -sSL https://archive.heckel.io/apt/pubkey.txt | sudo apt-key add -
+    sudo mkdir -p /etc/apt/keyrings
+    curl -fsSL https://archive.heckel.io/apt/pubkey.txt | sudo gpg --dearmor -o /etc/apt/keyrings/archive.heckel.io.gpg
    sudo apt install apt-transport-https
-    sudo sh -c "echo 'deb [arch=armhf] https://archive.heckel.io/apt debian main' \
-        > /etc/apt/sources.list.d/archive.heckel.io.list"  
+    sudo sh -c "echo 'deb [arch=armhf signed-by=/etc/apt/keyrings/archive.heckel.io.gpg] https://archive.heckel.io/apt debian main' \
+        > /etc/apt/sources.list.d/archive.heckel.io.list"
    sudo apt update
    sudo apt install ntfy
    sudo systemctl enable ntfy
@@ -89,10 +91,11 @@ Installation via Debian repository:

 === "arm64"
    ```bash
-    curl -sSL https://archive.heckel.io/apt/pubkey.txt | sudo apt-key add -
+    sudo mkdir -p /etc/apt/keyrings
+    curl -fsSL https://archive.heckel.io/apt/pubkey.txt | sudo gpg --dearmor -o /etc/apt/keyrings/archive.heckel.io.gpg
    sudo apt install apt-transport-https
-    sudo sh -c "echo 'deb [arch=arm64] https://archive.heckel.io/apt debian main' \
-        > /etc/apt/sources.list.d/archive.heckel.io.list"  
+    sudo sh -c "echo 'deb [arch=arm64 signed-by=/etc/apt/keyrings/archive.heckel.io.gpg] https://archive.heckel.io/apt debian main' \
+        > /etc/apt/sources.list.d/archive.heckel.io.list"
    sudo apt update
    sudo apt install ntfy
    sudo systemctl enable ntfy
@@ -103,7 +106,7 @@ Manually installing the .deb file:

 === "x86_64/amd64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_amd64.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_amd64.deb
    sudo dpkg -i ntfy_*.deb
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
@@ -111,7 +114,7 @@ Manually installing the .deb file:

 === "armv6"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_armv6.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_armv6.deb
    sudo dpkg -i ntfy_*.deb
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
@@ -119,7 +122,7 @@ Manually installing the .deb file:

 === "armv7/armhf"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_armv7.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_armv7.deb
    sudo dpkg -i ntfy_*.deb
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
@@ -127,7 +130,7 @@ Manually installing the .deb file:

 === "arm64"
    ```bash
-    wget https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_arm64.deb
+    wget https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_arm64.deb
    sudo dpkg -i ntfy_*.deb
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
@@ -137,28 +140,28 @@ Manually installing the .deb file:

 === "x86_64/amd64"
    ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_amd64.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_amd64.rpm
    sudo systemctl enable ntfy 
    sudo systemctl start ntfy
    ```

 === "armv6"
    ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_armv6.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_armv6.rpm
    sudo systemctl enable ntfy
    sudo systemctl start ntfy
    ```

 === "armv7/armhf"
    ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_armv7.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_armv7.rpm
    sudo systemctl enable ntfy 
    sudo systemctl start ntfy
    ```

 === "arm64"
    ```bash
-    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_linux_arm64.rpm
+    sudo rpm -ivh https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_linux_arm64.rpm
    sudo systemctl enable ntfy 
    sudo systemctl start ntfy
    ```
@@ -182,20 +185,22 @@ ntfy is packaged in nixpkgs as `ntfy-sh`. It can be installed by adding the pack
 nix-env -iA ntfy-sh
 ```

+NixOS also supports [declarative setup of the ntfy server](https://search.nixos.org/options?channel=unstable&show=services.ntfy-sh.enable&from=0&size=50&sort=relevance&type=packages&query=ntfy). 
+
 ## macOS
 The [ntfy CLI](subscribe/cli.md) (`ntfy publish` and `ntfy subscribe` only) is supported on macOS as well. 
-To install, please [download the tarball](https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_macOS_all.tar.gz), 
+To install, please [download the tarball](https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_macOS_all.tar.gz), 
 extract it and place it somewhere in your `PATH` (e.g. `/usr/local/bin/ntfy`). 

 If run as `root`, ntfy will look for its config at `/etc/ntfy/client.yml`. For all other users, it'll look for it at 
 `~/Library/Application Support/ntfy/client.yml` (sample included in the tarball).

 ```bash
-curl -L https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_macOS_all.tar.gz > ntfy_1.27.1_macOS_all.tar.gz
-tar zxvf ntfy_1.27.1_macOS_all.tar.gz
-sudo cp -a ntfy_1.27.1_macOS_all/ntfy /usr/local/bin/ntfy
+curl -L https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_macOS_all.tar.gz > ntfy_1.30.1_macOS_all.tar.gz
+tar zxvf ntfy_1.30.1_macOS_all.tar.gz
+sudo cp -a ntfy_1.30.1_macOS_all/ntfy /usr/local/bin/ntfy
 mkdir ~/Library/Application\ Support/ntfy 
-cp ntfy_1.27.1_macOS_all/client/client.yml ~/Library/Application\ Support/ntfy/client.yml
+cp ntfy_1.30.1_macOS_all/client/client.yml ~/Library/Application\ Support/ntfy/client.yml
 ntfy --help
 ```

@@ -207,7 +212,7 @@ ntfy --help

 ## Windows
 The [ntfy CLI](subscribe/cli.md) (`ntfy publish` and `ntfy subscribe` only) is supported on Windows as well.
-To install, please [download the latest ZIP](https://github.com/binwiederhier/ntfy/releases/download/v1.27.1/ntfy_1.27.1_windows_x86_64.zip),
+To install, please [download the latest ZIP](https://github.com/binwiederhier/ntfy/releases/download/v1.30.1/ntfy_1.30.1_windows_x86_64.zip),
 extract it and place the `ntfy.exe` binary somewhere in your `%Path%`. 

 The default path for the client config file is at `%AppData%\ntfy\client.yml` (not created automatically, sample in the ZIP file).
@@ -228,6 +233,11 @@ The server exposes its web UI and the API on port 80, so you need to expose that
 [message cache](config.md#message-cache), you also need to map a volume to `/var/cache/ntfy`. To change other settings, 
 you should map `/etc/ntfy`, so you can edit `/etc/ntfy/server.yml`.

+!!! info
+    Note that the Docker image **does not contain a `/etc/ntfy/server.yml` file**. If you'd like to use a config file, 
+    please manually create one outside the image and map it as a volume, e.g. via `-v /etc/ntfy:/etc/ntfy`. You may
+    use the [`server.yml` file on GitHub](https://github.com/binwiederhier/ntfy/blob/main/server/server.yml) as a template.
+
 Basic usage (no cache or additional config):
 ```
 docker run -p 80:80 -it binwiederhier/ntfy serve
@@ -286,3 +296,300 @@ COPY server.yml /etc/ntfy/server.yml
 ENTRYPOINT ["ntfy", "serve"]
 ```
 This image can be pushed to a container registry and shipped independently. All that's needed when running it is mapping ntfy's port to a host port.
+
+## Kubernetes
+
+The setup for Kubernetes is very similar to that for Docker, and requires a fairly minimal deployment or pod definition to function. There
+are a few options to mix and match, including a deployment without a cache file, a stateful set with a persistent cache, and a standalone
+unmanned pod.
+
+
+=== "deployment"
+    ```yaml
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: ntfy
+    spec:
+      selector:
+        matchLabels:
+          app: ntfy
+      template:
+        metadata:
+          labels:
+            app: ntfy
+        spec:
+          containers:
+          - name: ntfy
+            image: binwiederhier/ntfy
+            args: ["serve"]
+            resources:
+              limits:
+                memory: "128Mi"
+                cpu: "500m"
+            ports:
+            - containerPort: 80
+              name: http
+            volumeMounts:
+            - name: config
+              mountPath: "/etc/ntfy"
+              readOnly: true
+          volumes:
+            - name: config
+              configMap:
+                name: ntfy
+    ---
+    # Basic service for port 80
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: ntfy
+    spec:
+      selector:
+        app: ntfy
+      ports:
+      - port: 80
+        targetPort: 80
+    ```
+
+=== "stateful set"
+    ```yaml
+    apiVersion: apps/v1
+    kind: StatefulSet
+    metadata:
+      name: ntfy
+    spec:
+      selector:
+        matchLabels:
+          app: ntfy
+      serviceName: ntfy
+      template:
+        metadata:
+          labels:
+            app: ntfy
+        spec:
+          containers:
+          - name: ntfy
+            image: binwiederhier/ntfy
+            args: ["serve", "--cache-file", "/var/cache/ntfy/cache.db"]
+            ports:
+            - containerPort: 80
+              name: http
+            volumeMounts:
+            - name: config
+              mountPath: "/etc/ntfy"
+              readOnly: true
+            - name: cache
+              mountPath: "/var/cache/ntfy"
+          volumes:
+            - name: config
+              configMap:
+                name: ntfy
+      volumeClaimTemplates:
+      - metadata:
+          name: cache
+        spec:
+          accessModes: [ "ReadWriteOnce" ]
+          resources:
+            requests:
+              storage: 1Gi
+    ```
+
+=== "pod"
+    ```yaml
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      labels:
+        app: ntfy
+    spec:
+      containers:
+      - name: ntfy
+        image: binwiederhier/ntfy
+        args: ["serve"]
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 80
+          name: http
+        volumeMounts:
+        - name: config
+          mountPath: "/etc/ntfy"
+          readOnly: true
+      volumes:
+        - name: config
+          configMap:
+            name: ntfy
+    ```
+
+Configuration is relatively straightforward. As an example, a minimal configuration is provided.
+
+=== "resource definition"
+    ```yaml
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: ntfy
+    data:
+      server.yml: |
+        # Template: https://github.com/binwiederhier/ntfy/blob/main/server/server.yml
+        base-url: https://ntfy.sh
+    ```
+
+=== "from-file"
+    ```bash
+    kubectl create configmap ntfy --from-file=server.yml 
+    ```
+
+## Kustomize
+
+ntfy can be deployed in a Kubernetes cluster with [Kustomize](https://github.com/kubernetes-sigs/kustomize), a tool used
+to customize Kubernetes objects using a `kustomization.yaml` file.
+
+1. Create new folder - `ntfy`
+2. Add all files listed below 
+    1. `kustomization.yaml` - stores all configmaps and resources used in a deployment
+    2. `ntfy-deployment.yaml` - define deployment type and its parameters
+    3. `ntfy-pvc.yaml` - describes how [persistent volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) will be created 
+    4. `ntfy-svc.yaml` - expose application to the internal kubernetes network
+    5. `ntfy-ingress.yaml` - expose service to outside the network using [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/)
+    6. `server.yaml` - simple server configuration
+3. Replace **TESTNAMESPACE** within `kustomization.yaml` with designated namespace 
+4. Replace **ntfy.test** within `ntfy-ingress.yaml` with desired DNS name
+5. Apply configuration to cluster set in current context: 
+
+```bash
+kubectl apply -k /ntfy
+```
+
+=== "kustomization.yaml"
+    ```yaml
+    apiVersion: kustomize.config.k8s.io/v1beta1
+    kind: Kustomization
+    resources:
+      - ntfy-deployment.yaml # deployment definition
+      - ntfy-svc.yaml # service connecting pods to cluster network
+      - ntfy-pvc.yaml # pvc used to store cache and attachment
+      - ntfy-ingress.yaml # ingress definition
+    configMapGenerator: # will parse config from raw config to configmap,it allows for dynamic reload of application if additional app is deployed ie https://github.com/stakater/Reloader
+        - name: server-config
+          files: 
+            - server.yml
+    namespace: TESTNAMESPACE # select namespace for whole application 
+    ```
+=== "ntfy-deployment.yaml"
+    ```yaml
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: ntfy-deployment
+      labels:
+        app: ntfy-deployment
+    spec:
+      revisionHistoryLimit: 1
+      replicas: 1
+      selector:
+        matchLabels:
+          app: ntfy-pod
+      template:
+        metadata:
+          labels:
+            app: ntfy-pod
+        spec:
+          containers:
+            - name: ntfy 
+              image: binwiederhier/ntfy:v1.28.0 # set deployed version
+              args: ["serve"]
+              env:  #example of adjustments made in environmental variables
+                - name: TZ # set timezone
+                  value: XXXXXXX
+                - name: NTFY_DEBUG # enable/disable debug
+                  value: "false"
+                - name: NTFY_LOG_LEVEL # adjust log level
+                  value: INFO
+                - name: NTFY_BASE_URL # add base url
+                  value: XXXXXXXXXX 
+              ports: 
+                - containerPort: 80
+                  name: http-ntfy
+              resources:
+                limits:
+                  memory: 300Mi
+                  cpu:  200m
+                requests:
+                      cpu: 150m
+                      memory: 150Mi
+              volumeMounts:
+                  - mountPath: /etc/ntfy/server.yml
+                    subPath: server.yml
+                    name: config-volume # generated vie configMapGenerator from kustomization file
+                  - mountPath: /var/cache/ntfy
+                    name: cache-volume #cache volume mounted to persistent volume
+            volumes:
+              - name: config-volume
+                configMap:  # uses configmap generator to parse server.yml to configmap
+                  name: server-config
+              - name: cache-volume
+                persistentVolumeClaim: # stores /cache/ntfy in defined pv
+                  claimName: ntfy-pvc
+    ```
+  
+=== "ntfy-pvc.yaml"
+    ```yaml
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: ntfy-pvc
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      storageClassName: local-path # adjust storage if needed
+      resources:
+        requests:
+          storage: 1Gi
+    ```
+
+=== "ntfy-svc.yaml"
+    ```yaml
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: ntfy-svc  
+    spec:
+      type: ClusterIP
+      selector:
+        app: ntfy-pod
+      ports:
+        - name: http-ntfy-out
+          protocol: TCP
+          port: 80
+          targetPort:  http-ntfy
+    ```
+
+=== "ntfy-ingress.yaml"
+    ```yaml
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: ntfy-ingress
+    spec:
+      rules:
+        - host: ntfy.test #select own
+          http:
+            paths:
+              - path: /
+                pathType: Prefix
+                backend:
+                  service:
+                    name:  ntfy-svc
+                    port:
+                      number: 80
+    ```
+
+=== "server.yml"
+    ```yaml
+    cache-file: "/var/cache/ntfy/cache.db"
+    attachment-cache-dir: "/var/cache/ntfy/attachments"
+    ```
--- a/docs/integrations.md
+++ b/docs/integrations.md
@@ -0,0 +1,156 @@
+# Integrations + community projects
+
+There are quite a few projects that work with ntfy, integrate ntfy, or have been built around ntfy. It's super exciting to see what you guys have come up with. Feel free to [create a pull request on GitHub](https://github.com/binwiederhier/ntfy/issues) to add your own project here.
+
+I've added a ⭐ to projects or posts that have a significant following, or had a lot of interaction by the community.
+
+## Public ntfy servers
+
+Here's a list of public ntfy servers. As of right now, there is only one official server. The others are provided by the 
+ntfy community. Thanks to everyone running a public server. **You guys rock!**
+
+| URL                                               | Country            |
+|---------------------------------------------------|--------------------|
+| [ntfy.sh](https://ntfy.sh/) (*Official*)          | 🇺🇸 United States |
+| [ntfy.tedomum.net](https://ntfy.tedomum.net/)     | 🇫🇷 France        |
+| [ntfy.jae.fi](https://ntfy.jae.fi/)               | 🇫🇮 Finland       |
+| [ntfy.adminforge.de](https://ntfy.adminforge.de/) | 🇩🇪 Germany       |
+| [ntfy.envs.net](https://ntfy.envs.net)            | 🇩🇪 Germany       |
+
+Please be aware that **server operators can log your messages**. The project also cannot guarantee the reliability
+and uptime of third party servers, so use of each server is **at your own discretion**.
+
+## Official integrations
+
+- [Healthchecks.io](https://healthchecks.io/) ⭐ - Online service for monitoring regularly running tasks such as cron jobs
+- [Apprise](https://github.com/caronc/apprise/wiki/Notify_ntfy) ⭐ - Push notifications that work with just about every platform
+- [Uptime Kuma](https://uptime.kuma.pet/) ⭐ - A self-hosted monitoring tool
+- [Robusta](https://docs.robusta.dev/master/catalog/sinks/webhook.html) ⭐ - open source platform for Kubernetes troubleshooting
+- [borgmatic](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/#third-party-monitoring-services) ⭐ - configuration-driven backup software for servers and workstations
+- [Radarr](https://radarr.video/) ⭐ - Movie collection manager for Usenet and BitTorrent users
+- [Sonarr](https://sonarr.tv/) ⭐ - PVR for Usenet and BitTorrent users
+- [Gatus](https://gatus.io/) ⭐ - Automated service health dashboard
+- [Automatisch](https://automatisch.io/) ⭐ - Open source Zapier alternative / workflow automation tool
+- [FlexGet](https://flexget.com/Plugins/Notifiers/ntfysh) ⭐ - Multipurpose automation tool for all of your media
+- [Scrt.link](https://scrt.link/) - Share a secret
+- [Platypush](https://docs.platypush.tech/platypush/plugins/ntfy.html) - Automation platform aimed to run on any device that can run Python
+
+## [UnifiedPush](https://unifiedpush.org/users/apps/) integrations
+
+- [Element](https://f-droid.org/packages/im.vector.app/) ⭐ - Matrix client
+- [SchildiChat](https://schildi.chat/android/) ⭐ - Matrix client
+- [Tusky](https://tusky.app/) ⭐ - Fediverse client
+- [Fedilab](https://fedilab.app/) - Fediverse client
+- [FindMyDevice](https://gitlab.com/Nulide/findmydevice/) - Find your Device with an SMS or online with the help of FMDServer
+- [Tox Push Message App](https://github.com/zoff99/tox_push_msg_app) - Tox Push Message App
+
+## Libraries 
+
+- [ntfy-php-library](https://github.com/VerifiedJoseph/ntfy-php-library) - PHP library for sending messages using a ntfy server (PHP)
+- [ntfy-notifier](https://github.com/DAcodedBEAT/ntfy-notifier) - Symfony Notifier integration for ntfy (PHP)
+- [ntfpy](https://github.com/Nevalicjus/ntfpy) - API Wrapper for ntfy.sh (Python)
+- [pyntfy](https://github.com/DP44/pyntfy) - A module for interacting with ntfy notifications (Python)
+- [vntfy](https://github.com/lmangani/vntfy) - Barebone V client for ntfy (V)
+- [ntfy-middleman](https://github.com/nachotp/ntfy-middleman) - Wraps APIs and send notifications using ntfy.sh on schedule (Python)
+- [ntfy-dotnet](https://github.com/nwithan8/ntfy-dotnet) - .NET client library to interact with a ntfy server (C# / .NET)
+- [node-ntfy-publish](https://github.com/cityssm/node-ntfy-publish) - A Node package to publish notifications to an ntfy server (Node)
+- [ntfy](https://github.com/jonocarroll/ntfy) - Wraps the ntfy API with pipe-friendly tooling (R)
+- [ntfy-for-delphi](https://github.com/hazzelnuts/ntfy-for-delphi) - A friendly library to push instant notifications ntfy (Delphi)
+- [ntfy](https://github.com/ffflorian/ntfy) - Send notifications over ntfy (JS)
+
+## CLIs + GUIs
+
+- [ntfy.sh.sh](https://github.com/mininmobile/ntfy.sh.sh) - Run scripts on ntfy.sh events
+- [ntfy Desktop client](https://codeberg.org/zvava/ntfy-desktop) - Cross-platform desktop application for ntfy
+- [ntfy svelte front-end](https://github.com/novatorem/Ntfy) - Front-end built with svelte
+- [wio-ntfy-ticker](https://github.com/nachotp/wio-ntfy-ticker) - Ticker display for a ntfy.sh topic
+- [ntfysh-windows](https://github.com/lucas-bortoli/ntfysh-windows) - A ntfy client for Windows Desktop
+- [ntfyr](https://github.com/haxwithaxe/ntfyr) - A simple commandline tool to send notifications to ntfy
+- [ntfy.py](https://github.com/ioqy/ntfy-client-python) - ntfy.py is a simple nfty.sh client for sending notifications
+
+## Projects + scripts 
+
+- [Grafana-to-ntfy](https://github.com/kittyandrew/grafana-to-ntfy) - Grafana-to-ntfy alerts channel (Rust)
+- [ntfy-long-zsh-command](https://github.com/robfox92/ntfy-long-zsh-command) - Notifies you once a long-running command completes (zsh)
+- [ntfy-shellscripts](https://github.com/nickexyz/ntfy-shellscripts) - A few scripts for the ntfy project (Shell)
+- [QuickStatus](https://github.com/corneliusroot/QuickStatus) - A shell script to alert to any immediate problems upon login (Shell)
+- [ntfy.el](https://github.com/shombando/ntfy) - Send notifications from Emacs (Emacs)
+- [backup-projects](https://gist.github.com/anthonyaxenov/826ba65abbabd5b00196bc3e6af76002) - Stupidly simple backup script for own projects (Shell)
+- [grav-plugin-whistleblower](https://github.com/Himmlisch-Studios/grav-plugin-whistleblower) - Grav CMS plugin to get notifications via ntfy (PHP)
+- [ntfy-server-status](https://github.com/filip2cz/ntfy-server-status) -  Checking if server is online and reporting through ntfy (C)
+- [borg-based backup](https://github.com/davidhi7/backup) - Simple borg-based backup script with notifications based on ntfy.sh or Discord webhooks (Python/Shell)
+- [ntfy.sh *arr script](https://github.com/agent-squirrel/nfty-arr-script) - Quick and hacky script to get sonarr/radarr to notify the ntfy.sh service (Shell)
+- [siteeagle](https://github.com/tpanum/siteeagle) - A small Python script to monitor websites and notify changes (Python)
+- [send_to_phone](https://github.com/whipped-cream/send_to_phone) - Scripts to upload a file to Transfer.sh and ping ntfy with the download link (Python)
+- [ntfy Discord bot](https://github.com/R0dn3yS/ntfy-bot) - WIP ntfy discord bot (TypeScript)
+- [ntfy Discord bot](https://github.com/binwiederhier/ntfy-bot) - ntfy Discord bot (Go)
+- [ntfy Discord bot](https://github.com/jr1221/ntfy_discord_bot) - An advanced modal-based bot for interacting with the ntfy.sh API (Dart)
+- [Bettarr Notifications](https://github.com/NiNiyas/Bettarr-Notifications) - Better Notifications for Sonarr and Radarr (Python)
+- [Notify me the intruders](https://github.com/nothingbutlucas/notify_me_the_intruders) - Notify you if they are intruders or new connections on your network (Shell)
+- [Send GitHub Action to ntfy](https://github.com/NiNiyas/ntfy-action) - Send GitHub Action workflow notifications to ntfy (JS)
+- [aTable/ntfy alertmanager bridge](https://github.com/aTable/ntfy_alertmanager_bridge) - Basic alertmanager bridge to ntfy (JS)
+- [~xenrox/ntfy-alertmanager](https://hub.xenrox.net/~xenrox/ntfy-alertmanager) - A bridge between ntfy and Alertmanager (Go)
+- [pinpox/alertmanager-ntfy](https://github.com/pinpox/alertmanager-ntfy) - Relay prometheus alertmanager alerts to ntfy (Go)
+- [alexbakker/alertmanager-ntfy](https://github.com/alexbakker/alertmanager-ntfy) - Service that forwards Prometheus Alertmanager notifications to ntfy (Go)
+- [restreamchat2ntfy](https://github.com/kurohuku7/restreamchat2ntfy) - Send restream.io chat to ntfy to check on the Meta Quest (JS)
+- [k8s-ntfy-deployment-service](https://github.com/Christian42/k8s-ntfy-deployment-service) - Automatic Kubernetes (k8s) ntfy deployment
+- [huginn-global-entry-notif](https://github.com/kylezoa/huginn-global-entry-notif) - Checks CBP API for available appointments with Huginn (JSON)
+- [ntfyer](https://github.com/KikyTokamuro/ntfyer) - Sending various information to your ntfy topic by time (TypeScript)
+- [git-simple-notifier](https://github.com/plamenjm/git-simple-notifier) - Script running git-log, checking for new repositories (Shell)
+- [ntfy-to-slack](https://github.com/ozskywalker/ntfy-to-slack) - Tool to subscribe to a ntfy topic and send the messages to a Slack webhook (Go)
+- [ansible-ntfy](https://github.com/jpmens/ansible-ntfy) - Ansible action plugin to post JSON messages to ntfy (Python)
+- [ntfy-notification-channel](https://github.com/wijourdil/ntfy-notification-channel) - Laravel Notification channel for ntfy (PHP)
+- [ntfy_on_a_chip](https://github.com/gergepalfi/ntfy_on_a_chip) - ESP8266 and ESP32 client code to communicate with ntfy
+- [ntfy-sdk](https://github.com/yukibtc/ntfy-sdk) - ntfy client library to send notifications (Rust)
+- [ntfy_ynh](https://github.com/YunoHost-Apps/ntfy_ynh) - ntfy app for YunoHost 
+- [drone-ntfy](https://github.com/Clortox/drone-ntfy) - Drone.io plugin for sending ntfy notifications from a pipeline (Shell)
+- [ignition-ntfy-module](https://github.com/Kyvis-Labs/ignition-ntfy-module) - Adds support for sending notifications via a ntfy server to Ignition (Java)
+- [maubot-ntfy](https://gitlab.com/999eagle/maubot-ntfy) - Matrix bot to subscribe to ntfy topics and send messages to Matrix (Python)
+- [ntfy-wrapper](https://github.com/vict0rsch/ntfy-wrapper) - Wrapper around ntfy (Python)
+
+## Blog + forum posts
+
+- [Comment envoyer des notifications push sur votre téléphone facilement et gratuitement?](https://korben.info/notifications-push-telephone.html) - 1/2023
+- [UnifiedPush: a decentralized, open-source push notification protocol](https://f-droid.org/en/2022/12/18/unifiedpush.html) ⭐ - 12/2022
+- [ntfy setup instructions](https://docs.benjamin-altpeter.de/network/vms/1001029-ntfy/) - benjamin-altpeter.de - 12/2022
+- [Ntfy Self-Hosted Push Notifications](https://lachlanlife.net/posts/2022-12-ntfy/) - lachlanlife.net - 12/2022 
+- [ntfy.sh](https://paramdeo.com/til/ntfy-sh) - paramdeo.com - 11/2022
+- [Using ntfy to warn me when my computer is discharging](https://ulysseszh.github.io/programming/2022/11/28/ntfy-warn-discharge.html) - ulysseszh.github.io - 11/2022
+- [ntfy - Push Notification Service](https://dizzytech.de/posts/ntfy/) - dizzytech.de - 11/2022 
+- [Console #132](https://console.substack.com/p/console-132) ⭐ - console.substack.com - 11/2022
+- [MeshCentral - Ntfy Push Notifications ](https://www.youtube.com/watch?v=wyE4rtUd4Bg) - youtube.com - 11/2022
+- [Changelog | Tracking layoffs, tech worker demand still high, ntfy, ...](https://changelog.com/news/tracking-layoffs-tech-worker-demand-still-high-ntfy-devenv-markdoc-mike-bifulco-Y1jW) ⭐ - changelog.com - 11/2022
+- [Pointer | Issue #367](https://www.pointer.io/archives/a9495a2a6f/) - pointer.io - 11/2022
+- [Envie Push Notifications por POST (de graça e sem cadastro)](https://www.tabnews.com.br/filipedeschamps/envie-push-notifications-por-post-de-graca-e-sem-cadastro) - tabnews.com.br - 11/2022
+- [Push Notifications for KDE](https://volkerkrause.eu/2022/11/12/kde-unifiedpush-push-notifications.html) - volkerkrause.eu - 11/2022
+- [TLDR Newsletter Daily Update 2022-11-09](https://tldr.tech/tech/newsletter/2022-11-09) ⭐ - tldr.tech - 11/2022
+- [Ntfy.sh – Send push notifications to your phone via PUT/POST](https://news.ycombinator.com/item?id=33517944) ⭐ - news.ycombinator.com - 11/2022
+- [Ntfy et Jeedom : un plugin](https://lunarok-domotique.com/2022/11/ntfy-et-jeedom/) - lunarok-domotique.com - 11/2022
+- [Crea tu propio servidor de notificaciones con Ntfy](https://blog.parravidales.es/crea-tu-propio-servidor-de-notificaciones-con-ntfy/) - blog.parravidales.es - 11/2022
+- [Zero-cost push notifications to your phone or desktop via PUT/POST ](https://lobste.rs/s/41dq13/zero_cost_push_notifications_your_phone) - lobste.rs - 10/2022
+- [A nifty push notification system: ntfy](https://jpmens.net/2022/10/30/a-nifty-push-notification-system-ntfy/) - jpmens.net - 10/2022 
+- [Alarmanlage der dritten Art (YouTube video)](https://www.youtube.com/watch?v=altb5QLHbaU&feature=youtu.be) - youtube.com - 10/2022
+- [Neue Services: Ntfy, TikTok und RustDesk](https://adminforge.de/tools/neue-services-ntfy-tiktok-und-rustdesk/) - adminforge.de - 9/2022
+- [Ntfy, le service de notifications qu’il vous faut](https://www.cachem.fr/ntfy-le-service-de-notifications-quil-vous-faut/) - cachem.fr - 9/2022
+- [NAS Synology et notifications avec ntfy](https://www.cachem.fr/synology-notifications-ntfy/) - cachem.fr - 9/2022 
+- [Self hosted Mobile Push Notifications using NTFY | Thejesh GN](https://thejeshgn.com/2022/08/23/self-hosted-mobile-push-notifications-using-ntfy/) - thejeshgn.com - 8/2022
+- [Fedora Magazine | 4 cool new projects to try in Copr](https://fedoramagazine.org/4-cool-new-projects-to-try-in-copr-for-august-2022/) - fedoramagazine.org - 8/2022
+- [Docker로 오픈소스 푸시알람 프로젝트 ntfy.sh 설치 및 사용하기.(Feat. Uptimekuma)](https://svrforum.com/svr/398979) - svrforum.com - 8/2022
+- [Easy notifications from R](https://sometimesir.com/posts/easy-notifications-from-r/) - sometimesir.com - 6/2022
+- [ntfy is finally coming to iOS, and Matrix/UnifiedPush gateway support](https://www.reddit.com/r/selfhosted/comments/vdzvxi/ntfy_is_finally_coming_to_ios_with_full/) ⭐ - reddit.com - 6/2022
+- [Install guide (with Docker)](https://chowdera.com/2022/150/202205301257379077.html) - chowdera.com - 5/2022
+- [无需注册的通知服务ntfy](https://blog.csdn.net/wbsu2004/article/details/125040247) - blog.csdn.net - 5/2022
+- [Updated review post (Jan-Lukas Else)](https://jlelse.blog/thoughts/2022/04/ntfy) - jlelse.blog - 4/2022
+- [Using ntfy and Tasker together](https://lachlanlife.net/posts/2022-04-tasker-ntfy/) - lachlanlife.net - 4/2022 
+- [Reddit feature update post](https://www.reddit.com/r/selfhosted/comments/uetlso/ntfy_is_a_tool_to_send_push_notifications_to_your/) ⭐ - reddit.com - 4/2022
+- [無料で簡単に通知の送受信ができつつオープンソースでセルフホストも可能な「ntfy」を使ってみた](https://gigazine.net/news/20220404-ntfy-push-notification/) - gigazine.net - 4/2022
+- [Pocketmags ntfy review](https://pocketmags.com/us/linux-format-magazine/march-2022/articles/1104187/ntfy) - pocketmags.com - 3/2022
+- [Reddit web app release post](https://www.reddit.com/r/selfhosted/comments/tc0p0u/say_hello_to_the_brand_new_ntfysh_web_app_push/) ⭐ - reddit.com- 3/2022
+- [Lemmy post (Jakob)](https://lemmy.eus/post/15541) - lemmy.eus - 1/2022
+- [Reddit UnifiedPush release post](https://www.reddit.com/r/selfhosted/comments/s5jylf/my_open_source_notification_android_app_and/) ⭐ - reddit.com - 1/2022
+- [ntfy: send notifications from your computer to your phone](https://rs1.es/tutorials/2022/01/19/ntfy-send-notifications-phone.html) - rs1.es - 1/2022
+- [Short ntfy review (Jan-Lukas Else)](https://jlelse.blog/links/2021/12/ntfy-sh) - jlelse.blog - 12/2021
+- [Free MacroDroid webhook alternative (FrameXX)](https://www.macrodroidforum.com/index.php?threads/ntfy-sh-free-macrodroid-webhook-alternative.1505/) - macrodroidforum.com - 12/2021
+- [ntfy otro sistema de notificaciones pub-sub simple basado en HTTP](https://ugeek.github.io/blog/post/2021-11-05-ntfy-sh-otro-sistema-de-notificaciones-pub-sub-simple-basado-en-http.html) - ugeek.github.io - 11/2021
+- [Show HN: A tool to send push notifications to your phone, written in Go](https://news.ycombinator.com/item?id=29715464) ⭐ - news.ycombinator.com - 12/2021
+- [Reddit selfhostable post](https://www.reddit.com/r/selfhosted/comments/qxlsm9/my_open_source_notification_android_app_and/) ⭐ - reddit.com - 11/2021
--- a/docs/known-issues.md
+++ b/docs/known-issues.md
@@ -0,0 +1,28 @@
+# Known issues
+This is an incomplete list of known issues with the ntfy server, Android app, and iOS app. You can find a complete
+list [on GitHub](https://github.com/binwiederhier/ntfy/labels/%F0%9F%AA%B2%20bug), but I thought it may be helpful
+to have the prominent ones here to link to.
+
+## iOS app not refreshing (see [#267](https://github.com/binwiederhier/ntfy/issues/267))
+For some (many?) users, the iOS app is not refreshing the view when new notifications come in. Until you manually
+swipe down, you do not see the newly arrived messages, even though the popup appeared before.
+
+This is caused by some weirdness between the Notification Service Extension (NSE), SwiftUI and Core Data. I am entirely
+clueless on how to fix it, sadly, as it is ephemeral and now clear to me what is causing it.
+
+Please send experienced iOS developers my way to help me figure this out.
+
+## iOS app not receiving notifications (anymore)
+If notifications do not show up at all anymore, there are a few causes for it (that I know of):
+
+**Firebase+APNS are being weird and buggy**:    
+If this is the case, usually it helps to **remove the topic/subscription and re-add it**. That will force Firebase to 
+re-subscribe to the Firebase topic.
+
+**Self-hosted only: No `upstream-base-url` set, or `base-url` mismatch**:   
+To make self-hosted servers work with the iOS
+app, I had to do some horrible things (see [iOS instant notifications](config.md#ios-instant-notifications) for details).
+Be sure that in your selfhosted server:
+
+* Set `upstream-base-url: "https://ntfy.sh"` (**not your own hostname!**)
+* Ensure that the URL you set in `base-url` **matches exactly** what you set the Default Server in iOS to 
--- a/docs/publish.md
+++ b/docs/publish.md
@@ -885,16 +885,22 @@ is the only required one:
    ``` powershell
    $uri = "https://ntfy.sh"
    $body = @{
-            "topic"="powershell"
-            "title"="Low disk space alert"
-            "message"="Disk space is low at 5.1 GB"
-            "priority"=4
-            "attach"="https://filesrv.lan/space.jpg"
-            "filename"="diskspace.jpg"
-            "tags"=@("warning","cd")
-            "click"= "https://homecamera.lan/xasds1h2xsSsa/"
-            "actions"=@[@{ "action"="view", "label"="Admin panel", "url"="https://filesrv.lan/admin" }]
-          } | ConvertTo-Json
+        topic    = "mytopic"
+        title    = "Low disk space alert"
+        message  = "Disk space is low at 5.1 GB"
+        priority = 4
+        attach   = "https://filesrv.lan/space.jpg"
+        filename = "diskspace.jpg"
+        tags     = @("warning", "cd")
+        click    = "https://homecamera.lan/xasds1h2xsSsa/"
+        actions  = @(
+            @{ 
+                action = "view"
+                label  = "Admin panel"
+                url    = "https://filesrv.lan/admin"
+            }
+        )
+    } | ConvertTo-Json
    Invoke-RestMethod -Method 'Post' -Uri $uri -Body $body -ContentType "application/json" -UseBasicParsing
    ```

@@ -1160,7 +1166,7 @@ Alternatively, the same actions can be defined as **JSON array**, if the notific
        method: 'POST',
        body: JSON.stringify({
            topic: "myhome",
-            message": "You left the house. Turn down the A/C?",
+            message: "You left the house. Turn down the A/C?",
            actions: [
                {
                    action: "view",
@@ -1210,20 +1216,20 @@ Alternatively, the same actions can be defined as **JSON array**, if the notific
    ``` powershell
    $uri = "https://ntfy.sh"
    $body = @{
-        "topic"="myhome"
-        "message"="You left the house. Turn down the A/C?"
-        "actions"=@(
+        topic   = "myhome"
+        message = "You left the house. Turn down the A/C?"
+        actions = @(
            @{
-                "action"="view"
-                "label"="Open portal"
-                "url"="https://home.nest.com/"
-                "clear"=true
+                action = "view"
+                label  = "Open portal"
+                url    = "https://home.nest.com/"
+                clear  = $true
            },
            @{
-                "action"="http",
-                "label"="Turn down"
-                "url"="https://api.nest.com/"
-                "body"="{\"temperature\": 65}"
+                action = "http"
+                label  = "Turn down"
+                url    = "https://api.nest.com/"
+                body   = '{"temperature": 65}'
            }
        )
    } | ConvertTo-Json
@@ -1310,7 +1316,7 @@ Here's an example using the [`X-Actions` header](#using-a-header):
 === "Command line (curl)"
    ```
    curl \
-        -d "Somebody retweetet your tweet." \
+        -d "Somebody retweeted your tweet." \
        -H "Actions: view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392" \
    ntfy.sh/myhome
    ```
@@ -1320,7 +1326,7 @@ Here's an example using the [`X-Actions` header](#using-a-header):
    ntfy publish \
        --actions="view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392" \
        myhome \
-        "Somebody retweetet your tweet."
+        "Somebody retweeted your tweet."
    ```

 === "HTTP"
@@ -1329,14 +1335,14 @@ Here's an example using the [`X-Actions` header](#using-a-header):
    Host: ntfy.sh
    Actions: view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392

-    Somebody retweetet your tweet.
+    Somebody retweeted your tweet.
    ```

 === "JavaScript"
    ``` javascript
    fetch('https://ntfy.sh/myhome', {
        method: 'POST',
-        body: 'Somebody retweetet your tweet.',
+        body: 'Somebody retweeted your tweet.',
        headers: { 
            'Actions': 'view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392' 
        }
@@ -1345,7 +1351,7 @@ Here's an example using the [`X-Actions` header](#using-a-header):

 === "Go"
    ``` go
-    req, _ := http.NewRequest("POST", "https://ntfy.sh/myhome", strings.NewReader("Somebody retweetet your tweet."))
+    req, _ := http.NewRequest("POST", "https://ntfy.sh/myhome", strings.NewReader("Somebody retweeted your tweet."))
    req.Header.Set("Actions", "view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392")
    http.DefaultClient.Do(req)
    ```
@@ -1354,14 +1360,14 @@ Here's an example using the [`X-Actions` header](#using-a-header):
    ``` powershell
    $uri = "https://ntfy.sh/myhome"
    $headers = @{ Actions="view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392" }
-    $body = "Somebody retweetet your tweet."
+    $body = "Somebody retweeted your tweet."
    Invoke-RestMethod -Method 'Post' -Uri $uri -Headers $headers -Body $body -UseBasicParsing
    ```

 === "Python"
    ``` python
    requests.post("https://ntfy.sh/myhome",
-        data="Somebody retweetet your tweet.",
+        data="Somebody retweeted your tweet.",
        headers={ "Actions": "view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392" })
    ```

@@ -1373,7 +1379,7 @@ Here's an example using the [`X-Actions` header](#using-a-header):
            'header' =>
                "Content-Type: text/plain\r\n" .
                "Actions: view, Open Twitter, https://twitter.com/binwiederhier/status/1467633927951163392",
-            'content' => 'Somebody retweetet your tweet.'
+            'content' => 'Somebody retweeted your tweet.'
        ]
    ]));
    ```
@@ -1385,7 +1391,7 @@ And the same example using [JSON publishing](#publish-as-json):
    curl ntfy.sh \
      -d '{
        "topic": "myhome",
-        "message": "Somebody retweetet your tweet.",
+        "message": "Somebody retweeted your tweet.",
        "actions": [
          {
            "action": "view",
@@ -1407,7 +1413,7 @@ And the same example using [JSON publishing](#publish-as-json):
            }
        ]' \
        myhome \
-        "Somebody retweetet your tweet."
+        "Somebody retweeted your tweet."
    ```

 === "HTTP"
@@ -1417,7 +1423,7 @@ And the same example using [JSON publishing](#publish-as-json):

    {
        "topic": "myhome",
-        "message": "Somebody retweetet your tweet.",
+        "message": "Somebody retweeted your tweet.",
        "actions": [
          {
            "action": "view",
@@ -1434,7 +1440,7 @@ And the same example using [JSON publishing](#publish-as-json):
        method: 'POST',
        body: JSON.stringify({
            topic: "myhome",
-            message": "Somebody retweetet your tweet.",
+            message": "Somebody retweeted your tweet.",
            actions: [
                {
                    action: "view",
@@ -1453,7 +1459,7 @@ And the same example using [JSON publishing](#publish-as-json):
    
    body := `{
        "topic": "myhome",
-        "message": "Somebody retweetet your tweet.",
+        "message": "Somebody retweeted your tweet.",
        "actions": [
          {
            "action": "view",
@@ -1470,9 +1476,9 @@ And the same example using [JSON publishing](#publish-as-json):
    ``` powershell
    $uri = "https://ntfy.sh"
    $body = @{
-        "topic"="myhome"
-        "message"="Somebody retweetet your tweet."
-        "actions"=@(
+        topic = "myhome"
+        message = "Somebody retweeted your tweet."
+        actions = @(
            @{
                "action"="view"
                "label"="Open Twitter"
@@ -1488,7 +1494,7 @@ And the same example using [JSON publishing](#publish-as-json):
    requests.post("https://ntfy.sh/",
        data=json.dumps({
            "topic": "myhome",
-            "message": "Somebody retweetet your tweet.",
+            "message": "Somebody retweeted your tweet.",
            "actions": [
                {
                    "action": "view",
@@ -1508,7 +1514,7 @@ And the same example using [JSON publishing](#publish-as-json):
            'header' => "Content-Type: application/json",
            'content' => json_encode([
                "topic": "myhome",
-                "message": "Somebody retweetet your tweet.",
+                "message": "Somebody retweeted your tweet.",
                "actions": [
                    [
                        "action": "view",
@@ -1725,21 +1731,24 @@ And the same example using [JSON publishing](#publish-as-json):

 === "PowerShell"
    ``` powershell
+    # Powershell requires the 'Depth' argument to equal 3 here to expand 'Extras',
+    # otherwise it will read System.Collections.Hashtable in the returned JSON
+
    $uri = "https://ntfy.sh"
    $body = @{
-        "topic"="wifey"
-        "message"="Your wife requested you send a picture of yourself."
-        "actions"=@(
+        topic = "wifey"
+        message = "Your wife requested you send a picture of yourself."
+        actions = @(
            @{
-                "action"="broadcast"
-                "label"="Take picture"
-                "extras"=@{
-                    "cmd"="pic"
-                    "camera"="front"
+                action = "broadcast"
+                label = "Take picture"
+                extras = @{
+                     cmd ="pic"
+                     camera = "front"
                }
            }
        )
-    } | ConvertTo-Json
+    } | ConvertTo-Json -Depth 3
    Invoke-RestMethod -Method 'Post' -Uri $uri -Body $body -ContentType "application/json" -UseBasicParsing
    ```

@@ -1993,24 +2002,26 @@ And the same example using [JSON publishing](#publish-as-json):

 === "PowerShell"
    ``` powershell
+    # Powershell requires the 'Depth' argument to equal 3 here to expand 'headers', 
+    # otherwise it will read System.Collections.Hashtable in the returned JSON
+
    $uri = "https://ntfy.sh"
    $body = @{
-        "topic"="myhome"
-        "message"="Garage door has been open for 15 minutes. Close it?"
-        "actions"=@(
+        topic   = "myhome"
+        message = "Garage door has been open for 15 minutes. Close it?"
+        actions = @(
            @{
-                "action"="http",
-                "label"="Close door"
-                "url"="https://api.mygarage.lan/"
-                "method"="PUT"
-                "headers"=@{
-                  "Authorization"="Bearer zAzsx1sk.."
+                action  = "http"
+                label   = "Close door"
+                url     = "https://api.mygarage.lan/"
+                method  = "PUT"
+                headers = @{
+                    Authorization = "Bearer zAzsx1sk.."
                }
-                "body"="{\"action\": \"close\"}"
+                body    = '{"action": "close"}'
            }
-          }
        )
-    } | ConvertTo-Json
+    } | ConvertTo-Json -Depth 3
    Invoke-RestMethod -Method 'Post' -Uri $uri -Body $body -ContentType "application/json" -UseBasicParsing
    ```

@@ -2209,8 +2220,8 @@ Here's an example showing how to upload an image:
    Host: ntfy.sh
    Filename: flower.jpg
    Content-Type: 52312
-
-    <binary JPEG data>
+     
+    (binary JPEG data)
    ```

 === "JavaScript"
@@ -2338,6 +2349,112 @@ Here's an example showing how to attach an APK file:
  <figcaption>File attachment sent from an external URL</figcaption>
 </figure>

+## Icons
+_Supported on:_ :material-android:
+
+You can include an icon that will appear next to the text of the notification. Simply pass the `X-Icon` header or query
+parameter (or its alias `Icon`) to specify the URL that the icon is located at. The client will automatically download
+the icon (unless it is already cached locally, and less than 24 hours old), and show it in the notification. Icons are 
+cached locally in the client until the notification is deleted. **Only JPEG and PNG images are supported at this time**.
+
+Here's an example showing how to include an icon:
+
+=== "Command line (curl)"
+    ```
+    curl \
+        -H "Icon: https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png" \
+        -H "Title: Kodi: Resuming Playback" \
+        -H "Tags: arrow_forward" \
+        -d "The Wire, S01E01" \
+        ntfy.sh/tvshows
+    ```
+
+=== "ntfy CLI"
+    ```
+    ntfy publish \
+        --icon="https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png" \
+        --title="Kodi: Resuming Playback" \
+        --tags="arrow_forward" \
+        tvshows \
+        "The Wire, S01E01"
+    ```
+
+=== "HTTP"
+    ``` http
+    POST /tvshows HTTP/1.1
+    Host: ntfy.sh
+    Icon: https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png
+    Tags: arrow_forward
+    Title: Kodi: Resuming Playback
+
+    The Wire, S01E01
+    ```
+
+=== "JavaScript"
+    ``` javascript
+    fetch('https://ntfy.sh/tvshows', {
+        method: 'POST',
+        headers: { 
+            'Icon': 'https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png',
+            'Title': 'Kodi: Resuming Playback',
+            'Tags': 'arrow_forward'
+        },
+        body: "The Wire, S01E01"
+    })
+    ```
+
+=== "Go"
+    ``` go
+    req, _ := http.NewRequest("POST", "https://ntfy.sh/tvshows", strings.NewReader("The Wire, S01E01"))
+    req.Header.Set("Icon", "https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png")
+    req.Header.Set("Tags", "arrow_forward")
+    req.Header.Set("Title", "Kodi: Resuming Playback")
+    http.DefaultClient.Do(req)
+    ```
+
+=== "PowerShell"
+    ``` powershell
+    $uri = "https://ntfy.sh/tvshows"
+    $headers = @{ Title"="Kodi: Resuming Playback"
+                  Tags="arrow_forward"
+                  Icon="https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png" }
+    $body = "The Wire, S01E01"
+    Invoke-RestMethod -Method 'Post' -Uri $uri -Headers $headers -Body $body -UseBasicParsing
+    ```
+
+=== "Python"
+    ``` python
+    requests.post("https://ntfy.sh/tvshows",
+        data="The Wire, S01E01",
+        headers={
+            "Title": "Kodi: Resuming Playback",
+            "Tags": "arrow_forward",
+            "Icon": "https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png"
+        })
+    ```
+
+=== "PHP"
+    ``` php-inline
+    file_get_contents('https://ntfy.sh/tvshows', false, stream_context_create([
+        'http' => [
+        'method' => 'PUT',
+        'header' =>
+            "Content-Type: text/plain\r\n" . // Does not matter
+            "Title: Kodi: Resuming Playback\r\n" .
+            "Tags: arrow_forward\r\n" .
+            "Icon: https://styles.redditmedia.com/t5_32uhe/styles/communityIcon_xnt6chtnr2j21.png",
+        ],
+        'content' => "The Wire, S01E01"
+    ]));
+    ```
+
+Here's an example of how it will look on Android:
+
+<figure markdown>
+  ![file attachment](static/img/android-screenshot-icon.png){ width=500 }
+  <figcaption>Custom icon from an external URL</figcaption>
+</figure>
+
 ## E-mail notifications
 _Supported on:_ :material-android: :material-apple: :material-firefox:

@@ -2479,16 +2596,23 @@ title `You've Got Mail` to topic `sometopic` (see [ntfy.sh/sometopic](https://nt
 ### Authentication
 Depending on whether the server is configured to support [access control](config.md#access-control), some topics
 may be read/write protected so that only users with the correct credentials can subscribe or publish to them.
-To publish/subscribe to protected topics, you can use [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication)
-with a valid username/password. For your self-hosted server, **be sure to use HTTPS to avoid eavesdropping** and exposing
-your password. 
+To publish/subscribe to protected topics, you can: 

-Here's a simple example:
+* Use [basic auth](#basic-auth), e.g. `Authorization: Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk`
+* or use the [`auth` query parameter](#query-param), e.g. `?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw`
+
+!!! warning
+    Base64 only encodes username and password. It **is not encrypting it**. For your self-hosted server, 
+    **be sure to use HTTPS to avoid eavesdropping** and exposing your password. 
+
+#### Basic auth
+Here's an example using [Basic auth](https://en.wikipedia.org/wiki/Basic_access_authentication), with a user `testuser` 
+and password `fakepassword`:

 === "Command line (curl)"
    ```
    curl \
-      -u phil:mypass \
+      -u testuser:fakepassword \
      -d "Look ma, with auth" \
      https://ntfy.example.com/mysecrets
    ```
@@ -2496,7 +2620,7 @@ Here's a simple example:
 === "ntfy CLI"
    ```
    ntfy publish \
-      -u phil:mypass \
+      -u testuser:fakepassword \
      ntfy.example.com/mysecrets \
      "Look ma, with auth"
    ```
@@ -2505,7 +2629,7 @@ Here's a simple example:
    ``` http
    POST /mysecrets HTTP/1.1
    Host: ntfy.example.com
-    Authorization: Basic cGhpbDpteXBhc3M=
+    Authorization: Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk

    Look ma, with auth
    ```
@@ -2516,7 +2640,7 @@ Here's a simple example:
        method: 'POST', // PUT works too
        body: 'Look ma, with auth',
        headers: {
-            'Authorization': 'Basic cGhpbDpteXBhc3M='
+            'Authorization': 'Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk'
        }
    })
    ```
@@ -2525,14 +2649,14 @@ Here's a simple example:
    ``` go
    req, _ := http.NewRequest("POST", "https://ntfy.example.com/mysecrets",
    strings.NewReader("Look ma, with auth"))
-    req.Header.Set("Authorization", "Basic cGhpbDpteXBhc3M=")
+    req.Header.Set("Authorization", "Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk")
    http.DefaultClient.Do(req)
    ```

 === "PowerShell"
    ``` powershell
    $uri = "https://ntfy.example.com/mysecrets"
-    $credentials = 'username:password'
+    $credentials = 'testuser:fakepassword'
    $encodedCredentials = [convert]::ToBase64String([text.Encoding]::UTF8.GetBytes($credentials))
    $headers = @{Authorization="Basic $encodedCredentials"}
    $message = "Look ma, with auth"
@@ -2544,7 +2668,7 @@ Here's a simple example:
    requests.post("https://ntfy.example.com/mysecrets",
    data="Look ma, with auth",
    headers={
-        "Authorization": "Basic cGhpbDpteXBhc3M="
+        "Authorization": "Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk"
    })
    ```

@@ -2555,12 +2679,113 @@ Here's a simple example:
            'method' => 'POST', // PUT also works
            'header' =>
                'Content-Type: text/plain\r\n' .
-                'Authorization: Basic cGhpbDpteXBhc3M=',
+                'Authorization: Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk',
            'content' => 'Look ma, with auth'
        ]
    ]));
    ```

+To generate the `Authorization` header, use **standard base64** to encode the colon-separated `<username>:<password>` 
+and prepend the word `Basic`, i.e. `Authorization: Basic base64(<username>:<password>)`. Here's some pseudo-code that 
+hopefully explains it better:
+
+```
+username   = "testuser"
+password   = "fakepassword"
+authHeader = "Basic " + base64(username + ":" + password) // -> Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk
+```
+
+The following command will generate the appropriate value for you on *nix systems:
+
+```
+echo "Basic $(echo -n 'testuser:fakepassword' | base64)"
+```
+
+#### Query param
+Here's an example using the `auth` query parameter:
+
+=== "Command line (curl)"
+    ```
+    curl \
+      -d "Look ma, with auth" \
+      "https://ntfy.example.com/mysecrets?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw"
+    ```
+
+=== "ntfy CLI"
+    ```
+    ntfy publish \
+      -u testuser:fakepassword \
+      ntfy.example.com/mysecrets \
+      "Look ma, with auth"
+    ```
+
+=== "HTTP"
+    ``` http
+    POST /mysecrets?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw HTTP/1.1
+    Host: ntfy.example.com
+
+    Look ma, with auth
+    ```
+
+=== "JavaScript"
+    ``` javascript
+    fetch('https://ntfy.example.com/mysecrets?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw', {
+        method: 'POST', // PUT works too
+        body: 'Look ma, with auth'
+    })
+    ```
+
+=== "Go"
+    ``` go
+    req, _ := http.NewRequest("POST", "https://ntfy.example.com/mysecrets?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw",
+        strings.NewReader("Look ma, with auth"))
+    http.DefaultClient.Do(req)
+    ```
+
+=== "PowerShell"
+    ``` powershell
+    $uri = "https://ntfy.example.com/mysecrets?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw"
+    $message = "Look ma, with auth"
+    Invoke-RestMethod -Uri $uri -Body $message  -Method "Post" -UseBasicParsing
+    ```
+
+=== "Python"
+    ``` python
+    requests.post("https://ntfy.example.com/mysecrets?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw",
+    data="Look ma, with auth"
+    ```
+
+=== "PHP"
+    ``` php-inline
+    file_get_contents('https://ntfy.example.com/mysecrets?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw', false, stream_context_create([
+        'http' => [
+            'method' => 'POST', // PUT also works
+            'header' => 'Content-Type: text/plain',
+            'content' => 'Look ma, with auth'
+        ]
+    ]));
+    ```
+
+To generate the value of the `auth` parameter, encode the value of the `Authorization` header (see anove) using 
+**raw base64 encoding** (like base64, but strip any trailing `=`). Here's some pseudo-code that hopefully 
+explains it better:
+
+```
+username   = "testuser"
+password   = "fakepassword"
+authHeader = "Basic " + base64(username + ":" + password) // -> Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk
+authParam  = base64_raw(authHeader) // -> QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw (no trailing =)
+
+// If your language does not have a function to encode raw base64, simply use normal base64
+// and REMOVE TRAILING "=" characters. 
+```
+
+The following command will generate the appropriate value for you on *nix systems:
+
+```
+echo -n "Basic `echo -n 'testuser:fakepassword' | base64`" | base64 | tr -d '='
+```
+
 ### Message caching
 !!! info
    If `Cache: no` is used, messages will only be delivered to connected subscribers, and won't be re-delivered if a 
@@ -2793,6 +3018,7 @@ and can be passed as **HTTP headers** or **query parameters in the URL**. They a
 | `X-Actions`     | `Actions`, `Action`                        | JSON array or short format of [user actions](#action-buttons)                                 |
 | `X-Click`       | `Click`                                    | URL to open when [notification is clicked](#click-action)                                     |
 | `X-Attach`      | `Attach`, `a`                              | URL to send as an [attachment](#attachments), as an alternative to PUT/POST-ing an attachment |
+| `X-Icon`        | `Icon`                                     | URL to use as notification [icon](#icons)                                                     |
 | `X-Filename`    | `Filename`, `file`, `f`                    | Optional [attachment](#attachments) filename, as it appears in the client                     |
 | `X-Email`       | `X-E-Mail`, `Email`, `E-Mail`, `mail`, `e` | E-mail address for [e-mail notifications](#e-mail-notifications)                              |
 | `X-Cache`       | `Cache`                                    | Allows disabling [message caching](#message-caching)                                          |
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -2,18 +2,174 @@
 Binaries for all releases can be found on the GitHub releases pages for the [ntfy server](https://github.com/binwiederhier/ntfy/releases)
 and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/releases).

-<!--
-
-## ntfy Android app v1.14.0 (UNRELEASED)
+## ntfy server v1.31.0 (UNRELEASED)

 **Features:**

-* Polling is now done with since=<id> API, which makes deduping easier ([#165](https://github.com/binwiederhier/ntfy/issues/165))
+* Preliminary `/v1/health` API endpoint for service monitoring (no ticket)
+* Add basic health check to `Dockerfile` ([#555](https://github.com/binwiederhier/ntfy/pull/555), thanks to [@bt90](https://github.com/bt90))
+
+**Bug fixes + maintenance:**
+
+* Fix `chown` issues with RHEL-like based systems ([#566](https://github.com/binwiederhier/ntfy/issues/566)/[#565](https://github.com/binwiederhier/ntfy/pull/565), thanks to [@danieldemus](https://github.com/danieldemus))
+* Removed `upx` (binary packing) for all builds due to false virus warnings ([#576](https://github.com/binwiederhier/ntfy/issues/576), thanks to [@shawnhwei](https://github.com/shawnhwei) for reporting)
+
+**Documentation:**
+
+* Add HTTP/2 and TLSv1.3 support to nginx docs ([#553](https://github.com/binwiederhier/ntfy/issues/553), thanks to [@bt90](https://github.com/bt90))
+* Small wording change for `client.yml` ([#562](https://github.com/binwiederhier/ntfy/pull/562), thanks to [@fleopaulD](https://github.com/fleopaulD))
+* Fix K8s install docs ([#582](https://github.com/binwiederhier/ntfy/pull/582), thanks to [@Remedan](https://github.com/Remedan))
+
+## ntfy server v1.30.1
+Released December 23, 2022 🎅
+
+This is a special holiday edition version of ntfy, with all sorts of holiday fun and games, and hidden quests.
+Nahh, just kidding. This release is an intermediate release mainly to eliminate warnings in the logs, so I can
+roll out the TLSv1.3, HTTP/2 and Unix mode changes on ntfy.sh (see [#552](https://github.com/binwiederhier/ntfy/issues/552)).
+
+**Features:**
+
+* Web: Generate random topic name button ([#453](https://github.com/binwiederhier/ntfy/issues/453), thanks to [@yardenshoham](https://github.com/yardenshoham))
+* Add [Gitpod config](https://github.com/binwiederhier/ntfy/blob/main/.gitpod.yml) ([#540](https://github.com/binwiederhier/ntfy/pull/540), thanks to [@yardenshoham](https://github.com/yardenshoham)) 
+
+**Bug fixes + maintenance:**
+
+* Remove `--env-topic` option from `ntfy publish` as per [deprecation](deprecations.md) (no ticket)
+* Prepared statements for message cache writes ([#542](https://github.com/binwiederhier/ntfy/pull/542), thanks to [@nicois](https://github.com/nicois))
+* Do not warn about invalid IP address when behind proxy in unix socket mode (relates to [#552](https://github.com/binwiederhier/ntfy/issues/552))
+* Upgrade nginx/ntfy config on ntfy.sh to work with TLSv1.3, HTTP/2 ([#552](https://github.com/binwiederhier/ntfy/issues/552), thanks to [@bt90](https://github.com/bt90))
+
+## ntfy Android app v1.16.0
+Released December 11, 2022
+
+This is a feature and platform/dependency upgrade release. You can now have per-subscription notification settings
+(including sounds, DND, etc.), and you can make notifications continue ringing until they are dismissed. There's also
+support for thematic/adaptive launcher icon for Android 13.
+
+There are a few more Android 13 specific things, as well as many bug fixes: No more crashes from large images, no more
+opening the wrong subscription, and we also fixed the icon color issue.
+
+**Features:**
+
+* Custom per-subscription notification settings incl. sounds, DND, etc. ([#6](https://github.com/binwiederhier/ntfy/issues/6), thanks to [@doits](https://github.com/doits))
+* Insistent notifications that ring until dismissed ([#417](https://github.com/binwiederhier/ntfy/issues/417), thanks to [@danmed](https://github.com/danmed) for reporting)
+* Add thematic/adaptive launcher icon ([#513](https://github.com/binwiederhier/ntfy/issues/513), thanks to [@daedric7](https://github.com/daedric7) for reporting)
+
+**Bug fixes + maintenance:**
+
+* Upgrade Android dependencies and build toolchain to SDK 33 (no ticket)
+* Simplify F-Droid build: Disable tasks for Google Services ([#516](https://github.com/binwiederhier/ntfy/issues/516), thanks to [@markosopcic](https://github.com/markosopcic))
+* Android 13: Ask for permission to post notifications ([#508](https://github.com/binwiederhier/ntfy/issues/508))
+* Android 13: Do not allow swiping away the foreground notification ([#521](https://github.com/binwiederhier/ntfy/issues/521), thanks to [@alexhorner](https://github.com/alexhorner) for reporting)
+* Android 5 (SDK 21): Fix crash on unsubscribing ([#528](https://github.com/binwiederhier/ntfy/issues/528), thanks to Roger M.)
+* Remove timestamp when copying message text ([#471](https://github.com/binwiederhier/ntfy/issues/471), thanks to [@wunter8](https://github.com/wunter8))
+* Fix auto-delete if some icons do not exist anymore ([#506](https://github.com/binwiederhier/ntfy/issues/506))
+* Fix notification icon color ([#480](https://github.com/binwiederhier/ntfy/issues/480), thanks to [@s-h-a-r-d](https://github.com/s-h-a-r-d) for reporting)
+* Fix topics do not re-subscribe to Firebase after restoring from backup ([#511](https://github.com/binwiederhier/ntfy/issues/511))
+* Fix crashes from large images ([#474](https://github.com/binwiederhier/ntfy/issues/474), thanks to [@daedric7](https://github.com/daedric7) for reporting)
+* Fix notification click opens wrong subscription ([#261](https://github.com/binwiederhier/ntfy/issues/261), thanks to [@SMAW](https://github.com/SMAW) for reporting)
+* Fix Firebase-only "link expired" issue ([#529](https://github.com/binwiederhier/ntfy/issues/529))
+* Remove "Install .apk" feature in Google Play variant due to policy change ([#531](https://github.com/binwiederhier/ntfy/issues/531))
+* Add donate button (no ticket)
+
+**Additional translations:**
+
+* Korean (thanks to [@YJSofta0f97461d82447ac](https://hosted.weblate.org/user/YJSofta0f97461d82447ac/))
+* Portuguese (thanks to [@victormagalhaess](https://hosted.weblate.org/user/victormagalhaess/))
+
+## ntfy server v1.29.1
+Released November 17, 2022
+
+This is mostly a bugfix release to address the high load on ntfy.sh. There are now two new options that allow
+synchronous batch-writing of messages to the cache. This avoids database locking, and subsequent pileups of waiting
+requests.
+
+**Bug fixes:**
+
+* High-load servers: Allow asynchronous batch-writing of messages to cache via `cache-batch-*` options ([#498](https://github.com/binwiederhier/ntfy/issues/498)/[#502](https://github.com/binwiederhier/ntfy/pull/502))
+* Sender column in cache.db shows invalid IP ([#503](https://github.com/binwiederhier/ntfy/issues/503))
+
+**Documentation:**
+
+* GitHub Actions example ([#492](https://github.com/binwiederhier/ntfy/pull/492), thanks to [@ksurl](https://github.com/ksurl))
+* UnifiedPush ACL clarification ([#497](https://github.com/binwiederhier/ntfy/issues/497), thanks to [@bt90](https://github.com/bt90)) 
+* Install instructions for Kustomize ([#463](https://github.com/binwiederhier/ntfy/pull/463), thanks to [@l-maciej](https://github.com/l-maciej))
+
+**Other things:**
+
+* Put ntfy.sh docs on GitHub pages to reduce AWS outbound traffic cost ([#491](https://github.com/binwiederhier/ntfy/issues/491))
+* The ntfy.sh server hardware was upgraded to a bigger box. If you'd like to help out carrying the server cost, **[sponsorships and donations](https://github.com/sponsors/binwiederhier)** 💸 would be very much appreciated
+
+## ntfy server v1.29.0
+Released November 12, 2022
+
+This release adds the ability to add rate limit exemptions for IP ranges instead of just specific IP addresses. It also fixes 
+a few bugs in the web app and the CLI and adds lots of new examples and install instructions.
+
+Thanks to [some love on HN](https://news.ycombinator.com/item?id=33517944), we got so many new ntfy users trying out ntfy
+and joining the [chat rooms](https://github.com/binwiederhier/ntfy#chat--forum). **Welcome to the ntfy community to all of you!** 
+We also got a ton of new **[sponsors and donations](https://github.com/sponsors/binwiederhier)** 💸, which is amazing. I'd like to thank
+all of you for believing in the project, and for helping me pay the server cost. The HN spike increased the AWS cost quite a bit.
+
+**Features:**
+
+* Allow IP CIDRs in `visitor-request-limit-exempt-hosts` ([#423](https://github.com/binwiederhier/ntfy/issues/423), thanks to [@karmanyaahm](https://github.com/karmanyaahm))
+
+**Bug fixes + maintenance:**
+
+* Subscriptions can now have a display name ([#370](https://github.com/binwiederhier/ntfy/issues/370), thanks to [@tfheen](https://github.com/tfheen) for reporting)
+* Bump Go version to Go 18.x ([#422](https://github.com/binwiederhier/ntfy/issues/422))
+* Web: Strip trailing slash when subscribing ([#428](https://github.com/binwiederhier/ntfy/issues/428), thanks to [@raining1123](https://github.com/raining1123) for reporting, and [@wunter8](https://github.com/wunter8) for fixing)
+* Web: Strip trailing slash after server URL in publish dialog ([#441](https://github.com/binwiederhier/ntfy/issues/441), thanks to [@wunter8](https://github.com/wunter8))
+* Allow empty passwords in `client.yml` ([#374](https://github.com/binwiederhier/ntfy/issues/374), thanks to [@cyqsimon](https://github.com/cyqsimon) for reporting, and [@wunter8](https://github.com/wunter8) for fixing)
+* `ntfy pub` will now use default username and password from `client.yml` ([#431](https://github.com/binwiederhier/ntfy/issues/431), thanks to [@wunter8](https://github.com/wunter8) for fixing)
+* Make `ntfy sub` work with `NTFY_USER` env variable ([#447](https://github.com/binwiederhier/ntfy/pull/447), thanks to [SuperSandro2000](https://github.com/SuperSandro2000))
+* Web: Disallow GET/HEAD requests with body in actions ([#468](https://github.com/binwiederhier/ntfy/issues/468), thanks to [@ollien](https://github.com/ollien))
+
+**Documentation:**
+
+* Updated developer docs, bump nodejs and go version ([#414](https://github.com/binwiederhier/ntfy/issues/414), thanks to [@YJSoft](https://github.com/YJSoft) for reporting)
+* Officially document `?auth=..` query parameter ([#433](https://github.com/binwiederhier/ntfy/pull/433), thanks to [@wunter8](https://github.com/wunter8))
+* Added Rundeck example ([#427](https://github.com/binwiederhier/ntfy/pull/427), thanks to [@demogorgonz](https://github.com/demogorgonz))
+* Fix Debian installation instructions ([#237](https://github.com/binwiederhier/ntfy/issues/237), thanks to [@Joeharrison94](https://github.com/Joeharrison94) for reporting)
+* Updated [example](https://ntfy.sh/docs/examples/#gatus) with official [Gatus](https://github.com/TwiN/gatus) integration (thanks to [@TwiN](https://github.com/TwiN))
+* Added [Kubernetes install instructions](https://ntfy.sh/docs/install/#kubernetes) ([#452](https://github.com/binwiederhier/ntfy/pull/452), thanks to [@gmemstr](https://github.com/gmemstr))
+* Added [additional NixOS links for self-hosting](https://ntfy.sh/docs/install/#nixos-nix) ([#462](https://github.com/binwiederhier/ntfy/pull/462), thanks to [@wamserma](https://github.com/wamserma))
+* Added additional [more secure nginx config example](https://ntfy.sh/docs/config/#nginxapache2caddy) ([#451](https://github.com/binwiederhier/ntfy/pull/451), thanks to [SuperSandro2000](https://github.com/SuperSandro2000))
+* Minor fixes in the config table ([#470](https://github.com/binwiederhier/ntfy/pull/470), thanks to [snh](https://github.com/snh))
+* Fix broken link ([#476](https://github.com/binwiederhier/ntfy/pull/476), thanks to [@shuuji3](https://github.com/shuuji3))
+
+**Additional translations:**
+
+* Korean (thanks to [@YJSofta0f97461d82447ac](https://hosted.weblate.org/user/YJSofta0f97461d82447ac/))
+
+**Sponsorships:**:
+
+Thank you to the amazing folks who decided to [sponsor ntfy](https://github.com/sponsors/binwiederhier). Thank you for 
+helping carry the cost of the public server and developer licenses, and more importantly: Thank you for believing in ntfy! 
+You guys rock! 
+
+A list of all the sponsors can be found in the [README](https://github.com/binwiederhier/ntfy/blob/main/README.md).
+
+## ntfy Android app v1.14.0 
+Released September 27, 2022
+
+This release adds the ability to set a custom icon to each notification, as well as a display name to subscriptions. We
+also moved the action buttons in the detail view to a more logical place, fixed a bunch of bugs, and added four more
+languages. Hurray!
+
+**Features:**
+
+* Subscriptions can now have a display name ([#313](https://github.com/binwiederhier/ntfy/issues/313), thanks to [@wunter8](https://github.com/wunter8))
+* Display name for UnifiedPush subscriptions ([#355](https://github.com/binwiederhier/ntfy/issues/355), thanks to [@wunter8](https://github.com/wunter8))
+* Polling is now done with `since=<id>` API, which makes deduping easier ([#165](https://github.com/binwiederhier/ntfy/issues/165))
 * Turned JSON stream deprecation banner into "Use WebSockets" banner (no ticket)
+* Move action buttons in notification cards ([#236](https://github.com/binwiederhier/ntfy/issues/236), thanks to [@wunter8](https://github.com/wunter8))
+* Icons can be set for each individual notification ([#126](https://github.com/binwiederhier/ntfy/issues/126), thanks to [@wunter8](https://github.com/wunter8))

-**Bugs:**
+**Bug fixes:**

-* Long-click selecting of notifications doesn't scoll to the top anymore ([#235](https://github.com/binwiederhier/ntfy/issues/235), thanks to [@wunter8](https://github.com/wunter8))
+* Long-click selecting of notifications doesn't scroll to the top anymore ([#235](https://github.com/binwiederhier/ntfy/issues/235), thanks to [@wunter8](https://github.com/wunter8))
 * Add attachment and click URL extras to MESSAGE_RECEIVED broadcast ([#329](https://github.com/binwiederhier/ntfy/issues/329), thanks to [@wunter8](https://github.com/wunter8))
 * Accessibility: Clear/choose service URL button in base URL dropdown now has a label ([#292](https://github.com/binwiederhier/ntfy/issues/292), thanks to [@mhameed](https://github.com/mhameed) for reporting)

@@ -21,14 +177,57 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release

 * Italian (thanks to [@Genio2003](https://hosted.weblate.org/user/Genio2003/))
 * Dutch (thanks to [@SchoNie](https://hosted.weblate.org/user/SchoNie/))
+* Ukranian (thanks to [@v.kopitsa](https://hosted.weblate.org/user/v.kopitsa/))
+* Polish (thanks to [@Namax0r](https://hosted.weblate.org/user/Namax0r/))

 Thank you to [@wunter8](https://github.com/wunter8) for proactively picking up some Android tickets, and fixing them! You rock!

-->
+## ntfy server v1.28.0
+Released September 27, 2022

-## ntfy server v1.27.1
+This release primarily adds icon support for the Android app, and adds a display name to subscriptions in the web app.
+Aside from that, we fixed a few random bugs, most importantly the `Priority` header bug that allows the use behind
+Cloudflare. We also added a ton of documentation. Most prominently, an [integrations + projects page](https://ntfy.sh/docs/integrations/).
+
+As of now, I also have started accepting **[donations and sponsorships](https://github.com/sponsors/binwiederhier)** 💸. 
+I would be very humbled if you consider donating.
+
+**Features:**
+
+* Subscription display name for the web app ([#348](https://github.com/binwiederhier/ntfy/pull/348))
+* Allow setting socket permissions via `--listen-unix-mode` ([#356](https://github.com/binwiederhier/ntfy/pull/356), thanks to [@koro666](https://github.com/koro666))
+* Icons can be set for each individual notification ([#126](https://github.com/binwiederhier/ntfy/issues/126), thanks to [@wunter8](https://github.com/wunter8))
+* CLI: Allow default username/password in `client.yml` ([#372](https://github.com/binwiederhier/ntfy/pull/372), thanks to [@wunter8](https://github.com/wunter8))
+* Build support for other Unix systems ([#393](https://github.com/binwiederhier/ntfy/pull/393), thanks to [@la-ninpre](https://github.com/la-ninpre))
+
+**Bug fixes:**
+
+* `ntfy user` commands don't work with `auth_file` but works with `auth-file` ([#344](https://github.com/binwiederhier/ntfy/issues/344), thanks to [@Histalek](https://github.com/Histalek) for reporting)
+* Ignore new draft HTTP `Priority` header  ([#351](https://github.com/binwiederhier/ntfy/issues/351), thanks to [@ksurl](https://github.com/ksurl) for reporting)
+* Delete expired attachments based on mod time instead of DB entry to avoid races (no ticket)
+* Better logging for Matrix push key errors ([#384](https://github.com/binwiederhier/ntfy/pull/384), thanks to [@christophehenry](https://github.com/christophehenry))
+* Web: Switched "Pop" and "Pop Swoosh" sounds ([#352](https://github.com/binwiederhier/ntfy/issues/352), thanks to [@coma-toast](https://github.com/coma-toast) for reporting)
+
+**Documentation:**
+
+* Added [integrations + projects page](https://ntfy.sh/docs/integrations/) (**so many integrations, whoa!**)
+* Added example for [UptimeRobot](https://ntfy.sh/docs/examples/#uptimerobot)
+* Fix some PowerShell publish docs ([#345](https://github.com/binwiederhier/ntfy/pull/345), thanks to [@noahpeltier](https://github.com/noahpeltier))
+* Clarified Docker install instructions ([#361](https://github.com/binwiederhier/ntfy/issues/361), thanks to [@barart](https://github.com/barart) for reporting)
+* Mismatched quotation marks ([#392](https://github.com/binwiederhier/ntfy/pull/392)], thanks to [@connorlanigan](https://github.com/connorlanigan))
+
+**Additional translations:**
+
+* Ukranian (thanks to [@v.kopitsa](https://hosted.weblate.org/user/v.kopitsa/))
+* Polish (thanks to [@Namax0r](https://hosted.weblate.org/user/Namax0r/))
+
+## ntfy server v1.27.2
 Released June 23, 2022

+This release brings two new CLI options to wait for a command to finish, or for a PID to exit. It also adds more detail
+to trace debug output. Aside from other bugs, it fixes a performance issue that occurred in large installations every 
+minute or so, due to competing stats gathering (personal installations will likely be unaffected by this). 
+
 **Features:**

 * Add `cache-startup-queries` option to allow custom [SQLite performance tuning](config.md#wal-for-message-cache) (no ticket)
@@ -36,7 +235,7 @@ Released June 23, 2022
 * Trace: Log entire HTTP request to simplify debugging (no ticket)
 * Allow setting user password via `NTFY_PASSWORD` env variable ([#327](https://github.com/binwiederhier/ntfy/pull/327), thanks to [@Kenix3](https://github.com/Kenix3))

-**Bugs:**
+**Bug fixes:**

 * Fix slow requests due to excessive locking ([#338](https://github.com/binwiederhier/ntfy/issues/338))
 * Return HTTP 500 for `GET /_matrix/push/v1/notify` when `base-url` is not configured (no ticket)
@@ -61,7 +260,7 @@ CLI is now available via Scoop, and ntfy is now natively supported in Uptime Kum
 * [Uptime Kuma](https://github.com/louislam/uptime-kuma) now allows publishing to ntfy ([uptime-kuma#1674](https://github.com/louislam/uptime-kuma/pull/1674), thanks to [@philippdormann](https://github.com/philippdormann))
 * Display ntfy version in `ntfy serve` command  ([#314](https://github.com/binwiederhier/ntfy/issues/314), thanks to [@poblabs](https://github.com/poblabs))

-**Bugs:**
+**Bug fixes:**

 * Web app: Show "notifications not supported" alert on HTTP ([#323](https://github.com/binwiederhier/ntfy/issues/323), thanks to [@milksteakjellybeans](https://github.com/milksteakjellybeans) for reporting)
 * Use last address in `X-Forwarded-For` header as visitor address ([#328](https://github.com/binwiederhier/ntfy/issues/328))
@@ -84,7 +283,7 @@ set your server as the default server for new topics.
 * Support for auth and user management ([#277](https://github.com/binwiederhier/ntfy/issues/277))
 * Ability to add default server ([#295](https://github.com/binwiederhier/ntfy/issues/295))

-**Bugs:**
+**Bug fixes:**

 * Add validation for selfhosted server URL ([#290](https://github.com/binwiederhier/ntfy/issues/290))

@@ -147,7 +346,7 @@ for details).
 * Cancel notifications when navigating to topic (no ticket)
 * iOS 14.0 support (no ticket, [PR#1](https://github.com/binwiederhier/ntfy-ios/pull/1), thanks to [@callum-99](https://github.com/callum-99))

-**Bugs:**
+**Bug fixes:**

 * iOS UI not always updating properly ([#267](https://github.com/binwiederhier/ntfy/issues/267))

@@ -164,7 +363,7 @@ Apple development environment.
 * Add subscribe filter to query exact messages by ID (no ticket)
 * Support for `poll_request` messages to support [iOS push notifications](https://ntfy.sh/docs/config/#ios-instant-notifications) for self-hosted servers (no ticket)

-**Bugs:**
+**Bug fixes:**

 * Support emails without `Content-Type` ([#265](https://github.com/binwiederhier/ntfy/issues/265), thanks to [@dmbonsall](https://github.com/dmbonsall))

@@ -202,7 +401,7 @@ it adds support for APNs, the iOS messaging service. This is needed for the (soo
 * Ability to disable the web app entirely ([#238](https://github.com/binwiederhier/ntfy/issues/238)/[#249](https://github.com/binwiederhier/ntfy/pull/249), thanks to [@Curid](https://github.com/Curid))
 * Add APNs config to Firebase messages to support [iOS app](https://github.com/binwiederhier/ntfy/issues/4) ([#247](https://github.com/binwiederhier/ntfy/pull/247), thanks to [@Copephobia](https://github.com/Copephobia))

-**Bugs:**
+**Bug fixes:**

 * Support underscores in server.yml config options ([#255](https://github.com/binwiederhier/ntfy/issues/255), thanks to [@ajdelgado](https://github.com/ajdelgado))
 * Force MAKEFLAGS to --jobs=1 in `Makefile` ([#257](https://github.com/binwiederhier/ntfy/pull/257), thanks to [@oddlama](https://github.com/oddlama))
@@ -231,7 +430,7 @@ and custom icons. Aside from that, we've got tons of bug fixes as usual.
 * Per-subscription settings, custom subscription icons ([#155](https://github.com/binwiederhier/ntfy/issues/155), thanks to [@mztiq](https://github.com/mztiq) for reporting)
 * Cards in notification detail view ([#175](https://github.com/binwiederhier/ntfy/issues/175), thanks to [@cmeis](https://github.com/cmeis) for reporting)

-**Bugs:**
+**Bug fixes:**

 * Accurate naming of "mute notifications" from "pause notifications" ([#224](https://github.com/binwiederhier/ntfy/issues/224), thanks to [@shadow00](https://github.com/shadow00) for reporting)
 * Make messages with links selectable ([#226](https://github.com/binwiederhier/ntfy/issues/226), thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting)
@@ -264,7 +463,7 @@ We've also improved the documentation a little and added translations for three
 * Better parsing of the user actions, allowing quotes (no ticket)
 * Add "mark as read" icon button to notification ([#243](https://github.com/binwiederhier/ntfy/pull/243), thanks to [@wunter8](https://github.com/wunter8))

-**Bugs:**
+**Bug fixes:**

 * `Upgrade` header check is now case in-sensitive ([#228](https://github.com/binwiederhier/ntfy/issues/228), thanks to [@wunter8](https://github.com/wunter8) for finding it)
 * Made web app sounds quieter ([#222](https://github.com/binwiederhier/ntfy/issues/222))
@@ -306,7 +505,7 @@ languages and fixed a ton of bugs.
  thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting)
 * Channel settings option to configure DND override, sounds, etc. ([#91](https://github.com/binwiederhier/ntfy/issues/91))

-**Bugs:**
+**Bug fixes:**

 * Validate URLs when changing default server and server in user management ([#193](https://github.com/binwiederhier/ntfy/issues/193),
  thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting)
@@ -347,7 +546,7 @@ Limited support is available in the web app.
 * Added ARMv6 build ([#200](https://github.com/binwiederhier/ntfy/issues/200), thanks to [@jcrubioa](https://github.com/jcrubioa) for reporting)
 * Web app internationalization support 🇧🇬 🇩🇪 🇺🇸 🌎 ([#189](https://github.com/binwiederhier/ntfy/issues/189))

-**Bugs:**
+**Bug fixes:**

 * Web app: English language strings fixes, additional descriptions for settings ([#203](https://github.com/binwiederhier/ntfy/issues/203), thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov))
 * Web app: Show error message snackbar when sending test notification fails ([#205](https://github.com/binwiederhier/ntfy/issues/205), thanks to [@cmeis](https://github.com/cmeis))
@@ -387,7 +586,7 @@ Released Apr 7, 2022
 * Translations to different languages ([#188](https://github.com/binwiederhier/ntfy/issues/188), thanks to
  [@StoyanDimitrov](https://github.com/StoyanDimitrov) for initiating things)

-**Bugs:**
+**Bug fixes:**

 * IllegalStateException: Failed to build unique file ([#177](https://github.com/binwiederhier/ntfy/issues/177), thanks to [@Fallenbagel](https://github.com/Fallenbagel) for reporting)
 * SQLiteConstraintException: Crash during UP registration ([#185](https://github.com/binwiederhier/ntfy/issues/185))
@@ -421,7 +620,7 @@ Released Apr 6, 2022

 * Added message bar and publish dialog ([#196](https://github.com/binwiederhier/ntfy/issues/196)) 

-**Bugs:**
+**Bug fixes:**

 * Added `EXPOSE 80/tcp` to Dockerfile to support auto-discovery in [Traefik](https://traefik.io/) ([#195](https://github.com/binwiederhier/ntfy/issues/195), thanks to [@s-h-a-r-d](https://github.com/s-h-a-r-d))

@@ -437,7 +636,7 @@ Released Apr 6, 2022
 ## ntfy server v1.19.0
 Released Mar 30, 2022

-**Bugs:**
+**Bug fixes:**

 * Do not pack binary with `upx` for armv7/arm64 due to `illegal instruction` errors ([#191](https://github.com/binwiederhier/ntfy/issues/191), thanks to [@iexos](https://github.com/iexos))
 * Do not allow comma in topic name in publish via GET endpoint (no ticket)
--- a/docs/static/css/extra.css
+++ b/docs/static/css/extra.css
@@ -8,6 +8,10 @@
    width: unset !important;
 }

+header {
+    background: linear-gradient(150deg, rgba(51,133,116,1) 0%, rgba(86,189,168,1) 100%);     filter: drop-shadow(0 5px 10px #ccc);
+}
+
 .md-header__topic:first-child {
    font-weight: 400;
 }
--- a/docs/static/img/android-screenshot-icon.png
+++ b/docs/static/img/android-screenshot-icon.png
--- a/docs/static/img/rundeck.png
+++ b/docs/static/img/rundeck.png
--- a/docs/static/img/uptimerobot-setup.jpg
+++ b/docs/static/img/uptimerobot-setup.jpg
--- a/docs/static/img/uptimerobot-test.jpg
+++ b/docs/static/img/uptimerobot-test.jpg
--- a/docs/subscribe/api.md
+++ b/docs/subscribe/api.md
@@ -302,13 +302,12 @@ $ curl -s ntfy.sh/mytopic1,mytopic2/json
 ### Authentication
 Depending on whether the server is configured to support [access control](../config.md#access-control), some topics
 may be read/write protected so that only users with the correct credentials can subscribe or publish to them.
-To publish/subscribe to protected topics, you can use [Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication)
-with a valid username/password. For your self-hosted server, **be sure to use HTTPS to avoid eavesdropping** and exposing
-your password.
+To publish/subscribe to protected topics, you can:

-```
-curl -u phil:mypass -s "https://ntfy.example.com/mytopic/json"
-```
+* Use [basic auth](../publish.md#basic-auth), e.g. `Authorization: Basic dGVzdHVzZXI6ZmFrZXBhc3N3b3Jk`
+* or use the [`auth` query parameter](../publish.md#query-param), e.g. `?auth=QmFzaWMgZEdWemRIVnpaWEk2Wm1GclpYQmhjM04zYjNKaw`
+
+Please refer to the [publishing documentation](../publish.md#authentication) for additional details.

 ## JSON message format
 Both the [`/json` endpoint](#subscribe-as-json-stream) and the [`/sse` endpoint](#subscribe-as-sse-stream) return a JSON
@@ -320,6 +319,7 @@ format of the message. It's very straight forward:
 |--------------|----------|---------------------------------------------------|-------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|
 | `id`         | ✔️       | *string*                                          | `hwQ2YpKdmg`                                          | Randomly chosen message identifier                                                                                                   |
 | `time`       | ✔️       | *number*                                          | `1635528741`                                          | Message date time, as Unix time stamp                                                                                                |  
+| `expires`    | ✔️       | *number*                                          | `1673542291`                                          | Unix time stamp indicating when the message will be deleted                                                                          |  
 | `event`      | ✔️       | `open`, `keepalive`, `message`, or `poll_request` | `message`                                             | Message type, typically you'd be only interested in `message`                                                                        |
 | `topic`      | ✔️       | *string*                                          | `topic1,topic2`                                       | Comma-separated list of topics the message is associated with; only one for all `message` events, but may be a list in `open` events |
 | `message`    | -        | *string*                                          | `Some message`                                        | Message body; always present in `message` events                                                                                     |
@@ -347,6 +347,7 @@ Here's an example for each message type:
    {
        "id": "sPs71M8A2T",
        "time": 1643935928,
+        "expires": 1643936928,
        "event": "message",
        "topic": "mytopic",
        "priority": 5,
@@ -373,6 +374,7 @@ Here's an example for each message type:
    {
        "id": "wze9zgqK41",
        "time": 1638542110,
+        "expires": 1638543112,
        "event": "message",
        "topic": "phil_alerts",
        "message": "Remote access to phils-laptop detected. Act right away."
--- a/docs/subscribe/cli.md
+++ b/docs/subscribe/cli.md
@@ -254,6 +254,14 @@ I hope this shows how powerful this command is. Here's a short video that demons
  <figcaption>Execute all the things</figcaption>
 </figure>

+If most (or all) of your subscription usernames, passwords, and commands are the same, you can specify a `default-user`, `default-password`, and `default-command` at the top of the
+`client.yml`. If a subscription does not specify a username/password to use or does not have a command, the defaults will be used, otherwise, the subscription settings will
+override the defaults.
+
+!!! warning
+    Because the `default-user` and `default-password` will be sent for each topic that does not have its own username/password (even if the topic does not require authentication),
+    be sure that the servers/topics you subscribe to use HTTPS to prevent leaking the username and password.
+
 ### Using the systemd service
 You can use the `ntfy-client` systemd service (see [ntfy-client.service](https://github.com/binwiederhier/ntfy/blob/main/client/ntfy-client.service))
 to subscribe to multiple topics just like in the example above. The service is automatically installed (but not started)
--- a/go.mod
+++ b/go.mod
@@ -1,58 +1,65 @@
 module heckel.io/ntfy

-go 1.17
+go 1.18

 require (
-	cloud.google.com/go/firestore v1.6.1 // indirect
-	cloud.google.com/go/storage v1.22.1 // indirect
-	github.com/BurntSushi/toml v1.1.0 // indirect
+	cloud.google.com/go/firestore v1.9.0 // indirect
+	cloud.google.com/go/storage v1.28.1 // indirect
+	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/emersion/go-smtp v0.15.0
-	github.com/gabriel-vasile/mimetype v1.4.0
+	github.com/gabriel-vasile/mimetype v1.4.1
 	github.com/gorilla/websocket v1.5.0
-	github.com/mattn/go-sqlite3 v1.14.13
-	github.com/olebedev/when v0.0.0-20211212231525-59bd4edcf9d6
-	github.com/stretchr/testify v1.7.0
-	github.com/urfave/cli/v2 v2.10.2
-	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
-	golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2 // indirect
-	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
-	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
-	golang.org/x/time v0.0.0-20220609170525-579cf78fd858
-	google.golang.org/api v0.85.0
+	github.com/mattn/go-sqlite3 v1.14.16
+	github.com/olebedev/when v0.0.0-20221205223600-4d190b02b8d8
+	github.com/stretchr/testify v1.8.1
+	github.com/urfave/cli/v2 v2.23.7
+	golang.org/x/crypto v0.4.0
+	golang.org/x/oauth2 v0.3.0 // indirect
+	golang.org/x/sync v0.1.0
+	golang.org/x/term v0.3.0
+	golang.org/x/time v0.3.0
+	google.golang.org/api v0.105.0
 	gopkg.in/yaml.v2 v2.4.0
 )

 require github.com/pkg/errors v0.9.1 // indirect

-require firebase.google.com/go/v4 v4.8.0
+require (
+	firebase.google.com/go/v4 v4.10.0
+	github.com/stripe/stripe-go/v74 v74.5.0
+)

 require (
-	cloud.google.com/go v0.102.1 // indirect
-	cloud.google.com/go/compute v1.7.0 // indirect
-	cloud.google.com/go/iam v0.3.0 // indirect
+	cloud.google.com/go v0.107.0 // indirect
+	cloud.google.com/go/compute v1.14.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v0.9.0 // indirect
+	cloud.google.com/go/longrunning v0.3.0 // indirect
 	github.com/AlekSi/pointer v1.2.0 // indirect
+	github.com/MicahParks/keyfunc v1.9.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emersion/go-sasl v0.0.0-20211008083017-0b9dcfb154ac // indirect
+	github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead // indirect
+	github.com/golang-jwt/jwt/v4 v4.4.3 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.4.0 // indirect
-	github.com/googleapis/go-type-adapters v1.0.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
-	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/net v0.0.0-20220622184535-263ec571b305 // indirect
-	golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664 // indirect
-	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/net v0.4.0 // indirect
+	golang.org/x/sys v0.3.0 // indirect
+	golang.org/x/text v0.5.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/appengine/v2 v2.0.1 // indirect
-	google.golang.org/genproto v0.0.0-20220623142657-077d458a5694 // indirect
-	google.golang.org/grpc v1.47.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/appengine/v2 v2.0.2 // indirect
+	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
+	google.golang.org/grpc v1.51.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,710 +1,190 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U=
-cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
-cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
-cloud.google.com/go v0.102.1 h1:vpK6iQWv/2uUeFJth4/cBHsQAGjn1iIE6AAlxipRaA0=
-cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
-cloud.google.com/go/compute v1.2.0/go.mod h1:xlogom/6gr8RJGBe7nT2eGsQYAFUbbv8dbC29qE3Xmw=
-cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
-cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
-cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
-cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
-cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk=
-cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.6.1 h1:8rBq3zRjnHx8UtBvaOWqBB1xq9jH6/wltfQLlTMh2Fw=
-cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
-cloud.google.com/go/iam v0.1.1/go.mod h1:CKqrcnI/suGpybEHxZ7BMehL0oA4LpdyJdUlTl9jVMw=
-cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc=
-cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.21.0/go.mod h1:XmRlxkgPjlBONznT2dDUU/5XlpU2OjMnKuqnZI01LAA=
-cloud.google.com/go/storage v1.22.1 h1:F6IlQJZrZM++apn9V5/VfS3gbTUYg98PS3EMQAzqtfg=
-cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-firebase.google.com/go/v4 v4.8.0 h1:ooJqjFEh1G6DQ5+wyb/RAXAgku0E2RzJeH6WauSpWSo=
-firebase.google.com/go/v4 v4.8.0/go.mod h1:y+j6xX7BgBco/XaN+YExIBVm6pzvYutheDV3nprvbWc=
-github.com/AlekSi/pointer v1.0.0/go.mod h1:1kjywbfcPFCmncIxtk6fIEub6LKrfMz3gc5QKVOSOA8=
+cloud.google.com/go v0.107.0 h1:qkj22L7bgkl6vIeZDlOY2po43Mx/TIa2Wsa7VR+PEww=
+cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I=
+cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0=
+cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/firestore v1.9.0 h1:IBlRyxgGySXu5VuW0RgGFlTtLukSnNkpDiEOMkQkmpA=
+cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE=
+cloud.google.com/go/iam v0.9.0 h1:bK6Or6mxhuL8lnj1i9j0yMo2wE/IeTO2cWlfUrf/TZs=
+cloud.google.com/go/iam v0.9.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM=
+cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
+cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc=
+cloud.google.com/go/storage v1.28.1 h1:F5QDG5ChchaAVQhINh24U99OWHURqrW8OmQcGKXcbgI=
+cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y=
+firebase.google.com/go/v4 v4.10.0 h1:dgK/8uwfJbzc5LZK/GyRRfIkZEDObN9q0kgEXsjlXN4=
+firebase.google.com/go/v4 v4.10.0/go.mod h1:m0gLwPY9fxKggizzglgCNWOGnFnVPifLpqZzo5u3e/A=
 github.com/AlekSi/pointer v1.2.0 h1:glcy/gc4h8HnG2Z3ZECSzZ1IX1x2JxRVuDzaJwQE0+w=
 github.com/AlekSi/pointer v1.2.0/go.mod h1:gZGfd3dpW4vEc/UlyfKKi1roIqcCgwOIvb0tSNSBle0=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
-github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
+github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
-github.com/emersion/go-sasl v0.0.0-20211008083017-0b9dcfb154ac h1:tn/OQ2PmwQ0XFVgAHfjlLyqMewry25Rz7jWnVoh4Ggs=
-github.com/emersion/go-sasl v0.0.0-20211008083017-0b9dcfb154ac/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
+github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead h1:fI1Jck0vUrXT8bnphprS1EoVRe2Q5CKCX8iDlpqjQ/Y=
+github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
 github.com/emersion/go-smtp v0.15.0 h1:3+hMGMGrqP/lqd7qoxZc1hTU8LY8gHV9RFGWlqSDmP8=
 github.com/emersion/go-smtp v0.15.0/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/gabriel-vasile/mimetype v1.4.0 h1:Cn9dkdYsMIu56tGho+fqzh7XmvY2YyGU0FnbhiOsEro=
-github.com/gabriel-vasile/mimetype v1.4.0/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmxRtOJlERCzSmRvr8=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/gabriel-vasile/mimetype v1.4.1 h1:TRWk7se+TOjCYgRth7+1/OYLNiRNIotknkFtf/dnN7Q=
+github.com/gabriel-vasile/mimetype v1.4.1/go.mod h1:05Vi0w3Y9c/lNvJOdmIwvrrAhX3rYhfQQCaf9VJcv7M=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
+github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/martian/v3 v3.2.1 h1:d8MncMlErDFTwQGBK1xhv026j9kqhvw1Qv9IbWT1VLQ=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
-github.com/googleapis/enterprise-certificate-proxy v0.1.0 h1:zO8WHNx/MYiAKJ3d5spxZXZE6KHmIQGQcAzwUzV7qQw=
-github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
-github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
-github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk=
-github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
-github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA=
-github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
+github.com/googleapis/enterprise-certificate-proxy v0.2.1 h1:RY7tHKZcRlk788d5WSo/e83gOyyy742E8GSs771ySpg=
+github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
+github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/mattn/go-sqlite3 v1.14.13 h1:1tj15ngiFfcZzii7yd82foL+ks+ouQcj8j/TPq3fk1I=
-github.com/mattn/go-sqlite3 v1.14.13/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/olebedev/when v0.0.0-20211212231525-59bd4edcf9d6 h1:oDSPaYiL2dbjcArLrFS8ANtwgJMyOLzvQCZon+XmFsk=
-github.com/olebedev/when v0.0.0-20211212231525-59bd4edcf9d6/go.mod h1:DPucAeQGDPUzYUt+NaWw6qsF5SFapWWToxEiVDh2aV0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
+github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/olebedev/when v0.0.0-20221205223600-4d190b02b8d8 h1:0uFGkScHef2Xd8g74BMHU1jFcnKEm0PzrPn4CluQ9FI=
+github.com/olebedev/when v0.0.0-20221205223600-4d190b02b8d8/go.mod h1:T0THb4kP9D3NNqlvCwIG4GyUioTAzEhB4RNVzig/43E=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/urfave/cli/v2 v2.10.2 h1:x3p8awjp/2arX+Nl/G2040AZpOCHS/eMJJ1/a+mye4Y=
-github.com/urfave/cli/v2 v2.10.2/go.mod h1:f8iq5LtQ/bLxafbdBSLPPNsgaW0l/2fYYEHhAyPlwvo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stripe/stripe-go/v74 v74.5.0 h1:YyqTvVQdS34KYGCfVB87EMn9eDV3FCFkSwfdOQhiVL4=
+github.com/stripe/stripe-go/v74 v74.5.0/go.mod h1:5PoXNp30AJ3tGq57ZcFuaMylzNi8KpwlrYAFmO1fHZw=
+github.com/urfave/cli/v2 v2.23.7 h1:YHDQ46s3VghFHFf1DdF+Sh7H4RqhcM+t0TmZRJx4oJY=
+github.com/urfave/cli/v2 v2.23.7/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
+golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220622184535-263ec571b305 h1:dAgbJ2SP4jD6XYfMNLVj0BF21jo2PjChrtGaAvF5M3I=
-golang.org/x/net v0.0.0-20220622184535-263ec571b305/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
+golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
-golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2 h1:+jnHzr9VPj32ykQVai5DNahi9+NSp7yYuCsl5eAQtL0=
-golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
+golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8=
+golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664 h1:wEZYwx+kK+KlZ0hpvP2Ls1Xr4+RWnlzGFwPP0aiDjIU=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U=
-golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0=
-golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
-google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
-google.golang.org/api v0.64.0/go.mod h1:931CdxA8Rm4t6zqTFGSsgwbAEZ2+GMYurbndwSimebM=
-google.golang.org/api v0.66.0/go.mod h1:I1dmXYpX7HGwz/ejRxwQp2qj5bFAz93HiCU1C1oYd9M=
-google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
-google.golang.org/api v0.69.0/go.mod h1:boanBiw+h5c3s+tBPgEzLDRHfFLWV0qXxRHz3ws7C80=
-google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
-google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
-google.golang.org/api v0.73.0/go.mod h1:lbd/q6BRFJbdpV6OUCXstVeiI5mL/d3/WifG7iNKnjI=
-google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
-google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
-google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
-google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
-google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
-google.golang.org/api v0.85.0 h1:8rJoHuRxx+vCmZtAO/3k1dRLvYNVyTJtZ5oaFZvhgvc=
-google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+google.golang.org/api v0.105.0 h1:t6P9Jj+6XTn4U9I2wycQai6Q/Kz7iOT+QzjJ3G2V4x8=
+google.golang.org/api v0.105.0/go.mod h1:qh7eD5FJks5+BcE+cjBIm6Gz8vioK7EHvnlniqXBnqI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine/v2 v2.0.1 h1:jTGfiRmR5qoInpT3CXJ72GJEB4owDGEKN+xRDA6ekBY=
-google.golang.org/appengine/v2 v2.0.1/go.mod h1:XgltgQxPOF3ShivrVrZyfvYCx8Dunh73bKjUuXUZb8Q=
+google.golang.org/appengine/v2 v2.0.2 h1:MSqyWy2shDLwG7chbwBJ5uMyw6SNqJzhJHNDwYB0Akk=
+google.golang.org/appengine/v2 v2.0.2/go.mod h1:PkgRUWz4o1XOvbqtWTkBtCitEJ5Tp4HoVEdMMYQR/8E=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220111164026-67b88f271998/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220114231437-d2e6a121cae0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220201184016-50beb8ab5c44/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220211171837-173942840c17/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220216160803-4663080d8bc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
-google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220623142657-077d458a5694 h1:itnFmgk4Ls5nT+mYO2ZK6F0DpKsGZLhB5BB9y5ZL2HA=
-google.golang.org/genproto v0.0.0-20220623142657-077d458a5694/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqdKeLqmwitzgvjMl7o4IdtHwUDXSJY=
+google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
-google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
+google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -713,31 +193,17 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
--- a/log/log.go
+++ b/log/log.go
@@ -40,32 +40,32 @@ var (
 )

 // Trace prints the given message, if the current log level is TRACE
-func Trace(message string, v ...interface{}) {
+func Trace(message string, v ...any) {
 	logIf(TraceLevel, message, v...)
 }

 // Debug prints the given message, if the current log level is DEBUG or lower
-func Debug(message string, v ...interface{}) {
+func Debug(message string, v ...any) {
 	logIf(DebugLevel, message, v...)
 }

 // Info prints the given message, if the current log level is INFO or lower
-func Info(message string, v ...interface{}) {
+func Info(message string, v ...any) {
 	logIf(InfoLevel, message, v...)
 }

 // Warn prints the given message, if the current log level is WARN or lower
-func Warn(message string, v ...interface{}) {
+func Warn(message string, v ...any) {
 	logIf(WarnLevel, message, v...)
 }

 // Error prints the given message, if the current log level is ERROR or lower
-func Error(message string, v ...interface{}) {
+func Error(message string, v ...any) {
 	logIf(ErrorLevel, message, v...)
 }

 // Fatal prints the given message, and exits the program
-func Fatal(v ...interface{}) {
+func Fatal(v ...any) {
 	log.Fatalln(v...)
 }

@@ -122,7 +122,7 @@ func IsDebug() bool {
 	return Loggable(DebugLevel)
 }

-func logIf(l Level, message string, v ...interface{}) {
+func logIf(l Level, message string, v ...any) {
 	if CurrentLevel() <= l {
 		log.Printf(l.String()+" "+message, v...)
 	}
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -85,9 +85,11 @@ nav:
 - "Other things":
  - "FAQs": faq.md
  - "Examples": examples.md
+  - "Integrations + projects": integrations.md
  - "Release notes": releases.md
-  - "Deprecation notices": deprecations.md
  - "Emojis 🥳 🎉": emojis.md
+  - "Known issues": known-issues.md
+  - "Deprecation notices": deprecations.md
  - "Development": develop.md
  - "Privacy policy": privacy.md

--- a/scripts/postinst.sh
+++ b/scripts/postinst.sh
@@ -7,8 +7,9 @@ set -e
 if [ "$1" = "configure" ] || [ "$1" -ge 1 ]; then
  if [ -d /run/systemd/system ]; then
    # Create ntfy user/group
-    id ntfy >/dev/null 2>&1 || useradd --system --no-create-home ntfy
-    chown ntfy.ntfy /var/cache/ntfy /var/cache/ntfy/attachments /var/lib/ntfy
+    groupadd -f ntfy
+    id ntfy >/dev/null 2>&1 || useradd --system --no-create-home -g ntfy ntfy
+    chown ntfy:ntfy /var/cache/ntfy /var/cache/ntfy/attachments /var/lib/ntfy
    chmod 700 /var/cache/ntfy /var/cache/ntfy/attachments /var/lib/ntfy

    # Hack to change permissions on cache file
@@ -16,7 +17,7 @@ if [ "$1" = "configure" ] || [ "$1" -ge 1 ]; then
    if [ -f "$configfile" ]; then
      cachefile="$(cat "$configfile" | perl -n -e'/^\s*cache-file: ["'"'"']?([^"'"'"']+)["'"'"']?/ && print $1')" # Oh my, see #47
      if [ -n "$cachefile" ]; then
-        chown ntfy.ntfy "$cachefile" || true
+        chown ntfy:ntfy "$cachefile" || true
        chmod 600 "$cachefile" || true
      fi
    fi
--- a/server/actions.go
+++ b/server/actions.go
@@ -60,13 +60,13 @@ func parseActions(s string) (actions []*action, err error) {
 		return nil, fmt.Errorf("only %d actions allowed", actionsMax)
 	}
 	for _, action := range actions {
-		if !util.InStringList(actionsAll, action.Action) {
+		if !util.Contains(actionsAll, action.Action) {
 			return nil, fmt.Errorf("parameter 'action' cannot be '%s', valid values are 'view', 'broadcast' and 'http'", action.Action)
 		} else if action.Label == "" {
 			return nil, fmt.Errorf("parameter 'label' is required")
-		} else if util.InStringList(actionsWithURL, action.Action) && action.URL == "" {
+		} else if util.Contains(actionsWithURL, action.Action) && action.URL == "" {
 			return nil, fmt.Errorf("parameter 'url' is required for action '%s'", action.Action)
-		} else if action.Action == actionHTTP && util.InStringList([]string{"GET", "HEAD"}, action.Method) && action.Body != "" {
+		} else if action.Action == actionHTTP && util.Contains([]string{"GET", "HEAD"}, action.Method) && action.Body != "" {
 			return nil, fmt.Errorf("parameter 'body' cannot be set if method is %s", action.Method)
 		}
 	}
@@ -87,7 +87,8 @@ func parseActionsFromJSON(s string) ([]*action, error) {
 // https://ntfy.sh/docs/publish/#action-buttons), into an array of actions.
 //
 // It can parse an actions string like this:
-//    view, "Look ma, commas and \"quotes\" too", url=https://..; action=broadcast, ...
+//
+//	view, "Look ma, commas and \"quotes\" too", url=https://..; action=broadcast, ...
 //
 // It works by advancing the position ("pos") through the input string ("input").
 //
@@ -96,10 +97,11 @@ func parseActionsFromJSON(s string) ([]*action, error) {
 // though it does not use state functions at all.
 //
 // Other resources:
-//   https://adampresley.github.io/2015/04/12/writing-a-lexer-and-parser-in-go-part-1.html
-//   https://github.com/adampresley/sample-ini-parser/blob/master/services/lexer/lexer/Lexer.go
-//   https://github.com/benbjohnson/sql-parser/blob/master/scanner.go
-//   https://blog.gopheracademy.com/advent-2014/parsers-lexers/
+//
+//	https://adampresley.github.io/2015/04/12/writing-a-lexer-and-parser-in-go-part-1.html
+//	https://github.com/adampresley/sample-ini-parser/blob/master/services/lexer/lexer/Lexer.go
+//	https://github.com/benbjohnson/sql-parser/blob/master/scanner.go
+//	https://blog.gopheracademy.com/advent-2014/parsers-lexers/
 func parseActionsFromSimple(s string) ([]*action, error) {
 	if !utf8.ValidString(s) {
 		return nil, errors.New("invalid utf-8 string")
@@ -154,7 +156,7 @@ func populateAction(newAction *action, section int, key, value string) error {
 		key = "action"
 	} else if key == "" && section == 1 {
 		key = "label"
-	} else if key == "" && section == 2 && util.InStringList(actionsWithURL, newAction.Action) {
+	} else if key == "" && section == 2 && util.Contains(actionsWithURL, newAction.Action) {
 		key = "url"
 	}

@@ -176,7 +178,7 @@ func populateAction(newAction *action, section int, key, value string) error {
 			newAction.Label = value
 		case "clear":
 			lvalue := strings.ToLower(value)
-			if !util.InStringList([]string{"true", "yes", "1", "false", "no", "0"}, lvalue) {
+			if !util.Contains([]string{"true", "yes", "1", "false", "no", "0"}, lvalue) {
 				return fmt.Errorf("parameter 'clear' cannot be '%s', only boolean values are allowed (true/yes/1/false/no/0)", value)
 			}
 			newAction.Clear = lvalue == "true" || lvalue == "yes" || lvalue == "1"
--- a/server/config.go
+++ b/server/config.go
@@ -1,6 +1,9 @@
 package server

 import (
+	"heckel.io/ntfy/user"
+	"io/fs"
+	"net/netip"
 	"time"
 )

@@ -16,6 +19,7 @@ const (
 	DefaultFirebaseKeepaliveInterval            = 3 * time.Hour    // ~control topic (Android), not too frequently to save battery
 	DefaultFirebasePollInterval                 = 20 * time.Minute // ~poll topic (iOS), max. 2-3 times per hour (see docs)
 	DefaultFirebaseQuotaExceededPenaltyDuration = 10 * time.Minute // Time that over-users are locked out of Firebase if it returns "quota exceeded"
+	DefaultStripePriceCacheDuration             = time.Hour        // Time to keep Stripe prices cached in memory before a refresh is needed
 )

 // Defines all global and per-visitor limits
@@ -42,25 +46,35 @@ const (
 	DefaultVisitorRequestLimitReplenish         = 5 * time.Second
 	DefaultVisitorEmailLimitBurst               = 16
 	DefaultVisitorEmailLimitReplenish           = time.Hour
+	DefaultVisitorAccountCreateLimitBurst       = 3
+	DefaultVisitorAccountCreateLimitReplenish   = 24 * time.Hour
 	DefaultVisitorAttachmentTotalSizeLimit      = 100 * 1024 * 1024 // 100 MB
 	DefaultVisitorAttachmentDailyBandwidthLimit = 500 * 1024 * 1024 // 500 MB
 )

+var (
+	// DefaultVisitorStatsResetTime defines the time at which visitor stats are reset (wall clock only)
+	DefaultVisitorStatsResetTime = time.Date(0, 0, 0, 0, 0, 0, 0, time.UTC)
+)
+
 // Config is the main config struct for the application. Use New to instantiate a default config struct.
 type Config struct {
 	BaseURL                              string
 	ListenHTTP                           string
 	ListenHTTPS                          string
 	ListenUnix                           string
+	ListenUnixMode                       fs.FileMode
 	KeyFile                              string
 	CertFile                             string
 	FirebaseKeyFile                      string
 	CacheFile                            string
 	CacheDuration                        time.Duration
 	CacheStartupQueries                  string
+	CacheBatchSize                       int
+	CacheBatchTimeout                    time.Duration
 	AuthFile                             string
-	AuthDefaultRead                      bool
-	AuthDefaultWrite                     bool
+	AuthStartupQueries                   string
+	AuthDefault                          user.Permission
 	AttachmentCacheDir                   string
 	AttachmentTotalSizeLimit             int64
 	AttachmentFileSizeLimit              int64
@@ -90,11 +104,21 @@ type Config struct {
 	VisitorAttachmentDailyBandwidthLimit int
 	VisitorRequestLimitBurst             int
 	VisitorRequestLimitReplenish         time.Duration
-	VisitorRequestExemptIPAddrs          []string
+	VisitorRequestExemptIPAddrs          []netip.Prefix
 	VisitorEmailLimitBurst               int
 	VisitorEmailLimitReplenish           time.Duration
+	VisitorAccountCreateLimitBurst       int
+	VisitorAccountCreateLimitReplenish   time.Duration
+	VisitorStatsResetTime                time.Time // Time of the day at which to reset visitor stats
 	BehindProxy                          bool
+	StripeSecretKey                      string
+	StripeWebhookKey                     string
+	StripePriceCacheDuration             time.Duration
 	EnableWeb                            bool
+	EnableSignup                         bool // Enable creation of accounts via API and UI
+	EnableLogin                          bool
+	EnableReservations                   bool   // Allow users with role "user" to own/reserve topics
+	AccessControlAllowOrigin             string // CORS header field to restrict access from web clients
 	Version                              string // injected by App
 }

@@ -105,38 +129,62 @@ func NewConfig() *Config {
 		ListenHTTP:                           DefaultListenHTTP,
 		ListenHTTPS:                          "",
 		ListenUnix:                           "",
+		ListenUnixMode:                       0,
 		KeyFile:                              "",
 		CertFile:                             "",
 		FirebaseKeyFile:                      "",
 		CacheFile:                            "",
 		CacheDuration:                        DefaultCacheDuration,
+		CacheStartupQueries:                  "",
+		CacheBatchSize:                       0,
+		CacheBatchTimeout:                    0,
 		AuthFile:                             "",
-		AuthDefaultRead:                      true,
-		AuthDefaultWrite:                     true,
+		AuthStartupQueries:                   "",
+		AuthDefault:                          user.NewPermission(true, true),
 		AttachmentCacheDir:                   "",
 		AttachmentTotalSizeLimit:             DefaultAttachmentTotalSizeLimit,
 		AttachmentFileSizeLimit:              DefaultAttachmentFileSizeLimit,
 		AttachmentExpiryDuration:             DefaultAttachmentExpiryDuration,
 		KeepaliveInterval:                    DefaultKeepaliveInterval,
 		ManagerInterval:                      DefaultManagerInterval,
-		MessageLimit:                         DefaultMessageLengthLimit,
-		MinDelay:                             DefaultMinDelay,
-		MaxDelay:                             DefaultMaxDelay,
+		WebRootIsApp:                         false,
 		DelayedSenderInterval:                DefaultDelayedSenderInterval,
 		FirebaseKeepaliveInterval:            DefaultFirebaseKeepaliveInterval,
 		FirebasePollInterval:                 DefaultFirebasePollInterval,
 		FirebaseQuotaExceededPenaltyDuration: DefaultFirebaseQuotaExceededPenaltyDuration,
+		UpstreamBaseURL:                      "",
+		SMTPSenderAddr:                       "",
+		SMTPSenderUser:                       "",
+		SMTPSenderPass:                       "",
+		SMTPSenderFrom:                       "",
+		SMTPServerListen:                     "",
+		SMTPServerDomain:                     "",
+		SMTPServerAddrPrefix:                 "",
+		MessageLimit:                         DefaultMessageLengthLimit,
+		MinDelay:                             DefaultMinDelay,
+		MaxDelay:                             DefaultMaxDelay,
 		TotalTopicLimit:                      DefaultTotalTopicLimit,
+		TotalAttachmentSizeLimit:             0,
 		VisitorSubscriptionLimit:             DefaultVisitorSubscriptionLimit,
 		VisitorAttachmentTotalSizeLimit:      DefaultVisitorAttachmentTotalSizeLimit,
 		VisitorAttachmentDailyBandwidthLimit: DefaultVisitorAttachmentDailyBandwidthLimit,
 		VisitorRequestLimitBurst:             DefaultVisitorRequestLimitBurst,
 		VisitorRequestLimitReplenish:         DefaultVisitorRequestLimitReplenish,
-		VisitorRequestExemptIPAddrs:          make([]string, 0),
+		VisitorRequestExemptIPAddrs:          make([]netip.Prefix, 0),
 		VisitorEmailLimitBurst:               DefaultVisitorEmailLimitBurst,
 		VisitorEmailLimitReplenish:           DefaultVisitorEmailLimitReplenish,
+		VisitorAccountCreateLimitBurst:       DefaultVisitorAccountCreateLimitBurst,
+		VisitorAccountCreateLimitReplenish:   DefaultVisitorAccountCreateLimitReplenish,
+		VisitorStatsResetTime:                DefaultVisitorStatsResetTime,
 		BehindProxy:                          false,
+		StripeSecretKey:                      "",
+		StripeWebhookKey:                     "",
+		StripePriceCacheDuration:             DefaultStripePriceCacheDuration,
 		EnableWeb:                            true,
+		EnableSignup:                         false,
+		EnableLogin:                          false,
+		EnableReservations:                   false,
+		AccessControlAllowOrigin:             "*",
 		Version:                              "",
 	}
 }
--- a/server/errors.go
+++ b/server/errors.go
@@ -23,7 +23,7 @@ func (e errHTTP) JSON() string {
 	return string(b)
 }

-func wrapErrHTTP(err *errHTTP, message string, args ...interface{}) *errHTTP {
+func wrapErrHTTP(err *errHTTP, message string, args ...any) *errHTTP {
 	return &errHTTP{
 		Code:     err.Code,
 		HTTPCode: err.HTTPCode,
@@ -41,28 +41,43 @@ var (
 	errHTTPBadRequestDelayTooLarge                   = &errHTTP{40006, http.StatusBadRequest, "invalid delay parameter: too large, please refer to the docs", "https://ntfy.sh/docs/publish/#scheduled-delivery"}
 	errHTTPBadRequestPriorityInvalid                 = &errHTTP{40007, http.StatusBadRequest, "invalid priority parameter", "https://ntfy.sh/docs/publish/#message-priority"}
 	errHTTPBadRequestSinceInvalid                    = &errHTTP{40008, http.StatusBadRequest, "invalid since parameter", "https://ntfy.sh/docs/subscribe/api/#fetch-cached-messages"}
-	errHTTPBadRequestTopicInvalid                    = &errHTTP{40009, http.StatusBadRequest, "invalid topic: path invalid", ""}
-	errHTTPBadRequestTopicDisallowed                 = &errHTTP{40010, http.StatusBadRequest, "invalid topic: topic name is disallowed", ""}
+	errHTTPBadRequestTopicInvalid                    = &errHTTP{40009, http.StatusBadRequest, "invalid request: topic invalid", ""}
+	errHTTPBadRequestTopicDisallowed                 = &errHTTP{40010, http.StatusBadRequest, "invalid request: topic name is disallowed", ""}
 	errHTTPBadRequestMessageNotUTF8                  = &errHTTP{40011, http.StatusBadRequest, "invalid message: message must be UTF-8 encoded", ""}
 	errHTTPBadRequestAttachmentURLInvalid            = &errHTTP{40013, http.StatusBadRequest, "invalid request: attachment URL is invalid", "https://ntfy.sh/docs/publish/#attachments"}
 	errHTTPBadRequestAttachmentsDisallowed           = &errHTTP{40014, http.StatusBadRequest, "invalid request: attachments not allowed", "https://ntfy.sh/docs/config/#attachments"}
 	errHTTPBadRequestAttachmentsExpiryBeforeDelivery = &errHTTP{40015, http.StatusBadRequest, "invalid request: attachment expiry before delayed delivery date", "https://ntfy.sh/docs/publish/#scheduled-delivery"}
 	errHTTPBadRequestWebSocketsUpgradeHeaderMissing  = &errHTTP{40016, http.StatusBadRequest, "invalid request: client not using the websocket protocol", "https://ntfy.sh/docs/subscribe/api/#websockets"}
-	errHTTPBadRequestJSONInvalid                     = &errHTTP{40017, http.StatusBadRequest, "invalid request: request body must be message JSON", "https://ntfy.sh/docs/publish/#publish-as-json"}
+	errHTTPBadRequestMessageJSONInvalid              = &errHTTP{40017, http.StatusBadRequest, "invalid request: request body must be message JSON", "https://ntfy.sh/docs/publish/#publish-as-json"}
 	errHTTPBadRequestActionsInvalid                  = &errHTTP{40018, http.StatusBadRequest, "invalid request: actions invalid", "https://ntfy.sh/docs/publish/#action-buttons"}
 	errHTTPBadRequestMatrixMessageInvalid            = &errHTTP{40019, http.StatusBadRequest, "invalid request: Matrix JSON invalid", "https://ntfy.sh/docs/publish/#matrix-gateway"}
 	errHTTPBadRequestMatrixPushkeyBaseURLMismatch    = &errHTTP{40020, http.StatusBadRequest, "invalid request: push key must be prefixed with base URL", "https://ntfy.sh/docs/publish/#matrix-gateway"}
+	errHTTPBadRequestIconURLInvalid                  = &errHTTP{40021, http.StatusBadRequest, "invalid request: icon URL is invalid", "https://ntfy.sh/docs/publish/#icons"}
+	errHTTPBadRequestSignupNotEnabled                = &errHTTP{40022, http.StatusBadRequest, "invalid request: signup not enabled", "https://ntfy.sh/docs/config"}
+	errHTTPBadRequestNoTokenProvided                 = &errHTTP{40023, http.StatusBadRequest, "invalid request: no token provided", ""}
+	errHTTPBadRequestJSONInvalid                     = &errHTTP{40024, http.StatusBadRequest, "invalid request: request body must be valid JSON", ""}
+	errHTTPBadRequestPermissionInvalid               = &errHTTP{40025, http.StatusBadRequest, "invalid request: incorrect permission string", ""}
+	errHTTPBadRequestMakesNoSenseForAdmin            = &errHTTP{40026, http.StatusBadRequest, "invalid request: this makes no sense for admins", ""}
+	errHTTPBadRequestNotAPaidUser                    = &errHTTP{40027, http.StatusBadRequest, "invalid request: not a paid user", ""}
+	errHTTPBadRequestBillingRequestInvalid           = &errHTTP{40028, http.StatusBadRequest, "invalid request: not a valid billing request", ""}
+	errHTTPBadRequestBillingSubscriptionExists       = &errHTTP{40029, http.StatusBadRequest, "invalid request: billing subscription already exists", ""}
 	errHTTPNotFound                                  = &errHTTP{40401, http.StatusNotFound, "page not found", ""}
 	errHTTPUnauthorized                              = &errHTTP{40101, http.StatusUnauthorized, "unauthorized", "https://ntfy.sh/docs/publish/#authentication"}
 	errHTTPForbidden                                 = &errHTTP{40301, http.StatusForbidden, "forbidden", "https://ntfy.sh/docs/publish/#authentication"}
-	errHTTPEntityTooLargeAttachmentTooLarge          = &errHTTP{41301, http.StatusRequestEntityTooLarge, "attachment too large, or bandwidth limit reached", "https://ntfy.sh/docs/publish/#limitations"}
-	errHTTPEntityTooLargeMatrixRequestTooLarge       = &errHTTP{41302, http.StatusRequestEntityTooLarge, "Matrix request is larger than the max allowed length", ""}
+	errHTTPConflictUserExists                        = &errHTTP{40901, http.StatusConflict, "conflict: user already exists", ""}
+	errHTTPConflictTopicReserved                     = &errHTTP{40902, http.StatusConflict, "conflict: access control entry for topic or topic pattern already exists", ""}
+	errHTTPEntityTooLargeAttachment                  = &errHTTP{41301, http.StatusRequestEntityTooLarge, "attachment too large, or bandwidth limit reached", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPEntityTooLargeMatrixRequest               = &errHTTP{41302, http.StatusRequestEntityTooLarge, "Matrix request is larger than the max allowed length", ""}
+	errHTTPEntityTooLargeJSONBody                    = &errHTTP{41303, http.StatusRequestEntityTooLarge, "JSON body too large", ""}
 	errHTTPTooManyRequestsLimitRequests              = &errHTTP{42901, http.StatusTooManyRequests, "limit reached: too many requests, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
 	errHTTPTooManyRequestsLimitEmails                = &errHTTP{42902, http.StatusTooManyRequests, "limit reached: too many emails, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
 	errHTTPTooManyRequestsLimitSubscriptions         = &errHTTP{42903, http.StatusTooManyRequests, "limit reached: too many active subscriptions, please be nice", "https://ntfy.sh/docs/publish/#limitations"}
 	errHTTPTooManyRequestsLimitTotalTopics           = &errHTTP{42904, http.StatusTooManyRequests, "limit reached: the total number of topics on the server has been reached, please contact the admin", "https://ntfy.sh/docs/publish/#limitations"}
-	errHTTPTooManyRequestsAttachmentBandwidthLimit   = &errHTTP{42905, http.StatusTooManyRequests, "too many requests: daily bandwidth limit reached", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPTooManyRequestsLimitAttachmentBandwidth   = &errHTTP{42905, http.StatusTooManyRequests, "limit reached: daily bandwidth", "https://ntfy.sh/docs/publish/#limitations"}
+	errHTTPTooManyRequestsLimitAccountCreation       = &errHTTP{42906, http.StatusTooManyRequests, "limit reached: too many accounts created", "https://ntfy.sh/docs/publish/#limitations"} // FIXME document limit
+	errHTTPTooManyRequestsLimitReservations          = &errHTTP{42907, http.StatusTooManyRequests, "limit reached: too many topic reservations for this user", ""}
+	errHTTPTooManyRequestsLimitMessages              = &errHTTP{42908, http.StatusTooManyRequests, "limit reached: too many messages", "https://ntfy.sh/docs/publish/#limitations"}
 	errHTTPInternalError                             = &errHTTP{50001, http.StatusInternalServerError, "internal server error", ""}
-	errHTTPInternalErrorInvalidFilePath              = &errHTTP{50002, http.StatusInternalServerError, "internal server error: invalid file path", ""}
+	errHTTPInternalErrorInvalidPath                  = &errHTTP{50002, http.StatusInternalServerError, "internal server error: invalid path", ""}
 	errHTTPInternalErrorMissingBaseURL               = &errHTTP{50003, http.StatusInternalServerError, "internal server error: base-url must be be configured for this feature", "https://ntfy.sh/docs/config/"}
 )
--- a/server/file_cache.go
+++ b/server/file_cache.go
@@ -2,6 +2,8 @@ package server

 import (
 	"errors"
+	"fmt"
+	"heckel.io/ntfy/log"
 	"heckel.io/ntfy/util"
 	"io"
 	"os"
@@ -11,7 +13,7 @@ import (
 )

 var (
-	fileIDRegex      = regexp.MustCompile(`^[-_A-Za-z0-9]+$`)
+	fileIDRegex      = regexp.MustCompile(fmt.Sprintf(`^[-_A-Za-z0-9]{%d}$`, messageIDLength))
 	errInvalidFileID = errors.New("invalid file ID")
 	errFileExists    = errors.New("file exists")
 )
@@ -20,11 +22,10 @@ type fileCache struct {
 	dir              string
 	totalSizeCurrent int64
 	totalSizeLimit   int64
-	fileSizeLimit    int64
 	mu               sync.Mutex
 }

-func newFileCache(dir string, totalSizeLimit int64, fileSizeLimit int64) (*fileCache, error) {
+func newFileCache(dir string, totalSizeLimit int64) (*fileCache, error) {
 	if err := os.MkdirAll(dir, 0700); err != nil {
 		return nil, err
 	}
@@ -36,7 +37,6 @@ func newFileCache(dir string, totalSizeLimit int64, fileSizeLimit int64) (*fileC
 		dir:              dir,
 		totalSizeCurrent: size,
 		totalSizeLimit:   totalSizeLimit,
-		fileSizeLimit:    fileSizeLimit,
 	}, nil
 }

@@ -53,7 +53,7 @@ func (c *fileCache) Write(id string, in io.Reader, limiters ...util.Limiter) (in
 		return 0, err
 	}
 	defer f.Close()
-	limiters = append(limiters, util.NewFixedLimiter(c.Remaining()), util.NewFixedLimiter(c.fileSizeLimit))
+	limiters = append(limiters, util.NewFixedLimiter(c.Remaining()))
 	limitWriter := util.NewLimitWriter(f, limiters...)
 	size, err := io.Copy(limitWriter, in)
 	if err != nil {
@@ -75,8 +75,11 @@ func (c *fileCache) Remove(ids ...string) error {
 		if !fileIDRegex.MatchString(id) {
 			return errInvalidFileID
 		}
+		log.Debug("File Cache: Deleting attachment %s", id)
 		file := filepath.Join(c.dir, id)
-		_ = os.Remove(file) // Best effort delete
+		if err := os.Remove(file); err != nil {
+			log.Debug("File Cache: Error deleting attachment %s: %s", id, err.Error())
+		}
 	}
 	size, err := dirSize(c.dir)
 	if err != nil {
--- a/server/file_cache_test.go
+++ b/server/file_cache_test.go
@@ -16,10 +16,10 @@ var (

 func TestFileCache_Write_Success(t *testing.T) {
 	dir, c := newTestFileCache(t)
-	size, err := c.Write("abc", strings.NewReader("normal file"), util.NewFixedLimiter(999))
+	size, err := c.Write("abcdefghijkl", strings.NewReader("normal file"), util.NewFixedLimiter(999))
 	require.Nil(t, err)
 	require.Equal(t, int64(11), size)
-	require.Equal(t, "normal file", readFile(t, dir+"/abc"))
+	require.Equal(t, "normal file", readFile(t, dir+"/abcdefghijkl"))
 	require.Equal(t, int64(11), c.Size())
 	require.Equal(t, int64(10229), c.Remaining())
 }
@@ -27,18 +27,18 @@ func TestFileCache_Write_Success(t *testing.T) {
 func TestFileCache_Write_Remove_Success(t *testing.T) {
 	dir, c := newTestFileCache(t) // max = 10k (10240), each = 1k (1024)
 	for i := 0; i < 10; i++ {     // 10x999 = 9990
-		size, err := c.Write(fmt.Sprintf("abc%d", i), bytes.NewReader(make([]byte, 999)))
+		size, err := c.Write(fmt.Sprintf("abcdefghijk%d", i), bytes.NewReader(make([]byte, 999)))
 		require.Nil(t, err)
 		require.Equal(t, int64(999), size)
 	}
 	require.Equal(t, int64(9990), c.Size())
 	require.Equal(t, int64(250), c.Remaining())
-	require.FileExists(t, dir+"/abc1")
-	require.FileExists(t, dir+"/abc5")
+	require.FileExists(t, dir+"/abcdefghijk1")
+	require.FileExists(t, dir+"/abcdefghijk5")

-	require.Nil(t, c.Remove("abc1", "abc5"))
-	require.NoFileExists(t, dir+"/abc1")
-	require.NoFileExists(t, dir+"/abc5")
+	require.Nil(t, c.Remove("abcdefghijk1", "abcdefghijk5"))
+	require.NoFileExists(t, dir+"/abcdefghijk1")
+	require.NoFileExists(t, dir+"/abcdefghijk5")
 	require.Equal(t, int64(7992), c.Size())
 	require.Equal(t, int64(2248), c.Remaining())
 }
@@ -46,32 +46,25 @@ func TestFileCache_Write_Remove_Success(t *testing.T) {
 func TestFileCache_Write_FailedTotalSizeLimit(t *testing.T) {
 	dir, c := newTestFileCache(t)
 	for i := 0; i < 10; i++ {
-		size, err := c.Write(fmt.Sprintf("abc%d", i), bytes.NewReader(oneKilobyteArray))
+		size, err := c.Write(fmt.Sprintf("abcdefghijk%d", i), bytes.NewReader(oneKilobyteArray))
 		require.Nil(t, err)
 		require.Equal(t, int64(1024), size)
 	}
-	_, err := c.Write("abc11", bytes.NewReader(oneKilobyteArray))
+	_, err := c.Write("abcdefghijkX", bytes.NewReader(oneKilobyteArray))
 	require.Equal(t, util.ErrLimitReached, err)
-	require.NoFileExists(t, dir+"/abc11")
-}
-
-func TestFileCache_Write_FailedFileSizeLimit(t *testing.T) {
-	dir, c := newTestFileCache(t)
-	_, err := c.Write("abc", bytes.NewReader(make([]byte, 1025)))
-	require.Equal(t, util.ErrLimitReached, err)
-	require.NoFileExists(t, dir+"/abc")
+	require.NoFileExists(t, dir+"/abcdefghijkX")
 }

 func TestFileCache_Write_FailedAdditionalLimiter(t *testing.T) {
 	dir, c := newTestFileCache(t)
-	_, err := c.Write("abc", bytes.NewReader(make([]byte, 1001)), util.NewFixedLimiter(1000))
+	_, err := c.Write("abcdefghijkl", bytes.NewReader(make([]byte, 1001)), util.NewFixedLimiter(1000))
 	require.Equal(t, util.ErrLimitReached, err)
-	require.NoFileExists(t, dir+"/abc")
+	require.NoFileExists(t, dir+"/abcdefghijkl")
 }

 func newTestFileCache(t *testing.T) (dir string, cache *fileCache) {
 	dir = t.TempDir()
-	cache, err := newFileCache(dir, 10*1024, 1*1024)
+	cache, err := newFileCache(dir, 10*1024)
 	require.Nil(t, err)
 	return dir, cache
 }
--- a/server/message_cache.go
+++ b/server/message_cache.go
@@ -5,11 +5,13 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/netip"
+	"strings"
+	"time"
+
 	_ "github.com/mattn/go-sqlite3" // SQLite driver
 	"heckel.io/ntfy/log"
 	"heckel.io/ntfy/util"
-	"strings"
-	"time"
 )

 var (
@@ -24,73 +26,85 @@ const (
 			id INTEGER PRIMARY KEY AUTOINCREMENT,
 			mid TEXT NOT NULL,
 			time INT NOT NULL,
+			expires INT NOT NULL,
 			topic TEXT NOT NULL,
 			message TEXT NOT NULL,
 			title TEXT NOT NULL,
 			priority INT NOT NULL,
 			tags TEXT NOT NULL,
 			click TEXT NOT NULL,
+			icon TEXT NOT NULL,			
 			actions TEXT NOT NULL,
 			attachment_name TEXT NOT NULL,
 			attachment_type TEXT NOT NULL,
 			attachment_size INT NOT NULL,
 			attachment_expires INT NOT NULL,
 			attachment_url TEXT NOT NULL,
+			attachment_deleted INT NOT NULL,
 			sender TEXT NOT NULL,
+			user TEXT NOT NULL,
 			encoding TEXT NOT NULL,
 			published INT NOT NULL
 		);
 		CREATE INDEX IF NOT EXISTS idx_mid ON messages (mid);
+		CREATE INDEX IF NOT EXISTS idx_time ON messages (time);
 		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
+		CREATE INDEX IF NOT EXISTS idx_expires ON messages (expires);
+		CREATE INDEX IF NOT EXISTS idx_attachment_expires ON messages (attachment_expires);
 		COMMIT;
 	`
 	insertMessageQuery = `
-		INSERT INTO messages (mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, encoding, published) 
-		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+		INSERT INTO messages (mid, time, expires, topic, message, title, priority, tags, click, icon, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, attachment_deleted, sender, user, encoding, published)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
 	`
-	pruneMessagesQuery           = `DELETE FROM messages WHERE time < ? AND published = 1`
-	selectRowIDFromMessageID     = `SELECT id FROM messages WHERE mid = ?` // Do not include topic, see #336 and TestServer_PollSinceID_MultipleTopics
-	selectMessagesSinceTimeQuery = `
-		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, encoding
+	deleteMessageQuery                = `DELETE FROM messages WHERE mid = ?`
+	updateMessagesForTopicExpiryQuery = `UPDATE messages SET expires = ? WHERE topic = ?`
+	selectRowIDFromMessageID          = `SELECT id FROM messages WHERE mid = ?` // Do not include topic, see #336 and TestServer_PollSinceID_MultipleTopics
+	selectMessagesSinceTimeQuery      = `
+		SELECT mid, time, expires, topic, message, title, priority, tags, click, icon, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, user, encoding
 		FROM messages 
 		WHERE topic = ? AND time >= ? AND published = 1
 		ORDER BY time, id
 	`
 	selectMessagesSinceTimeIncludeScheduledQuery = `
-		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, encoding
+		SELECT mid, time, expires, topic, message, title, priority, tags, click, icon, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, user, encoding
 		FROM messages 
 		WHERE topic = ? AND time >= ?
 		ORDER BY time, id
 	`
 	selectMessagesSinceIDQuery = `
-		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, encoding
+		SELECT mid, time, expires, topic, message, title, priority, tags, click, icon, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, user, encoding
 		FROM messages 
 		WHERE topic = ? AND id > ? AND published = 1 
 		ORDER BY time, id
 	`
 	selectMessagesSinceIDIncludeScheduledQuery = `
-		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, encoding
+		SELECT mid, time, expires, topic, message, title, priority, tags, click, icon, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, user, encoding
 		FROM messages 
 		WHERE topic = ? AND (id > ? OR published = 0)
 		ORDER BY time, id
 	`
 	selectMessagesDueQuery = `
-		SELECT mid, time, topic, message, title, priority, tags, click, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, encoding
+		SELECT mid, time, expires, topic, message, title, priority, tags, click, icon, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, user, encoding
 		FROM messages 
 		WHERE time <= ? AND published = 0
 		ORDER BY time, id
 	`
+	selectMessagesExpiredQuery      = `SELECT mid FROM messages WHERE expires <= ? AND published = 1`
 	updateMessagePublishedQuery     = `UPDATE messages SET published = 1 WHERE mid = ?`
 	selectMessagesCountQuery        = `SELECT COUNT(*) FROM messages`
 	selectMessageCountPerTopicQuery = `SELECT topic, COUNT(*) FROM messages GROUP BY topic`
 	selectTopicsQuery               = `SELECT topic FROM messages GROUP BY topic`
-	selectAttachmentsSizeQuery      = `SELECT IFNULL(SUM(attachment_size), 0) FROM messages WHERE sender = ? AND attachment_expires >= ?`
-	selectAttachmentsExpiredQuery   = `SELECT mid FROM messages WHERE attachment_expires > 0 AND attachment_expires < ?`
+
+	updateAttachmentDeleted            = `UPDATE messages SET attachment_deleted = 1 WHERE mid = ?`
+	selectAttachmentsExpiredQuery      = `SELECT mid FROM messages WHERE attachment_expires > 0 AND attachment_expires <= ? AND attachment_deleted = 0`
+	selectAttachmentsSizeBySenderQuery = `SELECT IFNULL(SUM(attachment_size), 0) FROM messages WHERE sender = ? AND attachment_expires >= ?`
+	selectAttachmentsSizeByUserQuery   = `SELECT IFNULL(SUM(attachment_size), 0) FROM messages WHERE user = ? AND attachment_expires >= ?`
 )

 // Schema management queries
 const (
-	currentSchemaVersion          = 7
+	currentSchemaVersion          = 10
 	createSchemaVersionTableQuery = `
 		CREATE TABLE IF NOT EXISTS schemaVersion (
 			id INT PRIMARY KEY,
@@ -178,37 +192,80 @@ const (
 	migrate6To7AlterMessagesTableQuery = `
 		ALTER TABLE messages RENAME COLUMN attachment_owner TO sender;
 	`
+
+	// 7 -> 8
+	migrate7To8AlterMessagesTableQuery = `
+		ALTER TABLE messages ADD COLUMN icon TEXT NOT NULL DEFAULT('');
+	`
+
+	// 8 -> 9
+	migrate8To9AlterMessagesTableQuery = `
+		CREATE INDEX IF NOT EXISTS idx_time ON messages (time);	
+	`
+
+	// 9 -> 10
+	migrate9To10AlterMessagesTableQuery = `
+		ALTER TABLE messages ADD COLUMN user TEXT NOT NULL DEFAULT('');
+		ALTER TABLE messages ADD COLUMN attachment_deleted INT NOT NULL DEFAULT('0');
+		ALTER TABLE messages ADD COLUMN expires INT NOT NULL DEFAULT('0');
+		CREATE INDEX IF NOT EXISTS idx_expires ON messages (expires);
+		CREATE INDEX IF NOT EXISTS idx_attachment_expires ON messages (attachment_expires);
+	`
+	migrate9To10UpdateMessageExpiryQuery = `UPDATE messages SET expires = time + ?`
+)
+
+var (
+	migrations = map[int]func(db *sql.DB, cacheDuration time.Duration) error{
+		0: migrateFrom0,
+		1: migrateFrom1,
+		2: migrateFrom2,
+		3: migrateFrom3,
+		4: migrateFrom4,
+		5: migrateFrom5,
+		6: migrateFrom6,
+		7: migrateFrom7,
+		8: migrateFrom8,
+		9: migrateFrom9,
+	}
 )

 type messageCache struct {
-	db  *sql.DB
-	nop bool
+	db    *sql.DB
+	queue *util.BatchingQueue[*message]
+	nop   bool
 }

 // newSqliteCache creates a SQLite file-backed cache
-func newSqliteCache(filename, startupQueries string, nop bool) (*messageCache, error) {
+func newSqliteCache(filename, startupQueries string, cacheDuration time.Duration, batchSize int, batchTimeout time.Duration, nop bool) (*messageCache, error) {
 	db, err := sql.Open("sqlite3", filename)
 	if err != nil {
 		return nil, err
 	}
-	if err := setupCacheDB(db, startupQueries); err != nil {
+	if err := setupDB(db, startupQueries, cacheDuration); err != nil {
 		return nil, err
 	}
-	return &messageCache{
-		db:  db,
-		nop: nop,
-	}, nil
+	var queue *util.BatchingQueue[*message]
+	if batchSize > 0 || batchTimeout > 0 {
+		queue = util.NewBatchingQueue[*message](batchSize, batchTimeout)
+	}
+	cache := &messageCache{
+		db:    db,
+		queue: queue,
+		nop:   nop,
+	}
+	go cache.processMessageBatches()
+	return cache, nil
 }

 // newMemCache creates an in-memory cache
 func newMemCache() (*messageCache, error) {
-	return newSqliteCache(createMemoryFilename(), "", false)
+	return newSqliteCache(createMemoryFilename(), "", 0, 0, 0, false)
 }

 // newNopCache creates an in-memory cache that discards all messages;
 // it is always empty and can be used if caching is entirely disabled
 func newNopCache() (*messageCache, error) {
-	return newSqliteCache(createMemoryFilename(), "", true)
+	return newSqliteCache(createMemoryFilename(), "", 0, 0, 0, true)
 }

 // createMemoryFilename creates a unique memory filename to use for the SQLite backend.
@@ -221,19 +278,36 @@ func createMemoryFilename() string {
 	return fmt.Sprintf("file:%s?mode=memory&cache=shared", util.RandomString(10))
 }

+// AddMessage stores a message to the message cache synchronously, or queues it to be stored at a later date asyncronously.
+// The message is queued only if "batchSize" or "batchTimeout" are passed to the constructor.
 func (c *messageCache) AddMessage(m *message) error {
+	if c.queue != nil {
+		c.queue.Enqueue(m)
+		return nil
+	}
 	return c.addMessages([]*message{m})
 }

+// addMessages synchronously stores a match of messages. If the database is locked, the transaction waits until
+// SQLite's busy_timeout is exceeded before erroring out.
 func (c *messageCache) addMessages(ms []*message) error {
 	if c.nop {
 		return nil
 	}
+	if len(ms) == 0 {
+		return nil
+	}
+	start := time.Now()
 	tx, err := c.db.Begin()
 	if err != nil {
 		return err
 	}
 	defer tx.Rollback()
+	stmt, err := tx.Prepare(insertMessageQuery)
+	if err != nil {
+		return err
+	}
+	defer stmt.Close()
 	for _, m := range ms {
 		if m.Event != messageEvent {
 			return errUnexpectedMessageType
@@ -241,7 +315,7 @@ func (c *messageCache) addMessages(ms []*message) error {
 		published := m.Time <= time.Now().Unix()
 		tags := strings.Join(m.Tags, ",")
 		var attachmentName, attachmentType, attachmentURL string
-		var attachmentSize, attachmentExpires int64
+		var attachmentSize, attachmentExpires, attachmentDeleted int64
 		if m.Attachment != nil {
 			attachmentName = m.Attachment.Name
 			attachmentType = m.Attachment.Type
@@ -257,23 +331,30 @@ func (c *messageCache) addMessages(ms []*message) error {
 			}
 			actionsStr = string(actionsBytes)
 		}
-		_, err := tx.Exec(
-			insertMessageQuery,
+		var sender string
+		if m.Sender.IsValid() {
+			sender = m.Sender.String()
+		}
+		_, err := stmt.Exec(
 			m.ID,
 			m.Time,
+			m.Expires,
 			m.Topic,
 			m.Message,
 			m.Title,
 			m.Priority,
 			tags,
 			m.Click,
+			m.Icon,
 			actionsStr,
 			attachmentName,
 			attachmentType,
 			attachmentSize,
 			attachmentExpires,
 			attachmentURL,
-			m.Sender,
+			attachmentDeleted, // Always zero
+			sender,
+			m.User,
 			m.Encoding,
 			published,
 		)
@@ -281,7 +362,12 @@ func (c *messageCache) addMessages(ms []*message) error {
 			return err
 		}
 	}
-	return tx.Commit()
+	if err := tx.Commit(); err != nil {
+		log.Error("Message Cache: Writing %d message(s) failed (took %v)", len(ms), time.Since(start))
+		return err
+	}
+	log.Debug("Message Cache: Wrote %d message(s) in %v", len(ms), time.Since(start))
+	return nil
 }

 func (c *messageCache) Messages(topic string, since sinceMarker, scheduled bool) ([]*message, error) {
@@ -341,6 +427,27 @@ func (c *messageCache) MessagesDue() ([]*message, error) {
 	return readMessages(rows)
 }

+// MessagesExpired returns a list of IDs for messages that have expires (should be deleted)
+func (c *messageCache) MessagesExpired() ([]string, error) {
+	rows, err := c.db.Query(selectMessagesExpiredQuery, time.Now().Unix())
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	ids := make([]string, 0)
+	for rows.Next() {
+		var id string
+		if err := rows.Scan(&id); err != nil {
+			return nil, err
+		}
+		ids = append(ids, id)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return ids, nil
+}
+
 func (c *messageCache) MarkPublished(m *message) error {
 	_, err := c.db.Exec(updateMessagePublishedQuery, m.ID)
 	return err
@@ -386,27 +493,32 @@ func (c *messageCache) Topics() (map[string]*topic, error) {
 	return topics, nil
 }

-func (c *messageCache) Prune(olderThan time.Time) error {
-	_, err := c.db.Exec(pruneMessagesQuery, olderThan.Unix())
-	return err
+func (c *messageCache) DeleteMessages(ids ...string) error {
+	tx, err := c.db.Begin()
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback()
+	for _, id := range ids {
+		if _, err := tx.Exec(deleteMessageQuery, id); err != nil {
+			return err
+		}
+	}
+	return tx.Commit()
 }

-func (c *messageCache) AttachmentBytesUsed(sender string) (int64, error) {
-	rows, err := c.db.Query(selectAttachmentsSizeQuery, sender, time.Now().Unix())
+func (c *messageCache) ExpireMessages(topics ...string) error {
+	tx, err := c.db.Begin()
 	if err != nil {
-		return 0, err
+		return err
 	}
-	defer rows.Close()
-	var size int64
-	if !rows.Next() {
-		return 0, errors.New("no rows found")
+	defer tx.Rollback()
+	for _, t := range topics {
+		if _, err := tx.Exec(updateMessagesForTopicExpiryQuery, time.Now().Unix(), t); err != nil {
+			return err
+		}
 	}
-	if err := rows.Scan(&size); err != nil {
-		return 0, err
-	} else if err := rows.Err(); err != nil {
-		return 0, err
-	}
-	return size, nil
+	return tx.Commit()
 }

 func (c *messageCache) AttachmentsExpired() ([]string, error) {
@@ -429,22 +541,79 @@ func (c *messageCache) AttachmentsExpired() ([]string, error) {
 	return ids, nil
 }

+func (c *messageCache) MarkAttachmentsDeleted(ids ...string) error {
+	tx, err := c.db.Begin()
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback()
+	for _, id := range ids {
+		if _, err := tx.Exec(updateAttachmentDeleted, id); err != nil {
+			return err
+		}
+	}
+	return tx.Commit()
+}
+
+func (c *messageCache) AttachmentBytesUsedBySender(sender string) (int64, error) {
+	rows, err := c.db.Query(selectAttachmentsSizeBySenderQuery, sender, time.Now().Unix())
+	if err != nil {
+		return 0, err
+	}
+	return c.readAttachmentBytesUsed(rows)
+}
+
+func (c *messageCache) AttachmentBytesUsedByUser(user string) (int64, error) {
+	rows, err := c.db.Query(selectAttachmentsSizeByUserQuery, user, time.Now().Unix())
+	if err != nil {
+		return 0, err
+	}
+	return c.readAttachmentBytesUsed(rows)
+}
+
+func (c *messageCache) readAttachmentBytesUsed(rows *sql.Rows) (int64, error) {
+	defer rows.Close()
+	var size int64
+	if !rows.Next() {
+		return 0, errors.New("no rows found")
+	}
+	if err := rows.Scan(&size); err != nil {
+		return 0, err
+	} else if err := rows.Err(); err != nil {
+		return 0, err
+	}
+	return size, nil
+}
+
+func (c *messageCache) processMessageBatches() {
+	if c.queue == nil {
+		return
+	}
+	for messages := range c.queue.Dequeue() {
+		if err := c.addMessages(messages); err != nil {
+			log.Error("Message Cache: %s", err.Error())
+		}
+	}
+}
+
 func readMessages(rows *sql.Rows) ([]*message, error) {
 	defer rows.Close()
 	messages := make([]*message, 0)
 	for rows.Next() {
-		var timestamp, attachmentSize, attachmentExpires int64
+		var timestamp, expires, attachmentSize, attachmentExpires int64
 		var priority int
-		var id, topic, msg, title, tagsStr, click, actionsStr, attachmentName, attachmentType, attachmentURL, sender, encoding string
+		var id, topic, msg, title, tagsStr, click, icon, actionsStr, attachmentName, attachmentType, attachmentURL, sender, user, encoding string
 		err := rows.Scan(
 			&id,
 			&timestamp,
+			&expires,
 			&topic,
 			&msg,
 			&title,
 			&priority,
 			&tagsStr,
 			&click,
+			&icon,
 			&actionsStr,
 			&attachmentName,
 			&attachmentType,
@@ -452,6 +621,7 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 			&attachmentExpires,
 			&attachmentURL,
 			&sender,
+			&user,
 			&encoding,
 		)
 		if err != nil {
@@ -467,6 +637,10 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 				return nil, err
 			}
 		}
+		senderIP, err := netip.ParseAddr(sender)
+		if err != nil {
+			senderIP = netip.Addr{} // if no IP stored in database, return invalid address
+		}
 		var att *attachment
 		if attachmentName != "" && attachmentURL != "" {
 			att = &attachment{
@@ -480,6 +654,7 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 		messages = append(messages, &message{
 			ID:         id,
 			Time:       timestamp,
+			Expires:    expires,
 			Event:      messageEvent,
 			Topic:      topic,
 			Message:    msg,
@@ -487,9 +662,11 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 			Priority:   priority,
 			Tags:       tags,
 			Click:      click,
+			Icon:       icon,
 			Actions:    actions,
 			Attachment: att,
-			Sender:     sender,
+			Sender:     senderIP, // Must parse assuming database must be correct
+			User:       user,
 			Encoding:   encoding,
 		})
 	}
@@ -499,7 +676,7 @@ func readMessages(rows *sql.Rows) ([]*message, error) {
 	return messages, nil
 }

-func setupCacheDB(db *sql.DB, startupQueries string) error {
+func setupDB(db *sql.DB, startupQueries string, cacheDuration time.Duration) error {
 	// Run startup queries
 	if startupQueries != "" {
 		if _, err := db.Exec(startupQueries); err != nil {
@@ -531,22 +708,18 @@ func setupCacheDB(db *sql.DB, startupQueries string) error {
 	// Do migrations
 	if schemaVersion == currentSchemaVersion {
 		return nil
-	} else if schemaVersion == 0 {
-		return migrateFrom0(db)
-	} else if schemaVersion == 1 {
-		return migrateFrom1(db)
-	} else if schemaVersion == 2 {
-		return migrateFrom2(db)
-	} else if schemaVersion == 3 {
-		return migrateFrom3(db)
-	} else if schemaVersion == 4 {
-		return migrateFrom4(db)
-	} else if schemaVersion == 5 {
-		return migrateFrom5(db)
-	} else if schemaVersion == 6 {
-		return migrateFrom6(db)
+	} else if schemaVersion > currentSchemaVersion {
+		return fmt.Errorf("unexpected schema version: version %d is higher than current version %d", schemaVersion, currentSchemaVersion)
 	}
-	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
+	for i := schemaVersion; i < currentSchemaVersion; i++ {
+		fn, ok := migrations[i]
+		if !ok {
+			return fmt.Errorf("cannot find migration step from schema version %d to %d", i, i+1)
+		} else if err := fn(db, cacheDuration); err != nil {
+			return err
+		}
+	}
+	return nil
 }

 func setupNewCacheDB(db *sql.DB) error {
@@ -562,7 +735,7 @@ func setupNewCacheDB(db *sql.DB) error {
 	return nil
 }

-func migrateFrom0(db *sql.DB) error {
+func migrateFrom0(db *sql.DB, _ time.Duration) error {
 	log.Info("Migrating cache database schema: from 0 to 1")
 	if _, err := db.Exec(migrate0To1AlterMessagesTableQuery); err != nil {
 		return err
@@ -573,10 +746,10 @@ func migrateFrom0(db *sql.DB) error {
 	if _, err := db.Exec(insertSchemaVersion, 1); err != nil {
 		return err
 	}
-	return migrateFrom1(db)
+	return nil
 }

-func migrateFrom1(db *sql.DB) error {
+func migrateFrom1(db *sql.DB, _ time.Duration) error {
 	log.Info("Migrating cache database schema: from 1 to 2")
 	if _, err := db.Exec(migrate1To2AlterMessagesTableQuery); err != nil {
 		return err
@@ -584,10 +757,10 @@ func migrateFrom1(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 2); err != nil {
 		return err
 	}
-	return migrateFrom2(db)
+	return nil
 }

-func migrateFrom2(db *sql.DB) error {
+func migrateFrom2(db *sql.DB, _ time.Duration) error {
 	log.Info("Migrating cache database schema: from 2 to 3")
 	if _, err := db.Exec(migrate2To3AlterMessagesTableQuery); err != nil {
 		return err
@@ -595,10 +768,10 @@ func migrateFrom2(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 3); err != nil {
 		return err
 	}
-	return migrateFrom3(db)
+	return nil
 }

-func migrateFrom3(db *sql.DB) error {
+func migrateFrom3(db *sql.DB, _ time.Duration) error {
 	log.Info("Migrating cache database schema: from 3 to 4")
 	if _, err := db.Exec(migrate3To4AlterMessagesTableQuery); err != nil {
 		return err
@@ -606,10 +779,10 @@ func migrateFrom3(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 4); err != nil {
 		return err
 	}
-	return migrateFrom4(db)
+	return nil
 }

-func migrateFrom4(db *sql.DB) error {
+func migrateFrom4(db *sql.DB, _ time.Duration) error {
 	log.Info("Migrating cache database schema: from 4 to 5")
 	if _, err := db.Exec(migrate4To5AlterMessagesTableQuery); err != nil {
 		return err
@@ -617,10 +790,10 @@ func migrateFrom4(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 5); err != nil {
 		return err
 	}
-	return migrateFrom5(db)
+	return nil
 }

-func migrateFrom5(db *sql.DB) error {
+func migrateFrom5(db *sql.DB, _ time.Duration) error {
 	log.Info("Migrating cache database schema: from 5 to 6")
 	if _, err := db.Exec(migrate5To6AlterMessagesTableQuery); err != nil {
 		return err
@@ -628,10 +801,10 @@ func migrateFrom5(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 6); err != nil {
 		return err
 	}
-	return migrateFrom6(db)
+	return nil
 }

-func migrateFrom6(db *sql.DB) error {
+func migrateFrom6(db *sql.DB, _ time.Duration) error {
 	log.Info("Migrating cache database schema: from 6 to 7")
 	if _, err := db.Exec(migrate6To7AlterMessagesTableQuery); err != nil {
 		return err
@@ -639,5 +812,49 @@ func migrateFrom6(db *sql.DB) error {
 	if _, err := db.Exec(updateSchemaVersion, 7); err != nil {
 		return err
 	}
+	return nil
+}
+
+func migrateFrom7(db *sql.DB, _ time.Duration) error {
+	log.Info("Migrating cache database schema: from 7 to 8")
+	if _, err := db.Exec(migrate7To8AlterMessagesTableQuery); err != nil {
+		return err
+	}
+	if _, err := db.Exec(updateSchemaVersion, 8); err != nil {
+		return err
+	}
+	return nil
+}
+
+func migrateFrom8(db *sql.DB, _ time.Duration) error {
+	log.Info("Migrating cache database schema: from 8 to 9")
+	if _, err := db.Exec(migrate8To9AlterMessagesTableQuery); err != nil {
+		return err
+	}
+	if _, err := db.Exec(updateSchemaVersion, 9); err != nil {
+		return err
+	}
+	return nil
+}
+
+func migrateFrom9(db *sql.DB, cacheDuration time.Duration) error {
+	log.Info("Migrating cache database schema: from 9 to 10")
+	tx, err := db.Begin()
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback()
+	if _, err := tx.Exec(migrate9To10AlterMessagesTableQuery); err != nil {
+		return err
+	}
+	if _, err := tx.Exec(migrate9To10UpdateMessageExpiryQuery, int64(cacheDuration.Seconds())); err != nil {
+		return err
+	}
+	if _, err := tx.Exec(updateSchemaVersion, 10); err != nil {
+		return err
+	}
+	if err := tx.Commit(); err != nil {
+		return err
+	}
 	return nil // Update this when a new version is added
 }
--- a/server/message_cache_test.go
+++ b/server/message_cache_test.go
@@ -3,11 +3,17 @@ package server
 import (
 	"database/sql"
 	"fmt"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
+	"net/netip"
 	"path/filepath"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+var (
+	exampleIP1234 = netip.MustParseAddr("1.2.3.4")
 )

 func TestSqliteCache_Messages(t *testing.T) {
@@ -241,26 +247,36 @@ func TestMemCache_Prune(t *testing.T) {
 }

 func testCachePrune(t *testing.T, c *messageCache) {
+	now := time.Now().Unix()
+
 	m1 := newDefaultMessage("mytopic", "my message")
-	m1.Time = 1
+	m1.Time = now - 10
+	m1.Expires = now - 5

 	m2 := newDefaultMessage("mytopic", "my other message")
-	m2.Time = 2
+	m2.Time = now - 5
+	m2.Expires = now + 5 // In the future

 	m3 := newDefaultMessage("another_topic", "and another one")
-	m3.Time = 1
+	m3.Time = now - 12
+	m3.Expires = now - 2

 	require.Nil(t, c.AddMessage(m1))
 	require.Nil(t, c.AddMessage(m2))
 	require.Nil(t, c.AddMessage(m3))
-	require.Nil(t, c.Prune(time.Unix(2, 0)))

 	counts, err := c.MessageCounts()
 	require.Nil(t, err)
-	require.Equal(t, 1, counts["mytopic"])
+	require.Equal(t, 2, counts["mytopic"])
+	require.Equal(t, 1, counts["another_topic"])
+
+	expiredMessageIDs, err := c.MessagesExpired()
+	require.Nil(t, err)
+	require.Nil(t, c.DeleteMessages(expiredMessageIDs...))

 	counts, err = c.MessageCounts()
 	require.Nil(t, err)
+	require.Equal(t, 1, counts["mytopic"])
 	require.Equal(t, 0, counts["another_topic"])

 	messages, err := c.Messages("mytopic", sinceAllMessages, false)
@@ -281,7 +297,7 @@ func testCacheAttachments(t *testing.T, c *messageCache) {
 	expires1 := time.Now().Add(-4 * time.Hour).Unix()
 	m := newDefaultMessage("mytopic", "flower for you")
 	m.ID = "m1"
-	m.Sender = "1.2.3.4"
+	m.Sender = exampleIP1234
 	m.Attachment = &attachment{
 		Name:    "flower.jpg",
 		Type:    "image/jpeg",
@@ -294,7 +310,7 @@ func testCacheAttachments(t *testing.T, c *messageCache) {
 	expires2 := time.Now().Add(2 * time.Hour).Unix() // Future
 	m = newDefaultMessage("mytopic", "sending you a car")
 	m.ID = "m2"
-	m.Sender = "1.2.3.4"
+	m.Sender = exampleIP1234
 	m.Attachment = &attachment{
 		Name:    "car.jpg",
 		Type:    "image/jpeg",
@@ -307,7 +323,7 @@ func testCacheAttachments(t *testing.T, c *messageCache) {
 	expires3 := time.Now().Add(1 * time.Hour).Unix() // Future
 	m = newDefaultMessage("another-topic", "sending you another car")
 	m.ID = "m3"
-	m.Sender = "1.2.3.4"
+	m.Sender = exampleIP1234
 	m.Attachment = &attachment{
 		Name:    "another-car.jpg",
 		Type:    "image/jpeg",
@@ -327,7 +343,7 @@ func testCacheAttachments(t *testing.T, c *messageCache) {
 	require.Equal(t, int64(5000), messages[0].Attachment.Size)
 	require.Equal(t, expires1, messages[0].Attachment.Expires)
 	require.Equal(t, "https://ntfy.sh/file/AbDeFgJhal.jpg", messages[0].Attachment.URL)
-	require.Equal(t, "1.2.3.4", messages[0].Sender)
+	require.Equal(t, "1.2.3.4", messages[0].Sender.String())

 	require.Equal(t, "sending you a car", messages[1].Message)
 	require.Equal(t, "car.jpg", messages[1].Attachment.Name)
@@ -335,19 +351,70 @@ func testCacheAttachments(t *testing.T, c *messageCache) {
 	require.Equal(t, int64(10000), messages[1].Attachment.Size)
 	require.Equal(t, expires2, messages[1].Attachment.Expires)
 	require.Equal(t, "https://ntfy.sh/file/aCaRURL.jpg", messages[1].Attachment.URL)
-	require.Equal(t, "1.2.3.4", messages[1].Sender)
+	require.Equal(t, "1.2.3.4", messages[1].Sender.String())

-	size, err := c.AttachmentBytesUsed("1.2.3.4")
+	size, err := c.AttachmentBytesUsedBySender("1.2.3.4")
 	require.Nil(t, err)
 	require.Equal(t, int64(30000), size)

-	size, err = c.AttachmentBytesUsed("5.6.7.8")
+	size, err = c.AttachmentBytesUsedBySender("5.6.7.8")
 	require.Nil(t, err)
 	require.Equal(t, int64(0), size)
+}
+
+func TestSqliteCache_Attachments_Expired(t *testing.T) {
+	testCacheAttachmentsExpired(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_Attachments_Expired(t *testing.T) {
+	testCacheAttachmentsExpired(t, newMemTestCache(t))
+}
+
+func testCacheAttachmentsExpired(t *testing.T, c *messageCache) {
+	m := newDefaultMessage("mytopic", "flower for you")
+	m.ID = "m1"
+	m.Expires = time.Now().Add(time.Hour).Unix()
+	require.Nil(t, c.AddMessage(m))
+
+	m = newDefaultMessage("mytopic", "message with attachment")
+	m.ID = "m2"
+	m.Expires = time.Now().Add(2 * time.Hour).Unix()
+	m.Attachment = &attachment{
+		Name:    "car.jpg",
+		Type:    "image/jpeg",
+		Size:    10000,
+		Expires: time.Now().Add(2 * time.Hour).Unix(),
+		URL:     "https://ntfy.sh/file/aCaRURL.jpg",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	m = newDefaultMessage("mytopic", "message with external attachment")
+	m.ID = "m3"
+	m.Expires = time.Now().Add(2 * time.Hour).Unix()
+	m.Attachment = &attachment{
+		Name:    "car.jpg",
+		Type:    "image/jpeg",
+		Expires: 0, // Unknown!
+		URL:     "https://somedomain.com/car.jpg",
+	}
+	require.Nil(t, c.AddMessage(m))
+
+	m = newDefaultMessage("mytopic2", "message with expired attachment")
+	m.ID = "m4"
+	m.Expires = time.Now().Add(2 * time.Hour).Unix()
+	m.Attachment = &attachment{
+		Name:    "expired-car.jpg",
+		Type:    "image/jpeg",
+		Size:    20000,
+		Expires: time.Now().Add(-1 * time.Hour).Unix(),
+		URL:     "https://ntfy.sh/file/aCaRURL.jpg",
+	}
+	require.Nil(t, c.AddMessage(m))

 	ids, err := c.AttachmentsExpired()
 	require.Nil(t, err)
-	require.Equal(t, []string{"m1"}, ids)
+	require.Equal(t, 1, len(ids))
+	require.Equal(t, "m4", ids[0])
 }

 func TestSqliteCache_Migration_From0(t *testing.T) {
@@ -443,12 +510,109 @@ func TestSqliteCache_Migration_From1(t *testing.T) {
 	require.Equal(t, 11, len(messages))
 }

+func TestSqliteCache_Migration_From9(t *testing.T) {
+	// This primarily tests the awkward migration that introduces the "expires" column.
+	// The migration logic has to update the column, using the existing "cache-duration" value.
+
+	filename := newSqliteTestCacheFile(t)
+	db, err := sql.Open("sqlite3", filename)
+	require.Nil(t, err)
+
+	// Create "version 8" schema
+	_, err = db.Exec(`
+		BEGIN;
+		CREATE TABLE IF NOT EXISTS messages (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			mid TEXT NOT NULL,
+			time INT NOT NULL,
+			topic TEXT NOT NULL,
+			message TEXT NOT NULL,
+			title TEXT NOT NULL,
+			priority INT NOT NULL,
+			tags TEXT NOT NULL,
+			click TEXT NOT NULL,
+			icon TEXT NOT NULL,			
+			actions TEXT NOT NULL,
+			attachment_name TEXT NOT NULL,
+			attachment_type TEXT NOT NULL,
+			attachment_size INT NOT NULL,
+			attachment_expires INT NOT NULL,
+			attachment_url TEXT NOT NULL,
+			sender TEXT NOT NULL,
+			encoding TEXT NOT NULL,
+			published INT NOT NULL
+		);
+		CREATE INDEX IF NOT EXISTS idx_mid ON messages (mid);
+		CREATE INDEX IF NOT EXISTS idx_time ON messages (time);
+		CREATE INDEX IF NOT EXISTS idx_topic ON messages (topic);
+		CREATE TABLE IF NOT EXISTS schemaVersion (
+			id INT PRIMARY KEY,
+			version INT NOT NULL
+		);		
+		INSERT INTO schemaVersion (id, version) VALUES (1, 9);
+		COMMIT;
+	`)
+	require.Nil(t, err)
+
+	// Insert a bunch of messages
+	insertQuery := `
+		INSERT INTO messages (mid, time, topic, message, title, priority, tags, click, icon, actions, attachment_name, attachment_type, attachment_size, attachment_expires, attachment_url, sender, encoding, published) 
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	`
+	for i := 0; i < 10; i++ {
+		_, err = db.Exec(
+			insertQuery,
+			fmt.Sprintf("abcd%d", i),
+			time.Now().Unix(),
+			"mytopic",
+			fmt.Sprintf("some message %d", i),
+			"",        // title
+			0,         // priority
+			"",        // tags
+			"",        // click
+			"",        // icon
+			"",        // actions
+			"",        // attachment_name
+			"",        // attachment_type
+			0,         // attachment_size
+			0,         // attachment_type
+			"",        // attachment_url
+			"9.9.9.9", // sender
+			"",        // encoding
+			1,         // published
+		)
+		require.Nil(t, err)
+	}
+
+	// Create cache to trigger migration
+	cacheDuration := 17 * time.Hour
+	c, err := newSqliteCache(filename, "", cacheDuration, 0, 0, false)
+	require.Nil(t, err)
+	checkSchemaVersion(t, c.db)
+
+	// Check version
+	rows, err := db.Query(`SELECT version FROM main.schemaVersion WHERE id = 1`)
+	require.Nil(t, err)
+	require.True(t, rows.Next())
+	var version int
+	require.Nil(t, rows.Scan(&version))
+	require.Equal(t, currentSchemaVersion, version)
+
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 10, len(messages))
+	for _, m := range messages {
+		require.True(t, m.Expires > time.Now().Add(cacheDuration-5*time.Second).Unix())
+		require.True(t, m.Expires < time.Now().Add(cacheDuration+5*time.Second).Unix())
+	}
+}
+
 func TestSqliteCache_StartupQueries_WAL(t *testing.T) {
 	filename := newSqliteTestCacheFile(t)
 	startupQueries := `pragma journal_mode = WAL; 
 pragma synchronous = normal; 
 pragma temp_store = memory;`
-	db, err := newSqliteCache(filename, startupQueries, false)
+	db, err := newSqliteCache(filename, startupQueries, time.Hour, 0, 0, false)
 	require.Nil(t, err)
 	require.Nil(t, db.AddMessage(newDefaultMessage("mytopic", "some message")))
 	require.FileExists(t, filename)
@@ -459,7 +623,7 @@ pragma temp_store = memory;`
 func TestSqliteCache_StartupQueries_None(t *testing.T) {
 	filename := newSqliteTestCacheFile(t)
 	startupQueries := ""
-	db, err := newSqliteCache(filename, startupQueries, false)
+	db, err := newSqliteCache(filename, startupQueries, time.Hour, 0, 0, false)
 	require.Nil(t, err)
 	require.Nil(t, db.AddMessage(newDefaultMessage("mytopic", "some message")))
 	require.FileExists(t, filename)
@@ -470,10 +634,33 @@ func TestSqliteCache_StartupQueries_None(t *testing.T) {
 func TestSqliteCache_StartupQueries_Fail(t *testing.T) {
 	filename := newSqliteTestCacheFile(t)
 	startupQueries := `xx error`
-	_, err := newSqliteCache(filename, startupQueries, false)
+	_, err := newSqliteCache(filename, startupQueries, time.Hour, 0, 0, false)
 	require.Error(t, err)
 }

+func TestSqliteCache_Sender(t *testing.T) {
+	testSender(t, newSqliteTestCache(t))
+}
+
+func TestMemCache_Sender(t *testing.T) {
+	testSender(t, newMemTestCache(t))
+}
+
+func testSender(t *testing.T, c *messageCache) {
+	m1 := newDefaultMessage("mytopic", "mymessage")
+	m1.Sender = netip.MustParseAddr("1.2.3.4")
+	require.Nil(t, c.AddMessage(m1))
+
+	m2 := newDefaultMessage("mytopic", "mymessage without sender")
+	require.Nil(t, c.AddMessage(m2))
+
+	messages, err := c.Messages("mytopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 2, len(messages))
+	require.Equal(t, messages[0].Sender, netip.MustParseAddr("1.2.3.4"))
+	require.Equal(t, messages[1].Sender, netip.Addr{})
+}
+
 func checkSchemaVersion(t *testing.T, db *sql.DB) {
 	rows, err := db.Query(`SELECT version FROM schemaVersion`)
 	require.Nil(t, err)
@@ -499,7 +686,7 @@ func TestMemCache_NopCache(t *testing.T) {
 }

 func newSqliteTestCache(t *testing.T) *messageCache {
-	c, err := newSqliteCache(newSqliteTestCacheFile(t), "", false)
+	c, err := newSqliteCache(newSqliteTestCacheFile(t), "", time.Hour, 0, 0, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -511,7 +698,7 @@ func newSqliteTestCacheFile(t *testing.T) string {
 }

 func newSqliteTestCacheFromFile(t *testing.T, filename, startupQueries string) *messageCache {
-	c, err := newSqliteCache(filename, startupQueries, false)
+	c, err := newSqliteCache(filename, startupQueries, time.Hour, 0, 0, false)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/server/server.go
+++ b/server/server.go
@@ -7,10 +7,13 @@ import (
 	"embed"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"heckel.io/ntfy/user"
 	"io"
 	"net"
 	"net/http"
+	"net/netip"
 	"net/url"
 	"os"
 	"path"
@@ -28,10 +31,39 @@ import (
 	"github.com/emersion/go-smtp"
 	"github.com/gorilla/websocket"
 	"golang.org/x/sync/errgroup"
-	"heckel.io/ntfy/auth"
 	"heckel.io/ntfy/util"
 )

+/*
+	TODO
+		races:
+		- v.user --> see publishSyncEventAsync() test
+
+		payments:
+		- delete messages + reserved topics on ResetTier delete attachments in access.go
+		- reconciliation
+
+		Limits & rate limiting:
+			users without tier: should the stats be persisted? are they meaningful? -> test that the visitor is based on the IP address!
+			login/account endpoints
+			when ResetStats() is run, reset messagesLimiter (and others)?
+			Delete visitor when tier is changed to refresh rate limiters
+
+		Make sure account endpoints make sense for admins
+
+		UI:
+		- revert home page change
+		- flicker of upgrade banner
+		- JS constants
+		Sync:
+			- sync problems with "deleteAfter=0" and "displayName="
+
+		Tests:
+		- Payment endpoints (make mocks)
+		- Message rate limiting and reset tests
+		- test that the visitor is based on the IP address when a user has no tier
+*/
+
 // Server is the main server, providing the UI and API for ntfy
 type Server struct {
 	config            *Config
@@ -42,12 +74,14 @@ type Server struct {
 	smtpServerBackend *smtpBackend
 	smtpSender        mailer
 	topics            map[string]*topic
-	visitors          map[string]*visitor
+	visitors          map[string]*visitor // ip:<ip> or user:<user>
 	firebaseClient    *firebaseClient
 	messages          int64
-	auth              auth.Auther
-	messageCache      *messageCache
-	fileCache         *fileCache
+	userManager       *user.Manager                        // Might be nil!
+	messageCache      *messageCache                        // Database that stores the messages
+	fileCache         *fileCache                           // File system based cache that stores attachments
+	stripe            stripeAPI                            // Stripe API, can be replaced with a mock
+	priceCache        *util.LookupCache[map[string]string] // Stripe price ID -> formatted price
 	closeChan         chan bool
 	mu                sync.Mutex
 }
@@ -67,14 +101,29 @@ var (
 	authPathRegex          = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/auth$`)
 	publishPathRegex       = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}/(publish|send|trigger)$`)

-	webConfigPath    = "/config.js"
-	userStatsPath    = "/user/stats"
-	matrixPushPath   = "/_matrix/push/v1/notify"
-	staticRegex      = regexp.MustCompile(`^/static/.+`)
-	docsRegex        = regexp.MustCompile(`^/docs(|/.*)$`)
-	fileRegex        = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
-	disallowedTopics = []string{"docs", "static", "file", "app", "settings"} // If updated, also update in Android app
-	attachURLRegex   = regexp.MustCompile(`^https?://`)
+	webConfigPath                                        = "/config.js"
+	accountPath                                          = "/account"
+	matrixPushPath                                       = "/_matrix/push/v1/notify"
+	apiHealthPath                                        = "/v1/health"
+	apiTiers                                             = "/v1/tiers"
+	apiAccountPath                                       = "/v1/account"
+	apiAccountTokenPath                                  = "/v1/account/token"
+	apiAccountPasswordPath                               = "/v1/account/password"
+	apiAccountSettingsPath                               = "/v1/account/settings"
+	apiAccountSubscriptionPath                           = "/v1/account/subscription"
+	apiAccountReservationPath                            = "/v1/account/reservation"
+	apiAccountBillingPortalPath                          = "/v1/account/billing/portal"
+	apiAccountBillingWebhookPath                         = "/v1/account/billing/webhook"
+	apiAccountBillingSubscriptionPath                    = "/v1/account/billing/subscription"
+	apiAccountBillingSubscriptionCheckoutSuccessTemplate = "/v1/account/billing/subscription/success/{CHECKOUT_SESSION_ID}"
+	apiAccountBillingSubscriptionCheckoutSuccessRegex    = regexp.MustCompile(`/v1/account/billing/subscription/success/(.+)$`)
+	apiAccountReservationSingleRegex                     = regexp.MustCompile(`/v1/account/reservation/([-_A-Za-z0-9]{1,64})$`)
+	apiAccountSubscriptionSingleRegex                    = regexp.MustCompile(`^/v1/account/subscription/([-_A-Za-z0-9]{16})$`)
+	staticRegex                                          = regexp.MustCompile(`^/static/.+`)
+	docsRegex                                            = regexp.MustCompile(`^/docs(|/.*)$`)
+	fileRegex                                            = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
+	disallowedTopics                                     = []string{"docs", "static", "file", "app", "account", "settings", "pricing", "signup", "login", "reset-password"} // If updated, also update in Android and web app
+	urlRegex                                             = regexp.MustCompile(`^https?://`)

 	//go:embed site
 	webFs        embed.FS
@@ -94,7 +143,8 @@ const (
 	emptyMessageBody         = "triggered"               // Used if message body is empty
 	newMessageBody           = "New message"             // Used in poll requests as generic message
 	defaultAttachmentMessage = "You received a file: %s" // Used if message body is empty, and there is an attachment
-	encodingBase64           = "base64"
+	encodingBase64           = "base64"                  // Used mainly for binary UnifiedPush messages
+	jsonBodyBytesLimit       = 16384
 )

 // WebSocket constants
@@ -112,6 +162,10 @@ func New(conf *Config) (*Server, error) {
 	if conf.SMTPSenderAddr != "" {
 		mailer = &smtpSender{config: conf}
 	}
+	var stripe stripeAPI
+	if conf.StripeSecretKey != "" {
+		stripe = newStripeAPI()
+	}
 	messageCache, err := createMessageCache(conf)
 	if err != nil {
 		return nil, err
@@ -122,14 +176,14 @@ func New(conf *Config) (*Server, error) {
 	}
 	var fileCache *fileCache
 	if conf.AttachmentCacheDir != "" {
-		fileCache, err = newFileCache(conf.AttachmentCacheDir, conf.AttachmentTotalSizeLimit, conf.AttachmentFileSizeLimit)
+		fileCache, err = newFileCache(conf.AttachmentCacheDir, conf.AttachmentTotalSizeLimit)
 		if err != nil {
 			return nil, err
 		}
 	}
-	var auther auth.Auther
+	var userManager *user.Manager
 	if conf.AuthFile != "" {
-		auther, err = auth.NewSQLiteAuth(conf.AuthFile, conf.AuthDefaultRead, conf.AuthDefaultWrite)
+		userManager, err = user.NewManager(conf.AuthFile, conf.AuthStartupQueries, conf.AuthDefault)
 		if err != nil {
 			return nil, err
 		}
@@ -140,25 +194,28 @@ func New(conf *Config) (*Server, error) {
 		if err != nil {
 			return nil, err
 		}
-		firebaseClient = newFirebaseClient(sender, auther)
+		firebaseClient = newFirebaseClient(sender, userManager)
 	}
-	return &Server{
+	s := &Server{
 		config:         conf,
 		messageCache:   messageCache,
 		fileCache:      fileCache,
 		firebaseClient: firebaseClient,
 		smtpSender:     mailer,
 		topics:         topics,
-		auth:           auther,
+		userManager:    userManager,
 		visitors:       make(map[string]*visitor),
-	}, nil
+		stripe:         stripe,
+	}
+	s.priceCache = util.NewLookupCache(s.fetchStripePrices, conf.StripePriceCacheDuration)
+	return s, nil
 }

 func createMessageCache(conf *Config) (*messageCache, error) {
 	if conf.CacheDuration == 0 {
 		return newNopCache()
 	} else if conf.CacheFile != "" {
-		return newSqliteCache(conf.CacheFile, conf.CacheStartupQueries, false)
+		return newSqliteCache(conf.CacheFile, conf.CacheStartupQueries, conf.CacheDuration, conf.CacheBatchSize, conf.CacheBatchTimeout, false)
 	}
 	return newMemCache()
 }
@@ -204,9 +261,18 @@ func (s *Server) Run() error {
 			os.Remove(s.config.ListenUnix)
 			s.unixListener, err = net.Listen("unix", s.config.ListenUnix)
 			if err != nil {
+				s.mu.Unlock()
 				errChan <- err
 				return
 			}
+			defer s.unixListener.Close()
+			if s.config.ListenUnixMode > 0 {
+				if err := os.Chmod(s.config.ListenUnix, s.config.ListenUnixMode); err != nil {
+					s.mu.Unlock()
+					errChan <- err
+					return
+				}
+			}
 			s.mu.Unlock()
 			httpServer := &http.Server{Handler: mux}
 			errChan <- httpServer.Serve(s.unixListener)
@@ -219,6 +285,7 @@ func (s *Server) Run() error {
 	}
 	s.mu.Unlock()
 	go s.runManager()
+	go s.runStatsResetter()
 	go s.runDelayedSender()
 	go s.runFirebaseKeepaliver()

@@ -245,12 +312,15 @@ func (s *Server) Stop() {
 }

 func (s *Server) handle(w http.ResponseWriter, r *http.Request) {
-	v := s.visitor(r)
-	log.Debug("%s Dispatching request", logHTTPPrefix(v, r))
-	if log.IsTrace() {
-		log.Trace("%s Entire request (headers and body):\n%s", logHTTPPrefix(v, r), renderHTTPRequest(r))
+	v, err := s.visitor(r) // Note: Always returns v, even when error is returned
+	if err == nil {
+		log.Debug("%s Dispatching request", logHTTPPrefix(v, r))
+		if log.IsTrace() {
+			log.Trace("%s Entire request (headers and body):\n%s", logHTTPPrefix(v, r), renderHTTPRequest(r))
+		}
+		err = s.handleInternal(w, r, v)
 	}
-	if err := s.handleInternal(w, r, v); err != nil {
+	if err != nil {
 		if websocket.IsWebSocketUpgrade(r) {
 			isNormalError := strings.Contains(err.Error(), "i/o timeout")
 			if isNormalError {
@@ -286,10 +356,50 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 		return s.ensureWebEnabled(s.handleHome)(w, r, v)
 	} else if r.Method == http.MethodHead && r.URL.Path == "/" {
 		return s.ensureWebEnabled(s.handleEmpty)(w, r, v)
+	} else if r.Method == http.MethodGet && r.URL.Path == apiHealthPath {
+		return s.handleHealth(w, r, v)
 	} else if r.Method == http.MethodGet && r.URL.Path == webConfigPath {
 		return s.ensureWebEnabled(s.handleWebConfig)(w, r, v)
-	} else if r.Method == http.MethodGet && r.URL.Path == userStatsPath {
-		return s.handleUserStats(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountPath {
+		return s.ensureUserManager(s.handleAccountCreate)(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountTokenPath {
+		return s.ensureUser(s.handleAccountTokenIssue)(w, r, v)
+	} else if r.Method == http.MethodGet && r.URL.Path == apiAccountPath {
+		return s.handleAccountGet(w, r, v) // Allowed by anonymous
+	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccountPath {
+		return s.ensureUser(s.withAccountSync(s.handleAccountDelete))(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountPasswordPath {
+		return s.ensureUser(s.handleAccountPasswordChange)(w, r, v)
+	} else if r.Method == http.MethodPatch && r.URL.Path == apiAccountTokenPath {
+		return s.ensureUser(s.handleAccountTokenExtend)(w, r, v)
+	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccountTokenPath {
+		return s.ensureUser(s.handleAccountTokenDelete)(w, r, v)
+	} else if r.Method == http.MethodPatch && r.URL.Path == apiAccountSettingsPath {
+		return s.ensureUser(s.withAccountSync(s.handleAccountSettingsChange))(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountSubscriptionPath {
+		return s.ensureUser(s.withAccountSync(s.handleAccountSubscriptionAdd))(w, r, v)
+	} else if r.Method == http.MethodPatch && apiAccountSubscriptionSingleRegex.MatchString(r.URL.Path) {
+		return s.ensureUser(s.withAccountSync(s.handleAccountSubscriptionChange))(w, r, v)
+	} else if r.Method == http.MethodDelete && apiAccountSubscriptionSingleRegex.MatchString(r.URL.Path) {
+		return s.ensureUser(s.withAccountSync(s.handleAccountSubscriptionDelete))(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountReservationPath {
+		return s.ensureUser(s.withAccountSync(s.handleAccountReservationAdd))(w, r, v)
+	} else if r.Method == http.MethodDelete && apiAccountReservationSingleRegex.MatchString(r.URL.Path) {
+		return s.ensureUser(s.withAccountSync(s.handleAccountReservationDelete))(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountBillingSubscriptionPath {
+		return s.ensurePaymentsEnabled(s.ensureUser(s.handleAccountBillingSubscriptionCreate))(w, r, v) // Account sync via incoming Stripe webhook
+	} else if r.Method == http.MethodGet && apiAccountBillingSubscriptionCheckoutSuccessRegex.MatchString(r.URL.Path) {
+		return s.ensurePaymentsEnabled(s.ensureUserManager(s.handleAccountBillingSubscriptionCreateSuccess))(w, r, v) // No user context!
+	} else if r.Method == http.MethodPut && r.URL.Path == apiAccountBillingSubscriptionPath {
+		return s.ensurePaymentsEnabled(s.ensureStripeCustomer(s.handleAccountBillingSubscriptionUpdate))(w, r, v) // Account sync via incoming Stripe webhook
+	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccountBillingSubscriptionPath {
+		return s.ensurePaymentsEnabled(s.ensureStripeCustomer(s.handleAccountBillingSubscriptionDelete))(w, r, v) // Account sync via incoming Stripe webhook
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountBillingPortalPath {
+		return s.ensurePaymentsEnabled(s.ensureStripeCustomer(s.handleAccountBillingPortalSessionCreate))(w, r, v)
+	} else if r.Method == http.MethodPost && r.URL.Path == apiAccountBillingWebhookPath {
+		return s.ensurePaymentsEnabled(s.ensureUserManager(s.handleAccountBillingWebhook))(w, r, v) // This request comes from Stripe!
+	} else if r.Method == http.MethodGet && r.URL.Path == apiTiers {
+		return s.ensurePaymentsEnabled(s.handleBillingTiersGet)(w, r, v)
 	} else if r.Method == http.MethodGet && r.URL.Path == matrixPushPath {
 		return s.handleMatrixDiscovery(w)
 	} else if r.Method == http.MethodGet && staticRegex.MatchString(r.URL.Path) {
@@ -301,23 +411,23 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 	} else if r.Method == http.MethodOptions {
 		return s.ensureWebEnabled(s.handleOptions)(w, r, v)
 	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && r.URL.Path == "/" {
-		return s.limitRequests(s.transformBodyJSON(s.authWrite(s.handlePublish)))(w, r, v)
+		return s.limitRequests(s.transformBodyJSON(s.authorizeTopicWrite(s.handlePublish)))(w, r, v)
 	} else if r.Method == http.MethodPost && r.URL.Path == matrixPushPath {
-		return s.limitRequests(s.transformMatrixJSON(s.authWrite(s.handlePublishMatrix)))(w, r, v)
+		return s.limitRequests(s.transformMatrixJSON(s.authorizeTopicWrite(s.handlePublishMatrix)))(w, r, v)
 	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && topicPathRegex.MatchString(r.URL.Path) {
-		return s.limitRequests(s.authWrite(s.handlePublish))(w, r, v)
+		return s.limitRequests(s.authorizeTopicWrite(s.handlePublish))(w, r, v)
 	} else if r.Method == http.MethodGet && publishPathRegex.MatchString(r.URL.Path) {
-		return s.limitRequests(s.authWrite(s.handlePublish))(w, r, v)
+		return s.limitRequests(s.authorizeTopicWrite(s.handlePublish))(w, r, v)
 	} else if r.Method == http.MethodGet && jsonPathRegex.MatchString(r.URL.Path) {
-		return s.limitRequests(s.authRead(s.handleSubscribeJSON))(w, r, v)
+		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeJSON))(w, r, v)
 	} else if r.Method == http.MethodGet && ssePathRegex.MatchString(r.URL.Path) {
-		return s.limitRequests(s.authRead(s.handleSubscribeSSE))(w, r, v)
+		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeSSE))(w, r, v)
 	} else if r.Method == http.MethodGet && rawPathRegex.MatchString(r.URL.Path) {
-		return s.limitRequests(s.authRead(s.handleSubscribeRaw))(w, r, v)
+		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeRaw))(w, r, v)
 	} else if r.Method == http.MethodGet && wsPathRegex.MatchString(r.URL.Path) {
-		return s.limitRequests(s.authRead(s.handleSubscribeWS))(w, r, v)
+		return s.limitRequests(s.authorizeTopicRead(s.handleSubscribeWS))(w, r, v)
 	} else if r.Method == http.MethodGet && authPathRegex.MatchString(r.URL.Path) {
-		return s.limitRequests(s.authRead(s.handleTopicAuth))(w, r, v)
+		return s.limitRequests(s.authorizeTopicRead(s.handleTopicAuth))(w, r, v)
 	} else if r.Method == http.MethodGet && (topicPathRegex.MatchString(r.URL.Path) || externalTopicPathRegex.MatchString(r.URL.Path)) {
 		return s.ensureWebEnabled(s.handleTopic)(w, r, v)
 	}
@@ -350,10 +460,14 @@ func (s *Server) handleEmpty(_ http.ResponseWriter, _ *http.Request, _ *visitor)
 }

 func (s *Server) handleTopicAuth(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
-	w.Header().Set("Content-Type", "application/json")
-	w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
-	_, err := io.WriteString(w, `{"success":true}`+"\n")
-	return err
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleHealth(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
+	response := &apiHealthResponse{
+		Healthy: true,
+	}
+	return s.writeJSON(w, response)
 }

 func (s *Server) handleWebConfig(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
@@ -361,27 +475,22 @@ func (s *Server) handleWebConfig(w http.ResponseWriter, _ *http.Request, _ *visi
 	if !s.config.WebRootIsApp {
 		appRoot = "/app"
 	}
-	disallowedTopicsStr := `"` + strings.Join(disallowedTopics, `", "`) + `"`
-	w.Header().Set("Content-Type", "text/javascript")
-	_, err := io.WriteString(w, fmt.Sprintf(`// Generated server configuration
-var config = {
-  appRoot: "%s",
-  disallowedTopics: [%s]
-};`, appRoot, disallowedTopicsStr))
-	return err
-}
-
-func (s *Server) handleUserStats(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	stats, err := v.Stats()
+	response := &apiConfigResponse{
+		BaseURL:            "", // Will translate to window.location.origin
+		AppRoot:            appRoot,
+		EnableLogin:        s.config.EnableLogin,
+		EnableSignup:       s.config.EnableSignup,
+		EnablePayments:     s.config.StripeSecretKey != "",
+		EnableReservations: s.config.EnableReservations,
+		DisallowedTopics:   disallowedTopics,
+	}
+	b, err := json.MarshalIndent(response, "", "  ")
 	if err != nil {
 		return err
 	}
-	w.Header().Set("Content-Type", "text/json")
-	w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
-	if err := json.NewEncoder(w).Encode(stats); err != nil {
-		return err
-	}
-	return nil
+	w.Header().Set("Content-Type", "text/javascript")
+	_, err = io.WriteString(w, fmt.Sprintf("// Generated server configuration\nvar config = %s;\n", string(b)))
+	return err
 }

 func (s *Server) handleStatic(w http.ResponseWriter, r *http.Request, _ *visitor) error {
@@ -401,7 +510,7 @@ func (s *Server) handleFile(w http.ResponseWriter, r *http.Request, v *visitor)
 	}
 	matches := fileRegex.FindStringSubmatch(r.URL.Path)
 	if len(matches) != 2 {
-		return errHTTPInternalErrorInvalidFilePath
+		return errHTTPInternalErrorInvalidPath
 	}
 	messageID := matches[1]
 	file := filepath.Join(s.config.AttachmentCacheDir, messageID)
@@ -411,7 +520,7 @@ func (s *Server) handleFile(w http.ResponseWriter, r *http.Request, v *visitor)
 	}
 	if r.Method == http.MethodGet {
 		if err := v.BandwidthLimiter().Allow(stat.Size()); err != nil {
-			return errHTTPTooManyRequestsAttachmentBandwidthLimit
+			return errHTTPTooManyRequestsLimitAttachmentBandwidth
 		}
 	}
 	w.Header().Set("Content-Length", fmt.Sprintf("%d", stat.Size()))
@@ -440,6 +549,9 @@ func (s *Server) handlePublishWithoutResponse(r *http.Request, v *visitor) (*mes
 	if err != nil {
 		return nil, err
 	}
+	if err := v.MessageAllowed(); err != nil {
+		return nil, errHTTPTooManyRequestsLimitMessages
+	}
 	body, err := util.Peek(r.Body, s.config.MessageLimit)
 	if err != nil {
 		return nil, err
@@ -452,6 +564,10 @@ func (s *Server) handlePublishWithoutResponse(r *http.Request, v *visitor) (*mes
 	if m.PollID != "" {
 		m = newPollRequestMessage(t.ID, m.PollID)
 	}
+	if v.user != nil {
+		m.User = v.user.Name
+	}
+	m.Expires = time.Now().Add(v.Limits().MessagesExpiryDuration).Unix()
 	if err := s.handlePublishBody(r, v, m, body, unifiedpush); err != nil {
 		return nil, err
 	}
@@ -459,8 +575,8 @@ func (s *Server) handlePublishWithoutResponse(r *http.Request, v *visitor) (*mes
 		m.Message = emptyMessageBody
 	}
 	delayed := m.Time > time.Now().Unix()
-	log.Debug("%s Received message: event=%s, body=%d byte(s), delayed=%t, firebase=%t, cache=%t, up=%t, email=%s",
-		logMessagePrefix(v, m), m.Event, len(m.Message), delayed, firebase, cache, unifiedpush, email)
+	log.Debug("%s Received message: event=%s, user=%s, body=%d byte(s), delayed=%t, firebase=%t, cache=%t, up=%t, email=%s",
+		logMessagePrefix(v, m), m.Event, m.User, len(m.Message), delayed, firebase, cache, unifiedpush, email)
 	if log.IsTrace() {
 		log.Trace("%s Message body: %s", logMessagePrefix(v, m), util.MaybeMarshalJSON(m))
 	}
@@ -472,6 +588,7 @@ func (s *Server) handlePublishWithoutResponse(r *http.Request, v *visitor) (*mes
 			go s.sendToFirebase(v, m)
 		}
 		if s.smtpSender != nil && email != "" {
+			v.IncrementEmails()
 			go s.sendEmail(v, m, email)
 		}
 		if s.config.UpstreamBaseURL != "" {
@@ -481,10 +598,15 @@ func (s *Server) handlePublishWithoutResponse(r *http.Request, v *visitor) (*mes
 		log.Debug("%s Message delayed, will process later", logMessagePrefix(v, m))
 	}
 	if cache {
+		log.Debug("%s Adding message to cache", logMessagePrefix(v, m))
 		if err := s.messageCache.AddMessage(m); err != nil {
 			return nil, err
 		}
 	}
+	v.IncrementMessages()
+	if s.userManager != nil && v.user != nil {
+		s.userManager.EnqueueStats(v.user)
+	}
 	s.mu.Lock()
 	s.messages++
 	s.mu.Unlock()
@@ -496,12 +618,7 @@ func (s *Server) handlePublish(w http.ResponseWriter, r *http.Request, v *visito
 	if err != nil {
 		return err
 	}
-	w.Header().Set("Content-Type", "application/json")
-	w.Header().Set("Access-Control-Allow-Origin", "*") // CORS, allow cross-origin requests
-	if err := json.NewEncoder(w).Encode(m); err != nil {
-		return err
-	}
-	return nil
+	return s.writeJSON(w, m)
 }

 func (s *Server) handlePublishMatrix(w http.ResponseWriter, r *http.Request, v *visitor) error {
@@ -559,6 +676,7 @@ func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (ca
 	firebase = readBoolParam(r, true, "x-firebase", "firebase")
 	m.Title = readParam(r, "x-title", "title", "t")
 	m.Click = readParam(r, "x-click", "click")
+	icon := readParam(r, "x-icon", "icon")
 	filename := readParam(r, "x-filename", "filename", "file", "f")
 	attach := readParam(r, "x-attach", "attach", "a")
 	if attach != "" || filename != "" {
@@ -568,7 +686,7 @@ func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (ca
 		m.Attachment.Name = filename
 	}
 	if attach != "" {
-		if !attachURLRegex.MatchString(attach) {
+		if !urlRegex.MatchString(attach) {
 			return false, false, "", false, errHTTPBadRequestAttachmentURLInvalid
 		}
 		m.Attachment.URL = attach
@@ -585,6 +703,12 @@ func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (ca
 			m.Attachment.Name = "attachment"
 		}
 	}
+	if icon != "" {
+		if !urlRegex.MatchString(icon) {
+			return false, false, "", false, errHTTPBadRequestIconURLInvalid
+		}
+		m.Icon = icon
+	}
 	email = readParam(r, "x-email", "x-e-mail", "email", "e-mail", "mail", "e")
 	if email != "" {
 		if err := v.EmailAllowed(); err != nil {
@@ -651,18 +775,18 @@ func (s *Server) parsePublishParams(r *http.Request, v *visitor, m *message) (ca

 // handlePublishBody consumes the PUT/POST body and decides whether the body is an attachment or the message.
 //
-// 1. curl -X POST -H "Poll: 1234" ntfy.sh/...
-//    If a message is flagged as poll request, the body does not matter and is discarded
-// 2. curl -T somebinarydata.bin "ntfy.sh/mytopic?up=1"
-//    If body is binary, encode as base64, if not do not encode
-// 3. curl -H "Attach: http://example.com/file.jpg" ntfy.sh/mytopic
-//    Body must be a message, because we attached an external URL
-// 4. curl -T short.txt -H "Filename: short.txt" ntfy.sh/mytopic
-//    Body must be attachment, because we passed a filename
-// 5. curl -T file.txt ntfy.sh/mytopic
-//    If file.txt is <= 4096 (message limit) and valid UTF-8, treat it as a message
-// 6. curl -T file.txt ntfy.sh/mytopic
-//    If file.txt is > message limit, treat it as an attachment
+//  1. curl -X POST -H "Poll: 1234" ntfy.sh/...
+//     If a message is flagged as poll request, the body does not matter and is discarded
+//  2. curl -T somebinarydata.bin "ntfy.sh/mytopic?up=1"
+//     If body is binary, encode as base64, if not do not encode
+//  3. curl -H "Attach: http://example.com/file.jpg" ntfy.sh/mytopic
+//     Body must be a message, because we attached an external URL
+//  4. curl -T short.txt -H "Filename: short.txt" ntfy.sh/mytopic
+//     Body must be attachment, because we passed a filename
+//  5. curl -T file.txt ntfy.sh/mytopic
+//     If file.txt is <= 4096 (message limit) and valid UTF-8, treat it as a message
+//  6. curl -T file.txt ntfy.sh/mytopic
+//     If file.txt is > message limit, treat it as an attachment
 func (s *Server) handlePublishBody(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser, unifiedpush bool) error {
 	if m.Event == pollRequestEvent { // Case 1
 		return s.handleBodyDiscard(body)
@@ -710,18 +834,20 @@ func (s *Server) handleBodyAsTextMessage(m *message, body *util.PeekedReadCloser
 func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message, body *util.PeekedReadCloser) error {
 	if s.fileCache == nil || s.config.BaseURL == "" || s.config.AttachmentCacheDir == "" {
 		return errHTTPBadRequestAttachmentsDisallowed
-	} else if m.Time > time.Now().Add(s.config.AttachmentExpiryDuration).Unix() {
-		return errHTTPBadRequestAttachmentsExpiryBeforeDelivery
 	}
-	visitorStats, err := v.Stats()
+	vinfo, err := v.Info()
 	if err != nil {
 		return err
 	}
+	attachmentExpiry := time.Now().Add(vinfo.Limits.AttachmentExpiryDuration).Unix()
+	if m.Time > attachmentExpiry {
+		return errHTTPBadRequestAttachmentsExpiryBeforeDelivery
+	}
 	contentLengthStr := r.Header.Get("Content-Length")
 	if contentLengthStr != "" { // Early "do-not-trust" check, hard limit see below
 		contentLength, err := strconv.ParseInt(contentLengthStr, 10, 64)
-		if err == nil && (contentLength > visitorStats.VisitorAttachmentBytesRemaining || contentLength > s.config.AttachmentFileSizeLimit) {
-			return errHTTPEntityTooLargeAttachmentTooLarge
+		if err == nil && (contentLength > vinfo.Stats.AttachmentTotalSizeRemaining || contentLength > vinfo.Limits.AttachmentFileSizeLimit) {
+			return errHTTPEntityTooLargeAttachment
 		}
 	}
 	if m.Attachment == nil {
@@ -729,7 +855,7 @@ func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message,
 	}
 	var ext string
 	m.Sender = v.ip // Important for attachment rate limiting
-	m.Attachment.Expires = time.Now().Add(s.config.AttachmentExpiryDuration).Unix()
+	m.Attachment.Expires = attachmentExpiry
 	m.Attachment.Type, ext = util.DetectContentType(body.PeekedBytes, m.Attachment.Name)
 	m.Attachment.URL = fmt.Sprintf("%s/file/%s%s", s.config.BaseURL, m.ID, ext)
 	if m.Attachment.Name == "" {
@@ -738,9 +864,14 @@ func (s *Server) handleBodyAsAttachment(r *http.Request, v *visitor, m *message,
 	if m.Message == "" {
 		m.Message = fmt.Sprintf(defaultAttachmentMessage, m.Attachment.Name)
 	}
-	m.Attachment.Size, err = s.fileCache.Write(m.ID, body, v.BandwidthLimiter(), util.NewFixedLimiter(visitorStats.VisitorAttachmentBytesRemaining))
+	limiters := []util.Limiter{
+		v.BandwidthLimiter(),
+		util.NewFixedLimiter(vinfo.Limits.AttachmentFileSizeLimit),
+		util.NewFixedLimiter(vinfo.Stats.AttachmentTotalSizeRemaining),
+	}
+	m.Attachment.Size, err = s.fileCache.Write(m.ID, body, limiters...)
 	if err == util.ErrLimitReached {
-		return errHTTPEntityTooLargeAttachmentTooLarge
+		return errHTTPEntityTooLargeAttachment
 	} else if err != nil {
 		return err
 	}
@@ -1036,9 +1167,9 @@ func parseSince(r *http.Request, poll bool) (sinceMarker, error) {
 }

 func (s *Server) handleOptions(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
-	w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, POST")
-	w.Header().Set("Access-Control-Allow-Origin", "*")  // CORS, allow cross-origin requests
-	w.Header().Set("Access-Control-Allow-Headers", "*") // CORS, allow auth via JS // FIXME is this terrible?
+	w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, POST, PATCH, DELETE")
+	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
+	w.Header().Set("Access-Control-Allow-Headers", "*")                              // CORS, allow auth via JS // FIXME is this terrible?
 	return nil
 }

@@ -1072,7 +1203,7 @@ func (s *Server) topicsFromIDs(ids ...string) ([]*topic, error) {
 	defer s.mu.Unlock()
 	topics := make([]*topic, 0)
 	for _, id := range ids {
-		if util.InStringList(disallowedTopics, id) {
+		if util.Contains(disallowedTopics, id) {
 			return nil, errHTTPBadRequestTopicDisallowed
 		}
 		if _, ok := s.topics[id]; !ok {
@@ -1086,7 +1217,7 @@ func (s *Server) topicsFromIDs(ids ...string) ([]*topic, error) {
 	return topics, nil
 }

-func (s *Server) updateStatsAndPrune() {
+func (s *Server) execManager() {
 	log.Debug("Manager: Starting")
 	defer log.Debug("Manager: Finished")

@@ -1106,26 +1237,47 @@ func (s *Server) updateStatsAndPrune() {
 	s.mu.Unlock()
 	log.Debug("Manager: Deleted %d stale visitor(s)", staleVisitors)

+	// Delete expired user tokens
+	if s.userManager != nil {
+		if err := s.userManager.RemoveExpiredTokens(); err != nil {
+			log.Warn("Error expiring user tokens: %s", err.Error())
+		}
+	}
+
 	// Delete expired attachments
 	if s.fileCache != nil {
 		ids, err := s.messageCache.AttachmentsExpired()
 		if err != nil {
-			log.Warn("Error retrieving expired attachments: %s", err.Error())
+			log.Warn("Manager: Error retrieving expired attachments: %s", err.Error())
 		} else if len(ids) > 0 {
-			log.Debug("Manager: Deleting expired attachments: %v", ids)
+			if log.IsDebug() {
+				log.Debug("Manager: Deleting attachments %s", strings.Join(ids, ", "))
+			}
 			if err := s.fileCache.Remove(ids...); err != nil {
-				log.Warn("Error deleting attachments: %s", err.Error())
+				log.Warn("Manager: Error deleting attachments: %s", err.Error())
+			}
+			if err := s.messageCache.MarkAttachmentsDeleted(ids...); err != nil {
+				log.Warn("Manager: Error marking attachments deleted: %s", err.Error())
 			}
 		} else {
 			log.Debug("Manager: No expired attachments to delete")
 		}
 	}

-	// Prune message cache
-	olderThan := time.Now().Add(-1 * s.config.CacheDuration)
-	log.Debug("Manager: Pruning messages older than %s", olderThan.Format("2006-01-02 15:04:05"))
-	if err := s.messageCache.Prune(olderThan); err != nil {
-		log.Warn("Manager: Error pruning cache: %s", err.Error())
+	// DeleteMessages message cache
+	log.Debug("Manager: Pruning messages")
+	expiredMessageIDs, err := s.messageCache.MessagesExpired()
+	if err != nil {
+		log.Warn("Manager: Error retrieving expired messages: %s", err.Error())
+	} else if len(expiredMessageIDs) > 0 {
+		if err := s.fileCache.Remove(expiredMessageIDs...); err != nil {
+			log.Warn("Manager: Error deleting attachments for expired messages: %s", err.Error())
+		}
+		if err := s.messageCache.DeleteMessages(expiredMessageIDs...); err != nil {
+			log.Warn("Manager: Error marking attachments deleted: %s", err.Error())
+		}
+	} else {
+		log.Debug("Manager: No expired messages to delete")
 	}

 	// Message count per topic
@@ -1191,18 +1343,49 @@ func (s *Server) runManager() {
 	for {
 		select {
 		case <-time.After(s.config.ManagerInterval):
-			s.updateStatsAndPrune()
+			s.execManager()
 		case <-s.closeChan:
 			return
 		}
 	}
 }

+// runStatsResetter runs once a day (usually midnight UTC) to reset all the visitor's message and
+// email counters. The stats are used to display the counters in the web app, as well as for rate limiting.
+func (s *Server) runStatsResetter() {
+	for {
+		runAt := util.NextOccurrenceUTC(s.config.VisitorStatsResetTime, time.Now())
+		timer := time.NewTimer(time.Until(runAt))
+		log.Debug("Stats resetter: Waiting until %v to reset visitor stats", runAt)
+		select {
+		case <-timer.C:
+			s.resetStats()
+		case <-s.closeChan:
+			timer.Stop()
+			return
+		}
+	}
+}
+
+func (s *Server) resetStats() {
+	log.Info("Resetting all visitor stats (daily task)")
+	s.mu.Lock()
+	defer s.mu.Unlock() // Includes the database query to avoid races with other processes
+	for _, v := range s.visitors {
+		v.ResetStats()
+	}
+	if s.userManager != nil {
+		if err := s.userManager.ResetStats(); err != nil {
+			log.Warn("Failed to write to database: %s", err.Error())
+		}
+	}
+}
+
 func (s *Server) runFirebaseKeepaliver() {
 	if s.firebaseClient == nil {
 		return
 	}
-	v := newVisitor(s.config, s.messageCache, "0.0.0.0") // Background process, not a real visitor
+	v := newVisitor(s.config, s.messageCache, s.userManager, netip.IPv4Unspecified(), nil) // Background process, not a real visitor, uses IP 0.0.0.0
 	for {
 		select {
 		case <-time.After(s.config.FirebaseKeepaliveInterval):
@@ -1234,7 +1417,17 @@ func (s *Server) sendDelayedMessages() error {
 		return err
 	}
 	for _, m := range messages {
-		v := s.visitorFromIP(m.Sender)
+		var v *visitor
+		if s.userManager != nil && m.User != "" {
+			u, err := s.userManager.User(m.User)
+			if err != nil {
+				log.Warn("%s Error sending delayed message: %s", logMessagePrefix(v, m), err.Error())
+				continue
+			}
+			v = s.visitorFromUser(u, m.Sender)
+		} else {
+			v = s.visitorFromIP(m.Sender)
+		}
 		if err := s.sendDelayedMessage(v, m); err != nil {
 			log.Warn("%s Error sending delayed message: %s", logMessagePrefix(v, m), err.Error())
 		}
@@ -1269,7 +1462,7 @@ func (s *Server) sendDelayedMessage(v *visitor, m *message) error {

 func (s *Server) limitRequests(next handleFunc) handleFunc {
 	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
-		if util.InStringList(s.config.VisitorRequestExemptIPAddrs, v.ip) {
+		if util.ContainsIP(s.config.VisitorRequestExemptIPAddrs, v.ip) {
 			return next(w, r, v)
 		} else if err := v.RequestAllowed(); err != nil {
 			return errHTTPTooManyRequestsLimitRequests
@@ -1278,28 +1471,14 @@ func (s *Server) limitRequests(next handleFunc) handleFunc {
 	}
 }

-func (s *Server) ensureWebEnabled(next handleFunc) handleFunc {
-	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
-		if !s.config.EnableWeb {
-			return errHTTPNotFound
-		}
-		return next(w, r, v)
-	}
-}
-
 // transformBodyJSON peeks the request body, reads the JSON, and converts it to headers
 // before passing it on to the next handler. This is meant to be used in combination with handlePublish.
 func (s *Server) transformBodyJSON(next handleFunc) handleFunc {
 	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
-		body, err := util.Peek(r.Body, s.config.MessageLimit)
+		m, err := readJSONWithLimit[publishMessage](r.Body, s.config.MessageLimit*2) // 2x to account for JSON format overhead
 		if err != nil {
 			return err
 		}
-		defer r.Body.Close()
-		var m publishMessage
-		if err := json.NewDecoder(body).Decode(&m); err != nil {
-			return errHTTPBadRequestJSONInvalid
-		}
 		if !topicRegex.MatchString(m.Topic) {
 			return errHTTPBadRequestTopicInvalid
 		}
@@ -1326,10 +1505,13 @@ func (s *Server) transformBodyJSON(next handleFunc) handleFunc {
 		if m.Click != "" {
 			r.Header.Set("X-Click", m.Click)
 		}
+		if m.Icon != "" {
+			r.Header.Set("X-Icon", m.Icon)
+		}
 		if len(m.Actions) > 0 {
 			actionsStr, err := json.Marshal(m.Actions)
 			if err != nil {
-				return errHTTPBadRequestJSONInvalid
+				return errHTTPBadRequestMessageJSONInvalid
 			}
 			r.Header.Set("X-Actions", string(actionsStr))
 		}
@@ -1356,33 +1538,25 @@ func (s *Server) transformMatrixJSON(next handleFunc) handleFunc {
 	}
 }

-func (s *Server) authWrite(next handleFunc) handleFunc {
-	return s.withAuth(next, auth.PermissionWrite)
+func (s *Server) authorizeTopicWrite(next handleFunc) handleFunc {
+	return s.autorizeTopic(next, user.PermissionWrite)
 }

-func (s *Server) authRead(next handleFunc) handleFunc {
-	return s.withAuth(next, auth.PermissionRead)
+func (s *Server) authorizeTopicRead(next handleFunc) handleFunc {
+	return s.autorizeTopic(next, user.PermissionRead)
 }

-func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
+func (s *Server) autorizeTopic(next handleFunc, perm user.Permission) handleFunc {
 	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
-		if s.auth == nil {
+		if s.userManager == nil {
 			return next(w, r, v)
 		}
 		topics, _, err := s.topicsFromPath(r.URL.Path)
 		if err != nil {
 			return err
 		}
-		var user *auth.User // may stay nil if no auth header!
-		username, password, ok := extractUserPass(r)
-		if ok {
-			if user, err = s.auth.Authenticate(username, password); err != nil {
-				log.Info("authentication failed: %s", err.Error())
-				return errHTTPUnauthorized
-			}
-		}
 		for _, t := range topics {
-			if err := s.auth.Authorize(user, t.ID, perm); err != nil {
+			if err := s.userManager.Authorize(v.user, t.ID, perm); err != nil {
 				log.Info("unauthorized: %s", err.Error())
 				return errHTTPForbidden
 			}
@@ -1391,53 +1565,90 @@ func (s *Server) withAuth(next handleFunc, perm auth.Permission) handleFunc {
 	}
 }

-// extractUserPass reads the username/password from the basic auth header (Authorization: Basic ...),
-// or from the ?auth=... query param. The latter is required only to support the WebSocket JavaScript
-// class, which does not support passing headers during the initial request. The auth query param
-// is effectively double base64 encoded. Its format is base64(Basic base64(user:pass)).
-func extractUserPass(r *http.Request) (username string, password string, ok bool) {
-	username, password, ok = r.BasicAuth()
-	if ok {
-		return
-	}
-	authParam := readQueryParam(r, "authorization", "auth")
-	if authParam != "" {
-		a, err := base64.RawURLEncoding.DecodeString(authParam)
-		if err != nil {
-			return
-		}
-		r.Header.Set("Authorization", string(a))
-		return r.BasicAuth()
-	}
-	return
-}
-
 // visitor creates or retrieves a rate.Limiter for the given visitor.
-// This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
-func (s *Server) visitor(r *http.Request) *visitor {
-	remoteAddr := r.RemoteAddr
-	ip, _, err := net.SplitHostPort(remoteAddr)
-	if err != nil {
-		ip = remoteAddr // This should not happen in real life; only in tests.
+// Note that this function will always return a visitor, even if an error occurs.
+func (s *Server) visitor(r *http.Request) (v *visitor, err error) {
+	ip := extractIPAddress(r, s.config.BehindProxy)
+	var u *user.User // may stay nil if no auth header!
+	if u, err = s.authenticate(r); err != nil {
+		log.Debug("authentication failed: %s", err.Error())
+		err = errHTTPUnauthorized // Always return visitor, even when error occurs!
 	}
-	if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
-		// X-Forwarded-For can contain multiple addresses (see #328). If we are behind a proxy,
-		// only the right-most address can be trusted (as this is the one added by our proxy server).
-		// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
-		ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
-		ip = strings.TrimSpace(util.LastString(ips, remoteAddr))
+	if u != nil {
+		v = s.visitorFromUser(u, ip)
+	} else {
+		v = s.visitorFromIP(ip)
 	}
-	return s.visitorFromIP(ip)
+	v.mu.Lock()
+	v.user = u
+	v.mu.Unlock()
+	return v, err // Always return visitor, even when error occurs!
 }

-func (s *Server) visitorFromIP(ip string) *visitor {
+// authenticate a user based on basic auth username/password (Authorization: Basic ...), or token auth (Authorization: Bearer ...).
+// The Authorization header can be passed as a header or the ?auth=... query param. The latter is required only to
+// support the WebSocket JavaScript class, which does not support passing headers during the initial request. The auth
+// query param is effectively double base64 encoded. Its format is base64(Basic base64(user:pass)).
+func (s *Server) authenticate(r *http.Request) (user *user.User, err error) {
+	value := strings.TrimSpace(r.Header.Get("Authorization"))
+	queryParam := readQueryParam(r, "authorization", "auth")
+	if queryParam != "" {
+		a, err := base64.RawURLEncoding.DecodeString(queryParam)
+		if err != nil {
+			return nil, err
+		}
+		value = strings.TrimSpace(string(a))
+	}
+	if value == "" {
+		return nil, nil
+	} else if s.userManager == nil {
+		return nil, errHTTPUnauthorized
+	}
+	if strings.HasPrefix(value, "Bearer") {
+		return s.authenticateBearerAuth(value)
+	}
+	return s.authenticateBasicAuth(r, value)
+}
+
+func (s *Server) authenticateBasicAuth(r *http.Request, value string) (user *user.User, err error) {
+	r.Header.Set("Authorization", value)
+	username, password, ok := r.BasicAuth()
+	if !ok {
+		return nil, errors.New("invalid basic auth")
+	}
+	return s.userManager.Authenticate(username, password)
+}
+
+func (s *Server) authenticateBearerAuth(value string) (user *user.User, err error) {
+	token := strings.TrimSpace(strings.TrimPrefix(value, "Bearer"))
+	return s.userManager.AuthenticateToken(token)
+}
+
+func (s *Server) visitorFromID(visitorID string, ip netip.Addr, user *user.User) *visitor {
 	s.mu.Lock()
 	defer s.mu.Unlock()
-	v, exists := s.visitors[ip]
+	v, exists := s.visitors[visitorID]
 	if !exists {
-		s.visitors[ip] = newVisitor(s.config, s.messageCache, ip)
-		return s.visitors[ip]
+		s.visitors[visitorID] = newVisitor(s.config, s.messageCache, s.userManager, ip, user)
+		return s.visitors[visitorID]
 	}
 	v.Keepalive()
 	return v
 }
+
+func (s *Server) visitorFromIP(ip netip.Addr) *visitor {
+	return s.visitorFromID(fmt.Sprintf("ip:%s", ip.String()), ip, nil)
+}
+
+func (s *Server) visitorFromUser(user *user.User, ip netip.Addr) *visitor {
+	return s.visitorFromID(fmt.Sprintf("user:%s", user.Name), ip, user)
+}
+
+func (s *Server) writeJSON(w http.ResponseWriter, v any) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.Header().Set("Access-Control-Allow-Origin", s.config.AccessControlAllowOrigin) // CORS, allow cross-origin requests
+	if err := json.NewEncoder(w).Encode(v); err != nil {
+		return err
+	}
+	return nil
+}
--- a/server/server.yml
+++ b/server/server.yml
@@ -26,6 +26,7 @@
 # This can be useful to avoid port issues on local systems, and to simplify permissions.
 #
 # listen-unix: <socket-path>
+# listen-unix-mode: <linux permissions, e.g. 0700>

 # Path to the private key & cert file for the HTTPS web server. Not used if "listen-https" is not set.
 #
@@ -52,6 +53,12 @@
 #       pragma journal_mode = WAL;
 #       pragma synchronous = normal;
 #       pragma temp_store = memory;
+#       pragma busy_timeout = 15000;
+#       vacuum;
+#
+# The "cache-batch-size" and "cache-batch-timeout" parameter allow enabling async batch writing
+# of messages. If set, messages will be queued and written to the database in batches of the given
+# size, or after the given timeout. This is only required for high volume servers.
 #
 # Debian/RPM package users:
 #   Use /var/cache/ntfy/cache.db as cache file to avoid permission issues. The package
@@ -64,6 +71,8 @@
 # cache-file: <filename>
 # cache-duration: "12h"
 # cache-startup-queries:
+# cache-batch-size: 0
+# cache-batch-timeout: "0ms"

 # If set, access to the ntfy server and API can be controlled on a granular level using
 # the 'ntfy user' and 'ntfy access' commands. See the --help pages for details, or check the docs.
@@ -149,6 +158,17 @@
 #
 # web-root: app

+# Various feature flags used to control the web app, and API access, mainly around user and
+# account management.
+#
+# - enable-signup allows users to sign up via the web app, or API
+# - enable-login allows users to log in via the web app, or API
+# - enable-reservations allows users to reserve topics (if their tier allows it)
+#
+# enable-signup: false
+# enable-login: false
+# enable-reservations: false
+
 # Server URL of a Firebase/APNS-connected ntfy server (likely "https://ntfy.sh").
 #
 # iOS users:
@@ -172,8 +192,9 @@
 # Rate limiting: Allowed GET/PUT/POST requests per second, per visitor:
 # - visitor-request-limit-burst is the initial bucket of requests each visitor has
 # - visitor-request-limit-replenish is the rate at which the bucket is refilled
-# - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames and IPs to be
-#   exempt from request rate limiting; hostnames are resolved at the time the server is started
+# - visitor-request-limit-exempt-hosts is a comma-separated list of hostnames, IPs or CIDRs to be
+#   exempt from request rate limiting. Hostnames are resolved at the time the server is started.
+#   Example: "1.2.3.4,ntfy.example.com,8.7.6.0/24"
 #
 # visitor-request-limit-burst: 60
 # visitor-request-limit-replenish: "5s"
@@ -193,6 +214,16 @@
 # visitor-attachment-total-size-limit: "100M"
 # visitor-attachment-daily-bandwidth-limit: "500M"

+# Payments integration via Stripe
+#
+# - stripe-secret-key is the key used for the Stripe API communication. Setting this values
+#   enables payments in the ntfy web app (e.g. Upgrade dialog). See https://dashboard.stripe.com/apikeys.
+# - stripe-webhook-key is the key required to validate the authenticity of incoming webhooks from Stripe.
+#   Webhooks are essential up keep the local database in sync with the payment provider. See https://dashboard.stripe.com/webhooks.
+#
+# stripe-secret-key:
+# stripe-webhook-key:
+
 # Log level, can be TRACE, DEBUG, INFO, WARN or ERROR
 # This option can be hot-reloaded by calling "kill -HUP $pid" or "systemctl reload ntfy".
 #
--- a/server/server_account.go
+++ b/server/server_account.go
@@ -0,0 +1,394 @@
+package server
+
+import (
+	"encoding/json"
+	"errors"
+	"heckel.io/ntfy/log"
+	"heckel.io/ntfy/user"
+	"heckel.io/ntfy/util"
+	"net/http"
+)
+
+const (
+	subscriptionIDLength      = 16
+	createdByAPI              = "api"
+	syncTopicAccountSyncEvent = "sync"
+)
+
+func (s *Server) handleAccountCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	admin := v.user != nil && v.user.Role == user.RoleAdmin
+	if !admin {
+		if !s.config.EnableSignup {
+			return errHTTPBadRequestSignupNotEnabled
+		} else if v.user != nil {
+			return errHTTPUnauthorized // Cannot create account from user context
+		}
+	}
+	newAccount, err := readJSONWithLimit[apiAccountCreateRequest](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	if existingUser, _ := s.userManager.User(newAccount.Username); existingUser != nil {
+		return errHTTPConflictUserExists
+	}
+	if v.accountLimiter != nil && !v.accountLimiter.Allow() {
+		return errHTTPTooManyRequestsLimitAccountCreation
+	}
+	if err := s.userManager.AddUser(newAccount.Username, newAccount.Password, user.RoleUser, createdByAPI); err != nil { // TODO this should return a User
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccountGet(w http.ResponseWriter, _ *http.Request, v *visitor) error {
+	info, err := v.Info()
+	if err != nil {
+		return err
+	}
+	limits, stats := info.Limits, info.Stats
+	response := &apiAccountResponse{
+		Limits: &apiAccountLimits{
+			Basis:                    string(limits.Basis),
+			Messages:                 limits.MessagesLimit,
+			MessagesExpiryDuration:   int64(limits.MessagesExpiryDuration.Seconds()),
+			Emails:                   limits.EmailsLimit,
+			Reservations:             limits.ReservationsLimit,
+			AttachmentTotalSize:      limits.AttachmentTotalSizeLimit,
+			AttachmentFileSize:       limits.AttachmentFileSizeLimit,
+			AttachmentExpiryDuration: int64(limits.AttachmentExpiryDuration.Seconds()),
+		},
+		Stats: &apiAccountStats{
+			Messages:                     stats.Messages,
+			MessagesRemaining:            stats.MessagesRemaining,
+			Emails:                       stats.Emails,
+			EmailsRemaining:              stats.EmailsRemaining,
+			Reservations:                 stats.Reservations,
+			ReservationsRemaining:        stats.ReservationsRemaining,
+			AttachmentTotalSize:          stats.AttachmentTotalSize,
+			AttachmentTotalSizeRemaining: stats.AttachmentTotalSizeRemaining,
+		},
+	}
+	if v.user != nil {
+		response.Username = v.user.Name
+		response.Role = string(v.user.Role)
+		response.SyncTopic = v.user.SyncTopic
+		if v.user.Prefs != nil {
+			if v.user.Prefs.Language != "" {
+				response.Language = v.user.Prefs.Language
+			}
+			if v.user.Prefs.Notification != nil {
+				response.Notification = v.user.Prefs.Notification
+			}
+			if v.user.Prefs.Subscriptions != nil {
+				response.Subscriptions = v.user.Prefs.Subscriptions
+			}
+		}
+		if v.user.Tier != nil {
+			response.Tier = &apiAccountTier{
+				Code: v.user.Tier.Code,
+				Name: v.user.Tier.Name,
+			}
+		}
+		if v.user.Billing.StripeCustomerID != "" {
+			response.Billing = &apiAccountBilling{
+				Customer:     true,
+				Subscription: v.user.Billing.StripeSubscriptionID != "",
+				Status:       string(v.user.Billing.StripeSubscriptionStatus),
+				PaidUntil:    v.user.Billing.StripeSubscriptionPaidUntil.Unix(),
+				CancelAt:     v.user.Billing.StripeSubscriptionCancelAt.Unix(),
+			}
+		}
+		reservations, err := s.userManager.Reservations(v.user.Name)
+		if err != nil {
+			return err
+		}
+		if len(reservations) > 0 {
+			response.Reservations = make([]*apiAccountReservation, 0)
+			for _, r := range reservations {
+				response.Reservations = append(response.Reservations, &apiAccountReservation{
+					Topic:    r.Topic,
+					Everyone: r.Everyone.String(),
+				})
+			}
+		}
+	} else {
+		response.Username = user.Everyone
+		response.Role = string(user.RoleAnonymous)
+	}
+	return s.writeJSON(w, response)
+}
+
+func (s *Server) handleAccountDelete(w http.ResponseWriter, _ *http.Request, v *visitor) error {
+	if v.user.Billing.StripeSubscriptionID != "" {
+		log.Info("Deleting user %s (billing customer: %s, billing subscription: %s)", v.user.Name, v.user.Billing.StripeCustomerID, v.user.Billing.StripeSubscriptionID)
+		if v.user.Billing.StripeSubscriptionID != "" {
+			if _, err := s.stripe.CancelSubscription(v.user.Billing.StripeSubscriptionID); err != nil {
+				return err
+			}
+		}
+	} else {
+		log.Info("Deleting user %s", v.user.Name)
+	}
+	if err := s.userManager.RemoveUser(v.user.Name); err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccountPasswordChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	newPassword, err := readJSONWithLimit[apiAccountPasswordChangeRequest](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	if err := s.userManager.ChangePassword(v.user.Name, newPassword.Password); err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccountTokenIssue(w http.ResponseWriter, _ *http.Request, v *visitor) error {
+	// TODO rate limit
+	token, err := s.userManager.CreateToken(v.user)
+	if err != nil {
+		return err
+	}
+	response := &apiAccountTokenResponse{
+		Token:   token.Value,
+		Expires: token.Expires.Unix(),
+	}
+	return s.writeJSON(w, response)
+}
+
+func (s *Server) handleAccountTokenExtend(w http.ResponseWriter, _ *http.Request, v *visitor) error {
+	// TODO rate limit
+	if v.user == nil {
+		return errHTTPUnauthorized
+	} else if v.user.Token == "" {
+		return errHTTPBadRequestNoTokenProvided
+	}
+	token, err := s.userManager.ExtendToken(v.user)
+	if err != nil {
+		return err
+	}
+	response := &apiAccountTokenResponse{
+		Token:   token.Value,
+		Expires: token.Expires.Unix(),
+	}
+	return s.writeJSON(w, response)
+}
+
+func (s *Server) handleAccountTokenDelete(w http.ResponseWriter, _ *http.Request, v *visitor) error {
+	// TODO rate limit
+	if v.user.Token == "" {
+		return errHTTPBadRequestNoTokenProvided
+	}
+	if err := s.userManager.RemoveToken(v.user); err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccountSettingsChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	newPrefs, err := readJSONWithLimit[user.Prefs](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	if v.user.Prefs == nil {
+		v.user.Prefs = &user.Prefs{}
+	}
+	prefs := v.user.Prefs
+	if newPrefs.Language != "" {
+		prefs.Language = newPrefs.Language
+	}
+	if newPrefs.Notification != nil {
+		if prefs.Notification == nil {
+			prefs.Notification = &user.NotificationPrefs{}
+		}
+		if newPrefs.Notification.DeleteAfter > 0 {
+			prefs.Notification.DeleteAfter = newPrefs.Notification.DeleteAfter
+		}
+		if newPrefs.Notification.Sound != "" {
+			prefs.Notification.Sound = newPrefs.Notification.Sound
+		}
+		if newPrefs.Notification.MinPriority > 0 {
+			prefs.Notification.MinPriority = newPrefs.Notification.MinPriority
+		}
+	}
+	if err := s.userManager.ChangeSettings(v.user); err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccountSubscriptionAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	newSubscription, err := readJSONWithLimit[user.Subscription](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	if v.user.Prefs == nil {
+		v.user.Prefs = &user.Prefs{}
+	}
+	newSubscription.ID = "" // Client cannot set ID
+	for _, subscription := range v.user.Prefs.Subscriptions {
+		if newSubscription.BaseURL == subscription.BaseURL && newSubscription.Topic == subscription.Topic {
+			newSubscription = subscription
+			break
+		}
+	}
+	if newSubscription.ID == "" {
+		newSubscription.ID = util.RandomString(subscriptionIDLength)
+		v.user.Prefs.Subscriptions = append(v.user.Prefs.Subscriptions, newSubscription)
+		if err := s.userManager.ChangeSettings(v.user); err != nil {
+			return err
+		}
+	}
+	return s.writeJSON(w, newSubscription)
+}
+
+func (s *Server) handleAccountSubscriptionChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	matches := apiAccountSubscriptionSingleRegex.FindStringSubmatch(r.URL.Path)
+	if len(matches) != 2 {
+		return errHTTPInternalErrorInvalidPath
+	}
+	subscriptionID := matches[1]
+	updatedSubscription, err := readJSONWithLimit[user.Subscription](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	if v.user.Prefs == nil || v.user.Prefs.Subscriptions == nil {
+		return errHTTPNotFound
+	}
+	var subscription *user.Subscription
+	for _, sub := range v.user.Prefs.Subscriptions {
+		if sub.ID == subscriptionID {
+			sub.DisplayName = updatedSubscription.DisplayName
+			subscription = sub
+			break
+		}
+	}
+	if subscription == nil {
+		return errHTTPNotFound
+	}
+	if err := s.userManager.ChangeSettings(v.user); err != nil {
+		return err
+	}
+	return s.writeJSON(w, subscription)
+}
+
+func (s *Server) handleAccountSubscriptionDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	matches := apiAccountSubscriptionSingleRegex.FindStringSubmatch(r.URL.Path)
+	if len(matches) != 2 {
+		return errHTTPInternalErrorInvalidPath
+	}
+	subscriptionID := matches[1]
+	if v.user.Prefs == nil || v.user.Prefs.Subscriptions == nil {
+		return nil
+	}
+	newSubscriptions := make([]*user.Subscription, 0)
+	for _, subscription := range v.user.Prefs.Subscriptions {
+		if subscription.ID != subscriptionID {
+			newSubscriptions = append(newSubscriptions, subscription)
+		}
+	}
+	if len(newSubscriptions) < len(v.user.Prefs.Subscriptions) {
+		v.user.Prefs.Subscriptions = newSubscriptions
+		if err := s.userManager.ChangeSettings(v.user); err != nil {
+			return err
+		}
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccountReservationAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	if v.user != nil && v.user.Role == user.RoleAdmin {
+		return errHTTPBadRequestMakesNoSenseForAdmin
+	}
+	req, err := readJSONWithLimit[apiAccountReservationRequest](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	if !topicRegex.MatchString(req.Topic) {
+		return errHTTPBadRequestTopicInvalid
+	}
+	everyone, err := user.ParsePermission(req.Everyone)
+	if err != nil {
+		return errHTTPBadRequestPermissionInvalid
+	}
+	if v.user.Tier == nil {
+		return errHTTPUnauthorized
+	}
+	if err := s.userManager.CheckAllowAccess(v.user.Name, req.Topic); err != nil {
+		return errHTTPConflictTopicReserved
+	}
+	hasReservation, err := s.userManager.HasReservation(v.user.Name, req.Topic)
+	if err != nil {
+		return err
+	}
+	if !hasReservation {
+		reservations, err := s.userManager.ReservationsCount(v.user.Name)
+		if err != nil {
+			return err
+		} else if reservations >= v.user.Tier.ReservationsLimit {
+			return errHTTPTooManyRequestsLimitReservations
+		}
+	}
+	if err := s.userManager.ReserveAccess(v.user.Name, req.Topic, everyone); err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccountReservationDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	matches := apiAccountReservationSingleRegex.FindStringSubmatch(r.URL.Path)
+	if len(matches) != 2 {
+		return errHTTPInternalErrorInvalidPath
+	}
+	topic := matches[1]
+	if !topicRegex.MatchString(topic) {
+		return errHTTPBadRequestTopicInvalid
+	}
+	authorized, err := s.userManager.HasReservation(v.user.Name, topic)
+	if err != nil {
+		return err
+	} else if !authorized {
+		return errHTTPUnauthorized
+	}
+	if err := s.userManager.RemoveReservations(v.user.Name, topic); err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) publishSyncEvent(v *visitor) error {
+	if v.user == nil || v.user.SyncTopic == "" {
+		return nil
+	}
+	log.Trace("Publishing sync event to user %s's sync topic %s", v.user.Name, v.user.SyncTopic)
+	topics, err := s.topicsFromIDs(v.user.SyncTopic)
+	if err != nil {
+		return err
+	} else if len(topics) == 0 {
+		return errors.New("cannot retrieve sync topic")
+	}
+	syncTopic := topics[0]
+	messageBytes, err := json.Marshal(&apiAccountSyncTopicResponse{Event: syncTopicAccountSyncEvent})
+	if err != nil {
+		return err
+	}
+	m := newDefaultMessage(syncTopic.ID, string(messageBytes))
+	if err := syncTopic.Publish(v, m); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *Server) publishSyncEventAsync(v *visitor) {
+	go func() {
+		if v.user == nil || v.user.SyncTopic == "" {
+			return
+		}
+		if err := s.publishSyncEvent(v); err != nil {
+			log.Trace("Error publishing to user %s's sync topic %s: %s", v.user.Name, v.user.SyncTopic, err.Error())
+		}
+	}()
+}
--- a/server/server_account_test.go
+++ b/server/server_account_test.go
@@ -0,0 +1,485 @@
+package server
+
+import (
+	"fmt"
+	"github.com/stretchr/testify/require"
+	"heckel.io/ntfy/user"
+	"heckel.io/ntfy/util"
+	"io"
+	"testing"
+	"time"
+)
+
+func TestAccount_Signup_Success(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "POST", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+	token, _ := util.UnmarshalJSON[apiAccountTokenResponse](io.NopCloser(rr.Body))
+	require.NotEmpty(t, token.Token)
+	require.True(t, time.Now().Add(71*time.Hour).Unix() < token.Expires)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BearerAuth(token.Token),
+	})
+	require.Equal(t, 200, rr.Code)
+	account, _ := util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, "phil", account.Username)
+	require.Equal(t, "user", account.Role)
+}
+
+func TestAccount_Signup_UserExists(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 409, rr.Code)
+	require.Equal(t, 40901, toHTTPError(t, rr.Body.String()).Code)
+}
+
+func TestAccount_Signup_LimitReached(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	for i := 0; i < 3; i++ {
+		rr := request(t, s, "POST", "/v1/account", fmt.Sprintf(`{"username":"phil%d", "password":"mypass"}`, i), nil)
+		require.Equal(t, 200, rr.Code)
+	}
+	rr := request(t, s, "POST", "/v1/account", `{"username":"thiswontwork", "password":"mypass"}`, nil)
+	require.Equal(t, 429, rr.Code)
+	require.Equal(t, 42906, toHTTPError(t, rr.Body.String()).Code)
+}
+
+func TestAccount_Signup_AsUser(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleAdmin, "unit-test"))
+	require.Nil(t, s.userManager.AddUser("ben", "ben", user.RoleUser, "unit-test"))
+
+	rr := request(t, s, "POST", "/v1/account", `{"username":"emma", "password":"emma"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "POST", "/v1/account", `{"username":"marian", "password":"marian"}`, map[string]string{
+		"Authorization": util.BasicAuth("ben", "ben"),
+	})
+	require.Equal(t, 401, rr.Code)
+}
+
+func TestAccount_Signup_Disabled(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = false
+	s := newTestServer(t, conf)
+
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 400, rr.Code)
+	require.Equal(t, 40022, toHTTPError(t, rr.Body.String()).Code)
+}
+
+func TestAccount_Get_Anonymous(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.VisitorRequestLimitReplenish = 86 * time.Second
+	conf.VisitorEmailLimitReplenish = time.Hour
+	conf.VisitorAttachmentTotalSizeLimit = 5123
+	conf.AttachmentFileSizeLimit = 512
+	s := newTestServer(t, conf)
+	s.smtpSender = &testMailer{}
+
+	rr := request(t, s, "GET", "/v1/account", "", nil)
+	require.Equal(t, 200, rr.Code)
+	account, _ := util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, "*", account.Username)
+	require.Equal(t, string(user.RoleAnonymous), account.Role)
+	require.Equal(t, "ip", account.Limits.Basis)
+	require.Equal(t, int64(1004), account.Limits.Messages) // I hate this
+	require.Equal(t, int64(24), account.Limits.Emails)     // I hate this
+	require.Equal(t, int64(5123), account.Limits.AttachmentTotalSize)
+	require.Equal(t, int64(512), account.Limits.AttachmentFileSize)
+	require.Equal(t, int64(0), account.Stats.Messages)
+	require.Equal(t, int64(1004), account.Stats.MessagesRemaining)
+	require.Equal(t, int64(0), account.Stats.Emails)
+	require.Equal(t, int64(24), account.Stats.EmailsRemaining)
+
+	rr = request(t, s, "POST", "/mytopic", "", nil)
+	require.Equal(t, 200, rr.Code)
+	rr = request(t, s, "POST", "/mytopic", "", map[string]string{
+		"Email": "phil@ntfy.sh",
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", nil)
+	require.Equal(t, 200, rr.Code)
+	account, _ = util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, int64(2), account.Stats.Messages)
+	require.Equal(t, int64(1002), account.Stats.MessagesRemaining)
+	require.Equal(t, int64(1), account.Stats.Emails)
+	require.Equal(t, int64(23), account.Stats.EmailsRemaining)
+}
+
+func TestAccount_ChangeSettings(t *testing.T) {
+	s := newTestServer(t, newTestConfigWithAuthFile(t))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+	user, _ := s.userManager.User("phil")
+	token, _ := s.userManager.CreateToken(user)
+
+	rr := request(t, s, "PATCH", "/v1/account/settings", `{"notification": {"sound": "juntos"},"ignored": true}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "PATCH", "/v1/account/settings", `{"notification": {"delete_after": 86400}, "language": "de"}`, map[string]string{
+		"Authorization": util.BearerAuth(token.Value),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", `{"username":"marian", "password":"marian"}`, map[string]string{
+		"Authorization": util.BearerAuth(token.Value),
+	})
+	require.Equal(t, 200, rr.Code)
+	account, _ := util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, "de", account.Language)
+	require.Equal(t, 86400, account.Notification.DeleteAfter)
+	require.Equal(t, "juntos", account.Notification.Sound)
+	require.Equal(t, 0, account.Notification.MinPriority) // Not set
+}
+
+func TestAccount_Subscription_AddUpdateDelete(t *testing.T) {
+	s := newTestServer(t, newTestConfigWithAuthFile(t))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	rr := request(t, s, "POST", "/v1/account/subscription", `{"base_url": "http://abc.com", "topic": "def"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+	account, _ := util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, 1, len(account.Subscriptions))
+	require.NotEmpty(t, account.Subscriptions[0].ID)
+	require.Equal(t, "http://abc.com", account.Subscriptions[0].BaseURL)
+	require.Equal(t, "def", account.Subscriptions[0].Topic)
+	require.Equal(t, "", account.Subscriptions[0].DisplayName)
+
+	subscriptionID := account.Subscriptions[0].ID
+	rr = request(t, s, "PATCH", "/v1/account/subscription/"+subscriptionID, `{"display_name": "ding dong"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+	account, _ = util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, 1, len(account.Subscriptions))
+	require.Equal(t, subscriptionID, account.Subscriptions[0].ID)
+	require.Equal(t, "http://abc.com", account.Subscriptions[0].BaseURL)
+	require.Equal(t, "def", account.Subscriptions[0].Topic)
+	require.Equal(t, "ding dong", account.Subscriptions[0].DisplayName)
+
+	rr = request(t, s, "DELETE", "/v1/account/subscription/"+subscriptionID, "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+	account, _ = util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, 0, len(account.Subscriptions))
+}
+
+func TestAccount_ChangePassword(t *testing.T) {
+	s := newTestServer(t, newTestConfigWithAuthFile(t))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	rr := request(t, s, "POST", "/v1/account/password", `{"password": "new password"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 401, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "new password"),
+	})
+	require.Equal(t, 200, rr.Code)
+}
+
+func TestAccount_ChangePassword_NoAccount(t *testing.T) {
+	s := newTestServer(t, newTestConfigWithAuthFile(t))
+
+	rr := request(t, s, "POST", "/v1/account/password", `{"password": "new password"}`, nil)
+	require.Equal(t, 401, rr.Code)
+}
+
+func TestAccount_ExtendToken(t *testing.T) {
+	s := newTestServer(t, newTestConfigWithAuthFile(t))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	rr := request(t, s, "POST", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+	token, err := util.UnmarshalJSON[apiAccountTokenResponse](io.NopCloser(rr.Body))
+	require.Nil(t, err)
+
+	time.Sleep(time.Second)
+
+	rr = request(t, s, "PATCH", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BearerAuth(token.Token),
+	})
+	require.Equal(t, 200, rr.Code)
+	extendedToken, err := util.UnmarshalJSON[apiAccountTokenResponse](io.NopCloser(rr.Body))
+	require.Nil(t, err)
+	require.Equal(t, token.Token, extendedToken.Token)
+	require.True(t, token.Expires < extendedToken.Expires)
+}
+
+func TestAccount_ExtendToken_NoTokenProvided(t *testing.T) {
+	s := newTestServer(t, newTestConfigWithAuthFile(t))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	rr := request(t, s, "PATCH", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"), // Not Bearer!
+	})
+	require.Equal(t, 400, rr.Code)
+	require.Equal(t, 40023, toHTTPError(t, rr.Body.String()).Code)
+}
+
+func TestAccount_DeleteToken(t *testing.T) {
+	s := newTestServer(t, newTestConfigWithAuthFile(t))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	rr := request(t, s, "POST", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+	token, err := util.UnmarshalJSON[apiAccountTokenResponse](io.NopCloser(rr.Body))
+	require.Nil(t, err)
+
+	// Delete token failure (using basic auth)
+	rr = request(t, s, "DELETE", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"), // Not Bearer!
+	})
+	require.Equal(t, 400, rr.Code)
+	require.Equal(t, 40023, toHTTPError(t, rr.Body.String()).Code)
+
+	// Delete token with wrong token
+	rr = request(t, s, "DELETE", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BearerAuth("invalidtoken"),
+	})
+	require.Equal(t, 401, rr.Code)
+
+	// Delete token with correct token
+	rr = request(t, s, "DELETE", "/v1/account/token", "", map[string]string{
+		"Authorization": util.BearerAuth(token.Token),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	// Cannot get account anymore
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BearerAuth(token.Token),
+	})
+	require.Equal(t, 401, rr.Code)
+}
+
+func TestAccount_Delete_Success(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "DELETE", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 401, rr.Code)
+}
+
+func TestAccount_Delete_Not_Allowed(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "DELETE", "/v1/account", "", nil)
+	require.Equal(t, 401, rr.Code)
+}
+
+func TestAccount_Reservation_AddWithoutTierFails(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "POST", "/v1/account/reservation", `{"topic":"mytopic", "everyone":"deny-all"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 401, rr.Code)
+}
+
+func TestAccount_Reservation_AddAdminSuccess(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+	require.Nil(t, s.userManager.AddUser("phil", "adminpass", user.RoleAdmin, "unit-test"))
+
+	rr := request(t, s, "POST", "/v1/account/reservation", `{"topic":"mytopic","everyone":"deny-all"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "adminpass"),
+	})
+	require.Equal(t, 400, rr.Code)
+	require.Equal(t, 40026, toHTTPError(t, rr.Body.String()).Code)
+}
+
+func TestAccount_Reservation_AddRemoveUserWithTierSuccess(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	// Create user
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 200, rr.Code)
+
+	// Create a tier
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:                     "pro",
+		Paid:                     false,
+		MessagesLimit:            123,
+		MessagesExpiryDuration:   86400 * time.Second,
+		EmailsLimit:              32,
+		ReservationsLimit:        2,
+		AttachmentFileSizeLimit:  1231231,
+		AttachmentTotalSizeLimit: 123123,
+		AttachmentExpiryDuration: 10800 * time.Second,
+	}))
+	require.Nil(t, s.userManager.ChangeTier("phil", "pro"))
+
+	// Reserve two topics
+	rr = request(t, s, "POST", "/v1/account/reservation", `{"topic": "mytopic", "everyone":"deny-all"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "POST", "/v1/account/reservation", `{"topic": "another", "everyone":"read-only"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	// Trying to reserve a third should fail
+	rr = request(t, s, "POST", "/v1/account/reservation", `{"topic": "yet-another", "everyone":"deny-all"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 429, rr.Code)
+
+	// Modify existing should still work
+	rr = request(t, s, "POST", "/v1/account/reservation", `{"topic": "another", "everyone":"write-only"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	// Check account result
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+	account, _ := util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, "pro", account.Tier.Code)
+	require.Equal(t, int64(123), account.Limits.Messages)
+	require.Equal(t, int64(86400), account.Limits.MessagesExpiryDuration)
+	require.Equal(t, int64(32), account.Limits.Emails)
+	require.Equal(t, int64(2), account.Limits.Reservations)
+	require.Equal(t, int64(1231231), account.Limits.AttachmentFileSize)
+	require.Equal(t, int64(123123), account.Limits.AttachmentTotalSize)
+	require.Equal(t, int64(10800), account.Limits.AttachmentExpiryDuration)
+	require.Equal(t, 2, len(account.Reservations))
+	require.Equal(t, "another", account.Reservations[0].Topic)
+	require.Equal(t, "write-only", account.Reservations[0].Everyone)
+	require.Equal(t, "mytopic", account.Reservations[1].Topic)
+	require.Equal(t, "deny-all", account.Reservations[1].Everyone)
+
+	// Delete and re-check
+	rr = request(t, s, "DELETE", "/v1/account/reservation/another", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+	account, _ = util.UnmarshalJSON[apiAccountResponse](io.NopCloser(rr.Body))
+	require.Equal(t, 1, len(account.Reservations))
+	require.Equal(t, "mytopic", account.Reservations[0].Topic)
+}
+
+func TestAccount_Reservation_PublishByAnonymousFails(t *testing.T) {
+	conf := newTestConfigWithAuthFile(t)
+	conf.AuthDefault = user.PermissionReadWrite
+	conf.EnableSignup = true
+	s := newTestServer(t, conf)
+
+	// Create user with tier
+	rr := request(t, s, "POST", "/v1/account", `{"username":"phil", "password":"mypass"}`, nil)
+	require.Equal(t, 200, rr.Code)
+
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:              "pro",
+		MessagesLimit:     20,
+		ReservationsLimit: 2,
+	}))
+	require.Nil(t, s.userManager.ChangeTier("phil", "pro"))
+
+	// Reserve a topic
+	rr = request(t, s, "POST", "/v1/account/reservation", `{"topic": "mytopic", "everyone":"deny-all"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	// Publish a message
+	rr = request(t, s, "POST", "/mytopic", `Howdy`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	// Publish a message (as anonymous)
+	rr = request(t, s, "POST", "/mytopic", `Howdy`, nil)
+	require.Equal(t, 403, rr.Code)
+}
--- a/server/server_firebase.go
+++ b/server/server_firebase.go
@@ -8,8 +8,8 @@ import (
 	"firebase.google.com/go/v4/messaging"
 	"fmt"
 	"google.golang.org/api/option"
-	"heckel.io/ntfy/auth"
 	"heckel.io/ntfy/log"
+	"heckel.io/ntfy/user"
 	"heckel.io/ntfy/util"
 	"strings"
 )
@@ -28,10 +28,10 @@ var (
 // The actual Firebase implementation is implemented in firebaseSenderImpl, to make it testable.
 type firebaseClient struct {
 	sender firebaseSender
-	auther auth.Auther
+	auther user.Auther
 }

-func newFirebaseClient(sender firebaseSender, auther auth.Auther) *firebaseClient {
+func newFirebaseClient(sender firebaseSender, auther user.Auther) *firebaseClient {
 	return &firebaseClient{
 		sender: sender,
 		auther: auther,
@@ -112,7 +112,7 @@ func (c *firebaseSenderImpl) Send(m *messaging.Message) error {
 //     On Android, this will trigger the app to poll the topic and thereby displaying new messages.
 //   - If UpstreamBaseURL is set, messages are forwarded as poll requests to an upstream server and then forwarded
 //     to Firebase here. This is mainly for iOS to support self-hosted servers.
-func toFirebaseMessage(m *message, auther auth.Auther) (*messaging.Message, error) {
+func toFirebaseMessage(m *message, auther user.Auther) (*messaging.Message, error) {
 	var data map[string]string // Mostly matches https://ntfy.sh/docs/subscribe/api/#json-message-format
 	var apnsConfig *messaging.APNSConfig
 	switch m.Event {
@@ -137,7 +137,7 @@ func toFirebaseMessage(m *message, auther auth.Auther) (*messaging.Message, erro
 	case messageEvent:
 		allowForward := true
 		if auther != nil {
-			allowForward = auther.Authorize(nil, m.Topic, auth.PermissionRead) == nil
+			allowForward = auther.Authorize(nil, m.Topic, user.PermissionRead) == nil
 		}
 		if allowForward {
 			data = map[string]string{
@@ -148,6 +148,7 @@ func toFirebaseMessage(m *message, auther auth.Auther) (*messaging.Message, erro
 				"priority": fmt.Sprintf("%d", m.Priority),
 				"tags":     strings.Join(m.Tags, ","),
 				"click":    m.Click,
+				"icon":     m.Icon,
 				"title":    m.Title,
 				"message":  m.Message,
 				"encoding": m.Encoding,
@@ -216,7 +217,7 @@ func maybeTruncateFCMMessage(m *messaging.Message) *messaging.Message {
 // We must set the Alert struct ("alert"), and we need to set MutableContent ("mutable-content"), so the Notification Service
 // Extension in iOS can modify the message.
 func createAPNSAlertConfig(m *message, data map[string]string) *messaging.APNSConfig {
-	apnsData := make(map[string]interface{})
+	apnsData := make(map[string]any)
 	for k, v := range data {
 		apnsData[k] = v
 	}
@@ -240,7 +241,7 @@ func createAPNSAlertConfig(m *message, data map[string]string) *messaging.APNSCo
 //
 // See https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/pushing_background_updates_to_your_app
 func createAPNSBackgroundConfig(data map[string]string) *messaging.APNSConfig {
-	apnsData := make(map[string]interface{})
+	apnsData := make(map[string]any)
 	for k, v := range data {
 		apnsData[k] = v
 	}
--- a/server/server_firebase_test.go
+++ b/server/server_firebase_test.go
@@ -3,24 +3,28 @@ package server
 import (
 	"encoding/json"
 	"errors"
-	"firebase.google.com/go/v4/messaging"
 	"fmt"
-	"github.com/stretchr/testify/require"
-	"heckel.io/ntfy/auth"
+	"heckel.io/ntfy/user"
+	"net/netip"
 	"strings"
 	"sync"
 	"testing"
+
+	"firebase.google.com/go/v4/messaging"
+	"github.com/stretchr/testify/require"
 )

 type testAuther struct {
 	Allow bool
 }

-func (t testAuther) Authenticate(_, _ string) (*auth.User, error) {
+var _ user.Auther = (*testAuther)(nil)
+
+func (t testAuther) Authenticate(_, _ string) (*user.User, error) {
 	return nil, errors.New("not used")
 }

-func (t testAuther) Authorize(_ *auth.User, _ string, _ auth.Permission) error {
+func (t testAuther) Authorize(_ *user.User, _ string, _ user.Permission) error {
 	if t.Allow {
 		return nil
 	}
@@ -71,7 +75,7 @@ func TestToFirebaseMessage_Keepalive(t *testing.T) {
 			Aps: &messaging.Aps{
 				ContentAvailable: true,
 			},
-			CustomData: map[string]interface{}{
+			CustomData: map[string]any{
 				"id":    m.ID,
 				"time":  fmt.Sprintf("%d", m.Time),
 				"event": m.Event,
@@ -102,7 +106,7 @@ func TestToFirebaseMessage_Open(t *testing.T) {
 			Aps: &messaging.Aps{
 				ContentAvailable: true,
 			},
-			CustomData: map[string]interface{}{
+			CustomData: map[string]any{
 				"id":    m.ID,
 				"time":  fmt.Sprintf("%d", m.Time),
 				"event": m.Event,
@@ -123,6 +127,7 @@ func TestToFirebaseMessage_Message_Normal_Allowed(t *testing.T) {
 	m.Priority = 4
 	m.Tags = []string{"tag 1", "tag2"}
 	m.Click = "https://google.com"
+	m.Icon = "https://ntfy.sh/static/img/ntfy.png"
 	m.Title = "some title"
 	m.Actions = []*action{
 		{
@@ -165,7 +170,7 @@ func TestToFirebaseMessage_Message_Normal_Allowed(t *testing.T) {
 					Body:  "this is a message",
 				},
 			},
-			CustomData: map[string]interface{}{
+			CustomData: map[string]any{
 				"id":                 m.ID,
 				"time":               fmt.Sprintf("%d", m.Time),
 				"event":              "message",
@@ -173,6 +178,7 @@ func TestToFirebaseMessage_Message_Normal_Allowed(t *testing.T) {
 				"priority":           "4",
 				"tags":               strings.Join(m.Tags, ","),
 				"click":              "https://google.com",
+				"icon":               "https://ntfy.sh/static/img/ntfy.png",
 				"title":              "some title",
 				"message":            "this is a message",
 				"actions":            `[{"id":"123","action":"view","label":"Open page","clear":true,"url":"https://ntfy.sh"},{"id":"456","action":"http","label":"Close door","clear":false,"url":"https://door.com/close","method":"PUT","headers":{"really":"yes"}}]`,
@@ -193,6 +199,7 @@ func TestToFirebaseMessage_Message_Normal_Allowed(t *testing.T) {
 		"priority":           "4",
 		"tags":               strings.Join(m.Tags, ","),
 		"click":              "https://google.com",
+		"icon":               "https://ntfy.sh/static/img/ntfy.png",
 		"title":              "some title",
 		"message":            "this is a message",
 		"actions":            `[{"id":"123","action":"view","label":"Open page","clear":true,"url":"https://ntfy.sh"},{"id":"456","action":"http","label":"Close door","clear":false,"url":"https://door.com/close","method":"PUT","headers":{"really":"yes"}}]`,
@@ -239,7 +246,7 @@ func TestToFirebaseMessage_PollRequest(t *testing.T) {
 					Body:  "New message",
 				},
 			},
-			CustomData: map[string]interface{}{
+			CustomData: map[string]any{
 				"id":      m.ID,
 				"time":    fmt.Sprintf("%d", m.Time),
 				"event":   "poll_request",
@@ -319,7 +326,7 @@ func TestMaybeTruncateFCMMessage_NotTooLong(t *testing.T) {
 func TestToFirebaseSender_Abuse(t *testing.T) {
 	sender := &testFirebaseSender{allowed: 2}
 	client := newFirebaseClient(sender, &testAuther{})
-	visitor := newVisitor(newTestConfig(t), newMemTestCache(t), "1.2.3.4")
+	visitor := newVisitor(newTestConfig(t), newMemTestCache(t), nil, netip.MustParseAddr("1.2.3.4"), nil)

 	require.Nil(t, client.Send(visitor, &message{Topic: "mytopic"}))
 	require.Equal(t, 1, len(sender.Messages()))
--- a/server/server_matrix.go
+++ b/server/server_matrix.go
@@ -47,17 +47,17 @@ import (
 //
 // From the message, we only require the "pushkey", as it represents our target topic URL.
 // A message may look like this (excerpt):
-//    {
-//      "notification": {
-//        "devices": [
-//           {
-//              "pushkey": "https://ntfy.sh/upDAHJKFFDFD?up=1",
-//              ...
-//           }
-//        ]
-//      }
-//    }
 //
+//	{
+//	  "notification": {
+//	    "devices": [
+//	       {
+//	          "pushkey": "https://ntfy.sh/upDAHJKFFDFD?up=1",
+//	          ...
+//	       }
+//	    ]
+//	  }
+//	}
 type matrixRequest struct {
 	Notification *struct {
 		Devices []*struct {
@@ -96,14 +96,13 @@ const (
 //
 // It basically converts a Matrix push gatewqy request:
 //
-//    POST /_matrix/push/v1/notify HTTP/1.1
-//    { "notification": { "devices": [ { "pushkey": "https://ntfy.sh/upDAHJKFFDFD?up=1", ... } ] } }
+//	POST /_matrix/push/v1/notify HTTP/1.1
+//	{ "notification": { "devices": [ { "pushkey": "https://ntfy.sh/upDAHJKFFDFD?up=1", ... } ] } }
 //
 // to a ntfy request, looking like this:
 //
-//    POST /upDAHJKFFDFD?up=1 HTTP/1.1
-//    { "notification": { "devices": [ { "pushkey": "https://ntfy.sh/upDAHJKFFDFD?up=1", ... } ] } }
-//
+//	POST /upDAHJKFFDFD?up=1 HTTP/1.1
+//	{ "notification": { "devices": [ { "pushkey": "https://ntfy.sh/upDAHJKFFDFD?up=1", ... } ] } }
 func newRequestFromMatrixJSON(r *http.Request, baseURL string, messageLimit int) (*http.Request, error) {
 	if baseURL == "" {
 		return nil, errHTTPInternalErrorMissingBaseURL
@@ -114,7 +113,7 @@ func newRequestFromMatrixJSON(r *http.Request, baseURL string, messageLimit int)
 	}
 	defer r.Body.Close()
 	if body.LimitReached {
-		return nil, errHTTPEntityTooLargeMatrixRequestTooLarge
+		return nil, errHTTPEntityTooLargeMatrixRequest
 	}
 	var m matrixRequest
 	if err := json.Unmarshal(body.PeekedBytes, &m); err != nil {
@@ -124,7 +123,7 @@ func newRequestFromMatrixJSON(r *http.Request, baseURL string, messageLimit int)
 	}
 	pushKey := m.Notification.Devices[0].PushKey // We ignore other devices for now, see discussion in #316
 	if !strings.HasPrefix(pushKey, baseURL+"/") {
-		return nil, &errMatrix{pushKey: pushKey, err: errHTTPBadRequestMatrixPushkeyBaseURLMismatch}
+		return nil, &errMatrix{pushKey: pushKey, err: wrapErrHTTP(errHTTPBadRequestMatrixPushkeyBaseURLMismatch, "received push key: %s, configured base URL: %s", pushKey, baseURL)}
 	}
 	newRequest, err := http.NewRequest(http.MethodPost, pushKey, io.NopCloser(bytes.NewReader(body.PeekedBytes)))
 	if err != nil {
--- a/server/server_matrix_test.go
+++ b/server/server_matrix_test.go
@@ -1,11 +1,13 @@
 package server

 import (
-	"github.com/stretchr/testify/require"
 	"net/http"
 	"net/http/httptest"
+	"net/netip"
 	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/require"
 )

 func TestMatrix_NewRequestFromMatrixJSON_Success(t *testing.T) {
@@ -27,7 +29,7 @@ func TestMatrix_NewRequestFromMatrixJSON_TooLarge(t *testing.T) {
 	body := `{"notification":{"content":{"body":"I'm floating in a most peculiar way.","msgtype":"m.text"},"counts":{"missed_calls":1,"unread":2},"devices":[{"app_id":"org.matrix.matrixConsole.ios","data":{},"pushkey":"https://ntfy.sh/upABCDEFGHI?up=1","pushkey_ts":12345678,"tweaks":{"sound":"bing"}}],"event_id":"$3957tyerfgewrf384","prio":"high","room_alias":"#exampleroom:matrix.org","room_id":"!slw48wfj34rtnrf:example.com","room_name":"Mission Control","sender":"@exampleuser:matrix.org","sender_display_name":"Major Tom","type":"m.room.message"}}`
 	r, _ := http.NewRequest("POST", "http://ntfy.example.com/_matrix/push/v1/notify", strings.NewReader(body))
 	_, err := newRequestFromMatrixJSON(r, baseURL, maxLength)
-	require.Equal(t, errHTTPEntityTooLargeMatrixRequestTooLarge, err)
+	require.Equal(t, errHTTPEntityTooLargeMatrixRequest, err)
 }

 func TestMatrix_NewRequestFromMatrixJSON_InvalidJSON(t *testing.T) {
@@ -56,7 +58,7 @@ func TestMatrix_NewRequestFromMatrixJSON_MismatchingPushKey(t *testing.T) {
 	_, err := newRequestFromMatrixJSON(r, baseURL, maxLength)
 	matrixErr, ok := err.(*errMatrix)
 	require.True(t, ok)
-	require.Equal(t, errHTTPBadRequestMatrixPushkeyBaseURLMismatch, matrixErr.err)
+	require.Equal(t, "invalid request: push key must be prefixed with base URL, received push key: https://ntfy.example.com/upABCDEFGHI?up=1, configured base URL: https://ntfy.sh", matrixErr.err.Error())
 	require.Equal(t, "https://ntfy.example.com/upABCDEFGHI?up=1", matrixErr.pushKey)
 }

@@ -70,7 +72,7 @@ func TestMatrix_WriteMatrixDiscoveryResponse(t *testing.T) {
 func TestMatrix_WriteMatrixError(t *testing.T) {
 	w := httptest.NewRecorder()
 	r, _ := http.NewRequest("POST", "http://ntfy.example.com/_matrix/push/v1/notify", nil)
-	v := newVisitor(newTestConfig(t), nil, "1.2.3.4")
+	v := newVisitor(newTestConfig(t), nil, nil, netip.MustParseAddr("1.2.3.4"), nil)
 	require.Nil(t, writeMatrixError(w, r, v, &errMatrix{"https://ntfy.example.com/upABCDEFGHI?up=1", errHTTPBadRequestMatrixPushkeyBaseURLMismatch}))
 	require.Equal(t, 200, w.Result().StatusCode)
 	require.Equal(t, `{"rejected":["https://ntfy.example.com/upABCDEFGHI?up=1"]}`+"\n", w.Body.String())
--- a/server/server_middleware.go
+++ b/server/server_middleware.go
@@ -0,0 +1,63 @@
+package server
+
+import (
+	"net/http"
+)
+
+func (s *Server) ensureWebEnabled(next handleFunc) handleFunc {
+	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		if !s.config.EnableWeb {
+			return errHTTPNotFound
+		}
+		return next(w, r, v)
+	}
+}
+
+func (s *Server) ensureUserManager(next handleFunc) handleFunc {
+	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		if s.userManager == nil {
+			return errHTTPNotFound
+		}
+		return next(w, r, v)
+	}
+}
+
+func (s *Server) ensureUser(next handleFunc) handleFunc {
+	return s.ensureUserManager(func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		if v.user == nil {
+			return errHTTPUnauthorized
+		}
+		return next(w, r, v)
+	})
+}
+
+func (s *Server) ensurePaymentsEnabled(next handleFunc) handleFunc {
+	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		if s.config.StripeSecretKey == "" || s.stripe == nil {
+			return errHTTPNotFound
+		}
+		return next(w, r, v)
+	}
+}
+
+func (s *Server) ensureStripeCustomer(next handleFunc) handleFunc {
+	return s.ensureUser(func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		if v.user.Billing.StripeCustomerID == "" {
+			return errHTTPBadRequestNotAPaidUser
+		}
+		return next(w, r, v)
+	})
+}
+
+func (s *Server) withAccountSync(next handleFunc) handleFunc {
+	return func(w http.ResponseWriter, r *http.Request, v *visitor) error {
+		if v.user == nil {
+			return next(w, r, v)
+		}
+		err := next(w, r, v)
+		if err == nil {
+			s.publishSyncEventAsync(v)
+		}
+		return err
+	}
+}
--- a/server/server_payments.go
+++ b/server/server_payments.go
@@ -0,0 +1,469 @@
+package server
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/stripe/stripe-go/v74"
+	portalsession "github.com/stripe/stripe-go/v74/billingportal/session"
+	"github.com/stripe/stripe-go/v74/checkout/session"
+	"github.com/stripe/stripe-go/v74/customer"
+	"github.com/stripe/stripe-go/v74/price"
+	"github.com/stripe/stripe-go/v74/subscription"
+	"github.com/stripe/stripe-go/v74/webhook"
+	"heckel.io/ntfy/log"
+	"heckel.io/ntfy/user"
+	"heckel.io/ntfy/util"
+	"io"
+	"net/http"
+	"net/netip"
+	"time"
+)
+
+var (
+	errNotAPaidTier                 = errors.New("tier does not have billing price identifier")
+	errMultipleBillingSubscriptions = errors.New("cannot have multiple billing subscriptions")
+	errNoBillingSubscription        = errors.New("user does not have an active billing subscription")
+)
+
+// Payments in ntfy are done via Stripe.
+//
+// Pretty much all payments related things are in this file. The following processes
+// handle payments:
+//
+// - Checkout:
+//      Creating a Stripe customer and subscription via the Checkout flow. This flow is only used if the
+//      ntfy user is not already a Stripe customer. This requires redirecting to the Stripe checkout page.
+//      It is implemented in handleAccountBillingSubscriptionCreate and the success callback
+//      handleAccountBillingSubscriptionCreateSuccess.
+// - Update subscription:
+//      Switching between Stripe subscriptions (upgrade/downgrade) is handled via
+//      handleAccountBillingSubscriptionUpdate. This also handles proration.
+// - Cancel subscription (at period end):
+//      Users can cancel the Stripe subscription via the web app at the end of the billing period. This
+//      simply updates the subscription and Stripe will cancel it. Users cannot immediately cancel the
+//      subscription.
+// - Webhooks:
+//      Whenever a subscription changes (updated, deleted), Stripe sends us a request via a webhook.
+//      This is used to keep the local user database fields up to date. Stripe is the source of truth.
+//      What Stripe says is mirrored and not questioned.
+
+// handleBillingTiersGet returns all available paid tiers, and the free tier. This is to populate the upgrade dialog
+// in the UI. Note that this endpoint does NOT have a user context (no v.user!).
+func (s *Server) handleBillingTiersGet(w http.ResponseWriter, _ *http.Request, _ *visitor) error {
+	tiers, err := s.userManager.Tiers()
+	if err != nil {
+		return err
+	}
+	freeTier := defaultVisitorLimits(s.config)
+	response := []*apiAccountBillingTier{
+		{
+			// This is a bit of a hack: This is the "Free" tier. It has no tier code, name or price.
+			Limits: &apiAccountLimits{
+				Messages:                 freeTier.MessagesLimit,
+				MessagesExpiryDuration:   int64(freeTier.MessagesExpiryDuration.Seconds()),
+				Emails:                   freeTier.EmailsLimit,
+				Reservations:             freeTier.ReservationsLimit,
+				AttachmentTotalSize:      freeTier.AttachmentTotalSizeLimit,
+				AttachmentFileSize:       freeTier.AttachmentFileSizeLimit,
+				AttachmentExpiryDuration: int64(freeTier.AttachmentExpiryDuration.Seconds()),
+			},
+		},
+	}
+	prices, err := s.priceCache.Value()
+	if err != nil {
+		return err
+	}
+	for _, tier := range tiers {
+		priceStr, ok := prices[tier.StripePriceID]
+		if tier.StripePriceID == "" || !ok {
+			continue
+		}
+		response = append(response, &apiAccountBillingTier{
+			Code:  tier.Code,
+			Name:  tier.Name,
+			Price: priceStr,
+			Limits: &apiAccountLimits{
+				Messages:                 tier.MessagesLimit,
+				MessagesExpiryDuration:   int64(tier.MessagesExpiryDuration.Seconds()),
+				Emails:                   tier.EmailsLimit,
+				Reservations:             tier.ReservationsLimit,
+				AttachmentTotalSize:      tier.AttachmentTotalSizeLimit,
+				AttachmentFileSize:       tier.AttachmentFileSizeLimit,
+				AttachmentExpiryDuration: int64(tier.AttachmentExpiryDuration.Seconds()),
+			},
+		})
+	}
+	return s.writeJSON(w, response)
+}
+
+// handleAccountBillingSubscriptionCreate creates a Stripe checkout flow to create a user subscription. The tier
+// will be updated by a subsequent webhook from Stripe, once the subscription becomes active.
+func (s *Server) handleAccountBillingSubscriptionCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	if v.user.Billing.StripeSubscriptionID != "" {
+		return errHTTPBadRequestBillingSubscriptionExists
+	}
+	req, err := readJSONWithLimit[apiAccountBillingSubscriptionChangeRequest](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	tier, err := s.userManager.Tier(req.Tier)
+	if err != nil {
+		return err
+	} else if tier.StripePriceID == "" {
+		return errNotAPaidTier
+	}
+	log.Info("Stripe: No existing subscription, creating checkout flow")
+	var stripeCustomerID *string
+	if v.user.Billing.StripeCustomerID != "" {
+		stripeCustomerID = &v.user.Billing.StripeCustomerID
+		stripeCustomer, err := s.stripe.GetCustomer(v.user.Billing.StripeCustomerID)
+		if err != nil {
+			return err
+		} else if stripeCustomer.Subscriptions != nil && len(stripeCustomer.Subscriptions.Data) > 0 {
+			return errMultipleBillingSubscriptions
+		}
+	}
+	successURL := s.config.BaseURL + apiAccountBillingSubscriptionCheckoutSuccessTemplate
+	params := &stripe.CheckoutSessionParams{
+		Customer:            stripeCustomerID, // A user may have previously deleted their subscription
+		ClientReferenceID:   &v.user.Name,
+		SuccessURL:          &successURL,
+		Mode:                stripe.String(string(stripe.CheckoutSessionModeSubscription)),
+		AllowPromotionCodes: stripe.Bool(true),
+		LineItems: []*stripe.CheckoutSessionLineItemParams{
+			{
+				Price:    stripe.String(tier.StripePriceID),
+				Quantity: stripe.Int64(1),
+			},
+		},
+		/*AutomaticTax: &stripe.CheckoutSessionAutomaticTaxParams{
+			Enabled: stripe.Bool(true),
+		},*/
+	}
+	sess, err := s.stripe.NewCheckoutSession(params)
+	if err != nil {
+		return err
+	}
+	response := &apiAccountBillingSubscriptionCreateResponse{
+		RedirectURL: sess.URL,
+	}
+	return s.writeJSON(w, response)
+}
+
+// handleAccountBillingSubscriptionCreateSuccess is called after the Stripe checkout session has succeeded. We use
+// the session ID in the URL to retrieve the Stripe subscription and update the local database. This is the first
+// and only time we can map the local username with the Stripe customer ID.
+func (s *Server) handleAccountBillingSubscriptionCreateSuccess(w http.ResponseWriter, r *http.Request, _ *visitor) error {
+	// We don't have a v.user in this endpoint, only a userManager!
+	matches := apiAccountBillingSubscriptionCheckoutSuccessRegex.FindStringSubmatch(r.URL.Path)
+	if len(matches) != 2 {
+		return errHTTPInternalErrorInvalidPath
+	}
+	sessionID := matches[1]
+	sess, err := s.stripe.GetSession(sessionID) // FIXME How do we rate limit this?
+	if err != nil {
+		return err
+	} else if sess.Customer == nil || sess.Subscription == nil || sess.ClientReferenceID == "" {
+		return wrapErrHTTP(errHTTPBadRequestBillingRequestInvalid, "customer or subscription not found")
+	}
+	sub, err := s.stripe.GetSubscription(sess.Subscription.ID)
+	if err != nil {
+		return err
+	} else if sub.Items == nil || len(sub.Items.Data) != 1 || sub.Items.Data[0].Price == nil {
+		return wrapErrHTTP(errHTTPBadRequestBillingRequestInvalid, "more than one line item in existing subscription")
+	}
+	tier, err := s.userManager.TierByStripePrice(sub.Items.Data[0].Price.ID)
+	if err != nil {
+		return err
+	}
+	u, err := s.userManager.User(sess.ClientReferenceID)
+	if err != nil {
+		return err
+	}
+	if err := s.updateSubscriptionAndTier(u, tier, sess.Customer.ID, sub.ID, string(sub.Status), sub.CurrentPeriodEnd, sub.CancelAt); err != nil {
+		return err
+	}
+	http.Redirect(w, r, s.config.BaseURL+accountPath, http.StatusSeeOther)
+	return nil
+}
+
+// handleAccountBillingSubscriptionUpdate updates an existing Stripe subscription to a new price, and updates
+// a user's tier accordingly. This endpoint only works if there is an existing subscription.
+func (s *Server) handleAccountBillingSubscriptionUpdate(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	if v.user.Billing.StripeSubscriptionID == "" {
+		return errNoBillingSubscription
+	}
+	req, err := readJSONWithLimit[apiAccountBillingSubscriptionChangeRequest](r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	}
+	tier, err := s.userManager.Tier(req.Tier)
+	if err != nil {
+		return err
+	}
+	log.Info("Stripe: Changing tier and subscription to %s", tier.Code)
+	sub, err := s.stripe.GetSubscription(v.user.Billing.StripeSubscriptionID)
+	if err != nil {
+		return err
+	}
+	params := &stripe.SubscriptionParams{
+		CancelAtPeriodEnd: stripe.Bool(false),
+		ProrationBehavior: stripe.String(string(stripe.SubscriptionSchedulePhaseProrationBehaviorCreateProrations)),
+		Items: []*stripe.SubscriptionItemsParams{
+			{
+				ID:    stripe.String(sub.Items.Data[0].ID),
+				Price: stripe.String(tier.StripePriceID),
+			},
+		},
+	}
+	_, err = s.stripe.UpdateSubscription(sub.ID, params)
+	if err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+// handleAccountBillingSubscriptionDelete facilitates downgrading a paid user to a tier-less user,
+// and cancelling the Stripe subscription entirely
+func (s *Server) handleAccountBillingSubscriptionDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	if v.user.Billing.StripeSubscriptionID != "" {
+		params := &stripe.SubscriptionParams{
+			CancelAtPeriodEnd: stripe.Bool(true),
+		}
+		_, err := s.stripe.UpdateSubscription(v.user.Billing.StripeSubscriptionID, params)
+		if err != nil {
+			return err
+		}
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+// handleAccountBillingPortalSessionCreate creates a session to the customer billing portal, and returns the
+// redirect URL. The billing portal allows customers to change their payment methods, and cancel the subscription.
+func (s *Server) handleAccountBillingPortalSessionCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	if v.user.Billing.StripeCustomerID == "" {
+		return errHTTPBadRequestNotAPaidUser
+	}
+	params := &stripe.BillingPortalSessionParams{
+		Customer:  stripe.String(v.user.Billing.StripeCustomerID),
+		ReturnURL: stripe.String(s.config.BaseURL),
+	}
+	ps, err := s.stripe.NewPortalSession(params)
+	if err != nil {
+		return err
+	}
+	response := &apiAccountBillingPortalRedirectResponse{
+		RedirectURL: ps.URL,
+	}
+	return s.writeJSON(w, response)
+}
+
+// handleAccountBillingWebhook handles incoming Stripe webhooks. It mainly keeps the local user database in sync
+// with the Stripe view of the world. This endpoint is authorized via the Stripe webhook secret. Note that the
+// visitor (v) in this endpoint is the Stripe API, so we don't have v.user available.
+func (s *Server) handleAccountBillingWebhook(w http.ResponseWriter, r *http.Request, _ *visitor) error {
+	stripeSignature := r.Header.Get("Stripe-Signature")
+	if stripeSignature == "" {
+		return errHTTPBadRequestBillingRequestInvalid
+	}
+	body, err := util.Peek(r.Body, jsonBodyBytesLimit)
+	if err != nil {
+		return err
+	} else if body.LimitReached {
+		return errHTTPEntityTooLargeJSONBody
+	}
+	event, err := s.stripe.ConstructWebhookEvent(body.PeekedBytes, stripeSignature, s.config.StripeWebhookKey)
+	if err != nil {
+		return err
+	} else if event.Data == nil || event.Data.Raw == nil {
+		return errHTTPBadRequestBillingRequestInvalid
+	}
+
+	log.Info("Stripe: webhook event %s received", event.Type)
+	switch event.Type {
+	case "customer.subscription.updated":
+		return s.handleAccountBillingWebhookSubscriptionUpdated(event.Data.Raw)
+	case "customer.subscription.deleted":
+		return s.handleAccountBillingWebhookSubscriptionDeleted(event.Data.Raw)
+	default:
+		return nil
+	}
+}
+
+func (s *Server) handleAccountBillingWebhookSubscriptionUpdated(event json.RawMessage) error {
+	r, err := util.UnmarshalJSON[apiStripeSubscriptionUpdatedEvent](io.NopCloser(bytes.NewReader(event)))
+	if err != nil {
+		return err
+	} else if r.ID == "" || r.Customer == "" || r.Status == "" || r.CurrentPeriodEnd == 0 || r.Items == nil || len(r.Items.Data) != 1 || r.Items.Data[0].Price == nil || r.Items.Data[0].Price.ID == "" {
+		return errHTTPBadRequestBillingRequestInvalid
+	}
+	subscriptionID, priceID := r.ID, r.Items.Data[0].Price.ID
+	log.Info("Stripe: customer %s: Updating subscription to status %s, with price %s", r.Customer, r.Status, priceID)
+	u, err := s.userManager.UserByStripeCustomer(r.Customer)
+	if err != nil {
+		return err
+	}
+	tier, err := s.userManager.TierByStripePrice(priceID)
+	if err != nil {
+		return err
+	}
+	if err := s.updateSubscriptionAndTier(u, tier, r.Customer, subscriptionID, r.Status, r.CurrentPeriodEnd, r.CancelAt); err != nil {
+		return err
+	}
+	s.publishSyncEventAsync(s.visitorFromUser(u, netip.IPv4Unspecified()))
+	return nil
+}
+
+func (s *Server) handleAccountBillingWebhookSubscriptionDeleted(event json.RawMessage) error {
+	r, err := util.UnmarshalJSON[apiStripeSubscriptionDeletedEvent](io.NopCloser(bytes.NewReader(event)))
+	if err != nil {
+		return err
+	} else if r.Customer == "" {
+		return errHTTPBadRequestBillingRequestInvalid
+	}
+	log.Info("Stripe: customer %s: subscription deleted, downgrading to unpaid tier", r.Customer)
+	u, err := s.userManager.UserByStripeCustomer(r.Customer)
+	if err != nil {
+		return err
+	}
+	if err := s.updateSubscriptionAndTier(u, nil, r.Customer, "", "", 0, 0); err != nil {
+		return err
+	}
+	s.publishSyncEventAsync(s.visitorFromUser(u, netip.IPv4Unspecified()))
+	return nil
+}
+
+func (s *Server) updateSubscriptionAndTier(u *user.User, tier *user.Tier, customerID, subscriptionID, status string, paidUntil, cancelAt int64) error {
+	// Remove excess reservations (if too many for tier), and mark associated messages deleted
+	reservations, err := s.userManager.Reservations(u.Name)
+	if err != nil {
+		return err
+	}
+	reservationsLimit := visitorDefaultReservationsLimit
+	if tier != nil {
+		reservationsLimit = tier.ReservationsLimit
+	}
+	if int64(len(reservations)) > reservationsLimit {
+		topics := make([]string, 0)
+		for i := int64(len(reservations)) - 1; i >= reservationsLimit; i-- {
+			topics = append(topics, reservations[i].Topic)
+		}
+		if err := s.userManager.RemoveReservations(u.Name, topics...); err != nil {
+			return err
+		}
+		if err := s.messageCache.ExpireMessages(topics...); err != nil {
+			return err
+		}
+	}
+	// Change or remove tier
+	if tier == nil {
+		if err := s.userManager.ResetTier(u.Name); err != nil {
+			return err
+		}
+	} else {
+		if err := s.userManager.ChangeTier(u.Name, tier.Code); err != nil {
+			return err
+		}
+	}
+	// Update billing fields
+	billing := &user.Billing{
+		StripeCustomerID:            customerID,
+		StripeSubscriptionID:        subscriptionID,
+		StripeSubscriptionStatus:    stripe.SubscriptionStatus(status),
+		StripeSubscriptionPaidUntil: time.Unix(paidUntil, 0),
+		StripeSubscriptionCancelAt:  time.Unix(cancelAt, 0),
+	}
+	if err := s.userManager.ChangeBilling(u.Name, billing); err != nil {
+		return err
+	}
+	return nil
+}
+
+// fetchStripePrices contacts the Stripe API to retrieve all prices. This is used by the server to cache the prices
+// in memory, and ultimately for the web app to display the price table.
+func (s *Server) fetchStripePrices() (map[string]string, error) {
+	log.Debug("Caching prices from Stripe API")
+	priceMap := make(map[string]string)
+	prices, err := s.stripe.ListPrices(&stripe.PriceListParams{Active: stripe.Bool(true)})
+	if err != nil {
+		log.Warn("Fetching Stripe prices failed: %s", err.Error())
+		return nil, err
+	}
+	for _, p := range prices {
+		if p.UnitAmount%100 == 0 {
+			priceMap[p.ID] = fmt.Sprintf("$%d", p.UnitAmount/100)
+		} else {
+			priceMap[p.ID] = fmt.Sprintf("$%.2f", float64(p.UnitAmount)/100)
+		}
+		log.Trace("- Caching price %s = %v", p.ID, priceMap[p.ID])
+	}
+	return priceMap, nil
+}
+
+// stripeAPI is a small interface to facilitate mocking of the Stripe API
+type stripeAPI interface {
+	NewCheckoutSession(params *stripe.CheckoutSessionParams) (*stripe.CheckoutSession, error)
+	NewPortalSession(params *stripe.BillingPortalSessionParams) (*stripe.BillingPortalSession, error)
+	ListPrices(params *stripe.PriceListParams) ([]*stripe.Price, error)
+	GetCustomer(id string) (*stripe.Customer, error)
+	GetSession(id string) (*stripe.CheckoutSession, error)
+	GetSubscription(id string) (*stripe.Subscription, error)
+	UpdateSubscription(id string, params *stripe.SubscriptionParams) (*stripe.Subscription, error)
+	CancelSubscription(id string) (*stripe.Subscription, error)
+	ConstructWebhookEvent(payload []byte, header string, secret string) (stripe.Event, error)
+}
+
+// realStripeAPI is a thin shim around the Stripe functions to facilitate mocking
+type realStripeAPI struct{}
+
+var _ stripeAPI = (*realStripeAPI)(nil)
+
+func newStripeAPI() stripeAPI {
+	return &realStripeAPI{}
+}
+
+func (s *realStripeAPI) NewCheckoutSession(params *stripe.CheckoutSessionParams) (*stripe.CheckoutSession, error) {
+	return session.New(params)
+}
+
+func (s *realStripeAPI) NewPortalSession(params *stripe.BillingPortalSessionParams) (*stripe.BillingPortalSession, error) {
+	return portalsession.New(params)
+}
+
+func (s *realStripeAPI) ListPrices(params *stripe.PriceListParams) ([]*stripe.Price, error) {
+	prices := make([]*stripe.Price, 0)
+	iter := price.List(params)
+	for iter.Next() {
+		prices = append(prices, iter.Price())
+	}
+	if iter.Err() != nil {
+		return nil, iter.Err()
+	}
+	return prices, nil
+}
+
+func (s *realStripeAPI) GetCustomer(id string) (*stripe.Customer, error) {
+	return customer.Get(id, nil)
+}
+
+func (s *realStripeAPI) GetSession(id string) (*stripe.CheckoutSession, error) {
+	return session.Get(id, nil)
+}
+
+func (s *realStripeAPI) GetSubscription(id string) (*stripe.Subscription, error) {
+	return subscription.Get(id, nil)
+}
+
+func (s *realStripeAPI) UpdateSubscription(id string, params *stripe.SubscriptionParams) (*stripe.Subscription, error) {
+	return subscription.Update(id, params)
+}
+
+func (s *realStripeAPI) CancelSubscription(id string) (*stripe.Subscription, error) {
+	return subscription.Cancel(id, nil)
+}
+
+func (s *realStripeAPI) ConstructWebhookEvent(payload []byte, header string, secret string) (stripe.Event, error) {
+	return webhook.ConstructEvent(payload, header, secret)
+}
--- a/server/server_payments_test.go
+++ b/server/server_payments_test.go
@@ -0,0 +1,337 @@
+package server
+
+import (
+	"encoding/json"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+	"github.com/stripe/stripe-go/v74"
+	"heckel.io/ntfy/user"
+	"heckel.io/ntfy/util"
+	"io"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestPayments_SubscriptionCreate_NotAStripeCustomer_Success(t *testing.T) {
+	stripeMock := &testStripeAPI{}
+	defer stripeMock.AssertExpectations(t)
+
+	c := newTestConfigWithAuthFile(t)
+	c.StripeSecretKey = "secret key"
+	c.StripeWebhookKey = "webhook key"
+	s := newTestServer(t, c)
+	s.stripe = stripeMock
+
+	// Define how the mock should react
+	stripeMock.
+		On("NewCheckoutSession", mock.Anything).
+		Return(&stripe.CheckoutSession{URL: "https://billing.stripe.com/abc/def"}, nil)
+
+	// Create tier and user
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:          "pro",
+		StripePriceID: "price_123",
+	}))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	// Create subscription
+	response := request(t, s, "POST", "/v1/account/billing/subscription", `{"tier": "pro"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, response.Code)
+	redirectResponse, err := util.UnmarshalJSON[apiAccountBillingSubscriptionCreateResponse](io.NopCloser(response.Body))
+	require.Nil(t, err)
+	require.Equal(t, "https://billing.stripe.com/abc/def", redirectResponse.RedirectURL)
+}
+
+func TestPayments_SubscriptionCreate_StripeCustomer_Success(t *testing.T) {
+	stripeMock := &testStripeAPI{}
+	defer stripeMock.AssertExpectations(t)
+
+	c := newTestConfigWithAuthFile(t)
+	c.StripeSecretKey = "secret key"
+	c.StripeWebhookKey = "webhook key"
+	s := newTestServer(t, c)
+	s.stripe = stripeMock
+
+	// Define how the mock should react
+	stripeMock.
+		On("GetCustomer", "acct_123").
+		Return(&stripe.Customer{Subscriptions: &stripe.SubscriptionList{}}, nil)
+	stripeMock.
+		On("NewCheckoutSession", mock.Anything).
+		Return(&stripe.CheckoutSession{URL: "https://billing.stripe.com/abc/def"}, nil)
+
+	// Create tier and user
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:          "pro",
+		StripePriceID: "price_123",
+	}))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	u, err := s.userManager.User("phil")
+	require.Nil(t, err)
+
+	billing := &user.Billing{
+		StripeCustomerID: "acct_123",
+	}
+	require.Nil(t, s.userManager.ChangeBilling(u.Name, billing))
+
+	// Create subscription
+	response := request(t, s, "POST", "/v1/account/billing/subscription", `{"tier": "pro"}`, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, response.Code)
+	redirectResponse, err := util.UnmarshalJSON[apiAccountBillingSubscriptionCreateResponse](io.NopCloser(response.Body))
+	require.Nil(t, err)
+	require.Equal(t, "https://billing.stripe.com/abc/def", redirectResponse.RedirectURL)
+}
+
+func TestPayments_AccountDelete_Cancels_Subscription(t *testing.T) {
+	stripeMock := &testStripeAPI{}
+	defer stripeMock.AssertExpectations(t)
+
+	c := newTestConfigWithAuthFile(t)
+	c.EnableSignup = true
+	c.StripeSecretKey = "secret key"
+	c.StripeWebhookKey = "webhook key"
+	s := newTestServer(t, c)
+	s.stripe = stripeMock
+
+	// Define how the mock should react
+	stripeMock.
+		On("CancelSubscription", "sub_123").
+		Return(&stripe.Subscription{}, nil)
+
+	// Create tier and user
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:          "pro",
+		StripePriceID: "price_123",
+	}))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+
+	u, err := s.userManager.User("phil")
+	require.Nil(t, err)
+
+	billing := &user.Billing{
+		StripeCustomerID:     "acct_123",
+		StripeSubscriptionID: "sub_123",
+	}
+	require.Nil(t, s.userManager.ChangeBilling(u.Name, billing))
+
+	// Delete account
+	rr := request(t, s, "DELETE", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "mypass"),
+	})
+	require.Equal(t, 401, rr.Code)
+}
+
+func TestPayments_Webhook_Subscription_Updated_Downgrade_From_PastDue_To_Active(t *testing.T) {
+	// This tests incoming webhooks from Stripe to update a subscription:
+	// - All Stripe columns are updated in the user table
+	// - When downgrading, excess reservations are deleted, including messages and attachments in
+	//   the corresponding topics
+
+	stripeMock := &testStripeAPI{}
+	defer stripeMock.AssertExpectations(t)
+
+	c := newTestConfigWithAuthFile(t)
+	c.StripeSecretKey = "secret key"
+	c.StripeWebhookKey = "webhook key"
+	s := newTestServer(t, c)
+	s.stripe = stripeMock
+
+	// Define how the mock should react
+	stripeMock.
+		On("ConstructWebhookEvent", mock.Anything, "stripe signature", "webhook key").
+		Return(jsonToStripeEvent(t, subscriptionUpdatedEventJSON), nil)
+
+	// Create a user with a Stripe subscription and 3 reservations
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:                     "starter",
+		StripePriceID:            "price_1234", // !
+		ReservationsLimit:        1,            // !
+		MessagesLimit:            100,
+		MessagesExpiryDuration:   time.Hour,
+		AttachmentExpiryDuration: time.Hour,
+		AttachmentFileSizeLimit:  1000000,
+		AttachmentTotalSizeLimit: 1000000,
+	}))
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:                     "pro",
+		StripePriceID:            "price_1111", // !
+		ReservationsLimit:        3,            // !
+		MessagesLimit:            200,
+		MessagesExpiryDuration:   time.Hour,
+		AttachmentExpiryDuration: time.Hour,
+		AttachmentFileSizeLimit:  1000000,
+		AttachmentTotalSizeLimit: 1000000,
+	}))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.ChangeTier("phil", "pro"))
+	require.Nil(t, s.userManager.ReserveAccess("phil", "atopic", user.PermissionDenyAll))
+	require.Nil(t, s.userManager.ReserveAccess("phil", "ztopic", user.PermissionDenyAll))
+
+	// Add billing details
+	u, err := s.userManager.User("phil")
+	require.Nil(t, err)
+
+	billing := &user.Billing{
+		StripeCustomerID:            "acct_5555",
+		StripeSubscriptionID:        "sub_1234",
+		StripeSubscriptionStatus:    stripe.SubscriptionStatusPastDue,
+		StripeSubscriptionPaidUntil: time.Unix(123, 0),
+		StripeSubscriptionCancelAt:  time.Unix(456, 0),
+	}
+	require.Nil(t, s.userManager.ChangeBilling(u.Name, billing))
+
+	// Add some messages to "atopic" and "ztopic", everything in "ztopic" will be deleted
+	rr := request(t, s, "PUT", "/atopic", "some aaa message", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "PUT", "/atopic", strings.Repeat("a", 5000), map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+	a2 := toMessage(t, rr.Body.String())
+	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, a2.ID))
+
+	rr = request(t, s, "PUT", "/ztopic", "some zzz message", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+
+	rr = request(t, s, "PUT", "/ztopic", strings.Repeat("z", 5000), map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, rr.Code)
+	z2 := toMessage(t, rr.Body.String())
+	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, z2.ID))
+
+	// Call the webhook: This does all the magic
+	rr = request(t, s, "POST", "/v1/account/billing/webhook", "dummy", map[string]string{
+		"Stripe-Signature": "stripe signature",
+	})
+	require.Equal(t, 200, rr.Code)
+
+	// Verify that database columns were updated
+	u, err = s.userManager.User("phil")
+	require.Nil(t, err)
+	require.Equal(t, "starter", u.Tier.Code) // Not "pro"
+	require.Equal(t, "acct_5555", u.Billing.StripeCustomerID)
+	require.Equal(t, "sub_1234", u.Billing.StripeSubscriptionID)
+	require.Equal(t, stripe.SubscriptionStatusActive, u.Billing.StripeSubscriptionStatus) // Not "past_due"
+	require.Equal(t, int64(1674268231), u.Billing.StripeSubscriptionPaidUntil.Unix())     // Updated
+	require.Equal(t, int64(1674299999), u.Billing.StripeSubscriptionCancelAt.Unix())      // Updated
+
+	// Verify that reservations were deleted
+	r, err := s.userManager.Reservations("phil")
+	require.Nil(t, err)
+	require.Equal(t, 1, len(r)) // "ztopic" reservation was deleted
+	require.Equal(t, "atopic", r[0].Topic)
+
+	// Verify that messages and attachments were deleted
+	time.Sleep(time.Second)
+	s.execManager()
+
+	ms, err := s.messageCache.Messages("atopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 2, len(ms))
+	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, a2.ID))
+
+	ms, err = s.messageCache.Messages("ztopic", sinceAllMessages, false)
+	require.Nil(t, err)
+	require.Equal(t, 0, len(ms))
+	require.NoFileExists(t, filepath.Join(s.config.AttachmentCacheDir, z2.ID))
+}
+
+type testStripeAPI struct {
+	mock.Mock
+}
+
+func (s *testStripeAPI) NewCheckoutSession(params *stripe.CheckoutSessionParams) (*stripe.CheckoutSession, error) {
+	args := s.Called(params)
+	return args.Get(0).(*stripe.CheckoutSession), args.Error(1)
+}
+
+func (s *testStripeAPI) NewPortalSession(params *stripe.BillingPortalSessionParams) (*stripe.BillingPortalSession, error) {
+	args := s.Called(params)
+	return args.Get(0).(*stripe.BillingPortalSession), args.Error(1)
+}
+
+func (s *testStripeAPI) ListPrices(params *stripe.PriceListParams) ([]*stripe.Price, error) {
+	args := s.Called(params)
+	return args.Get(0).([]*stripe.Price), args.Error(1)
+}
+
+func (s *testStripeAPI) GetCustomer(id string) (*stripe.Customer, error) {
+	args := s.Called(id)
+	return args.Get(0).(*stripe.Customer), args.Error(1)
+}
+
+func (s *testStripeAPI) GetSession(id string) (*stripe.CheckoutSession, error) {
+	args := s.Called(id)
+	return args.Get(0).(*stripe.CheckoutSession), args.Error(1)
+}
+
+func (s *testStripeAPI) GetSubscription(id string) (*stripe.Subscription, error) {
+	args := s.Called(id)
+	return args.Get(0).(*stripe.Subscription), args.Error(1)
+}
+
+func (s *testStripeAPI) UpdateSubscription(id string, params *stripe.SubscriptionParams) (*stripe.Subscription, error) {
+	args := s.Called(id)
+	return args.Get(0).(*stripe.Subscription), args.Error(1)
+}
+
+func (s *testStripeAPI) CancelSubscription(id string) (*stripe.Subscription, error) {
+	args := s.Called(id)
+	return args.Get(0).(*stripe.Subscription), args.Error(1)
+}
+
+func (s *testStripeAPI) ConstructWebhookEvent(payload []byte, header string, secret string) (stripe.Event, error) {
+	args := s.Called(payload, header, secret)
+	return args.Get(0).(stripe.Event), args.Error(1)
+}
+
+var _ stripeAPI = (*testStripeAPI)(nil)
+
+func jsonToStripeEvent(t *testing.T, v string) stripe.Event {
+	var e stripe.Event
+	if err := json.Unmarshal([]byte(v), &e); err != nil {
+		t.Fatal(err)
+	}
+	return e
+}
+
+const subscriptionUpdatedEventJSON = `
+{
+	"type": "customer.subscription.updated",
+	"data": {
+		"object": {
+			"id": "sub_1234",
+			"customer": "acct_5555",
+			"status": "active",
+			"current_period_end": 1674268231,
+			"cancel_at": 1674299999,
+			"items": {
+				"data": [
+					{
+						"price": {
+							"id": "price_1234"
+						}
+					}
+				]
+			}
+		}
+	}
+}`
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -6,20 +6,22 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/stretchr/testify/assert"
+	"heckel.io/ntfy/user"
 	"io"
 	"log"
 	"math/rand"
 	"net/http"
 	"net/http/httptest"
+	"net/netip"
 	"path/filepath"
 	"strings"
 	"sync"
 	"testing"
 	"time"

+	"github.com/stretchr/testify/assert"
+
 	"github.com/stretchr/testify/require"
-	"heckel.io/ntfy/auth"
 	"heckel.io/ntfy/util"
 )

@@ -66,6 +68,8 @@ func TestServer_PublishWithFirebase(t *testing.T) {
 	msg1 := toMessage(t, response.Body.String())
 	require.NotEmpty(t, msg1.ID)
 	require.Equal(t, "my first message", msg1.Message)
+
+	time.Sleep(100 * time.Millisecond) // Firebase publishing happens
 	require.Equal(t, 1, len(sender.Messages()))
 	require.Equal(t, "my first message", sender.Messages()[0].Data["message"])
 	require.Equal(t, "my first message", sender.Messages()[0].APNS.Payload.Aps.Alert.Body)
@@ -168,7 +172,7 @@ func TestServer_StaticSites(t *testing.T) {

 	rr = request(t, s, "GET", "/static/css/home.css", "", nil)
 	require.Equal(t, 200, rr.Code)
-	require.Contains(t, rr.Body.String(), `html, body {`)
+	require.Contains(t, rr.Body.String(), `/* general styling */`)

 	rr = request(t, s, "GET", "/docs", "", nil)
 	require.Equal(t, 301, rr.Code)
@@ -290,13 +294,13 @@ func TestServer_PublishAt(t *testing.T) {
 	messages = toMessages(t, response.Body.String())
 	require.Equal(t, 1, len(messages))
 	require.Equal(t, "a message", messages[0].Message)
-	require.Equal(t, "", messages[0].Sender) // Never return the sender!
+	require.Equal(t, netip.Addr{}, messages[0].Sender) // Never return the sender!

 	messages, err := s.messageCache.Messages("mytopic", sinceAllMessages, true)
 	require.Nil(t, err)
 	require.Equal(t, 1, len(messages))
 	require.Equal(t, "a message", messages[0].Message)
-	require.Equal(t, "9.9.9.9", messages[0].Sender) // It's stored in the DB though!
+	require.Equal(t, "9.9.9.9", messages[0].Sender.String()) // It's stored in the DB though!
 }

 func TestServer_PublishAtWithCacheError(t *testing.T) {
@@ -350,7 +354,7 @@ func TestServer_PublishAtAndPrune(t *testing.T) {
 		"In": "1h",
 	})
 	require.Equal(t, 200, response.Code)
-	s.updateStatsAndPrune() // Fire pruning
+	s.execManager() // Fire pruning

 	response = request(t, s, "GET", "/mytopic/json?poll=1&scheduled=1", "", nil)
 	messages := toMessages(t, response.Body.String())
@@ -618,56 +622,48 @@ func TestServer_SubscribeWithQueryFilters(t *testing.T) {
 }

 func TestServer_Auth_Success_Admin(t *testing.T) {
-	c := newTestConfig(t)
-	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
+	c := newTestConfigWithAuthFile(t)
 	s := newTestServer(t, c)

-	manager := s.auth.(auth.Manager)
-	require.Nil(t, manager.AddUser("phil", "phil", auth.RoleAdmin))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleAdmin, "unit-test"))

 	response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{
-		"Authorization": basicAuth("phil:phil"),
+		"Authorization": util.BasicAuth("phil", "phil"),
 	})
 	require.Equal(t, 200, response.Code)
 	require.Equal(t, `{"success":true}`+"\n", response.Body.String())
 }

 func TestServer_Auth_Success_User(t *testing.T) {
-	c := newTestConfig(t)
-	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	c.AuthDefaultRead = false
-	c.AuthDefaultWrite = false
+	c := newTestConfigWithAuthFile(t)
+	c.AuthDefault = user.PermissionDenyAll
 	s := newTestServer(t, c)

-	manager := s.auth.(auth.Manager)
-	require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
-	require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true))
+	require.Nil(t, s.userManager.AddUser("ben", "ben", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.AllowAccess("ben", "mytopic", user.PermissionReadWrite))

 	response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{
-		"Authorization": basicAuth("ben:ben"),
+		"Authorization": util.BasicAuth("ben", "ben"),
 	})
 	require.Equal(t, 200, response.Code)
 }

 func TestServer_Auth_Success_User_MultipleTopics(t *testing.T) {
-	c := newTestConfig(t)
-	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	c.AuthDefaultRead = false
-	c.AuthDefaultWrite = false
+	c := newTestConfigWithAuthFile(t)
+	c.AuthDefault = user.PermissionDenyAll
 	s := newTestServer(t, c)

-	manager := s.auth.(auth.Manager)
-	require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
-	require.Nil(t, manager.AllowAccess("ben", "mytopic", true, true))
-	require.Nil(t, manager.AllowAccess("ben", "anothertopic", true, true))
+	require.Nil(t, s.userManager.AddUser("ben", "ben", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.AllowAccess("ben", "mytopic", user.PermissionReadWrite))
+	require.Nil(t, s.userManager.AllowAccess("ben", "anothertopic", user.PermissionReadWrite))

 	response := request(t, s, "GET", "/mytopic,anothertopic/auth", "", map[string]string{
-		"Authorization": basicAuth("ben:ben"),
+		"Authorization": util.BasicAuth("ben", "ben"),
 	})
 	require.Equal(t, 200, response.Code)

 	response = request(t, s, "GET", "/mytopic,anothertopic,NOT-THIS-ONE/auth", "", map[string]string{
-		"Authorization": basicAuth("ben:ben"),
+		"Authorization": util.BasicAuth("ben", "ben"),
 	})
 	require.Equal(t, 403, response.Code)
 }
@@ -675,47 +671,39 @@ func TestServer_Auth_Success_User_MultipleTopics(t *testing.T) {
 func TestServer_Auth_Fail_InvalidPass(t *testing.T) {
 	c := newTestConfig(t)
 	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	c.AuthDefaultRead = false
-	c.AuthDefaultWrite = false
+	c.AuthDefault = user.PermissionDenyAll
 	s := newTestServer(t, c)

-	manager := s.auth.(auth.Manager)
-	require.Nil(t, manager.AddUser("phil", "phil", auth.RoleAdmin))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleAdmin, "unit-test"))

 	response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{
-		"Authorization": basicAuth("phil:INVALID"),
+		"Authorization": util.BasicAuth("phil", "INVALID"),
 	})
 	require.Equal(t, 401, response.Code)
 }

 func TestServer_Auth_Fail_Unauthorized(t *testing.T) {
-	c := newTestConfig(t)
-	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	c.AuthDefaultRead = false
-	c.AuthDefaultWrite = false
+	c := newTestConfigWithAuthFile(t)
+	c.AuthDefault = user.PermissionDenyAll
 	s := newTestServer(t, c)

-	manager := s.auth.(auth.Manager)
-	require.Nil(t, manager.AddUser("ben", "ben", auth.RoleUser))
-	require.Nil(t, manager.AllowAccess("ben", "sometopic", true, true)) // Not mytopic!
+	require.Nil(t, s.userManager.AddUser("ben", "ben", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.AllowAccess("ben", "sometopic", user.PermissionReadWrite)) // Not mytopic!

 	response := request(t, s, "GET", "/mytopic/auth", "", map[string]string{
-		"Authorization": basicAuth("ben:ben"),
+		"Authorization": util.BasicAuth("ben", "ben"),
 	})
 	require.Equal(t, 403, response.Code)
 }

 func TestServer_Auth_Fail_CannotPublish(t *testing.T) {
-	c := newTestConfig(t)
-	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	c.AuthDefaultRead = true  // Open by default
-	c.AuthDefaultWrite = true // Open by default
+	c := newTestConfigWithAuthFile(t)
+	c.AuthDefault = user.PermissionReadWrite // Open by default
 	s := newTestServer(t, c)

-	manager := s.auth.(auth.Manager)
-	require.Nil(t, manager.AddUser("phil", "phil", auth.RoleAdmin))
-	require.Nil(t, manager.AllowAccess(auth.Everyone, "private", false, false))
-	require.Nil(t, manager.AllowAccess(auth.Everyone, "announcements", true, false))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleAdmin, "unit-test"))
+	require.Nil(t, s.userManager.AllowAccess(user.Everyone, "private", user.PermissionDenyAll))
+	require.Nil(t, s.userManager.AllowAccess(user.Everyone, "announcements", user.PermissionRead))

 	response := request(t, s, "PUT", "/mytopic", "test", nil)
 	require.Equal(t, 200, response.Code)
@@ -727,7 +715,7 @@ func TestServer_Auth_Fail_CannotPublish(t *testing.T) {
 	require.Equal(t, 403, response.Code) // Cannot write as anonymous

 	response = request(t, s, "PUT", "/announcements", "test", map[string]string{
-		"Authorization": basicAuth("phil:phil"),
+		"Authorization": util.BasicAuth("phil", "phil"),
 	})
 	require.Equal(t, 200, response.Code)

@@ -739,44 +727,63 @@ func TestServer_Auth_Fail_CannotPublish(t *testing.T) {
 }

 func TestServer_Auth_ViaQuery(t *testing.T) {
-	c := newTestConfig(t)
-	c.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	c.AuthDefaultRead = false
-	c.AuthDefaultWrite = false
+	c := newTestConfigWithAuthFile(t)
+	c.AuthDefault = user.PermissionDenyAll
 	s := newTestServer(t, c)

-	manager := s.auth.(auth.Manager)
-	require.Nil(t, manager.AddUser("ben", "some pass", auth.RoleAdmin))
+	require.Nil(t, s.userManager.AddUser("ben", "some pass", user.RoleAdmin, "unit-test"))

-	u := fmt.Sprintf("/mytopic/json?poll=1&auth=%s", base64.RawURLEncoding.EncodeToString([]byte(basicAuth("ben:some pass"))))
+	u := fmt.Sprintf("/mytopic/json?poll=1&auth=%s", base64.RawURLEncoding.EncodeToString([]byte(util.BasicAuth("ben", "some pass"))))
 	response := request(t, s, "GET", u, "", nil)
 	require.Equal(t, 200, response.Code)

-	u = fmt.Sprintf("/mytopic/json?poll=1&auth=%s", base64.RawURLEncoding.EncodeToString([]byte(basicAuth("ben:WRONNNGGGG"))))
+	u = fmt.Sprintf("/mytopic/json?poll=1&auth=%s", base64.RawURLEncoding.EncodeToString([]byte(util.BasicAuth("ben", "WRONNNGGGG"))))
 	response = request(t, s, "GET", u, "", nil)
 	require.Equal(t, 401, response.Code)
 }

-/*
-func TestServer_Curl_Publish_Poll(t *testing.T) {
-	s, port := test.StartServer(t)
-	defer test.StopServer(t, s, port)
+func TestServer_StatsResetter(t *testing.T) {
+	c := newTestConfigWithAuthFile(t)
+	c.AuthDefault = user.PermissionDenyAll
+	c.VisitorStatsResetTime = time.Now().Add(2 * time.Second)
+	s := newTestServer(t, c)
+	go s.runStatsResetter()

-	cmd := exec.Command("sh", "-c", fmt.Sprintf(`curl -sd "This is a test" localhost:%d/mytopic`, port))
-	require.Nil(t, cmd.Run())
-	b, err := cmd.CombinedOutput()
-	require.Nil(t, err)
-	msg := toMessage(t, string(b))
-	require.Equal(t, "This is a test", msg.Message)
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.AllowAccess("phil", "mytopic", user.PermissionReadWrite))

-	cmd = exec.Command("sh", "-c", fmt.Sprintf(`curl "localhost:%d/mytopic?poll=1"`, port))
-	require.Nil(t, cmd.Run())
-	b, err = cmd.CombinedOutput()
+	for i := 0; i < 5; i++ {
+		response := request(t, s, "PUT", "/mytopic", "test", map[string]string{
+			"Authorization": util.BasicAuth("phil", "phil"),
+		})
+		require.Equal(t, 200, response.Code)
+	}
+
+	response := request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, response.Code)
+
+	// User stats show 10 messages
+	response = request(t, s, "GET", "/v1/account", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, response.Code)
+	account, err := util.UnmarshalJSON[apiAccountResponse](io.NopCloser(response.Body))
 	require.Nil(t, err)
-	msg = toMessage(t, string(b))
-	require.Equal(t, "This is a test", msg.Message)
+	require.Equal(t, int64(5), account.Stats.Messages)
+
+	// Wait for stats resetter to run
+	time.Sleep(2200 * time.Millisecond)
+
+	// User stats show 0 messages now!
+	response = request(t, s, "GET", "/v1/account", "", nil)
+	require.Equal(t, 200, response.Code)
+	account, err = util.UnmarshalJSON[apiAccountResponse](io.NopCloser(response.Body))
+	require.Nil(t, err)
+	require.Equal(t, int64(0), account.Stats.Messages)
+
 }
-*/

 type testMailer struct {
 	count int
@@ -812,7 +819,7 @@ func TestServer_PublishTooRequests_Defaults(t *testing.T) {

 func TestServer_PublishTooRequests_Defaults_ExemptHosts(t *testing.T) {
 	c := newTestConfig(t)
-	c.VisitorRequestExemptIPAddrs = []string{"9.9.9.9"} // see request()
+	c.VisitorRequestExemptIPAddrs = []netip.Prefix{netip.MustParsePrefix("9.9.9.9/32")} // see request()
 	s := newTestServer(t, c)
 	for i := 0; i < 65; i++ { // > 60
 		response := request(t, s, "PUT", "/mytopic", fmt.Sprintf("message %d", i), nil)
@@ -832,7 +839,7 @@ func TestServer_PublishTooRequests_ShortReplenish(t *testing.T) {
 	response := request(t, s, "PUT", "/mytopic", "message", nil)
 	require.Equal(t, 429, response.Code)

-	time.Sleep(510 * time.Millisecond)
+	time.Sleep(520 * time.Millisecond)
 	response = request(t, s, "PUT", "/mytopic", "message", nil)
 	require.Equal(t, 200, response.Code)
 }
@@ -1044,7 +1051,7 @@ func TestServer_PublishAsJSON(t *testing.T) {
 	s := newTestServer(t, newTestConfig(t))
 	body := `{"topic":"mytopic","message":"A message","title":"a title\nwith lines","tags":["tag1","tag 2"],` +
 		`"not-a-thing":"ok", "attach":"http://google.com","filename":"google.pdf", "click":"http://ntfy.sh","priority":4,` +
-		`"delay":"30min"}`
+		`"icon":"https://ntfy.sh/static/img/ntfy.png", "delay":"30min"}`
 	response := request(t, s, "PUT", "/", body, nil)
 	require.Equal(t, 200, response.Code)

@@ -1056,6 +1063,8 @@ func TestServer_PublishAsJSON(t *testing.T) {
 	require.Equal(t, "http://google.com", m.Attachment.URL)
 	require.Equal(t, "google.pdf", m.Attachment.Name)
 	require.Equal(t, "http://ntfy.sh", m.Click)
+	require.Equal(t, "https://ntfy.sh/static/img/ntfy.png", m.Icon)
+
 	require.Equal(t, 4, m.Priority)
 	require.True(t, m.Time > time.Now().Unix()+29*60)
 	require.True(t, m.Time < time.Now().Unix()+31*60)
@@ -1118,6 +1127,42 @@ func TestServer_PublishAsJSON_Invalid(t *testing.T) {
 	require.Equal(t, 400, response.Code)
 }

+func TestServer_PublishWithTierBasedMessageLimitAndExpiry(t *testing.T) {
+	c := newTestConfigWithAuthFile(t)
+	s := newTestServer(t, c)
+
+	// Create tier with certain limits
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:                   "test",
+		MessagesLimit:          5,
+		MessagesExpiryDuration: -5 * time.Second, // Second, what a hack!
+	}))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.ChangeTier("phil", "test"))
+
+	// Publish to reach message limit
+	for i := 0; i < 5; i++ {
+		response := request(t, s, "PUT", "/mytopic", fmt.Sprintf("this is message %d", i+1), map[string]string{
+			"Authorization": util.BasicAuth("phil", "phil"),
+		})
+		require.Equal(t, 200, response.Code)
+		msg := toMessage(t, response.Body.String())
+		require.True(t, msg.Expires < time.Now().Unix()+5)
+	}
+	response := request(t, s, "PUT", "/mytopic", "this is too much", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 429, response.Code)
+
+	// Run pruning and see if they are gone
+	s.execManager()
+	response = request(t, s, "GET", "/mytopic/json?poll=1", "", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 200, response.Code)
+	require.Empty(t, response.Body)
+}
+
 func TestServer_PublishAttachment(t *testing.T) {
 	content := util.RandomString(5000) // > 4096
 	s := newTestServer(t, newTestConfig(t))
@@ -1128,7 +1173,7 @@ func TestServer_PublishAttachment(t *testing.T) {
 	require.Equal(t, int64(5000), msg.Attachment.Size)
 	require.GreaterOrEqual(t, msg.Attachment.Expires, time.Now().Add(179*time.Minute).Unix()) // Almost 3 hours
 	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
-	require.Equal(t, "", msg.Sender) // Should never be returned
+	require.Equal(t, netip.Addr{}, msg.Sender) // Should never be returned
 	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, msg.ID))

 	// GET
@@ -1145,7 +1190,7 @@ func TestServer_PublishAttachment(t *testing.T) {
 	require.Equal(t, "", response.Body.String())

 	// Slightly unrelated cross-test: make sure we add an owner for internal attachments
-	size, err := s.messageCache.AttachmentBytesUsed("9.9.9.9") // See request()
+	size, err := s.messageCache.AttachmentBytesUsedBySender("9.9.9.9") // See request()
 	require.Nil(t, err)
 	require.Equal(t, int64(5000), size)
 }
@@ -1164,7 +1209,7 @@ func TestServer_PublishAttachmentShortWithFilename(t *testing.T) {
 	require.Equal(t, int64(21), msg.Attachment.Size)
 	require.GreaterOrEqual(t, msg.Attachment.Expires, time.Now().Add(3*time.Hour).Unix())
 	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
-	require.Equal(t, "", msg.Sender) // Should never be returned
+	require.Equal(t, netip.Addr{}, msg.Sender) // Should never be returned
 	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, msg.ID))

 	path := strings.TrimPrefix(msg.Attachment.URL, "http://127.0.0.1:12345")
@@ -1174,7 +1219,7 @@ func TestServer_PublishAttachmentShortWithFilename(t *testing.T) {
 	require.Equal(t, content, response.Body.String())

 	// Slightly unrelated cross-test: make sure we add an owner for internal attachments
-	size, err := s.messageCache.AttachmentBytesUsed("1.2.3.4")
+	size, err := s.messageCache.AttachmentBytesUsedBySender("1.2.3.4")
 	require.Nil(t, err)
 	require.Equal(t, int64(21), size)
 }
@@ -1191,10 +1236,10 @@ func TestServer_PublishAttachmentExternalWithoutFilename(t *testing.T) {
 	require.Equal(t, "", msg.Attachment.Type)
 	require.Equal(t, int64(0), msg.Attachment.Size)
 	require.Equal(t, int64(0), msg.Attachment.Expires)
-	require.Equal(t, "", msg.Sender)
+	require.Equal(t, netip.Addr{}, msg.Sender)

 	// Slightly unrelated cross-test: make sure we don't add an owner for external attachments
-	size, err := s.messageCache.AttachmentBytesUsed("127.0.0.1")
+	size, err := s.messageCache.AttachmentBytesUsedBySender("127.0.0.1")
 	require.Nil(t, err)
 	require.Equal(t, int64(0), size)
 }
@@ -1212,7 +1257,7 @@ func TestServer_PublishAttachmentExternalWithFilename(t *testing.T) {
 	require.Equal(t, "", msg.Attachment.Type)
 	require.Equal(t, int64(0), msg.Attachment.Size)
 	require.Equal(t, int64(0), msg.Attachment.Expires)
-	require.Equal(t, "", msg.Sender)
+	require.Equal(t, netip.Addr{}, msg.Sender)
 }

 func TestServer_PublishAttachmentBadURL(t *testing.T) {
@@ -1280,7 +1325,7 @@ func TestServer_PublishAttachmentTooLargeBodyVisitorAttachmentTotalSizeLimit(t *
 	require.Equal(t, 41301, err.Code)
 }

-func TestServer_PublishAttachmentAndPrune(t *testing.T) {
+func TestServer_PublishAttachmentAndExpire(t *testing.T) {
 	content := util.RandomString(5000) // > 4096

 	c := newTestConfig(t)
@@ -1301,12 +1346,111 @@ func TestServer_PublishAttachmentAndPrune(t *testing.T) {

 	// Prune and makes sure it's gone
 	time.Sleep(time.Second) // Sigh ...
-	s.updateStatsAndPrune()
+	s.execManager()
 	require.NoFileExists(t, file)
 	response = request(t, s, "GET", path, "", nil)
 	require.Equal(t, 404, response.Code)
 }

+func TestServer_PublishAttachmentWithTierBasedExpiry(t *testing.T) {
+	content := util.RandomString(5000) // > 4096
+
+	c := newTestConfigWithAuthFile(t)
+	c.AttachmentExpiryDuration = time.Millisecond // Hack
+	s := newTestServer(t, c)
+
+	// Create tier with certain limits
+	sevenDays := time.Duration(604800) * time.Second
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:                     "test",
+		MessagesLimit:            10,
+		MessagesExpiryDuration:   sevenDays,
+		AttachmentFileSizeLimit:  50_000,
+		AttachmentTotalSizeLimit: 200_000,
+		AttachmentExpiryDuration: sevenDays, // 7 days
+	}))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.ChangeTier("phil", "test"))
+
+	// Publish and make sure we can retrieve it
+	response := request(t, s, "PUT", "/mytopic", content, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	msg := toMessage(t, response.Body.String())
+	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+	require.True(t, msg.Attachment.Expires > time.Now().Add(sevenDays-30*time.Second).Unix())
+	require.True(t, msg.Expires > time.Now().Add(sevenDays-30*time.Second).Unix())
+	file := filepath.Join(s.config.AttachmentCacheDir, msg.ID)
+	require.FileExists(t, file)
+
+	path := strings.TrimPrefix(msg.Attachment.URL, "http://127.0.0.1:12345")
+	response = request(t, s, "GET", path, "", nil)
+	require.Equal(t, 200, response.Code)
+	require.Equal(t, content, response.Body.String())
+
+	// Prune and makes sure it's still there
+	time.Sleep(time.Second) // Sigh ...
+	s.execManager()
+	require.FileExists(t, file)
+	response = request(t, s, "GET", path, "", nil)
+	require.Equal(t, 200, response.Code)
+}
+
+func TestServer_PublishAttachmentWithTierBasedLimits(t *testing.T) {
+	smallFile := util.RandomString(20_000)
+	largeFile := util.RandomString(50_000)
+
+	c := newTestConfigWithAuthFile(t)
+	c.AttachmentFileSizeLimit = 20_000
+	c.VisitorAttachmentTotalSizeLimit = 40_000
+	s := newTestServer(t, c)
+
+	// Create tier with certain limits
+	require.Nil(t, s.userManager.CreateTier(&user.Tier{
+		Code:                     "test",
+		MessagesLimit:            100,
+		AttachmentFileSizeLimit:  50_000,
+		AttachmentTotalSizeLimit: 200_000,
+		AttachmentExpiryDuration: 30 * time.Second,
+	}))
+	require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, "unit-test"))
+	require.Nil(t, s.userManager.ChangeTier("phil", "test"))
+
+	// Publish small file as anonymous
+	response := request(t, s, "PUT", "/mytopic", smallFile, nil)
+	msg := toMessage(t, response.Body.String())
+	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+	require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, msg.ID))
+
+	// Publish large file as anonymous
+	response = request(t, s, "PUT", "/mytopic", largeFile, nil)
+	require.Equal(t, 413, response.Code)
+	require.Equal(t, 41301, toHTTPError(t, response.Body.String()).Code)
+
+	// Publish too large file as phil
+	response = request(t, s, "PUT", "/mytopic", largeFile+" a few more bytes", map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 413, response.Code)
+	require.Equal(t, 41301, toHTTPError(t, response.Body.String()).Code)
+
+	// Publish large file as phil (4x)
+	for i := 0; i < 4; i++ {
+		response = request(t, s, "PUT", "/mytopic", largeFile, map[string]string{
+			"Authorization": util.BasicAuth("phil", "phil"),
+		})
+		require.Equal(t, 200, response.Code)
+		msg = toMessage(t, response.Body.String())
+		require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")
+		require.FileExists(t, filepath.Join(s.config.AttachmentCacheDir, msg.ID))
+	}
+	response = request(t, s, "PUT", "/mytopic", largeFile, map[string]string{
+		"Authorization": util.BasicAuth("phil", "phil"),
+	})
+	require.Equal(t, 413, response.Code)
+	require.Equal(t, 41301, toHTTPError(t, response.Body.String()).Code)
+}
+
 func TestServer_PublishAttachmentBandwidthLimit(t *testing.T) {
 	content := util.RandomString(5000) // > 4096

@@ -1319,7 +1463,7 @@ func TestServer_PublishAttachmentBandwidthLimit(t *testing.T) {
 	msg := toMessage(t, response.Body.String())
 	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")

-	// Get it 4 times successfully
+	// Value it 4 times successfully
 	path := strings.TrimPrefix(msg.Attachment.URL, "http://127.0.0.1:12345")
 	for i := 1; i <= 4; i++ { // 4 successful downloads
 		response = request(t, s, "GET", path, "", nil)
@@ -1355,7 +1499,7 @@ func TestServer_PublishAttachmentBandwidthLimitUploadOnly(t *testing.T) {
 	require.Equal(t, 41301, err.Code)
 }

-func TestServer_PublishAttachmentUserStats(t *testing.T) {
+func TestServer_PublishAttachmentAccountStats(t *testing.T) {
 	content := util.RandomString(4999) // > 4096

 	c := newTestConfig(t)
@@ -1369,14 +1513,15 @@ func TestServer_PublishAttachmentUserStats(t *testing.T) {
 	require.Contains(t, msg.Attachment.URL, "http://127.0.0.1:12345/file/")

 	// User stats
-	response = request(t, s, "GET", "/user/stats", "", nil)
+	response = request(t, s, "GET", "/v1/account", "", nil)
 	require.Equal(t, 200, response.Code)
-	var stats visitorStats
-	require.Nil(t, json.NewDecoder(strings.NewReader(response.Body.String())).Decode(&stats))
-	require.Equal(t, int64(5000), stats.AttachmentFileSizeLimit)
-	require.Equal(t, int64(6000), stats.VisitorAttachmentBytesTotal)
-	require.Equal(t, int64(4999), stats.VisitorAttachmentBytesUsed)
-	require.Equal(t, int64(1001), stats.VisitorAttachmentBytesRemaining)
+	account, err := util.UnmarshalJSON[apiAccountResponse](io.NopCloser(response.Body))
+	require.Nil(t, err)
+	require.Equal(t, int64(5000), account.Limits.AttachmentFileSize)
+	require.Equal(t, int64(6000), account.Limits.AttachmentTotalSize)
+	require.Equal(t, int64(4999), account.Stats.AttachmentTotalSize)
+	require.Equal(t, int64(1001), account.Stats.AttachmentTotalSizeRemaining)
+	require.Equal(t, int64(1), account.Stats.Messages)
 }

 func TestServer_Visitor_XForwardedFor_None(t *testing.T) {
@@ -1386,8 +1531,9 @@ func TestServer_Visitor_XForwardedFor_None(t *testing.T) {
 	r, _ := http.NewRequest("GET", "/bla", nil)
 	r.RemoteAddr = "8.9.10.11"
 	r.Header.Set("X-Forwarded-For", "  ") // Spaces, not empty!
-	v := s.visitor(r)
-	require.Equal(t, "8.9.10.11", v.ip)
+	v, err := s.visitor(r)
+	require.Nil(t, err)
+	require.Equal(t, "8.9.10.11", v.ip.String())
 }

 func TestServer_Visitor_XForwardedFor_Single(t *testing.T) {
@@ -1397,8 +1543,9 @@ func TestServer_Visitor_XForwardedFor_Single(t *testing.T) {
 	r, _ := http.NewRequest("GET", "/bla", nil)
 	r.RemoteAddr = "8.9.10.11"
 	r.Header.Set("X-Forwarded-For", "1.1.1.1")
-	v := s.visitor(r)
-	require.Equal(t, "1.1.1.1", v.ip)
+	v, err := s.visitor(r)
+	require.Nil(t, err)
+	require.Equal(t, "1.1.1.1", v.ip.String())
 }

 func TestServer_Visitor_XForwardedFor_Multiple(t *testing.T) {
@@ -1408,8 +1555,9 @@ func TestServer_Visitor_XForwardedFor_Multiple(t *testing.T) {
 	r, _ := http.NewRequest("GET", "/bla", nil)
 	r.RemoteAddr = "8.9.10.11"
 	r.Header.Set("X-Forwarded-For", "1.2.3.4 , 2.4.4.2,234.5.2.1 ")
-	v := s.visitor(r)
-	require.Equal(t, "234.5.2.1", v.ip)
+	v, err := s.visitor(r)
+	require.Nil(t, err)
+	require.Equal(t, "234.5.2.1", v.ip.String())
 }

 func TestServer_PublishWhileUpdatingStatsWithLotsOfMessages(t *testing.T) {
@@ -1437,7 +1585,7 @@ func TestServer_PublishWhileUpdatingStatsWithLotsOfMessages(t *testing.T) {
 	go func() {
 		log.Printf("Updating stats")
 		start := time.Now()
-		s.updateStatsAndPrune()
+		s.execManager()
 		log.Printf("Done: Updating stats; took %s", time.Since(start).Round(time.Millisecond))
 		statsChan <- true
 	}()
@@ -1465,6 +1613,12 @@ func newTestConfig(t *testing.T) *Config {
 	return conf
 }

+func newTestConfigWithAuthFile(t *testing.T) *Config {
+	conf := newTestConfig(t)
+	conf.AuthFile = filepath.Join(t.TempDir(), "user.db")
+	return conf
+}
+
 func newTestServer(t *testing.T, config *Config) *Server {
 	server, err := New(config)
 	if err != nil {
@@ -1528,10 +1682,6 @@ func toHTTPError(t *testing.T, s string) *errHTTP {
 	return &e
 }

-func basicAuth(s string) string {
-	return fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(s)))
-}
-
 func readAll(t *testing.T, rc io.ReadCloser) string {
 	b, err := io.ReadAll(rc)
 	if err != nil {
--- a/server/smtp_sender.go
+++ b/server/smtp_sender.go
@@ -32,7 +32,7 @@ func (s *smtpSender) Send(v *visitor, m *message, to string) error {
 		if err != nil {
 			return err
 		}
-		message, err := formatMail(s.config.BaseURL, v.ip, s.config.SMTPSenderFrom, to, m)
+		message, err := formatMail(s.config.BaseURL, v.ip.String(), s.config.SMTPSenderFrom, to, m)
 		if err != nil {
 			return err
 		}
@@ -137,7 +137,7 @@ func toEmojis(tags []string) (emojisOut []string, tagsOut []string, err error) {
 nextTag:
 	for _, t := range tags { // TODO Super inefficient; we should just create a .json file with a map
 		for _, e := range emojis {
-			if util.InStringList(e.Aliases, t) {
+			if util.Contains(e.Aliases, t) {
 				emojisOut = append(emojisOut, e.Emoji)
 				continue nextTag
 			}
--- a/server/types.go
+++ b/server/types.go
@@ -1,9 +1,12 @@
 package server

 import (
-	"heckel.io/ntfy/util"
+	"heckel.io/ntfy/user"
 	"net/http"
+	"net/netip"
 	"time"
+
+	"heckel.io/ntfy/util"
 )

 // List of possible events
@@ -20,20 +23,23 @@ const (

 // message represents a message published to a topic
 type message struct {
-	ID         string      `json:"id"`    // Random message ID
-	Time       int64       `json:"time"`  // Unix time in seconds
-	Event      string      `json:"event"` // One of the above
+	ID         string      `json:"id"`                // Random message ID
+	Time       int64       `json:"time"`              // Unix time in seconds
+	Expires    int64       `json:"expires,omitempty"` // Unix time in seconds (not required for open/keepalive)
+	Event      string      `json:"event"`             // One of the above
 	Topic      string      `json:"topic"`
 	Title      string      `json:"title,omitempty"`
 	Message    string      `json:"message,omitempty"`
 	Priority   int         `json:"priority,omitempty"`
 	Tags       []string    `json:"tags,omitempty"`
 	Click      string      `json:"click,omitempty"`
+	Icon       string      `json:"icon,omitempty"`
 	Actions    []*action   `json:"actions,omitempty"`
 	Attachment *attachment `json:"attachment,omitempty"`
 	PollID     string      `json:"poll_id,omitempty"`
-	Sender     string      `json:"-"`                  // IP address of uploader, used for rate limiting
 	Encoding   string      `json:"encoding,omitempty"` // empty for raw UTF-8, or "base64" for encoded bytes
+	Sender     netip.Addr  `json:"-"`                  // IP address of uploader, used for rate limiting
+	User       string      `json:"-"`                  // Username of the uploader, used to associated attachments
 }

 type attachment struct {
@@ -72,6 +78,7 @@ type publishMessage struct {
 	Priority int      `json:"priority"`
 	Tags     []string `json:"tags"`
 	Click    string   `json:"click"`
+	Icon     string   `json:"icon"`
 	Actions  []action `json:"actions"`
 	Attach   string   `json:"attach"`
 	Filename string   `json:"filename"`
@@ -174,7 +181,7 @@ func parseQueryFilters(r *http.Request) (*queryFilter, error) {
 	for _, p := range util.SplitNoEmpty(readParam(r, "x-priority", "priority", "prio", "p"), ",") {
 		priority, err := util.ParsePriority(p)
 		if err != nil {
-			return nil, err
+			return nil, errHTTPBadRequestPriorityInvalid
 		}
 		priorityFilter = append(priorityFilter, priority)
 	}
@@ -201,11 +208,150 @@ func (q *queryFilter) Pass(msg *message) bool {
 	if messagePriority == 0 {
 		messagePriority = 3 // For query filters, default priority (3) is the same as "not set" (0)
 	}
-	if len(q.Priority) > 0 && !util.InIntList(q.Priority, messagePriority) {
+	if len(q.Priority) > 0 && !util.Contains(q.Priority, messagePriority) {
 		return false
 	}
-	if len(q.Tags) > 0 && !util.InStringListAll(msg.Tags, q.Tags) {
+	if len(q.Tags) > 0 && !util.ContainsAll(msg.Tags, q.Tags) {
 		return false
 	}
 	return true
 }
+
+type apiHealthResponse struct {
+	Healthy bool `json:"healthy"`
+}
+
+type apiAccountCreateRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type apiAccountPasswordChangeRequest struct {
+	Password string `json:"password"`
+}
+
+type apiAccountTokenResponse struct {
+	Token   string `json:"token"`
+	Expires int64  `json:"expires"`
+}
+
+type apiAccountTier struct {
+	Code string `json:"code"`
+	Name string `json:"name"`
+}
+
+type apiAccountLimits struct {
+	Basis                    string `json:"basis,omitempty"` // "ip", "role" or "tier"
+	Messages                 int64  `json:"messages"`
+	MessagesExpiryDuration   int64  `json:"messages_expiry_duration"`
+	Emails                   int64  `json:"emails"`
+	Reservations             int64  `json:"reservations"`
+	AttachmentTotalSize      int64  `json:"attachment_total_size"`
+	AttachmentFileSize       int64  `json:"attachment_file_size"`
+	AttachmentExpiryDuration int64  `json:"attachment_expiry_duration"`
+}
+
+type apiAccountStats struct {
+	Messages                     int64 `json:"messages"`
+	MessagesRemaining            int64 `json:"messages_remaining"`
+	Emails                       int64 `json:"emails"`
+	EmailsRemaining              int64 `json:"emails_remaining"`
+	Reservations                 int64 `json:"reservations"`
+	ReservationsRemaining        int64 `json:"reservations_remaining"`
+	AttachmentTotalSize          int64 `json:"attachment_total_size"`
+	AttachmentTotalSizeRemaining int64 `json:"attachment_total_size_remaining"`
+}
+
+type apiAccountReservation struct {
+	Topic    string `json:"topic"`
+	Everyone string `json:"everyone"`
+}
+
+type apiAccountBilling struct {
+	Customer     bool   `json:"customer"`
+	Subscription bool   `json:"subscription"`
+	Status       string `json:"status,omitempty"`
+	PaidUntil    int64  `json:"paid_until,omitempty"`
+	CancelAt     int64  `json:"cancel_at,omitempty"`
+}
+
+type apiAccountResponse struct {
+	Username      string                   `json:"username"`
+	Role          string                   `json:"role,omitempty"`
+	SyncTopic     string                   `json:"sync_topic,omitempty"`
+	Language      string                   `json:"language,omitempty"`
+	Notification  *user.NotificationPrefs  `json:"notification,omitempty"`
+	Subscriptions []*user.Subscription     `json:"subscriptions,omitempty"`
+	Reservations  []*apiAccountReservation `json:"reservations,omitempty"`
+	Tier          *apiAccountTier          `json:"tier,omitempty"`
+	Limits        *apiAccountLimits        `json:"limits,omitempty"`
+	Stats         *apiAccountStats         `json:"stats,omitempty"`
+	Billing       *apiAccountBilling       `json:"billing,omitempty"`
+}
+
+type apiAccountReservationRequest struct {
+	Topic    string `json:"topic"`
+	Everyone string `json:"everyone"`
+}
+
+type apiConfigResponse struct {
+	BaseURL            string   `json:"base_url"`
+	AppRoot            string   `json:"app_root"`
+	EnableLogin        bool     `json:"enable_login"`
+	EnableSignup       bool     `json:"enable_signup"`
+	EnablePayments     bool     `json:"enable_payments"`
+	EnableReservations bool     `json:"enable_reservations"`
+	DisallowedTopics   []string `json:"disallowed_topics"`
+}
+
+type apiAccountBillingTier struct {
+	Code   string            `json:"code,omitempty"`
+	Name   string            `json:"name,omitempty"`
+	Price  string            `json:"price,omitempty"`
+	Limits *apiAccountLimits `json:"limits"`
+}
+
+type apiAccountBillingSubscriptionCreateResponse struct {
+	RedirectURL string `json:"redirect_url"`
+}
+
+type apiAccountBillingSubscriptionChangeRequest struct {
+	Tier string `json:"tier"`
+}
+
+type apiAccountBillingPortalRedirectResponse struct {
+	RedirectURL string `json:"redirect_url"`
+}
+
+type apiAccountSyncTopicResponse struct {
+	Event string `json:"event"`
+}
+
+type apiSuccessResponse struct {
+	Success bool `json:"success"`
+}
+
+func newSuccessResponse() *apiSuccessResponse {
+	return &apiSuccessResponse{
+		Success: true,
+	}
+}
+
+type apiStripeSubscriptionUpdatedEvent struct {
+	ID               string `json:"id"`
+	Customer         string `json:"customer"`
+	Status           string `json:"status"`
+	CurrentPeriodEnd int64  `json:"current_period_end"`
+	CancelAt         int64  `json:"cancel_at"`
+	Items            *struct {
+		Data []*struct {
+			Price *struct {
+				ID string `json:"id"`
+			} `json:"price"`
+		} `json:"data"`
+	} `json:"items"`
+}
+
+type apiStripeSubscriptionDeletedEvent struct {
+	Customer string `json:"customer"`
+}
--- a/server/util.go
+++ b/server/util.go
@@ -3,8 +3,11 @@ package server
 import (
 	"fmt"
 	"github.com/emersion/go-smtp"
+	"heckel.io/ntfy/log"
 	"heckel.io/ntfy/util"
+	"io"
 	"net/http"
+	"net/netip"
 	"strings"
 	"unicode/utf8"
 )
@@ -89,3 +92,45 @@ func renderHTTPRequest(r *http.Request) string {
 	r.Body = body // Important: Reset body, so it can be re-read
 	return strings.TrimSpace(lines)
 }
+
+func extractIPAddress(r *http.Request, behindProxy bool) netip.Addr {
+	remoteAddr := r.RemoteAddr
+	addrPort, err := netip.ParseAddrPort(remoteAddr)
+	ip := addrPort.Addr()
+	if err != nil {
+		// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
+		ip, err = netip.ParseAddr(remoteAddr)
+		if err != nil {
+			ip = netip.IPv4Unspecified()
+			if remoteAddr != "@" || !behindProxy { // RemoteAddr is @ when unix socket is used
+				log.Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
+			}
+		}
+	}
+	if behindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
+		// X-Forwarded-For can contain multiple addresses (see #328). If we are behind a proxy,
+		// only the right-most address can be trusted (as this is the one added by our proxy server).
+		// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
+		ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
+		realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
+		if err != nil {
+			log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error())
+			// Fall back to regular remote address if X-Forwarded-For is damaged
+		} else {
+			ip = realIP
+		}
+	}
+	return ip
+}
+
+func readJSONWithLimit[T any](r io.ReadCloser, limit int) (*T, error) {
+	obj, err := util.UnmarshalJSONWithLimit[T](r, limit)
+	if err == util.ErrUnmarshalJSON {
+		return nil, errHTTPBadRequestJSONInvalid
+	} else if err == util.ErrTooLargeJSON {
+		return nil, errHTTPEntityTooLargeJSONBody
+	} else if err != nil {
+		return nil, err
+	}
+	return obj, nil
+}
--- a/server/visitor.go
+++ b/server/visitor.go
@@ -2,10 +2,13 @@ package server

 import (
 	"errors"
-	"golang.org/x/time/rate"
-	"heckel.io/ntfy/util"
+	"heckel.io/ntfy/user"
+	"net/netip"
 	"sync"
 	"time"
+
+	"golang.org/x/time/rate"
+	"heckel.io/ntfy/util"
 )

 const (
@@ -13,6 +16,10 @@ const (
 	// has to be very high to prevent e-mail abuse, but it doesn't really affect the other limits anyway, since
 	// they are replenished faster (typically).
 	visitorExpungeAfter = 24 * time.Hour
+
+	// visitorDefaultReservationsLimit is the amount of topic names a user without a tier is allowed to reserve.
+	// This number is zero, and changing it may have unintended consequences in the web app, or otherwise
+	visitorDefaultReservationsLimit = int64(0)
 )

 var (
@@ -21,41 +28,99 @@ var (

 // visitor represents an API user, and its associated rate.Limiter used for rate limiting
 type visitor struct {
-	config        *Config
-	messageCache  *messageCache
-	ip            string
-	requests      *rate.Limiter
-	emails        *rate.Limiter
-	subscriptions util.Limiter
-	bandwidth     util.Limiter
-	firebase      time.Time // Next allowed Firebase message
-	seen          time.Time
-	mu            sync.Mutex
+	config              *Config
+	messageCache        *messageCache
+	userManager         *user.Manager // May be nil!
+	ip                  netip.Addr
+	user                *user.User
+	messages            int64         // Number of messages sent, reset every day
+	emails              int64         // Number of emails sent, reset every day
+	requestLimiter      *rate.Limiter // Rate limiter for (almost) all requests (including messages)
+	messagesLimiter     util.Limiter  // Rate limiter for messages, may be nil
+	emailsLimiter       *rate.Limiter // Rate limiter for emails
+	subscriptionLimiter util.Limiter  // Fixed limiter for active subscriptions (ongoing connections)
+	bandwidthLimiter    util.Limiter  // Limiter for attachment bandwidth downloads
+	accountLimiter      *rate.Limiter // Rate limiter for account creation
+	firebase            time.Time     // Next allowed Firebase message
+	seen                time.Time     // Last seen time of this visitor (needed for removal of stale visitors)
+	mu                  sync.Mutex
+}
+
+type visitorInfo struct {
+	Limits *visitorLimits
+	Stats  *visitorStats
+}
+
+type visitorLimits struct {
+	Basis                    visitorLimitBasis
+	MessagesLimit            int64
+	MessagesExpiryDuration   time.Duration
+	EmailsLimit              int64
+	ReservationsLimit        int64
+	AttachmentTotalSizeLimit int64
+	AttachmentFileSizeLimit  int64
+	AttachmentExpiryDuration time.Duration
 }

 type visitorStats struct {
-	AttachmentFileSizeLimit         int64 `json:"attachmentFileSizeLimit"`
-	VisitorAttachmentBytesTotal     int64 `json:"visitorAttachmentBytesTotal"`
-	VisitorAttachmentBytesUsed      int64 `json:"visitorAttachmentBytesUsed"`
-	VisitorAttachmentBytesRemaining int64 `json:"visitorAttachmentBytesRemaining"`
+	Messages                     int64
+	MessagesRemaining            int64
+	Emails                       int64
+	EmailsRemaining              int64
+	Reservations                 int64
+	ReservationsRemaining        int64
+	AttachmentTotalSize          int64
+	AttachmentTotalSizeRemaining int64
 }

-func newVisitor(conf *Config, messageCache *messageCache, ip string) *visitor {
+// visitorLimitBasis describes how the visitor limits were derived, either from a user's
+// IP address (default config), or from its tier
+type visitorLimitBasis string
+
+const (
+	visitorLimitBasisIP   = visitorLimitBasis("ip")
+	visitorLimitBasisTier = visitorLimitBasis("tier")
+)
+
+func newVisitor(conf *Config, messageCache *messageCache, userManager *user.Manager, ip netip.Addr, user *user.User) *visitor {
+	var messagesLimiter util.Limiter
+	var requestLimiter, emailsLimiter, accountLimiter *rate.Limiter
+	var messages, emails int64
+	if user != nil {
+		messages = user.Stats.Messages
+		emails = user.Stats.Emails
+	} else {
+		accountLimiter = rate.NewLimiter(rate.Every(conf.VisitorAccountCreateLimitReplenish), conf.VisitorAccountCreateLimitBurst)
+	}
+	if user != nil && user.Tier != nil {
+		requestLimiter = rate.NewLimiter(dailyLimitToRate(user.Tier.MessagesLimit), conf.VisitorRequestLimitBurst)
+		messagesLimiter = util.NewFixedLimiter(user.Tier.MessagesLimit)
+		emailsLimiter = rate.NewLimiter(dailyLimitToRate(user.Tier.EmailsLimit), conf.VisitorEmailLimitBurst)
+	} else {
+		requestLimiter = rate.NewLimiter(rate.Every(conf.VisitorRequestLimitReplenish), conf.VisitorRequestLimitBurst)
+		emailsLimiter = rate.NewLimiter(rate.Every(conf.VisitorEmailLimitReplenish), conf.VisitorEmailLimitBurst)
+	}
 	return &visitor{
-		config:        conf,
-		messageCache:  messageCache,
-		ip:            ip,
-		requests:      rate.NewLimiter(rate.Every(conf.VisitorRequestLimitReplenish), conf.VisitorRequestLimitBurst),
-		emails:        rate.NewLimiter(rate.Every(conf.VisitorEmailLimitReplenish), conf.VisitorEmailLimitBurst),
-		subscriptions: util.NewFixedLimiter(int64(conf.VisitorSubscriptionLimit)),
-		bandwidth:     util.NewBytesLimiter(conf.VisitorAttachmentDailyBandwidthLimit, 24*time.Hour),
-		firebase:      time.Unix(0, 0),
-		seen:          time.Now(),
+		config:              conf,
+		messageCache:        messageCache,
+		userManager:         userManager, // May be nil
+		ip:                  ip,
+		user:                user,
+		messages:            messages,
+		emails:              emails,
+		requestLimiter:      requestLimiter,
+		messagesLimiter:     messagesLimiter, // May be nil
+		emailsLimiter:       emailsLimiter,
+		subscriptionLimiter: util.NewFixedLimiter(int64(conf.VisitorSubscriptionLimit)),
+		bandwidthLimiter:    util.NewBytesLimiter(conf.VisitorAttachmentDailyBandwidthLimit, 24*time.Hour),
+		accountLimiter:      accountLimiter, // May be nil
+		firebase:            time.Unix(0, 0),
+		seen:                time.Now(),
 	}
 }

 func (v *visitor) RequestAllowed() error {
-	if !v.requests.Allow() {
+	if !v.requestLimiter.Allow() {
 		return errVisitorLimitReached
 	}
 	return nil
@@ -76,8 +141,15 @@ func (v *visitor) FirebaseTemporarilyDeny() {
 	v.firebase = time.Now().Add(v.config.FirebaseQuotaExceededPenaltyDuration)
 }

+func (v *visitor) MessageAllowed() error {
+	if v.messagesLimiter != nil && v.messagesLimiter.Allow(1) != nil {
+		return errVisitorLimitReached
+	}
+	return nil
+}
+
 func (v *visitor) EmailAllowed() error {
-	if !v.emails.Allow() {
+	if !v.emailsLimiter.Allow() {
 		return errVisitorLimitReached
 	}
 	return nil
@@ -86,7 +158,7 @@ func (v *visitor) EmailAllowed() error {
 func (v *visitor) SubscriptionAllowed() error {
 	v.mu.Lock()
 	defer v.mu.Unlock()
-	if err := v.subscriptions.Allow(1); err != nil {
+	if err := v.subscriptionLimiter.Allow(1); err != nil {
 		return errVisitorLimitReached
 	}
 	return nil
@@ -95,7 +167,7 @@ func (v *visitor) SubscriptionAllowed() error {
 func (v *visitor) RemoveSubscription() {
 	v.mu.Lock()
 	defer v.mu.Unlock()
-	v.subscriptions.Allow(-1)
+	v.subscriptionLimiter.Allow(-1)
 }

 func (v *visitor) Keepalive() {
@@ -105,7 +177,7 @@ func (v *visitor) Keepalive() {
 }

 func (v *visitor) BandwidthLimiter() util.Limiter {
-	return v.bandwidth
+	return v.bandwidthLimiter
 }

 func (v *visitor) Stale() bool {
@@ -114,19 +186,116 @@ func (v *visitor) Stale() bool {
 	return time.Since(v.seen) > visitorExpungeAfter
 }

-func (v *visitor) Stats() (*visitorStats, error) {
-	attachmentsBytesUsed, err := v.messageCache.AttachmentBytesUsed(v.ip)
+func (v *visitor) IncrementMessages() {
+	v.mu.Lock()
+	defer v.mu.Unlock()
+	v.messages++
+	if v.user != nil {
+		v.user.Stats.Messages = v.messages
+	}
+}
+
+func (v *visitor) IncrementEmails() {
+	v.mu.Lock()
+	defer v.mu.Unlock()
+	v.emails++
+	if v.user != nil {
+		v.user.Stats.Emails = v.emails
+	}
+}
+
+func (v *visitor) ResetStats() {
+	v.mu.Lock()
+	defer v.mu.Unlock()
+	v.messages = 0
+	v.emails = 0
+	if v.user != nil {
+		v.user.Stats.Messages = 0
+		v.user.Stats.Emails = 0
+		// v.messagesLimiter = ... // FIXME
+	}
+}
+
+func (v *visitor) Limits() *visitorLimits {
+	v.mu.Lock()
+	defer v.mu.Unlock()
+	limits := defaultVisitorLimits(v.config)
+	if v.user != nil && v.user.Tier != nil {
+		limits.Basis = visitorLimitBasisTier
+		limits.MessagesLimit = v.user.Tier.MessagesLimit
+		limits.MessagesExpiryDuration = v.user.Tier.MessagesExpiryDuration
+		limits.EmailsLimit = v.user.Tier.EmailsLimit
+		limits.ReservationsLimit = v.user.Tier.ReservationsLimit
+		limits.AttachmentTotalSizeLimit = v.user.Tier.AttachmentTotalSizeLimit
+		limits.AttachmentFileSizeLimit = v.user.Tier.AttachmentFileSizeLimit
+		limits.AttachmentExpiryDuration = v.user.Tier.AttachmentExpiryDuration
+	}
+	return limits
+}
+
+func (v *visitor) Info() (*visitorInfo, error) {
+	v.mu.Lock()
+	messages := v.messages
+	emails := v.emails
+	v.mu.Unlock()
+	var attachmentsBytesUsed int64
+	var err error
+	if v.user != nil {
+		attachmentsBytesUsed, err = v.messageCache.AttachmentBytesUsedByUser(v.user.Name)
+	} else {
+		attachmentsBytesUsed, err = v.messageCache.AttachmentBytesUsedBySender(v.ip.String())
+	}
 	if err != nil {
 		return nil, err
 	}
-	attachmentsBytesRemaining := v.config.VisitorAttachmentTotalSizeLimit - attachmentsBytesUsed
-	if attachmentsBytesRemaining < 0 {
-		attachmentsBytesRemaining = 0
+	var reservations int64
+	if v.user != nil && v.userManager != nil {
+		reservations, err = v.userManager.ReservationsCount(v.user.Name)
+		if err != nil {
+			return nil, err
+		}
 	}
-	return &visitorStats{
-		AttachmentFileSizeLimit:         v.config.AttachmentFileSizeLimit,
-		VisitorAttachmentBytesTotal:     v.config.VisitorAttachmentTotalSizeLimit,
-		VisitorAttachmentBytesUsed:      attachmentsBytesUsed,
-		VisitorAttachmentBytesRemaining: attachmentsBytesRemaining,
+	limits := v.Limits()
+	stats := &visitorStats{
+		Messages:                     messages,
+		MessagesRemaining:            zeroIfNegative(limits.MessagesLimit - messages),
+		Emails:                       emails,
+		EmailsRemaining:              zeroIfNegative(limits.EmailsLimit - emails),
+		Reservations:                 reservations,
+		ReservationsRemaining:        zeroIfNegative(limits.ReservationsLimit - reservations),
+		AttachmentTotalSize:          attachmentsBytesUsed,
+		AttachmentTotalSizeRemaining: zeroIfNegative(limits.AttachmentTotalSizeLimit - attachmentsBytesUsed),
+	}
+	return &visitorInfo{
+		Limits: limits,
+		Stats:  stats,
 	}, nil
 }
+
+func zeroIfNegative(value int64) int64 {
+	if value < 0 {
+		return 0
+	}
+	return value
+}
+
+func replenishDurationToDailyLimit(duration time.Duration) int64 {
+	return int64(24 * time.Hour / duration)
+}
+
+func dailyLimitToRate(limit int64) rate.Limit {
+	return rate.Limit(limit) * rate.Every(24*time.Hour)
+}
+
+func defaultVisitorLimits(conf *Config) *visitorLimits {
+	return &visitorLimits{
+		Basis:                    visitorLimitBasisIP,
+		MessagesLimit:            replenishDurationToDailyLimit(conf.VisitorRequestLimitReplenish),
+		MessagesExpiryDuration:   conf.CacheDuration,
+		EmailsLimit:              replenishDurationToDailyLimit(conf.VisitorEmailLimitReplenish),
+		ReservationsLimit:        visitorDefaultReservationsLimit,
+		AttachmentTotalSizeLimit: conf.VisitorAttachmentTotalSizeLimit,
+		AttachmentFileSizeLimit:  conf.AttachmentFileSizeLimit,
+		AttachmentExpiryDuration: conf.AttachmentExpiryDuration,
+	}
+}
--- a/user/manager.go
+++ b/user/manager.go
--- a/user/manager_test.go
+++ b/user/manager_test.go
@@ -0,0 +1,670 @@
+package user
+
+import (
+	"database/sql"
+	"github.com/stretchr/testify/require"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+)
+
+const minBcryptTimingMillis = int64(50) // Ideally should be >100ms, but this should also run on a Raspberry Pi without massive resources
+
+func TestManager_FullScenario_Default_DenyAll(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("phil", "phil", RoleAdmin, "unit-test"))
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+	require.Nil(t, a.AllowAccess("ben", "mytopic", PermissionReadWrite))
+	require.Nil(t, a.AllowAccess("ben", "readme", PermissionRead))
+	require.Nil(t, a.AllowAccess("ben", "writeme", PermissionWrite))
+	require.Nil(t, a.AllowAccess("ben", "everyonewrite", PermissionDenyAll)) // How unfair!
+	require.Nil(t, a.AllowAccess(Everyone, "announcements", PermissionRead))
+	require.Nil(t, a.AllowAccess(Everyone, "everyonewrite", PermissionReadWrite))
+	require.Nil(t, a.AllowAccess(Everyone, "up*", PermissionWrite)) // Everyone can write to /up*
+
+	phil, err := a.Authenticate("phil", "phil")
+	require.Nil(t, err)
+	require.Equal(t, "phil", phil.Name)
+	require.True(t, strings.HasPrefix(phil.Hash, "$2a$10$"))
+	require.Equal(t, RoleAdmin, phil.Role)
+
+	philGrants, err := a.Grants("phil")
+	require.Nil(t, err)
+	require.Equal(t, []Grant{}, philGrants)
+
+	ben, err := a.Authenticate("ben", "ben")
+	require.Nil(t, err)
+	require.Equal(t, "ben", ben.Name)
+	require.True(t, strings.HasPrefix(ben.Hash, "$2a$10$"))
+	require.Equal(t, RoleUser, ben.Role)
+
+	benGrants, err := a.Grants("ben")
+	require.Nil(t, err)
+	require.Equal(t, []Grant{
+		{"mytopic", PermissionReadWrite},
+		{"writeme", PermissionWrite},
+		{"readme", PermissionRead},
+		{"everyonewrite", PermissionDenyAll},
+	}, benGrants)
+
+	notben, err := a.Authenticate("ben", "this is wrong")
+	require.Nil(t, notben)
+	require.Equal(t, ErrUnauthenticated, err)
+
+	// Admin can do everything
+	require.Nil(t, a.Authorize(phil, "sometopic", PermissionWrite))
+	require.Nil(t, a.Authorize(phil, "mytopic", PermissionRead))
+	require.Nil(t, a.Authorize(phil, "readme", PermissionWrite))
+	require.Nil(t, a.Authorize(phil, "writeme", PermissionWrite))
+	require.Nil(t, a.Authorize(phil, "announcements", PermissionWrite))
+	require.Nil(t, a.Authorize(phil, "everyonewrite", PermissionWrite))
+
+	// User cannot do everything
+	require.Nil(t, a.Authorize(ben, "mytopic", PermissionWrite))
+	require.Nil(t, a.Authorize(ben, "mytopic", PermissionRead))
+	require.Nil(t, a.Authorize(ben, "readme", PermissionRead))
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "readme", PermissionWrite))
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "writeme", PermissionRead))
+	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))
+	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "everyonewrite", PermissionRead))
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "everyonewrite", PermissionWrite))
+	require.Nil(t, a.Authorize(ben, "announcements", PermissionRead))
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "announcements", PermissionWrite))
+
+	// Everyone else can do barely anything
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", PermissionRead))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "sometopicnotinthelist", PermissionWrite))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "mytopic", PermissionRead))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "mytopic", PermissionWrite))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "readme", PermissionRead))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "readme", PermissionWrite))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "writeme", PermissionRead))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "writeme", PermissionWrite))
+	require.Equal(t, ErrUnauthorized, a.Authorize(nil, "announcements", PermissionWrite))
+	require.Nil(t, a.Authorize(nil, "announcements", PermissionRead))
+	require.Nil(t, a.Authorize(nil, "everyonewrite", PermissionRead))
+	require.Nil(t, a.Authorize(nil, "everyonewrite", PermissionWrite))
+	require.Nil(t, a.Authorize(nil, "up1234", PermissionWrite)) // Wildcard permission
+	require.Nil(t, a.Authorize(nil, "up5678", PermissionWrite))
+}
+
+func TestManager_AddUser_Invalid(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Equal(t, ErrInvalidArgument, a.AddUser("  invalid  ", "pass", RoleAdmin, "unit-test"))
+	require.Equal(t, ErrInvalidArgument, a.AddUser("validuser", "pass", "invalid-role", "unit-test"))
+}
+
+func TestManager_AddUser_Timing(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	start := time.Now().UnixMilli()
+	require.Nil(t, a.AddUser("user", "pass", RoleAdmin, "unit-test"))
+	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
+}
+
+func TestManager_Authenticate_Timing(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("user", "pass", RoleAdmin, "unit-test"))
+
+	// Timing a correct attempt
+	start := time.Now().UnixMilli()
+	_, err := a.Authenticate("user", "pass")
+	require.Nil(t, err)
+	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
+
+	// Timing an incorrect attempt
+	start = time.Now().UnixMilli()
+	_, err = a.Authenticate("user", "INCORRECT")
+	require.Equal(t, ErrUnauthenticated, err)
+	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
+
+	// Timing a non-existing user attempt
+	start = time.Now().UnixMilli()
+	_, err = a.Authenticate("DOES-NOT-EXIST", "hithere")
+	require.Equal(t, ErrUnauthenticated, err)
+	require.GreaterOrEqual(t, time.Now().UnixMilli()-start, minBcryptTimingMillis)
+}
+
+func TestManager_UserManagement(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("phil", "phil", RoleAdmin, "unit-test"))
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+	require.Nil(t, a.AllowAccess("ben", "mytopic", PermissionReadWrite))
+	require.Nil(t, a.AllowAccess("ben", "readme", PermissionRead))
+	require.Nil(t, a.AllowAccess("ben", "writeme", PermissionWrite))
+	require.Nil(t, a.AllowAccess("ben", "everyonewrite", PermissionDenyAll)) // How unfair!
+	require.Nil(t, a.AllowAccess(Everyone, "announcements", PermissionRead))
+	require.Nil(t, a.AllowAccess(Everyone, "everyonewrite", PermissionReadWrite))
+
+	// Query user details
+	phil, err := a.User("phil")
+	require.Nil(t, err)
+	require.Equal(t, "phil", phil.Name)
+	require.True(t, strings.HasPrefix(phil.Hash, "$2a$10$"))
+	require.Equal(t, RoleAdmin, phil.Role)
+
+	philGrants, err := a.Grants("phil")
+	require.Nil(t, err)
+	require.Equal(t, []Grant{}, philGrants)
+
+	ben, err := a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, "ben", ben.Name)
+	require.True(t, strings.HasPrefix(ben.Hash, "$2a$10$"))
+	require.Equal(t, RoleUser, ben.Role)
+
+	benGrants, err := a.Grants("ben")
+	require.Nil(t, err)
+	require.Equal(t, []Grant{
+		{"mytopic", PermissionReadWrite},
+		{"writeme", PermissionWrite},
+		{"readme", PermissionRead},
+		{"everyonewrite", PermissionDenyAll},
+	}, benGrants)
+
+	everyone, err := a.User(Everyone)
+	require.Nil(t, err)
+	require.Equal(t, "*", everyone.Name)
+	require.Equal(t, "", everyone.Hash)
+	require.Equal(t, RoleAnonymous, everyone.Role)
+
+	everyoneGrants, err := a.Grants(Everyone)
+	require.Nil(t, err)
+	require.Equal(t, []Grant{
+		{"everyonewrite", PermissionReadWrite},
+		{"announcements", PermissionRead},
+	}, everyoneGrants)
+
+	// Ben: Before revoking
+	require.Nil(t, a.AllowAccess("ben", "mytopic", PermissionReadWrite)) // Overwrite!
+	require.Nil(t, a.AllowAccess("ben", "readme", PermissionRead))
+	require.Nil(t, a.AllowAccess("ben", "writeme", PermissionWrite))
+	require.Nil(t, a.Authorize(ben, "mytopic", PermissionRead))
+	require.Nil(t, a.Authorize(ben, "mytopic", PermissionWrite))
+	require.Nil(t, a.Authorize(ben, "readme", PermissionRead))
+	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))
+
+	// Revoke access for "ben" to "mytopic", then check again
+	require.Nil(t, a.ResetAccess("ben", "mytopic"))
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "mytopic", PermissionWrite)) // Revoked
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "mytopic", PermissionRead))  // Revoked
+	require.Nil(t, a.Authorize(ben, "readme", PermissionRead))                      // Unchanged
+	require.Nil(t, a.Authorize(ben, "writeme", PermissionWrite))                    // Unchanged
+
+	// Revoke rest of the access
+	require.Nil(t, a.ResetAccess("ben", ""))
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "readme", PermissionRead))    // Revoked
+	require.Equal(t, ErrUnauthorized, a.Authorize(ben, "wrtiteme", PermissionWrite)) // Revoked
+
+	// User list
+	users, err := a.Users()
+	require.Nil(t, err)
+	require.Equal(t, 3, len(users))
+	require.Equal(t, "phil", users[0].Name)
+	require.Equal(t, "ben", users[1].Name)
+	require.Equal(t, "*", users[2].Name)
+
+	// Remove user
+	require.Nil(t, a.RemoveUser("ben"))
+	_, err = a.User("ben")
+	require.Equal(t, ErrUserNotFound, err)
+
+	users, err = a.Users()
+	require.Nil(t, err)
+	require.Equal(t, 2, len(users))
+	require.Equal(t, "phil", users[0].Name)
+	require.Equal(t, "*", users[1].Name)
+}
+
+func TestManager_ChangePassword(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("phil", "phil", RoleAdmin, "unit-test"))
+
+	_, err := a.Authenticate("phil", "phil")
+	require.Nil(t, err)
+
+	require.Nil(t, a.ChangePassword("phil", "newpass"))
+	_, err = a.Authenticate("phil", "phil")
+	require.Equal(t, ErrUnauthenticated, err)
+	_, err = a.Authenticate("phil", "newpass")
+	require.Nil(t, err)
+}
+
+func TestManager_ChangeRole(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+	require.Nil(t, a.AllowAccess("ben", "mytopic", PermissionReadWrite))
+	require.Nil(t, a.AllowAccess("ben", "readme", PermissionRead))
+
+	ben, err := a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, RoleUser, ben.Role)
+
+	benGrants, err := a.Grants("ben")
+	require.Nil(t, err)
+	require.Equal(t, 2, len(benGrants))
+
+	require.Nil(t, a.ChangeRole("ben", RoleAdmin))
+
+	ben, err = a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, RoleAdmin, ben.Role)
+
+	benGrants, err = a.Grants("ben")
+	require.Nil(t, err)
+	require.Equal(t, 0, len(benGrants))
+}
+
+func TestManager_Reservations(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+	require.Nil(t, a.ReserveAccess("ben", "ztopic", PermissionDenyAll))
+	require.Nil(t, a.ReserveAccess("ben", "readme", PermissionRead))
+	require.Nil(t, a.AllowAccess("ben", "something-else", PermissionRead))
+
+	reservations, err := a.Reservations("ben")
+	require.Nil(t, err)
+	require.Equal(t, 2, len(reservations))
+	require.Equal(t, Reservation{
+		Topic:    "readme",
+		Owner:    PermissionReadWrite,
+		Everyone: PermissionRead,
+	}, reservations[0])
+	require.Equal(t, Reservation{
+		Topic:    "ztopic",
+		Owner:    PermissionReadWrite,
+		Everyone: PermissionDenyAll,
+	}, reservations[1])
+}
+
+func TestManager_ChangeRoleFromTierUserToAdmin(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.CreateTier(&Tier{
+		Code:                     "pro",
+		Name:                     "ntfy Pro",
+		StripePriceID:            "price123",
+		MessagesLimit:            5_000,
+		MessagesExpiryDuration:   3 * 24 * time.Hour,
+		EmailsLimit:              50,
+		ReservationsLimit:        5,
+		AttachmentFileSizeLimit:  52428800,
+		AttachmentTotalSizeLimit: 524288000,
+		AttachmentExpiryDuration: 24 * time.Hour,
+	}))
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+	require.Nil(t, a.ChangeTier("ben", "pro"))
+	require.Nil(t, a.ReserveAccess("ben", "mytopic", PermissionDenyAll))
+
+	ben, err := a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, RoleUser, ben.Role)
+	require.Equal(t, "pro", ben.Tier.Code)
+	require.Equal(t, true, ben.Tier.Paid)
+	require.Equal(t, int64(5000), ben.Tier.MessagesLimit)
+	require.Equal(t, 3*24*time.Hour, ben.Tier.MessagesExpiryDuration)
+	require.Equal(t, int64(50), ben.Tier.EmailsLimit)
+	require.Equal(t, int64(5), ben.Tier.ReservationsLimit)
+	require.Equal(t, int64(52428800), ben.Tier.AttachmentFileSizeLimit)
+	require.Equal(t, int64(524288000), ben.Tier.AttachmentTotalSizeLimit)
+	require.Equal(t, 24*time.Hour, ben.Tier.AttachmentExpiryDuration)
+
+	benGrants, err := a.Grants("ben")
+	require.Nil(t, err)
+	require.Equal(t, 1, len(benGrants))
+	require.Equal(t, PermissionReadWrite, benGrants[0].Allow)
+
+	everyoneGrants, err := a.Grants(Everyone)
+	require.Nil(t, err)
+	require.Equal(t, 1, len(everyoneGrants))
+	require.Equal(t, PermissionDenyAll, everyoneGrants[0].Allow)
+
+	benReservations, err := a.Reservations("ben")
+	require.Nil(t, err)
+	require.Equal(t, 1, len(benReservations))
+	require.Equal(t, "mytopic", benReservations[0].Topic)
+	require.Equal(t, PermissionReadWrite, benReservations[0].Owner)
+	require.Equal(t, PermissionDenyAll, benReservations[0].Everyone)
+
+	// Switch to admin, this should remove all grants and owned ACL entries
+	require.Nil(t, a.ChangeRole("ben", RoleAdmin))
+
+	benGrants, err = a.Grants("ben")
+	require.Nil(t, err)
+	require.Equal(t, 0, len(benGrants))
+
+	everyoneGrants, err = a.Grants(Everyone)
+	require.Nil(t, err)
+	require.Equal(t, 0, len(everyoneGrants))
+}
+
+func TestManager_Token_Valid(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+
+	u, err := a.User("ben")
+	require.Nil(t, err)
+
+	// Create token for user
+	token, err := a.CreateToken(u)
+	require.Nil(t, err)
+	require.NotEmpty(t, token.Value)
+	require.True(t, time.Now().Add(71*time.Hour).Unix() < token.Expires.Unix())
+
+	u2, err := a.AuthenticateToken(token.Value)
+	require.Nil(t, err)
+	require.Equal(t, u.Name, u2.Name)
+	require.Equal(t, token.Value, u2.Token)
+
+	// Remove token and auth again
+	require.Nil(t, a.RemoveToken(u2))
+	u3, err := a.AuthenticateToken(token.Value)
+	require.Equal(t, ErrUnauthenticated, err)
+	require.Nil(t, u3)
+}
+
+func TestManager_Token_Invalid(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+
+	u, err := a.AuthenticateToken(strings.Repeat("x", 32)) // 32 == token length
+	require.Nil(t, u)
+	require.Equal(t, ErrUnauthenticated, err)
+
+	u, err = a.AuthenticateToken("not long enough anyway")
+	require.Nil(t, u)
+	require.Equal(t, ErrUnauthenticated, err)
+}
+
+func TestManager_Token_Expire(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+
+	u, err := a.User("ben")
+	require.Nil(t, err)
+
+	// Create tokens for user
+	token1, err := a.CreateToken(u)
+	require.Nil(t, err)
+	require.NotEmpty(t, token1.Value)
+	require.True(t, time.Now().Add(71*time.Hour).Unix() < token1.Expires.Unix())
+
+	token2, err := a.CreateToken(u)
+	require.Nil(t, err)
+	require.NotEmpty(t, token2.Value)
+	require.NotEqual(t, token1.Value, token2.Value)
+	require.True(t, time.Now().Add(71*time.Hour).Unix() < token2.Expires.Unix())
+
+	// See that tokens work
+	_, err = a.AuthenticateToken(token1.Value)
+	require.Nil(t, err)
+
+	_, err = a.AuthenticateToken(token2.Value)
+	require.Nil(t, err)
+
+	// Modify token expiration in database
+	_, err = a.db.Exec("UPDATE user_token SET expires = 1 WHERE token = ?", token1.Value)
+	require.Nil(t, err)
+
+	// Now token1 shouldn't work anymore
+	_, err = a.AuthenticateToken(token1.Value)
+	require.Equal(t, ErrUnauthenticated, err)
+
+	result, err := a.db.Query("SELECT * from user_token WHERE token = ?", token1.Value)
+	require.Nil(t, err)
+	require.True(t, result.Next()) // Still a matching row
+	require.Nil(t, result.Close())
+
+	// Expire tokens and check database rows
+	require.Nil(t, a.RemoveExpiredTokens())
+
+	result, err = a.db.Query("SELECT * from user_token WHERE token = ?", token1.Value)
+	require.Nil(t, err)
+	require.False(t, result.Next()) // No matching row!
+	require.Nil(t, result.Close())
+}
+
+func TestManager_Token_Extend(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+
+	// Try to extend token for user without token
+	u, err := a.User("ben")
+	require.Nil(t, err)
+
+	_, err = a.ExtendToken(u)
+	require.Equal(t, errNoTokenProvided, err)
+
+	// Create token for user
+	token, err := a.CreateToken(u)
+	require.Nil(t, err)
+	require.NotEmpty(t, token.Value)
+
+	userWithToken, err := a.AuthenticateToken(token.Value)
+	require.Nil(t, err)
+
+	time.Sleep(1100 * time.Millisecond)
+
+	extendedToken, err := a.ExtendToken(userWithToken)
+	require.Nil(t, err)
+	require.Equal(t, token.Value, extendedToken.Value)
+	require.True(t, token.Expires.Unix() < extendedToken.Expires.Unix())
+}
+
+func TestManager_Token_MaxCount_AutoDelete(t *testing.T) {
+	a := newTestManager(t, PermissionDenyAll)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+
+	// Try to extend token for user without token
+	u, err := a.User("ben")
+	require.Nil(t, err)
+
+	// Tokens
+	baseTime := time.Now().Add(24 * time.Hour)
+	tokens := make([]string, 0)
+	for i := 0; i < 12; i++ {
+		token, err := a.CreateToken(u)
+		require.Nil(t, err)
+		require.NotEmpty(t, token.Value)
+		tokens = append(tokens, token.Value)
+
+		// Manually modify expiry date to avoid sorting issues (this is a hack)
+		_, err = a.db.Exec(`UPDATE user_token SET expires=? WHERE token=?`, baseTime.Add(time.Duration(i)*time.Minute).Unix(), token.Value)
+		require.Nil(t, err)
+	}
+
+	_, err = a.AuthenticateToken(tokens[0])
+	require.Equal(t, ErrUnauthenticated, err)
+
+	_, err = a.AuthenticateToken(tokens[1])
+	require.Equal(t, ErrUnauthenticated, err)
+
+	for i := 2; i < 12; i++ {
+		userWithToken, err := a.AuthenticateToken(tokens[i])
+		require.Nil(t, err, "token[%d]=%s failed", i, tokens[i])
+		require.Equal(t, "ben", userWithToken.Name)
+		require.Equal(t, tokens[i], userWithToken.Token)
+	}
+
+	var count int
+	rows, err := a.db.Query(`SELECT COUNT(*) FROM user_token`)
+	require.Nil(t, err)
+	require.True(t, rows.Next())
+	require.Nil(t, rows.Scan(&count))
+	require.Equal(t, 10, count)
+}
+
+func TestManager_EnqueueStats(t *testing.T) {
+	a, err := newManager(filepath.Join(t.TempDir(), "db"), "", PermissionReadWrite, 1500*time.Millisecond)
+	require.Nil(t, err)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+
+	// Baseline: No messages or emails
+	u, err := a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, int64(0), u.Stats.Messages)
+	require.Equal(t, int64(0), u.Stats.Emails)
+
+	u.Stats.Messages = 11
+	u.Stats.Emails = 2
+	a.EnqueueStats(u)
+
+	// Still no change, because it's queued asynchronously
+	u, err = a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, int64(0), u.Stats.Messages)
+	require.Equal(t, int64(0), u.Stats.Emails)
+
+	// After 2 seconds they should be persisted
+	time.Sleep(2 * time.Second)
+
+	u, err = a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, int64(11), u.Stats.Messages)
+	require.Equal(t, int64(2), u.Stats.Emails)
+}
+
+func TestManager_ChangeSettings(t *testing.T) {
+	a, err := newManager(filepath.Join(t.TempDir(), "db"), "", PermissionReadWrite, 1500*time.Millisecond)
+	require.Nil(t, err)
+	require.Nil(t, a.AddUser("ben", "ben", RoleUser, "unit-test"))
+
+	// No settings
+	u, err := a.User("ben")
+	require.Nil(t, err)
+	require.Nil(t, u.Prefs.Subscriptions)
+	require.Nil(t, u.Prefs.Notification)
+	require.Equal(t, "", u.Prefs.Language)
+
+	// Save with new settings
+	u.Prefs = &Prefs{
+		Language: "de",
+		Notification: &NotificationPrefs{
+			Sound:       "ding",
+			MinPriority: 2,
+		},
+		Subscriptions: []*Subscription{
+			{
+				ID:          "someID",
+				BaseURL:     "https://ntfy.sh",
+				Topic:       "mytopic",
+				DisplayName: "My Topic",
+			},
+		},
+	}
+	require.Nil(t, a.ChangeSettings(u))
+
+	// Read again
+	u, err = a.User("ben")
+	require.Nil(t, err)
+	require.Equal(t, "de", u.Prefs.Language)
+	require.Equal(t, "ding", u.Prefs.Notification.Sound)
+	require.Equal(t, 2, u.Prefs.Notification.MinPriority)
+	require.Equal(t, 0, u.Prefs.Notification.DeleteAfter)
+	require.Equal(t, "someID", u.Prefs.Subscriptions[0].ID)
+	require.Equal(t, "https://ntfy.sh", u.Prefs.Subscriptions[0].BaseURL)
+	require.Equal(t, "mytopic", u.Prefs.Subscriptions[0].Topic)
+	require.Equal(t, "My Topic", u.Prefs.Subscriptions[0].DisplayName)
+}
+
+func TestSqliteCache_Migration_From1(t *testing.T) {
+	filename := filepath.Join(t.TempDir(), "user.db")
+	db, err := sql.Open("sqlite3", filename)
+	require.Nil(t, err)
+
+	// Create "version 1" schema
+	_, err = db.Exec(`
+		BEGIN;
+		CREATE TABLE IF NOT EXISTS user (
+			user TEXT NOT NULL PRIMARY KEY,
+			pass TEXT NOT NULL,
+			role TEXT NOT NULL
+		);
+		CREATE TABLE IF NOT EXISTS access (
+			user TEXT NOT NULL,		
+			topic TEXT NOT NULL,
+			read INT NOT NULL,
+			write INT NOT NULL,
+			PRIMARY KEY (topic, user)
+		);
+		CREATE TABLE IF NOT EXISTS schemaVersion (
+			id INT PRIMARY KEY,
+			version INT NOT NULL
+		);
+		INSERT INTO schemaVersion (id, version) VALUES (1, 1);
+		COMMIT;	
+	`)
+	require.Nil(t, err)
+
+	// Insert a bunch of users and ACL entries
+	_, err = db.Exec(`
+		BEGIN;
+		INSERT INTO user (user, pass, role) VALUES ('ben', '$2a$10$EEp6gBheOsqEFsXlo523E.gBVoeg1ytphXiEvTPlNzkenBlHZBPQy', 'user');
+		INSERT INTO user (user, pass, role) VALUES ('phil', '$2a$10$YLiO8U21sX1uhZamTLJXHuxgVC0Z/GKISibrKCLohPgtG7yIxSk4C', 'admin');
+		INSERT INTO access (user, topic, read, write) VALUES ('ben', 'stats', 1, 1);
+		INSERT INTO access (user, topic, read, write) VALUES ('ben', 'secret', 1, 0);
+		INSERT INTO access (user, topic, read, write) VALUES ('*', 'stats', 1, 0);
+		COMMIT;	
+	`)
+	require.Nil(t, err)
+
+	// Create manager to trigger migration
+	a := newTestManagerFromFile(t, filename, "", PermissionDenyAll, userStatsQueueWriterInterval)
+	checkSchemaVersion(t, a.db)
+
+	users, err := a.Users()
+	require.Nil(t, err)
+	require.Equal(t, 3, len(users))
+	phil, ben, everyone := users[0], users[1], users[2]
+
+	philGrants, err := a.Grants("phil")
+	require.Nil(t, err)
+
+	benGrants, err := a.Grants("ben")
+	require.Nil(t, err)
+
+	everyoneGrants, err := a.Grants(Everyone)
+	require.Nil(t, err)
+
+	require.Equal(t, "phil", phil.Name)
+	require.Equal(t, RoleAdmin, phil.Role)
+	require.Equal(t, syncTopicLength, len(phil.SyncTopic))
+	require.Equal(t, 0, len(philGrants))
+
+	require.Equal(t, "ben", ben.Name)
+	require.Equal(t, RoleUser, ben.Role)
+	require.Equal(t, syncTopicLength, len(ben.SyncTopic))
+	require.NotEqual(t, ben.SyncTopic, phil.SyncTopic)
+	require.Equal(t, 2, len(benGrants))
+	require.Equal(t, "stats", benGrants[0].TopicPattern)
+	require.Equal(t, PermissionReadWrite, benGrants[0].Allow)
+	require.Equal(t, "secret", benGrants[1].TopicPattern)
+	require.Equal(t, PermissionRead, benGrants[1].Allow)
+
+	require.Equal(t, Everyone, everyone.Name)
+	require.Equal(t, RoleAnonymous, everyone.Role)
+	require.Equal(t, 1, len(everyoneGrants))
+	require.Equal(t, "stats", everyoneGrants[0].TopicPattern)
+	require.Equal(t, PermissionRead, everyoneGrants[0].Allow)
+}
+
+func checkSchemaVersion(t *testing.T, db *sql.DB) {
+	rows, err := db.Query(`SELECT version FROM schemaVersion`)
+	require.Nil(t, err)
+	require.True(t, rows.Next())
+
+	var schemaVersion int
+	require.Nil(t, rows.Scan(&schemaVersion))
+	require.Equal(t, currentSchemaVersion, schemaVersion)
+	require.Nil(t, rows.Close())
+}
+
+func newTestManager(t *testing.T, defaultAccess Permission) *Manager {
+	return newTestManagerFromFile(t, filepath.Join(t.TempDir(), "user.db"), "", defaultAccess, userStatsQueueWriterInterval)
+}
+
+func newTestManagerFromFile(t *testing.T, filename, startupQueries string, defaultAccess Permission, statsWriterInterval time.Duration) *Manager {
+	a, err := newManager(filename, startupQueries, defaultAccess, statsWriterInterval)
+	require.Nil(t, err)
+	return a
+}
--- a/user/types.go
+++ b/user/types.go
@@ -0,0 +1,230 @@
+// Package user deals with authentication and authorization against topics
+package user
+
+import (
+	"errors"
+	"github.com/stripe/stripe-go/v74"
+	"regexp"
+	"time"
+)
+
+// User is a struct that represents a user
+type User struct {
+	Name      string
+	Hash      string // password hash (bcrypt)
+	Token     string // Only set if token was used to log in
+	Role      Role
+	Prefs     *Prefs
+	Tier      *Tier
+	Stats     *Stats
+	Billing   *Billing
+	SyncTopic string
+	Created   time.Time
+	LastSeen  time.Time
+}
+
+// Auther is an interface for authentication and authorization
+type Auther interface {
+	// Authenticate checks username and password and returns a user if correct. The method
+	// returns in constant-ish time, regardless of whether the user exists or the password is
+	// correct or incorrect.
+	Authenticate(username, password string) (*User, error)
+
+	// Authorize returns nil if the given user has access to the given topic using the desired
+	// permission. The user param may be nil to signal an anonymous user.
+	Authorize(user *User, topic string, perm Permission) error
+}
+
+// Token represents a user token, including expiry date
+type Token struct {
+	Value   string
+	Expires time.Time
+}
+
+// Prefs represents a user's configuration settings
+type Prefs struct {
+	Language      string             `json:"language,omitempty"`
+	Notification  *NotificationPrefs `json:"notification,omitempty"`
+	Subscriptions []*Subscription    `json:"subscriptions,omitempty"`
+}
+
+// Tier represents a user's account type, including its account limits
+type Tier struct {
+	Code                     string
+	Name                     string
+	Paid                     bool
+	MessagesLimit            int64
+	MessagesExpiryDuration   time.Duration
+	EmailsLimit              int64
+	ReservationsLimit        int64
+	AttachmentFileSizeLimit  int64
+	AttachmentTotalSizeLimit int64
+	AttachmentExpiryDuration time.Duration
+	StripePriceID            string
+}
+
+// Subscription represents a user's topic subscription
+type Subscription struct {
+	ID          string `json:"id"`
+	BaseURL     string `json:"base_url"`
+	Topic       string `json:"topic"`
+	DisplayName string `json:"display_name"`
+}
+
+// NotificationPrefs represents the user's notification settings
+type NotificationPrefs struct {
+	Sound       string `json:"sound,omitempty"`
+	MinPriority int    `json:"min_priority,omitempty"`
+	DeleteAfter int    `json:"delete_after,omitempty"`
+}
+
+// Stats is a struct holding daily user statistics
+type Stats struct {
+	Messages int64
+	Emails   int64
+}
+
+// Billing is a struct holding a user's billing information
+type Billing struct {
+	StripeCustomerID            string
+	StripeSubscriptionID        string
+	StripeSubscriptionStatus    stripe.SubscriptionStatus
+	StripeSubscriptionPaidUntil time.Time
+	StripeSubscriptionCancelAt  time.Time
+}
+
+// Grant is a struct that represents an access control entry to a topic by a user
+type Grant struct {
+	TopicPattern string // May include wildcard (*)
+	Allow        Permission
+}
+
+// Reservation is a struct that represents the ownership over a topic by a user
+type Reservation struct {
+	Topic    string
+	Owner    Permission
+	Everyone Permission
+}
+
+// Permission represents a read or write permission to a topic
+type Permission uint8
+
+// Permissions to a topic
+const (
+	PermissionDenyAll Permission = iota
+	PermissionRead
+	PermissionWrite
+	PermissionReadWrite // 3!
+)
+
+// NewPermission is a helper to create a Permission based on read/write bool values
+func NewPermission(read, write bool) Permission {
+	p := uint8(0)
+	if read {
+		p |= uint8(PermissionRead)
+	}
+	if write {
+		p |= uint8(PermissionWrite)
+	}
+	return Permission(p)
+}
+
+// ParsePermission parses the string representation and returns a Permission
+func ParsePermission(s string) (Permission, error) {
+	switch s {
+	case "read-write", "rw":
+		return NewPermission(true, true), nil
+	case "read-only", "read", "ro":
+		return NewPermission(true, false), nil
+	case "write-only", "write", "wo":
+		return NewPermission(false, true), nil
+	case "deny-all", "deny", "none":
+		return NewPermission(false, false), nil
+	default:
+		return NewPermission(false, false), errors.New("invalid permission")
+	}
+}
+
+// IsRead returns true if readable
+func (p Permission) IsRead() bool {
+	return p&PermissionRead != 0
+}
+
+// IsWrite returns true if writable
+func (p Permission) IsWrite() bool {
+	return p&PermissionWrite != 0
+}
+
+// IsReadWrite returns true if readable and writable
+func (p Permission) IsReadWrite() bool {
+	return p.IsRead() && p.IsWrite()
+}
+
+// String returns a string representation of the permission
+func (p Permission) String() string {
+	if p.IsReadWrite() {
+		return "read-write"
+	} else if p.IsRead() {
+		return "read-only"
+	} else if p.IsWrite() {
+		return "write-only"
+	}
+	return "deny-all"
+}
+
+// Role represents a user's role, either admin or regular user
+type Role string
+
+// User roles
+const (
+	RoleAdmin     = Role("admin") // Some queries have these values hardcoded!
+	RoleUser      = Role("user")
+	RoleAnonymous = Role("anonymous")
+)
+
+// Everyone is a special username representing anonymous users
+const (
+	Everyone = "*"
+)
+
+var (
+	allowedUsernameRegex     = regexp.MustCompile(`^[-_.@a-zA-Z0-9]+$`)     // Does not include Everyone (*)
+	allowedTopicRegex        = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)  // No '*'
+	allowedTopicPatternRegex = regexp.MustCompile(`^[-_*A-Za-z0-9]{1,64}$`) // Adds '*' for wildcards!
+	allowedTierRegex         = regexp.MustCompile(`^[-_A-Za-z0-9]{1,64}$`)
+)
+
+// AllowedRole returns true if the given role can be used for new users
+func AllowedRole(role Role) bool {
+	return role == RoleUser || role == RoleAdmin
+}
+
+// AllowedUsername returns true if the given username is valid
+func AllowedUsername(username string) bool {
+	return allowedUsernameRegex.MatchString(username)
+}
+
+// AllowedTopic returns true if the given topic name is valid
+func AllowedTopic(topic string) bool {
+	return allowedTopicRegex.MatchString(topic)
+}
+
+// AllowedTopicPattern returns true if the given topic pattern is valid; this includes the wildcard character (*)
+func AllowedTopicPattern(topic string) bool {
+	return allowedTopicPatternRegex.MatchString(topic)
+}
+
+// AllowedTier returns true if the given tier name is valid
+func AllowedTier(tier string) bool {
+	return allowedTierRegex.MatchString(tier)
+}
+
+// Error constants used by the package
+var (
+	ErrUnauthenticated     = errors.New("unauthenticated")
+	ErrUnauthorized        = errors.New("unauthorized")
+	ErrInvalidArgument     = errors.New("invalid argument")
+	ErrUserNotFound        = errors.New("user not found")
+	ErrTierNotFound        = errors.New("tier not found")
+	ErrTooManyReservations = errors.New("new tier has lower reservation limit")
+)
--- a/util/batching_queue.go
+++ b/util/batching_queue.go
@@ -0,0 +1,86 @@
+package util
+
+import (
+	"sync"
+	"time"
+)
+
+// BatchingQueue is a queue that creates batches of the enqueued elements based on a
+// max batch size and a batch timeout.
+//
+// Example:
+//
+//	q := NewBatchingQueue[int](2, 500 * time.Millisecond)
+//	go func() {
+//	  for batch := range q.Dequeue() {
+//	    fmt.Println(batch)
+//	  }
+//	}()
+//	q.Enqueue(1)
+//	q.Enqueue(2)
+//	q.Enqueue(3)
+//	time.Sleep(time.Second)
+//
+// This example will emit batch [1, 2] immediately (because the batch size is 2), and
+// a batch [3] after 500ms.
+type BatchingQueue[T any] struct {
+	batchSize int
+	timeout   time.Duration
+	in        []T
+	out       chan []T
+	mu        sync.Mutex
+}
+
+// NewBatchingQueue creates a new BatchingQueue
+func NewBatchingQueue[T any](batchSize int, timeout time.Duration) *BatchingQueue[T] {
+	q := &BatchingQueue[T]{
+		batchSize: batchSize,
+		timeout:   timeout,
+		in:        make([]T, 0),
+		out:       make(chan []T),
+	}
+	go q.timeoutTicker()
+	return q
+}
+
+// Enqueue enqueues an element to the queue. If the configured batch size is reached,
+// the batch will be emitted immediately.
+func (q *BatchingQueue[T]) Enqueue(element T) {
+	q.mu.Lock()
+	q.in = append(q.in, element)
+	var elements []T
+	if len(q.in) == q.batchSize {
+		elements = q.dequeueAll()
+	}
+	q.mu.Unlock()
+	if len(elements) > 0 {
+		q.out <- elements
+	}
+}
+
+// Dequeue returns a channel emitting batches of elements
+func (q *BatchingQueue[T]) Dequeue() <-chan []T {
+	return q.out
+}
+
+func (q *BatchingQueue[T]) dequeueAll() []T {
+	elements := make([]T, len(q.in))
+	copy(elements, q.in)
+	q.in = q.in[:0]
+	return elements
+}
+
+func (q *BatchingQueue[T]) timeoutTicker() {
+	if q.timeout == 0 {
+		return
+	}
+	ticker := time.NewTicker(q.timeout)
+	for range ticker.C {
+		q.mu.Lock()
+		elements := q.dequeueAll()
+		q.mu.Unlock()
+		if len(elements) > 0 {
+			q.out <- elements
+		}
+	}
+}
--- a/util/batching_queue_test.go
+++ b/util/batching_queue_test.go
@@ -0,0 +1,58 @@
+package util_test
+
+import (
+	"github.com/stretchr/testify/require"
+	"heckel.io/ntfy/util"
+	"math/rand"
+	"sync"
+	"testing"
+	"time"
+)
+
+func TestBatchingQueue_InfTimeout(t *testing.T) {
+	q := util.NewBatchingQueue[int](25, 1*time.Hour)
+	batches, total := make([][]int, 0), 0
+	var mu sync.Mutex
+	go func() {
+		for batch := range q.Dequeue() {
+			mu.Lock()
+			batches = append(batches, batch)
+			total += len(batch)
+			mu.Unlock()
+		}
+	}()
+	for i := 0; i < 101; i++ {
+		go q.Enqueue(i)
+	}
+	time.Sleep(time.Second)
+	mu.Lock()
+	require.Equal(t, 100, total) // One is missing, stuck in the last batch!
+	require.Equal(t, 4, len(batches))
+	mu.Unlock()
+}
+
+func TestBatchingQueue_WithTimeout(t *testing.T) {
+	q := util.NewBatchingQueue[int](25, 100*time.Millisecond)
+	batches, total := make([][]int, 0), 0
+	var mu sync.Mutex
+	go func() {
+		for batch := range q.Dequeue() {
+			mu.Lock()
+			batches = append(batches, batch)
+			total += len(batch)
+			mu.Unlock()
+		}
+	}()
+	for i := 0; i < 101; i++ {
+		go func(i int) {
+			time.Sleep(time.Duration(rand.Intn(700)) * time.Millisecond)
+			q.Enqueue(i)
+		}(i)
+	}
+	time.Sleep(time.Second)
+	mu.Lock()
+	require.Equal(t, 101, total)
+	require.True(t, len(batches) > 4) // 101/25
+	require.True(t, len(batches) < 21)
+	mu.Unlock()
+}
--- a/util/embedfs.go
+++ b/util/embedfs.go
@@ -11,14 +11,13 @@ import (
 // CachingEmbedFS is a wrapper around embed.FS that allows setting a ModTime, so that the
 // default static file server can send 304s back. It can be used like this:
 //
-//   var (
-//      //go:embed docs
-//      docsStaticFs     embed.FS
-//      docsStaticCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: docsStaticFs}
-//   )
-//
-// 	 http.FileServer(http.FS(docsStaticCached)).ServeHTTP(w, r)
+//	  var (
+//	     //go:embed docs
+//	     docsStaticFs     embed.FS
+//	     docsStaticCached = &util.CachingEmbedFS{ModTime: time.Now(), FS: docsStaticFs}
+//	  )
 //
+//		 http.FileServer(http.FS(docsStaticCached)).ServeHTTP(w, r)
 type CachingEmbedFS struct {
 	ModTime time.Time
 	FS      embed.FS
--- a/util/gzip_handler.go
+++ b/util/gzip_handler.go
@@ -3,7 +3,6 @@ package util
 import (
 	"compress/gzip"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"strings"
 	"sync"
@@ -31,8 +30,8 @@ func Gzip(next http.Handler) http.Handler {
 }

 var gzPool = sync.Pool{
-	New: func() interface{} {
-		w := gzip.NewWriter(ioutil.Discard)
+	New: func() any {
+		w := gzip.NewWriter(io.Discard)
 		return w
 	},
 }
--- a/util/lookup_cache.go
+++ b/util/lookup_cache.go
@@ -0,0 +1,52 @@
+package util
+
+import (
+	"sync"
+	"time"
+)
+
+// LookupCache is a single-value cache with a time-to-live (TTL). The cache has a lookup function
+// to retrieve the value and stores it until TTL is reached.
+//
+// Example:
+//
+//	    lookup := func() (string, error) {
+//		   r, _ := http.Get("...")
+//		   s, _ := io.ReadAll(r.Body)
+//		   return string(s), nil
+//		}
+//		c := NewLookupCache[string](lookup, time.Hour)
+//		fmt.Println(c.Get()) // Fetches the string via HTTP
+//		fmt.Println(c.Get()) // Uses cached value
+type LookupCache[T any] struct {
+	value   *T
+	lookup  func() (T, error)
+	ttl     time.Duration
+	updated time.Time
+	mu      sync.Mutex
+}
+
+// NewLookupCache creates a new LookupCache with a given time-to-live (TTL)
+func NewLookupCache[T any](lookup func() (T, error), ttl time.Duration) *LookupCache[T] {
+	return &LookupCache[T]{
+		value:  nil,
+		lookup: lookup,
+		ttl:    ttl,
+	}
+}
+
+// Value returns the cached value, or retrieves it via the lookup function
+func (c *LookupCache[T]) Value() (T, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.value == nil || (c.ttl > 0 && time.Since(c.updated) > c.ttl) {
+		value, err := c.lookup()
+		if err != nil {
+			var t T
+			return t, err
+		}
+		c.value = &value
+		c.updated = time.Now()
+	}
+	return *c.value, nil
+}
--- a/util/lookup_cache_test.go
+++ b/util/lookup_cache_test.go
@@ -0,0 +1,63 @@
+package util
+
+import (
+	"errors"
+	"github.com/stretchr/testify/require"
+	"testing"
+	"time"
+)
+
+func TestLookupCache_Success(t *testing.T) {
+	values, i := []string{"first", "second"}, 0
+	c := NewLookupCache[string](func() (string, error) {
+		time.Sleep(300 * time.Millisecond)
+		v := values[i]
+		i++
+		return v, nil
+	}, 500*time.Millisecond)
+
+	start := time.Now()
+	v, err := c.Value()
+	require.Nil(t, err)
+	require.Equal(t, values[0], v)
+	require.True(t, time.Since(start) >= 300*time.Millisecond)
+
+	start = time.Now()
+	v, err = c.Value()
+	require.Nil(t, err)
+	require.Equal(t, values[0], v)
+	require.True(t, time.Since(start) < 200*time.Millisecond)
+
+	time.Sleep(550 * time.Millisecond)
+
+	start = time.Now()
+	v, err = c.Value()
+	require.Nil(t, err)
+	require.Equal(t, values[1], v)
+	require.True(t, time.Since(start) >= 300*time.Millisecond)
+
+	start = time.Now()
+	v, err = c.Value()
+	require.Nil(t, err)
+	require.Equal(t, values[1], v)
+	require.True(t, time.Since(start) < 200*time.Millisecond)
+}
+
+func TestLookupCache_Error(t *testing.T) {
+	c := NewLookupCache[string](func() (string, error) {
+		time.Sleep(200 * time.Millisecond)
+		return "", errors.New("some error")
+	}, 500*time.Millisecond)
+
+	start := time.Now()
+	v, err := c.Value()
+	require.NotNil(t, err)
+	require.Equal(t, "", v)
+	require.True(t, time.Since(start) >= 200*time.Millisecond)
+
+	start = time.Now()
+	v, err = c.Value()
+	require.NotNil(t, err)
+	require.Equal(t, "", v)
+	require.True(t, time.Since(start) >= 200*time.Millisecond)
+}
--- a/util/time.go
+++ b/util/time.go
@@ -14,6 +14,18 @@ var (
 	durationStrRegex  = regexp.MustCompile(`(?i)^(\d+)\s*(d|days?|h|hours?|m|mins?|minutes?|s|secs?|seconds?)$`)
 )

+// NextOccurrenceUTC takes a time of day (e.g. 9:00am), and returns the next occurrence
+// of that time from the current time (in UTC).
+func NextOccurrenceUTC(timeOfDay, base time.Time) time.Time {
+	hour, minute, seconds := timeOfDay.Clock()
+	now := base.UTC()
+	next := time.Date(now.Year(), now.Month(), now.Day(), hour, minute, seconds, 0, time.UTC)
+	if next.Before(now) {
+		next = next.AddDate(0, 0, 1)
+	}
+	return next
+}
+
 // ParseFutureTime parses a date/time string to a time.Time. It supports unix timestamps, durations
 // and natural language dates
 func ParseFutureTime(s string, now time.Time) (time.Time, error) {
--- a/util/time_test.go
+++ b/util/time_test.go
@@ -11,6 +11,26 @@ var (
 	base = time.Date(2021, 12, 10, 10, 17, 23, 0, time.UTC)
 )

+func TestNextOccurrenceUTC_NextDate(t *testing.T) {
+	loc, err := time.LoadLocation("America/New_York")
+	require.Nil(t, err)
+
+	timeOfDay := time.Date(0, 0, 0, 0, 0, 0, 0, time.UTC) // Run at midnight UTC
+	nowInFairfieldCT := time.Date(2023, time.January, 10, 22, 19, 12, 0, loc)
+	nextRunTme := NextOccurrenceUTC(timeOfDay, nowInFairfieldCT)
+	require.Equal(t, time.Date(2023, time.January, 12, 0, 0, 0, 0, time.UTC), nextRunTme)
+}
+
+func TestNextOccurrenceUTC_SameDay(t *testing.T) {
+	loc, err := time.LoadLocation("America/New_York")
+	require.Nil(t, err)
+
+	timeOfDay := time.Date(0, 0, 0, 4, 0, 0, 0, time.UTC) // Run at 4am UTC
+	nowInFairfieldCT := time.Date(2023, time.January, 10, 22, 19, 12, 0, loc)
+	nextRunTme := NextOccurrenceUTC(timeOfDay, nowInFairfieldCT)
+	require.Equal(t, time.Date(2023, time.January, 11, 4, 0, 0, 0, time.UTC), nextRunTme)
+}
+
 func TestParseFutureTime_11am_FutureTime(t *testing.T) {
 	d, err := ParseFutureTime("11am", base)
 	require.Nil(t, err)
--- a/util/util.go
+++ b/util/util.go
@@ -5,16 +5,18 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/gabriel-vasile/mimetype"
-	"golang.org/x/term"
 	"io"
 	"math/rand"
+	"net/netip"
 	"os"
 	"regexp"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
+
+	"github.com/gabriel-vasile/mimetype"
+	"golang.org/x/term"
 )

 const (
@@ -29,14 +31,20 @@ var (
 	noQuotesRegex      = regexp.MustCompile(`^[-_./:@a-zA-Z0-9]+$`)
 )

+// Errors for UnmarshalJSON and UnmarshalJSONWithLimit functions
+var (
+	ErrUnmarshalJSON = errors.New("unmarshalling JSON failed")
+	ErrTooLargeJSON  = errors.New("too large JSON")
+)
+
 // FileExists checks if a file exists, and returns true if it does
 func FileExists(filename string) bool {
 	stat, _ := os.Stat(filename)
 	return stat != nil
 }

-// InStringList returns true if needle is contained in haystack
-func InStringList(haystack []string, needle string) bool {
+// Contains returns true if needle is contained in haystack
+func Contains[T comparable](haystack []T, needle T) bool {
 	for _, s := range haystack {
 		if s == needle {
 			return true
@@ -45,8 +53,18 @@ func InStringList(haystack []string, needle string) bool {
 	return false
 }

-// InStringListAll returns true if all needles are contained in haystack
-func InStringListAll(haystack []string, needles []string) bool {
+// ContainsIP returns true if any one of the of prefixes contains the ip.
+func ContainsIP(haystack []netip.Prefix, needle netip.Addr) bool {
+	for _, s := range haystack {
+		if s.Contains(needle) {
+			return true
+		}
+	}
+	return false
+}
+
+// ContainsAll returns true if all needles are contained in haystack
+func ContainsAll[T comparable](haystack []T, needles []T) bool {
 	matches := 0
 	for _, s := range haystack {
 		for _, needle := range needles {
@@ -58,16 +76,6 @@ func InStringListAll(haystack []string, needles []string) bool {
 	return matches == len(needles)
 }

-// InIntList returns true if needle is contained in haystack
-func InIntList(haystack []int, needle int) bool {
-	for _, s := range haystack {
-		if s == needle {
-			return true
-		}
-	}
-	return false
-}
-
 // SplitNoEmpty splits a string using strings.Split, but filters out empty strings
 func SplitNoEmpty(s string, sep string) []string {
 	res := make([]string, 0)
@@ -123,7 +131,8 @@ func ValidRandomString(s string, length int) bool {

 // ParsePriority parses a priority string into its equivalent integer value
 func ParsePriority(priority string) (int, error) {
-	switch strings.TrimSpace(strings.ToLower(priority)) {
+	p := strings.TrimSpace(strings.ToLower(priority))
+	switch p {
 	case "":
 		return 0, nil
 	case "1", "min":
@@ -137,6 +146,11 @@ func ParsePriority(priority string) (int, error) {
 	case "5", "max", "urgent":
 		return 5, nil
 	default:
+		// Ignore new HTTP Priority header (see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-priority)
+		// Cloudflare adds this to requests when forwarding to the backend (ntfy), so we just ignore it.
+		if strings.HasPrefix(p, "u=") {
+			return 3, nil
+		}
 		return 0, errInvalidPriority
 	}
 }
@@ -243,9 +257,14 @@ func BasicAuth(user, pass string) string {
 	return fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", user, pass))))
 }

+// BearerAuth encodes the Authorization header value for a bearer/token auth
+func BearerAuth(token string) string {
+	return fmt.Sprintf("Bearer %s", token)
+}
+
 // MaybeMarshalJSON returns a JSON string of the given object, or "<cannot serialize>" if serialization failed.
 // This is useful for logging purposes where a failure doesn't matter that much.
-func MaybeMarshalJSON(v interface{}) string {
+func MaybeMarshalJSON(v any) string {
 	jsonBytes, err := json.MarshalIndent(v, "", "  ")
 	if err != nil {
 		return "<cannot serialize>"
@@ -262,7 +281,8 @@ func MaybeMarshalJSON(v interface{}) string {
 // Warning: Never use this function with the intent to run the resulting command.
 //
 // Example:
-//    []string{"ls", "-al", "Document Folder"} -> ls -al "Document Folder"
+//
+//	[]string{"ls", "-al", "Document Folder"} -> ls -al "Document Folder"
 func QuoteCommand(command []string) string {
 	var quoted []string
 	for _, c := range command {
@@ -274,3 +294,28 @@ func QuoteCommand(command []string) string {
 	}
 	return strings.Join(quoted, " ")
 }
+
+// UnmarshalJSON reads the given io.ReadCloser into a struct
+func UnmarshalJSON[T any](body io.ReadCloser) (*T, error) {
+	var obj T
+	if err := json.NewDecoder(body).Decode(&obj); err != nil {
+		return nil, ErrUnmarshalJSON
+	}
+	return &obj, nil
+}
+
+// UnmarshalJSONWithLimit reads the given io.ReadCloser into a struct, but only until limit is reached
+func UnmarshalJSONWithLimit[T any](r io.ReadCloser, limit int) (*T, error) {
+	defer r.Close()
+	p, err := Peek(r, limit)
+	if err != nil {
+		return nil, err
+	} else if p.LimitReached {
+		return nil, ErrTooLargeJSON
+	}
+	var obj T
+	if err := json.NewDecoder(p).Decode(&obj); err != nil {
+		return nil, ErrUnmarshalJSON
+	}
+	return &obj, nil
+}
--- a/util/util_test.go
+++ b/util/util_test.go
@@ -1,10 +1,14 @@
 package util

 import (
-	"github.com/stretchr/testify/require"
-	"io/ioutil"
+	"io"
+	"net/netip"
+	"os"
 	"path/filepath"
+	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/require"
 )

 func TestRandomString(t *testing.T) {
@@ -19,27 +23,34 @@ func TestRandomString(t *testing.T) {

 func TestFileExists(t *testing.T) {
 	filename := filepath.Join(t.TempDir(), "somefile.txt")
-	require.Nil(t, ioutil.WriteFile(filename, []byte{0x25, 0x86}, 0600))
+	require.Nil(t, os.WriteFile(filename, []byte{0x25, 0x86}, 0600))
 	require.True(t, FileExists(filename))
 	require.False(t, FileExists(filename+".doesnotexist"))
 }

 func TestInStringList(t *testing.T) {
 	s := []string{"one", "two"}
-	require.True(t, InStringList(s, "two"))
-	require.False(t, InStringList(s, "three"))
+	require.True(t, Contains(s, "two"))
+	require.False(t, Contains(s, "three"))
 }

 func TestInStringListAll(t *testing.T) {
 	s := []string{"one", "two", "three", "four"}
-	require.True(t, InStringListAll(s, []string{"two", "four"}))
-	require.False(t, InStringListAll(s, []string{"three", "five"}))
+	require.True(t, ContainsAll(s, []string{"two", "four"}))
+	require.False(t, ContainsAll(s, []string{"three", "five"}))
 }

-func TestInIntList(t *testing.T) {
+func TestContains(t *testing.T) {
 	s := []int{1, 2}
-	require.True(t, InIntList(s, 2))
-	require.False(t, InIntList(s, 3))
+	require.True(t, Contains(s, 2))
+	require.False(t, Contains(s, 3))
+}
+
+func TestContainsIP(t *testing.T) {
+	require.True(t, ContainsIP([]netip.Prefix{netip.MustParsePrefix("fd00::/8"), netip.MustParsePrefix("1.1.0.0/16")}, netip.MustParseAddr("1.1.1.1")))
+	require.True(t, ContainsIP([]netip.Prefix{netip.MustParsePrefix("fd00::/8"), netip.MustParsePrefix("1.1.0.0/16")}, netip.MustParseAddr("fd12:1234:5678::9876")))
+	require.False(t, ContainsIP([]netip.Prefix{netip.MustParsePrefix("fd00::/8"), netip.MustParsePrefix("1.1.0.0/16")}, netip.MustParseAddr("1.2.0.1")))
+	require.False(t, ContainsIP([]netip.Prefix{netip.MustParsePrefix("fd00::/8"), netip.MustParsePrefix("1.1.0.0/16")}, netip.MustParseAddr("fc00::1")))
 }

 func TestSplitNoEmpty(t *testing.T) {
@@ -60,13 +71,22 @@ func TestParsePriority(t *testing.T) {
 }

 func TestParsePriority_Invalid(t *testing.T) {
-	priorities := []string{"-1", "6", "aa", "-"}
+	priorities := []string{"-1", "6", "aa", "-", "o=1"}
 	for _, priority := range priorities {
 		_, err := ParsePriority(priority)
 		require.Equal(t, errInvalidPriority, err)
 	}
 }

+func TestParsePriority_HTTPSpecPriority(t *testing.T) {
+	priorities := []string{"u=1", "u=3", "u=7, i"} // see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-priority
+	for _, priority := range priorities {
+		actual, err := ParsePriority(priority)
+		require.Nil(t, err)
+		require.Equal(t, 3, actual) // Always expect 3!
+	}
+}
+
 func TestPriorityString(t *testing.T) {
 	priorities := []int{0, 1, 2, 3, 4, 5}
 	expected := []string{"default", "min", "low", "default", "high", "max"}
@@ -143,3 +163,40 @@ func TestQuoteCommand(t *testing.T) {
 	require.Equal(t, `rsync -av /home/phil/ root@example.com:/home/phil/`, QuoteCommand([]string{"rsync", "-av", "/home/phil/", "root@example.com:/home/phil/"}))
 	require.Equal(t, `/home/sweet/home "Äöü this is a test" "\a\b"`, QuoteCommand([]string{"/home/sweet/home", "Äöü this is a test", "\\a\\b"}))
 }
+
+func TestBasicAuth(t *testing.T) {
+	require.Equal(t, "Basic cGhpbDpwaGls", BasicAuth("phil", "phil"))
+}
+
+func TestBearerAuth(t *testing.T) {
+	require.Equal(t, "Bearer sometoken", BearerAuth("sometoken"))
+}
+
+type testJSON struct {
+	Name      string `json:"name"`
+	Something int    `json:"something"`
+}
+
+func TestReadJSON_Success(t *testing.T) {
+	v, err := UnmarshalJSON[testJSON](io.NopCloser(strings.NewReader(`{"name":"some name","something":99}`)))
+	require.Nil(t, err)
+	require.Equal(t, "some name", v.Name)
+	require.Equal(t, 99, v.Something)
+}
+
+func TestReadJSON_Failure(t *testing.T) {
+	_, err := UnmarshalJSON[testJSON](io.NopCloser(strings.NewReader(`{"na`)))
+	require.Equal(t, ErrUnmarshalJSON, err)
+}
+
+func TestReadJSONWithLimit_Success(t *testing.T) {
+	v, err := UnmarshalJSONWithLimit[testJSON](io.NopCloser(strings.NewReader(`{"name":"some name","something":99}`)), 100)
+	require.Nil(t, err)
+	require.Equal(t, "some name", v.Name)
+	require.Equal(t, 99, v.Something)
+}
+
+func TestReadJSONWithLimit_FailureTooLong(t *testing.T) {
+	_, err := UnmarshalJSONWithLimit[testJSON](io.NopCloser(strings.NewReader(`{"name":"some name","something":99}`)), 10)
+	require.Equal(t, ErrTooLargeJSON, err)
+}
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@@ -15,6 +15,7 @@
    "@mui/material": "latest",
    "dexie": "^3.2.1",
    "dexie-react-hooks": "^1.1.1",
+    "humanize-duration": "^3.27.3",
    "i18next": "^21.6.14",
    "i18next-browser-languagedetector": "^6.1.4",
    "i18next-http-backend": "^1.4.0",
--- a/web/public/config.js
+++ b/web/public/config.js
@@ -1,9 +1,16 @@
-// Configuration injected by the ntfy server.
+// THIS FILE IS JUST AN EXAMPLE
 //
-// This file is just an example. It is removed during the build process.
-// The actual config is dynamically generated server-side.
+// It is removed during the build process. The actual config is dynamically
+// generated server-side and served by the ntfy server.
+//
+// During web development, you may change values here for rapid testing.

 var config = {
-    appRoot: "/",
-    disallowedTopics: ["docs", "static", "file", "app", "settings"]
+    base_url: "http://localhost:2586", // window.location.origin FIXME update before merging
+    app_root: "/app",
+    enable_login: true,
+    enable_signup: true,
+    enable_payments: true,
+    enable_reservations: true,
+    disallowed_topics: ["docs", "static", "file", "app", "account", "settings", "pricing", "signup", "login", "reset-password"]
 };
--- a/web/public/index.html
+++ b/web/public/index.html
@@ -4,6 +4,8 @@
  <meta charset="UTF-8">
  <title>ntfy web</title>

+  <link rel="stylesheet" href="static/css/home.css" type="text/css">
+
  <!-- Mobile view -->
  <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
--- a/web/public/static/css/home.css
+++ b/web/public/static/css/home.css
@@ -1,6 +1,6 @@
 /* general styling */

-html, body {
+#site {
    font-family: 'Roboto', sans-serif;
    font-weight: 400;
    font-size: 1.1em;
@@ -9,22 +9,16 @@ html, body {
    padding: 0;
 }

-html {
-    /* prevent scrollbar from repositioning website:
-     * https://www.w3docs.com/snippets/css/how-to-prevent-scrollbar-from-repositioning-web-page.html */
-    overflow-y: scroll;
-}
-
-a, a:visited {
+#site a, a:visited {
    color: #338574;
 }

-a:hover {
+#site a:hover {
    text-decoration: none;
    color: #317f6f;
 }

-h1 {
+#site h1 {
    margin-top: 35px;
    margin-bottom: 30px;
    font-size: 2.5em;
@@ -34,7 +28,7 @@ h1 {
    color: #666;
 }

-h2 {
+#site h2 {
    margin-top: 30px;
    margin-bottom: 5px;
    font-size: 1.8em;
@@ -42,7 +36,7 @@ h2 {
    color: #333;
 }

-h3 {
+#site h3 {
    margin-top: 25px;
    margin-bottom: 5px;
    font-size: 1.3em;
@@ -50,28 +44,28 @@ h3 {
    color: #333;
 }

-p {
+#site p {
    margin-top: 10px;
    margin-bottom: 20px;
    line-height: 160%;
    font-weight: 400;
 }

-p.smallMarginBottom {
+#site p.smallMarginBottom {
    margin-bottom: 10px;
 }

-b {
+#site b {
    font-weight: 500;
 }

-tt {
+#site tt {
    background: #eee;
    padding: 2px 7px;
    border-radius: 3px;
 }

-code {
+#site code {
    display: block;
    background: #eee;
    font-family: monospace;
@@ -85,18 +79,18 @@ code {

 /* Main page */

-#main {
+#site #main {
    max-width: 900px;
    margin: 0 auto 50px auto;
    padding: 0 10px;
 }

-#error {
+#site #error {
    color: darkred;
    font-style: italic;
 }

-#ironicCenterTagDontFreakOut {
+#site #ironicCenterTagDontFreakOut {
    color: #666;
 }

@@ -120,22 +114,22 @@ code {

 /* Figures */

-figure {
+#site figure {
    text-align: center;
 }

-figure img, figure video {
+#site figure img, figure video {
    filter: drop-shadow(3px 3px 3px #ccc);
    border-radius: 7px;
    max-width: 100%;
 }

-figure video {
+#site figure video {
    width: 100%;
    max-height: 450px;
 }

-figcaption {
+#site figcaption {
    text-align: center;
    font-style: italic;
    padding-top: 10px;
@@ -143,18 +137,18 @@ figcaption {

 /* Screenshots */

-#screenshots {
+#site #screenshots {
    text-align: center;
 }

-#screenshots img {
+#site #screenshots img {
    height: 190px;
    margin: 3px;
    border-radius: 5px;
    filter: drop-shadow(2px 2px 2px #ddd);
 }

-#screenshots .nowrap {
+#site #screenshots .nowrap {
    white-space: nowrap;
 }

@@ -220,52 +214,60 @@ figcaption {

 /* Header */

-#header {
+#site #header {
    background: #338574;
-    height: 130px;
+    background: linear-gradient(150deg, rgba(51,133,116,1) 0%, rgba(86,189,168,1) 100%);     filter: drop-shadow(0 5px 10px #ccc);
+    height: 70px;
 }

-#header #headerBox {
+#site #header #headerBox {
    max-width: 900px;
    margin: 0 auto;
    padding: 0 10px;
 }

-#header #logo {
-    margin-top: 23px;
+#site #header #logo {
+    margin-top: 14px;
+    width: 48px;
    float: left;
 }

-#header #name {
+#site #header #name {
    float: left;
    color: white;
-    font-size: 2.6em;
-    font-weight: 300;
-    margin: 35px 0 0 20px;
+    font-size: 1.7em;
+    font-weight: 400;
+    margin: 12px 0 0 10px;
 }

-#header ol {
+#site #header #menu {
    list-style-type: none;
    float: right;
-    margin-top: 80px;
+    margin-top: 16px;
 }

-#header ol li {
+#site #header #menu li {
    display: inline-block;
-    margin: 0 10px;
+    padding: 3px 10px;
    font-weight: 400;
+    border-radius: 5px;
 }

-#header ol li a, nav ol li a:visited {
+#site #header #menu li {
+    font-size: 1em;
+}
+
+#site #header #menu li a,
+#site #header #menu li a:visited {
    color: white;
    text-decoration: none;
 }

-#header ol li a:hover {
-    text-decoration: underline;
+#site #header #menu li:hover {
+    background: #3f9a86;
 }

-li {
+#site li {
    padding: 4px 0;
    margin: 4px 0;
    font-size: 0.9em;
@@ -274,7 +276,7 @@ li {

 /* Hide top menu SMALL SCREEN */
@media only screen and (max-width: 780px) {
-    #header ol {
+    #header #menu {
        display: none;
    }
 }
--- a/web/public/static/langs/bg.json
+++ b/web/public/static/langs/bg.json
@@ -30,12 +30,12 @@
    "prefs_notifications_title": "Известия",
    "prefs_notifications_sound_title": "Звук при получаване",
    "prefs_notifications_sound_no_sound": "Без звук",
-    "prefs_notifications_min_priority_title": "Минимален приоритет",
+    "prefs_notifications_min_priority_title": "Най-нисък приоритет",
    "prefs_notifications_min_priority_any": "Всички",
    "prefs_notifications_min_priority_low_and_higher": "Нисък приоритет и по-висок",
    "prefs_notifications_min_priority_default_and_higher": "Подразбиран приоритет и по-висок",
    "prefs_notifications_min_priority_high_and_higher": "Висок приоритет и по-висок",
-    "prefs_notifications_min_priority_max_only": "Само максимален приоритет",
+    "prefs_notifications_min_priority_max_only": "Само най-висок приоритет",
    "prefs_notifications_delete_after_never": "Никога",
    "prefs_users_add_button": "Добавяне",
    "prefs_users_dialog_password_label": "Парола",
@@ -62,11 +62,11 @@
    "notifications_click_copy_url_title": "Копиране на препратката в междинната памет",
    "notifications_none_for_topic_title": "Липсват известия в темата",
    "notifications_none_for_any_title": "Липсват известия",
-    "notifications_none_for_topic_description": "За да изпратите известия в тази тема, просто направете PUT или POST към адреса ѝ.",
-    "notifications_none_for_any_description": "За да изпратите известия в тема, просто направете PUT или POST към адреса ѝ. Ето пример с една от вашите теми.",
-    "notifications_no_subscriptions_description": "Щракнете върху „{{linktext}}“, за да създадете тема или да се абонирате. След това като изпратите съобщения чрез метода PUT или POST ще ги получите тук.",
+    "notifications_none_for_topic_description": "За да изпратите известия в тази тема направете заявка чрез методите PUT или POST към адреса й.",
+    "notifications_none_for_any_description": "За да изпратите известия в тема направете заявка чрез методите PUT или POST към адреса ѝ. Ето пример с една от вашите теми.",
+    "notifications_no_subscriptions_description": "Щракнете върху „{{linktext}}“, за да създадете тема или да се абонирате. След това като направите заявка чрез методите PUT или POST ще ги получите тук.",
    "notifications_more_details": "За допълнителна информация посетете <websiteLink>страницата</websiteLink> или <docsLink>документацията</docsLink>.",
-    "publish_dialog_priority_min": "Мин. приоритет",
+    "publish_dialog_priority_min": "Най-нисък приоритет",
    "publish_dialog_attachment_limits_file_reached": "надвишава ограничението от {{fileSizeLimit}} за размер на файл",
    "publish_dialog_base_url_label": "Адрес на услугата",
    "publish_dialog_base_url_placeholder": "Адрес на услугата, напр. https://example.com",
@@ -78,7 +78,7 @@
    "publish_dialog_title_placeholder": "Заглавие на известието, напр. Предупреждение за диска",
    "publish_dialog_tags_label": "Етикети",
    "publish_dialog_email_label": "Адрес на електронна поща",
-    "publish_dialog_priority_max": "Макс. приоритет",
+    "publish_dialog_priority_max": "Най-висок приоритет",
    "publish_dialog_tags_placeholder": "Разделени със запетая етикети, напр. warning, srv1-backup",
    "publish_dialog_click_label": "Адрес",
    "publish_dialog_topic_label": "Име на темата",
@@ -98,7 +98,7 @@
    "publish_dialog_attached_file_title": "Прикачен файл:",
    "publish_dialog_attached_file_filename_placeholder": "Име на прикачения файл",
    "publish_dialog_drop_file_here": "Пуснете файла тук",
-    "subscribe_dialog_subscribe_description": "Възможно е темите да не са защитени с парола, затова изберете име, което е трудно за отгатване. След като се абонирате, можете да изпращате известия по PUT или POST.",
+    "subscribe_dialog_subscribe_description": "Възможно е темите да не са защитени с парола, затова изберете име, което е трудно за отгатване. След като се абонирате, можете да изпращате известия чрез методите PUT или POST.",
    "emoji_picker_search_placeholder": "Търсете емоция",
    "subscribe_dialog_subscribe_title": "Абониране за тема",
    "subscribe_dialog_subscribe_topic_placeholder": "Име на темата, напр. phils_alerts",
@@ -140,10 +140,10 @@
    "prefs_notifications_sound_description_some": "При пристигане известията са съпроводени от звука „{{sound}}“",
    "prefs_notifications_delete_after_never_description": "Известията никога не се премахват автоматично",
    "prefs_notifications_delete_after_three_hours_description": "Известията се премахват автоматично след три часа",
-    "priority_min": "минимален",
+    "priority_min": "най-нисък",
    "priority_low": "нисък",
    "priority_high": "висок",
-    "priority_max": "максимален",
+    "priority_max": "най-висок",
    "priority_default": "подразбиран",
    "prefs_notifications_delete_after_one_week_description": "Известията се премахват автоматично след една седмица",
    "prefs_notifications_delete_after_one_day_description": "Известията се премахват автоматично след един ден",
@@ -160,7 +160,7 @@
    "nav_button_muted": "Известията са заглушени",
    "notifications_list": "Списък с известия",
    "notifications_list_item": "Известие",
-    "notifications_delete": "Изтриване",
+    "notifications_delete": "Премахване",
    "notifications_mark_read": "Отбелязване като прочетено",
    "nav_button_connecting": "свързване",
    "message_bar_show_dialog": "Показване на диалога за публикуване",
@@ -169,9 +169,9 @@
    "notifications_new_indicator": "Ново известие",
    "notifications_attachment_image": "Прикачено изображение",
    "notifications_attachment_file_image": "файл на изображение",
-    "notifications_attachment_file_video": "файл на видео",
-    "notifications_attachment_file_audio": "файл на аудио",
-    "notifications_attachment_file_app": "Инсталационен файл на приложение за Android",
+    "notifications_attachment_file_video": "видео",
+    "notifications_attachment_file_audio": "аудио",
+    "notifications_attachment_file_app": "инсталационен файл на приложение за Android",
    "notifications_attachment_file_document": "друг документ",
    "publish_dialog_emoji_picker_show": "Избор на емоция",
    "publish_dialog_topic_reset": "Нулиране на тема",
@@ -183,7 +183,7 @@
    "subscribe_dialog_subscribe_base_url_label": "Адрес на услугата",
    "prefs_notifications_sound_play": "Възпроизвеждане на избрания звук",
    "publish_dialog_attach_reset": "Премахване на адреса на файла за прикачане",
-    "prefs_users_delete_button": "Премахване на потребител",
+    "prefs_users_delete_button": "Премахване",
    "prefs_users_table": "Таблица с потребители",
    "prefs_users_edit_button": "Промяна на потребител",
    "error_boundary_unsupported_indexeddb_title": "Поверително разглеждане не се поддържа",
--- a/web/public/static/langs/de.json
+++ b/web/public/static/langs/de.json
@@ -62,7 +62,7 @@
    "publish_dialog_progress_uploading_detail": "Hochladen {{loaded}}/{{total}} ({{percent}} %) …",
    "publish_dialog_priority_max": "Max. Priorität",
    "publish_dialog_topic_placeholder": "Thema, z.B. phil_alerts",
-    "publish_dialog_attachment_limits_file_reached": "überschreitet das Dateigrößen-Limit {{filesizeLimit}}",
+    "publish_dialog_attachment_limits_file_reached": "überschreitet das Dateigrößen-Limit {{fileSizeLimit}}",
    "publish_dialog_topic_label": "Thema",
    "publish_dialog_priority_default": "Standard-Priorität",
    "publish_dialog_base_url_placeholder": "Service-URL, z.B. https://example.com",
@@ -82,7 +82,7 @@
    "publish_dialog_attach_placeholder": "Datei von URL anhängen, z.B. https://f-droid.org/F-Droid.apk",
    "publish_dialog_filename_placeholder": "Dateiname des Anhangs",
    "publish_dialog_delay_label": "Verzögerung",
-    "publish_dialog_email_placeholder": "Adresse, an die die Benachrichtigung gesendet werden soll, z.B. phil@beispiel.com",
+    "publish_dialog_email_placeholder": "E-Mail-Adresse, an die die Benachrichtigung gesendet werden soll, z.B. phil@example.com",
    "publish_dialog_chip_click_label": "Klick-URL",
    "publish_dialog_button_cancel_sending": "Senden abbrechen",
    "publish_dialog_drop_file_here": "Datei hierher ziehen",
--- a/web/public/static/langs/en.json
+++ b/web/public/static/langs/en.json
@@ -1,18 +1,40 @@
 {
+  "signup_title": "Create a ntfy account",
+  "signup_form_username": "Username",
+  "signup_form_password": "Password",
+  "signup_form_confirm_password": "Confirm password",
+  "signup_form_button_submit": "Sign up",
+  "signup_form_toggle_password_visibility": "Toggle password visibility",
+  "signup_already_have_account": "Already have an account? Sign in!",
+  "signup_disabled": "Signup is disabled",
+  "signup_error_username_taken": "Username {{username}} is already taken",
+  "signup_error_creation_limit_reached": "Account creation limit reached",
+  "signup_error_unknown": "Unknown error. Check logs for details.",
+  "login_title": "Sign in to your ntfy account",
+  "login_form_button_submit": "Sign in",
+  "login_link_signup": "Sign up",
  "action_bar_show_menu": "Show menu",
  "action_bar_logo_alt": "ntfy logo",
  "action_bar_settings": "Settings",
+  "action_bar_account": "Account",
+  "action_bar_subscription_settings": "Subscription settings",
  "action_bar_send_test_notification": "Send test notification",
  "action_bar_clear_notifications": "Clear all notifications",
  "action_bar_unsubscribe": "Unsubscribe",
  "action_bar_toggle_mute": "Mute/unmute notifications",
  "action_bar_toggle_action_menu": "Open/close action menu",
+  "action_bar_profile_title": "Profile",
+  "action_bar_profile_settings": "Settings",
+  "action_bar_profile_logout": "Logout",
+  "action_bar_sign_in": "Sign in",
+  "action_bar_sign_up": "Sign up",
  "message_bar_type_message": "Type a message here",
  "message_bar_error_publishing": "Error publishing notification",
  "message_bar_show_dialog": "Show publish dialog",
  "message_bar_publish": "Publish message",
  "nav_topics_title": "Subscribed topics",
  "nav_button_all_notifications": "All notifications",
+  "nav_button_account": "Account",
  "nav_button_settings": "Settings",
  "nav_button_documentation": "Documentation",
  "nav_button_publish_message": "Publish notification",
@@ -59,6 +81,12 @@
  "notifications_no_subscriptions_description": "Click the \"{{linktext}}\" link to create or subscribe to a topic. After that, you can send messages via PUT or POST and you'll receive notifications here.",
  "notifications_example": "Example",
  "notifications_more_details": "For more information, check out the <websiteLink>website</websiteLink> or <docsLink>documentation</docsLink>.",
+  "subscription_settings_dialog_title": "Subscription settings",
+  "subscription_settings_dialog_description": "Configure settings specifically for this topic subscription. Settings are currently only applied locally.",
+  "subscription_settings_dialog_display_name_placeholder": "Display name",
+  "subscription_settings_dialog_reserve_topic_label": "Reserve topic and configure access",
+  "subscription_settings_button_cancel": "Cancel",
+  "subscription_settings_button_save": "Save",
  "notifications_loading": "Loading notifications …",
  "publish_dialog_title_topic": "Publish to {{topic}}",
  "publish_dialog_title_no_topic": "Publish notification",
@@ -123,6 +151,7 @@
  "subscribe_dialog_subscribe_topic_placeholder": "Topic name, e.g. phil_alerts",
  "subscribe_dialog_subscribe_use_another_label": "Use another server",
  "subscribe_dialog_subscribe_base_url_label": "Service URL",
+  "subscribe_dialog_subscribe_button_generate_topic_name": "Generate name",
  "subscribe_dialog_subscribe_button_cancel": "Cancel",
  "subscribe_dialog_subscribe_button_subscribe": "Subscribe",
  "subscribe_dialog_login_title": "Login required",
@@ -132,7 +161,64 @@
  "subscribe_dialog_login_button_back": "Back",
  "subscribe_dialog_login_button_login": "Login",
  "subscribe_dialog_error_user_not_authorized": "User {{username}} not authorized",
+  "subscribe_dialog_error_topic_already_reserved": "Topic already reserved",
  "subscribe_dialog_error_user_anonymous": "anonymous",
+  "account_basics_title": "Account",
+  "account_basics_username_title": "Username",
+  "account_basics_username_description": "Hey, that's you ❤",
+  "account_basics_username_admin_tooltip": "You are Admin",
+  "account_basics_password_title": "Password",
+  "account_basics_password_description": "Change your account password",
+  "account_basics_password_dialog_title": "Change password",
+  "account_basics_password_dialog_new_password_label": "New password",
+  "account_basics_password_dialog_confirm_password_label": "Confirm password",
+  "account_basics_password_dialog_button_cancel": "Cancel",
+  "account_basics_password_dialog_button_submit": "Change password",
+  "account_usage_title": "Usage",
+  "account_usage_of_limit": "of {{limit}}",
+  "account_usage_unlimited": "Unlimited",
+  "account_usage_limits_reset_daily": "Usage limits are reset daily at midnight (UTC)",
+  "account_usage_tier_title": "Account type",
+  "account_usage_tier_description": "Your account's power level",
+  "account_usage_tier_admin": "Admin",
+  "account_usage_tier_basic": "Basic",
+  "account_usage_tier_free": "Free",
+  "account_usage_tier_upgrade_button": "Upgrade to Pro",
+  "account_usage_tier_change_button": "Change",
+  "account_usage_tier_paid_until": "Subscription paid until {{date}}, and will auto-renew",
+  "account_usage_tier_payment_overdue": "Your payment is overdue. Please update your payment method, or your account will be downgraded soon.",
+  "account_usage_tier_canceled_subscription": "Your subscription was canceled and will be downgraded to a free account on {{date}}.",
+  "account_usage_manage_billing_button": "Manage billing",
+  "account_usage_messages_title": "Published messages",
+  "account_usage_emails_title": "Emails sent",
+  "account_usage_reservations_title": "Reserved topics",
+  "account_usage_attachment_storage_title": "Attachment storage",
+  "account_usage_attachment_storage_description": "{{filesize}} per file, deleted after {{expiry}}",
+  "account_usage_basis_ip_description": "Usage stats and limits for this account are based on your IP address, so they may be shared with other users. Limits shown above are approximates based on the existing rate limits.",
+  "account_delete_title": "Delete account",
+  "account_delete_description": "Permanently delete your account",
+  "account_delete_dialog_description": "This will permanently delete your account, including all data that is stored on the server. If you really want to proceed, please type '{{username}}' in the text box below.",
+  "account_delete_dialog_label": "Type '{{username}}' to delete account",
+  "account_delete_dialog_button_cancel": "Cancel",
+  "account_delete_dialog_button_submit": "Permanently delete account",
+  "account_delete_dialog_billing_warning": "Deleting your account also cancels your billing subscription immediately. You will not have access to the billing dashboard anymore.",
+  "account_upgrade_dialog_title": "Change account tier",
+  "account_upgrade_dialog_cancel_warning": "This will <strong>cancel your subscription</strong>, and downgrade your account on {{date}}. On that date, topic reservations as well as messages cached on the server <strong>will be deleted</strong>.",
+  "account_upgrade_dialog_proration_info": "<strong>Proration</strong>: When switching between paid plans, the price difference will be charged or refunded in the next invoice. You will not receive another invoice until the end of the next billing period.",
+  "account_upgrade_dialog_reservations_warning_one": "The selected tier allows fewer reserved topics than your current tier. Before changing your tier, <strong>please delete at least one reservation</strong>. You can remove reservations in the <Link>Settings</Link>.",
+  "account_upgrade_dialog_reservations_warning_other": "The selected tier allows fewer reserved topics than your current tier. Before changing your tier, <strong>please delete at least {{count}} reservations</strong>. You can remove reservations in the <Link>Settings</Link>.",
+  "account_upgrade_dialog_tier_features_reservations": "{{reservations}} reserved topics",
+  "account_upgrade_dialog_tier_features_messages": "{{messages}} daily messages",
+  "account_upgrade_dialog_tier_features_emails": "{{emails}} daily emails",
+  "account_upgrade_dialog_tier_features_attachment_file_size": "{{filesize}} per file",
+  "account_upgrade_dialog_tier_features_attachment_total_size": "{{totalsize}} total storage",
+  "account_upgrade_dialog_tier_selected_label": "Selected",
+  "account_upgrade_dialog_tier_current_label": "Current",
+  "account_upgrade_dialog_button_cancel": "Cancel",
+  "account_upgrade_dialog_button_redirect_signup": "Sign up now",
+  "account_upgrade_dialog_button_pay_now": "Pay now and subscribe",
+  "account_upgrade_dialog_button_cancel_subscription": "Cancel subscription",
+  "account_upgrade_dialog_button_update_subscription": "Update subscription",
  "prefs_notifications_title": "Notifications",
  "prefs_notifications_sound_title": "Notification sound",
  "prefs_notifications_sound_description_none": "Notifications do not play any sound when they arrive",
@@ -161,10 +247,12 @@
  "prefs_notifications_delete_after_one_month_description": "Notifications are auto-deleted after one month",
  "prefs_users_title": "Manage users",
  "prefs_users_description": "Add/remove users for your protected topics here. Please note that username and password are stored in the browser's local storage.",
+  "prefs_users_description_no_sync": "Users and passwords are not synchronized to your account.",
  "prefs_users_table": "Users table",
  "prefs_users_add_button": "Add user",
  "prefs_users_edit_button": "Edit user",
  "prefs_users_delete_button": "Delete user",
+  "prefs_users_table_cannot_delete_or_edit": "Cannot delete or edit logged in user",
  "prefs_users_table_user_header": "User",
  "prefs_users_table_base_url_header": "Service URL",
  "prefs_users_dialog_title_add": "Add user",
@@ -177,6 +265,24 @@
  "prefs_users_dialog_button_save": "Save",
  "prefs_appearance_title": "Appearance",
  "prefs_appearance_language_title": "Language",
+  "prefs_reservations_title": "Reserved topics",
+  "prefs_reservations_description": "You can reserve topic names for personal use here. Reserving a topic gives you ownership over the topic, and allows you to define access permissions for other users over the topic.",
+  "prefs_reservations_limit_reached": "You reached your reserved topics limit.",
+  "prefs_reservations_add_button": "Add reserved topic",
+  "prefs_reservations_edit_button": "Edit topic access",
+  "prefs_reservations_delete_button": "Reset topic access",
+  "prefs_reservations_table": "Reserved topics table",
+  "prefs_reservations_table_topic_header": "Topic",
+  "prefs_reservations_table_access_header": "Access",
+  "prefs_reservations_table_everyone_deny_all": "Only I can publish and subscribe",
+  "prefs_reservations_table_everyone_read_only": "I can publish and subscribe, everyone can subscribe",
+  "prefs_reservations_table_everyone_write_only": "I can publish and subscribe, everyone can publish",
+  "prefs_reservations_table_everyone_read_write": "Everyone can publish and subscribe",
+  "prefs_reservations_dialog_title_add": "Reserve topic",
+  "prefs_reservations_dialog_title_edit": "Edit reserved topic",
+  "prefs_reservations_dialog_description": "Reserving a topic gives you ownership over the topic, and allows you to define access permissions for other users over the topic.",
+  "prefs_reservations_dialog_topic_label": "Topic",
+  "prefs_reservations_dialog_access_label": "Access",
  "priority_min": "min",
  "priority_low": "low",
  "priority_default": "default",
--- a/web/public/static/langs/es.json
+++ b/web/public/static/langs/es.json
@@ -74,7 +74,7 @@
    "publish_dialog_drop_file_here": "Suelta el archivo aquí",
    "emoji_picker_search_placeholder": "Buscar emojis",
    "subscribe_dialog_subscribe_title": "Suscribirse al tópico",
-    "subscribe_dialog_subscribe_description": "Los tópicos pueden no estar protegidos por contraseña, así que elija un nombre que no sea fácil de adivinar. Una vez suscrito, puede hacer PUT/PIST de notificaciones.",
+    "subscribe_dialog_subscribe_description": "Los tópicos pueden no estar protegidos por contraseña, así que elija un nombre que no sea fácil de adivinar. Una vez suscrito, puede hacer PUT/POST de notificaciones.",
    "subscribe_dialog_subscribe_topic_placeholder": "Nombre del tópico, ej. phil_alerts",
    "subscribe_dialog_subscribe_use_another_label": "Usar otro servidor",
    "subscribe_dialog_login_title": "Es necesario iniciar sesión",
--- a/web/public/static/langs/hu.json
+++ b/web/public/static/langs/hu.json
@@ -152,5 +152,40 @@
    "error_boundary_stack_trace": "Verem nyomkövetés",
    "publish_dialog_title_topic": "A {{topic}} téma értesítése",
    "prefs_notifications_sound_description_some": "Az értesítéseket a(z) {{sound}} hang fogja jelezni",
-    "error_boundary_description": "Ennek nem szabadott volna megtörténnie. Nagyon sajnáljuk.<br/>Ha van egy perced, <githubLink>jelentsd be GitHubon</githubLink>, vagy tudasd velünk <discordLink>Discordon</discordLink>, vagy <matrixLink>Matrixon</matrixLink>."
+    "error_boundary_description": "Ennek nem szabadott volna megtörténnie. Nagyon sajnáljuk.<br/>Ha van egy perced, <githubLink>jelentsd be GitHubon</githubLink>, vagy tudasd velünk <discordLink>Discordon</discordLink>, vagy <matrixLink>Matrixon</matrixLink>.",
+    "action_bar_show_menu": "Menü mutatása",
+    "action_bar_toggle_mute": "Üzenetek némítása/bekapcsolása",
+    "notifications_list_item": "Értesítés",
+    "error_boundary_unsupported_indexeddb_description": "A ntfy web alkalmazás működéséhez szükséges az IndexedDB funkció, az ön böngészője nem támogatja az IndexedDB használatát privát böngészés közben.<br/><br/>Miközben privát mód sajnos nem lehetséges, szeretnénk értesíteni hogy magabiztosan használhatja normál módban mert a böngésző minden adatot az ön gépén tárol. Tovább tájékozódhat <githubLink>ezen a Github oldalon</githubLink>, vagy beszéljen velünk <discordLink>Discord-on</discordLink> vagy <matrixLink>Matrix-on</matrixLink>.",
+    "notifications_priority_x": "Prioritás {{prioritás}}",
+    "message_bar_show_dialog": "Küldött üzenetek megjelenítése",
+    "action_bar_logo_alt": "ntfy logó",
+    "action_bar_toggle_action_menu": "Tevékenységkezelő nyitása/zárása",
+    "message_bar_publish": "Üzenet küldése",
+    "nav_button_muted": "Értesítések némítva",
+    "nav_button_connecting": "csatlakozás",
+    "notifications_list": "Értesítés lista",
+    "notifications_mark_read": "Jelölés olvasottként",
+    "notifications_delete": "Törlés",
+    "notifications_new_indicator": "Új értesítés",
+    "notifications_attachment_image": "Csatolt kép",
+    "notifications_attachment_file_image": "Kép fájl",
+    "notifications_attachment_file_video": "Videó fájl",
+    "notifications_attachment_file_audio": "Hang fájl",
+    "notifications_attachment_file_app": "Android alkalmazás fájl",
+    "notifications_attachment_file_document": "egyéb dokumentum",
+    "publish_dialog_emoji_picker_show": "Emoji kiválasztása",
+    "publish_dialog_topic_reset": "Téma visszaállítása",
+    "publish_dialog_click_reset": "URL kattintás törlése",
+    "publish_dialog_email_reset": "Email továbbítás törlése",
+    "publish_dialog_attach_reset": "Csatolt URL törlése",
+    "publish_dialog_delay_reset": "Késleltetett kézbesítés törlése",
+    "publish_dialog_attached_file_remove": "Csatolt fájl törlése",
+    "emoji_picker_search_clear": "Keresés törlése",
+    "prefs_notifications_sound_play": "Kijelölt hang lejátszása",
+    "prefs_users_table": "Felhasználó táblázat",
+    "prefs_users_edit_button": "Felhasználó szerkesztése",
+    "prefs_users_delete_button": "Felhasználó törlése",
+    "error_boundary_unsupported_indexeddb_title": "Privát böngészés nem támogatott",
+    "subscribe_dialog_subscribe_base_url_label": "Szolgáltató URL"
 }
--- a/Show More
+++ b/Show More