From 1edc051ae21f8cc64d2d00796ad04dc8305d8dec Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 26 Jan 2025 00:48:19 +0000
Subject: [PATCH 01/88] fixed GetTOTP, started rough QR code implementation

GetTOTP handles TOTP method retrieval for confirmation and deletion.

QR code implementation looks like it's gonna suck, so might end up
using a library for this later.
---
 admin/accounthttp.go |  11 +++--
 admin/http.go        |  16 +++++--
 controller/qr.go     | 107 +++++++++++++++++++++++++++++++++++++++++++
 controller/totp.go   |   9 ++--
 main.go              |   2 +-
 5 files changed, 132 insertions(+), 13 deletions(-)
 create mode 100644 controller/qr.go

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 9402410..aa1e042 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -304,6 +304,12 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             return
         }
 
+        fmt.Printf(
+            "TOTP:\n\tName: %s\n\tSecret: %s\n",
+            totp.Name,
+            totp.Secret,
+        )
+
         confirmCode := controller.GenerateTOTP(totp.Secret, 0)
         if code != confirmCode {
             confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
@@ -330,12 +336,11 @@ func totpDeleteHandler(app *model.AppState) http.Handler {
             return
         }
 
-        name := r.URL.Path
-        fmt.Printf("%s\n", name);
-        if len(name) == 0 {
+        if len(r.URL.Path) < 2 {
             http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
             return
         }
+        name := r.URL.Path[1:]
 
         session := r.Context().Value("session").(*model.Session)
 
diff --git a/admin/http.go b/admin/http.go
index b6a71ee..42b7e46 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -19,6 +19,17 @@ import (
 func Handler(app *model.AppState) http.Handler {
     mux := http.NewServeMux()
 
+    mux.Handle("/qr-test", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        qrB64Img, err := controller.GenerateQRCode([]byte("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family"))
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to generate QR code: %v\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+
+        w.Write([]byte("<html><img style=\"image-rendering:pixelated;width:100%;height:100%;object-fit:contain\" src=\"" + qrB64Img + "\"/></html>"))
+    }))
+
     mux.Handle("/login", loginHandler(app))
     mux.Handle("/logout", requireAccount(app, logoutHandler(app)))
 
@@ -243,11 +254,6 @@ func loginHandler(app *model.AppState) http.Handler {
             return
         }
 
-        // new accounts won't have TOTP methods at first. there should be a
-        // second phase of login that prompts the user for a TOTP *only*
-        // if that account has a TOTP method.
-        // TODO: login phases (username & password -> TOTP)
-
         type LoginRequest struct {
             Username string `json:"username"`
             Password string `json:"password"`
diff --git a/controller/qr.go b/controller/qr.go
new file mode 100644
index 0000000..c4c2520
--- /dev/null
+++ b/controller/qr.go
@@ -0,0 +1,107 @@
+package controller
+
+import (
+	"bytes"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"image"
+	"image/color"
+	"image/png"
+)
+
+const margin = 4
+
+type QRCodeECCLevel int64
+const (
+    LOW QRCodeECCLevel = iota
+    MEDIUM
+    QUARTILE
+    HIGH
+)
+
+func GenerateQRCode(data []byte) (string, error) {
+    version := 1
+
+    size := 0
+    size = 21 + version * 4
+    if version > 10 {
+        return "", errors.New(fmt.Sprintf("QR version %d not supported", version))
+    }
+
+    img := image.NewGray(image.Rect(0, 0, size + margin * 2, size + margin * 2))
+
+    // fill white
+    for y := range size + margin * 2 {
+        for x := range size + margin * 2 {
+            img.Set(x, y, color.White)
+        }
+    }
+
+    // draw alignment squares
+    drawLargeAlignmentSquare(margin, margin, img)
+    drawLargeAlignmentSquare(margin, margin + size - 7, img)
+    drawLargeAlignmentSquare(margin + size - 7, margin, img)
+    drawSmallAlignmentSquare(size - 5, size - 5, img)
+    /*
+    if version > 4 {
+        space := version * 3 - 2
+        end := size / space
+        for y := range size / space + 1 {
+            for x := range size / space + 1 {
+                if x == 0 && y == 0 { continue }
+                if x == 0 && y == end { continue }
+                if x == end && y == 0 { continue }
+                if x == end && y == end { continue }
+                drawSmallAlignmentSquare(
+                    x * space + margin + 4,
+                    y * space + margin + 4,
+                    img,
+                )
+            }
+        }
+    }
+    */
+
+    // draw timing bits
+    for i := margin + 6; i < size - 4; i++ {
+        if (i % 2 == 0) {
+            img.Set(i, margin + 6, color.Black)
+            img.Set(margin + 6, i, color.Black)
+        }
+    }
+    img.Set(margin + 8, size - 4, color.Black)
+
+    var imgBuf bytes.Buffer
+    err := png.Encode(&imgBuf, img)
+    if err != nil {
+        return "", err
+    }
+
+    base64Img := base64.StdEncoding.EncodeToString(imgBuf.Bytes())
+
+    return "data:image/png;base64," + base64Img, nil
+}
+
+func drawLargeAlignmentSquare(x int, y int, img *image.Gray) {
+    for yi := range 7 {
+        for xi := range 7 {
+            if (xi == 0 || xi == 6) || (yi == 0 || yi == 6) {
+                img.Set(x + xi, y + yi, color.Black)
+            } else if (xi > 1 && xi < 5) && (yi > 1 && yi < 5) {
+                img.Set(x + xi, y + yi, color.Black)
+            }
+        }
+    }
+}
+
+func drawSmallAlignmentSquare(x int, y int, img *image.Gray) {
+    for yi := range 5 {
+        for xi := range 5 {
+            if (xi == 0 || xi == 4) || (yi == 0 || yi == 4) {
+                img.Set(x + xi, y + yi, color.Black)
+            }
+        }
+    }
+    img.Set(x + 2, y + 2, color.Black)
+}
diff --git a/controller/totp.go b/controller/totp.go
index bc71747..dbbeec7 100644
--- a/controller/totp.go
+++ b/controller/totp.go
@@ -64,9 +64,9 @@ func GenerateTOTPURI(username string, secret string) string {
     query := url.Query()
     query.Set("secret", secret)
     query.Set("issuer", "arimelody.me")
-    query.Set("algorithm", "SHA1")
-    query.Set("digits", fmt.Sprintf("%d", TOTP_CODE_LENGTH))
-    query.Set("period", fmt.Sprintf("%d", TOTP_TIME_STEP))
+    // query.Set("algorithm", "SHA1")
+    // query.Set("digits", fmt.Sprintf("%d", TOTP_CODE_LENGTH))
+    // query.Set("period", fmt.Sprintf("%d", TOTP_TIME_STEP))
     url.RawQuery = query.Encode()
 
     return url.String()
@@ -116,8 +116,9 @@ func GetTOTP(db *sqlx.DB, accountID string, name string) (*model.TOTP, error) {
     err := db.Get(
         &totp,
         "SELECT * FROM totp " +
-        "WHERE account=$1",
+        "WHERE account=$1 AND name=$2",
         accountID,
+        name,
     )
     if err != nil {
         if strings.Contains(err.Error(), "no rows") {
diff --git a/main.go b/main.go
index 251d9a9..ac1de59 100644
--- a/main.go
+++ b/main.go
@@ -89,7 +89,6 @@ func main() {
             }
             username := os.Args[2]
             totpName := os.Args[3]
-            secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH)
 
             account, err := controller.GetAccountByUsername(app.DB, username)
             if err != nil {
@@ -102,6 +101,7 @@ func main() {
                 os.Exit(1)
             }
 
+            secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH)
             totp := model.TOTP {
                 AccountID: account.ID,
                 Name: totpName,

From 3450d879acd0662f8bfae1d010f6e02ee9441e06 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 26 Jan 2025 20:09:18 +0000
Subject: [PATCH 02/88] QR codes complete, account settings finished!

+ refactored templates a little; this might need more work!
---
 admin/accounthttp.go          |  31 ++++---
 admin/artisthttp.go           |   2 +-
 admin/http.go                 |  12 +--
 admin/releasehttp.go          |  16 ++--
 admin/templates.go            | 150 ++++++++++++++++++----------------
 admin/trackhttp.go            |   2 +-
 admin/views/totp-confirm.html |  17 ++--
 controller/qr.go              |  15 +++-
 go.mod                        |   6 +-
 go.sum                        |   6 +-
 main.go                       |   2 +-
 templates/templates.go        |  47 +++++------
 view/music.go                 |   4 +-
 13 files changed, 175 insertions(+), 135 deletions(-)

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index aa1e042..408b4c5 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -63,7 +63,7 @@ func accountIndexHandler(app *model.AppState) http.Handler {
         session.Message = sessionMessage
         session.Error = sessionError
 
-        err = pages["account"].Execute(w, accountResponse{
+        err = accountTemplate.Execute(w, accountResponse{
             Session: session,
             TOTPs: totps,
         })
@@ -199,7 +199,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
 
             session := r.Context().Value("session").(*model.Session)
 
-            err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session })
+            err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session })
             if err != nil {
                 fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -216,6 +216,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
             Session *model.Session
             TOTP *model.TOTP
             NameEscaped string
+            QRBase64Image string
         }
 
         err := r.ParseForm()
@@ -242,7 +243,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
         if err != nil {
             fmt.Printf("WARN: Failed to create TOTP method: %s\n", err)
             controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-            err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session })
+            err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session })
             if err != nil {
                 fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -250,10 +251,24 @@ func totpSetupHandler(app *model.AppState) http.Handler {
             return
         }
 
-        err = pages["totp-confirm"].Execute(w, totpSetupData{
+        qrBase64Image, err := controller.GenerateQRCode(
+            controller.GenerateTOTPURI(session.Account.Username, totp.Secret))
+        if err != nil {
+            fmt.Printf("WARN: Failed to generate TOTP setup QR code: %s\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session })
+            if err != nil {
+                fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            }
+            return
+        }
+
+        err = totpConfirmTemplate.Execute(w, totpSetupData{
             Session: session,
             TOTP: &totp,
             NameEscaped: url.PathEscape(totp.Name),
+            QRBase64Image: qrBase64Image,
         })
         if err != nil {
             fmt.Printf("WARN: Failed to render TOTP confirm page: %s\n", err)
@@ -304,18 +319,12 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             return
         }
 
-        fmt.Printf(
-            "TOTP:\n\tName: %s\n\tSecret: %s\n",
-            totp.Name,
-            totp.Secret,
-        )
-
         confirmCode := controller.GenerateTOTP(totp.Secret, 0)
         if code != confirmCode {
             confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
             if code != confirmCodeOffset {
                 controller.SetSessionError(app.DB, session, "Incorrect TOTP code. Please try again.")
-                err = pages["totp-confirm"].Execute(w, totpConfirmData{
+                err = totpConfirmTemplate.Execute(w, totpConfirmData{
                     Session: session,
                     TOTP: totp,
                 })
diff --git a/admin/artisthttp.go b/admin/artisthttp.go
index 5979493..6dfbbfd 100644
--- a/admin/artisthttp.go
+++ b/admin/artisthttp.go
@@ -39,7 +39,7 @@ func serveArtist(app *model.AppState) http.Handler {
 
         session := r.Context().Value("session").(*model.Session)
 
-        err = pages["artist"].Execute(w, ArtistResponse{
+        err = artistTemplate.Execute(w, ArtistResponse{
             Session: session,
             Artist: artist,
             Credits: credits,
diff --git a/admin/http.go b/admin/http.go
index 42b7e46..6fd8f59 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -20,7 +20,7 @@ func Handler(app *model.AppState) http.Handler {
     mux := http.NewServeMux()
 
     mux.Handle("/qr-test", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        qrB64Img, err := controller.GenerateQRCode([]byte("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family"))
+        qrB64Img, err := controller.GenerateQRCode("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family")
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to generate QR code: %v\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -87,7 +87,7 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
             Tracks      []*model.Track
         }
 
-        err = pages["index"].Execute(w, IndexData{
+        err = indexTemplate.Execute(w, IndexData{
             Session: session,
             Releases: releases,
             Artists: artists,
@@ -116,7 +116,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
         }
 
         render := func() {
-            err := pages["register"].Execute(w, registerData{ Session: session })
+            err := registerTemplate.Execute(w, registerData{ Session: session })
             if err != nil {
                 fmt.Printf("WARN: Error rendering create account page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -229,7 +229,7 @@ func loginHandler(app *model.AppState) http.Handler {
         }
 
         render := func() {
-            err := pages["login"].Execute(w, loginData{ Session: session })
+            err := loginTemplate.Execute(w, loginData{ Session: session })
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -307,7 +307,7 @@ func loginHandler(app *model.AppState) http.Handler {
                     Username string
                     Password string
                 }
-                err = pages["login-totp"].Execute(w, loginTOTPData{
+                err = loginTOTPTemplate.Execute(w, loginTOTPData{
                     Session: session,
                     Username: credentials.Username,
                     Password: credentials.Password,
@@ -379,7 +379,7 @@ func logoutHandler(app *model.AppState) http.Handler {
             Path: "/",
         })
 
-        err = pages["logout"].Execute(w, nil)
+        err = logoutTemplate.Execute(w, nil)
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to render logout page: %v\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index cd73e98..be5052b 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -60,7 +60,7 @@ func serveRelease(app *model.AppState) http.Handler {
             Release *model.Release
         }
 
-        err = pages["release"].Execute(w, ReleaseResponse{
+        err = releaseTemplate.Execute(w, ReleaseResponse{
             Session: session,
             Release: release,
         })
@@ -74,7 +74,7 @@ func serveRelease(app *model.AppState) http.Handler {
 func serveEditCredits(release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         w.Header().Set("Content-Type", "text/html")
-        err := components["editcredits"].Execute(w, release)
+        err := editCreditsTemplate.Execute(w, release)
         if err != nil {
             fmt.Printf("Error rendering edit credits component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -97,7 +97,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = components["addcredit"].Execute(w, response{
+        err = addCreditTemplate.Execute(w, response{
             ReleaseID: release.ID,
             Artists: artists,
         })
@@ -123,7 +123,7 @@ func serveNewCredit(app *model.AppState) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = components["newcredit"].Execute(w, artist)
+        err = newCreditTemplate.Execute(w, artist)
         if err != nil {
             fmt.Printf("Error rendering new credit component for %s: %s\n", artist.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -134,7 +134,7 @@ func serveNewCredit(app *model.AppState) http.Handler {
 func serveEditLinks(release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         w.Header().Set("Content-Type", "text/html")
-        err := components["editlinks"].Execute(w, release)
+        err := editLinksTemplate.Execute(w, release)
         if err != nil {
             fmt.Printf("Error rendering edit links component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -151,7 +151,7 @@ func serveEditTracks(release *model.Release) http.Handler {
             Add func(a int, b int) int
         }
 
-        err := components["edittracks"].Execute(w, editTracksData{
+        err := editTracksTemplate.Execute(w, editTracksData{
             Release: release,
             Add: func(a, b int) int { return a + b },
         })
@@ -177,7 +177,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = components["addtrack"].Execute(w, response{
+        err = addTrackTemplate.Execute(w, response{
             ReleaseID: release.ID,
             Tracks: tracks,
         })
@@ -204,7 +204,7 @@ func serveNewTrack(app *model.AppState) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = components["newtrack"].Execute(w, track)
+        err = newTrackTemplate.Execute(w, track)
         if err != nil {
             fmt.Printf("Error rendering new track component for %s: %s\n", track.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
diff --git a/admin/templates.go b/admin/templates.go
index d9a74ca..49c118b 100644
--- a/admin/templates.go
+++ b/admin/templates.go
@@ -1,80 +1,90 @@
 package admin
 
 import (
-	"html/template"
-	"path/filepath"
+    "html/template"
+    "path/filepath"
 )
 
-var pages = map[string]*template.Template{
-    "index": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "components", "release", "release-list-item.html"),
-        filepath.Join("admin", "views", "index.html"),
-    )),
+var indexTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "components", "release", "release-list-item.html"),
+    filepath.Join("admin", "views", "index.html"),
+))
 
-    "login": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "login.html"),
-    )),
-    "login-totp": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "login-totp.html"),
-    )),
-    "register": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "register.html"),
-    )),
-    "logout": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "logout.html"),
-    )),
-    "account": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "edit-account.html"),
-    )),
-    "totp-setup": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "totp-setup.html"),
-    )),
-    "totp-confirm": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "totp-confirm.html"),
-    )),
+var loginTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "login.html"),
+))
+var loginTOTPTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "login-totp.html"),
+))
+var registerTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "register.html"),
+))
+var logoutTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "logout.html"),
+))
+var accountTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "edit-account.html"),
+))
+var totpSetupTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "totp-setup.html"),
+))
+var totpConfirmTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "totp-confirm.html"),
+))
 
-    "release": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "edit-release.html"),
-    )),
-    "artist": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "views", "edit-artist.html"),
-    )),
-    "track": template.Must(template.ParseFiles(
-        filepath.Join("admin", "views", "layout.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("admin", "components", "release", "release-list-item.html"),
-        filepath.Join("admin", "views", "edit-track.html"),
-    )),
-}
+var releaseTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "edit-release.html"),
+))
+var artistTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "edit-artist.html"),
+))
+var trackTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "components", "release", "release-list-item.html"),
+    filepath.Join("admin", "views", "edit-track.html"),
+))
 
-var components = map[string]*template.Template{
-    "editcredits": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "editcredits.html"))),
-    "addcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "addcredit.html"))),
-    "newcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "newcredit.html"))),
+var editCreditsTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "components", "credits", "editcredits.html"),
+))
+var addCreditTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "components", "credits", "addcredit.html"),
+))
+var newCreditTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "components", "credits", "newcredit.html"),
+))
 
-    "editlinks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "links", "editlinks.html"))),
+var editLinksTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "components", "links", "editlinks.html"),
+))
 
-    "edittracks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "edittracks.html"))),
-    "addtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "addtrack.html"))),
-    "newtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "newtrack.html"))),
-}
+var editTracksTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "components", "tracks", "edittracks.html"),
+))
+var addTrackTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "components", "tracks", "addtrack.html"),
+))
+var newTrackTemplate = template.Must(template.ParseFiles(
+    filepath.Join("admin", "components", "tracks", "newtrack.html"),
+))
diff --git a/admin/trackhttp.go b/admin/trackhttp.go
index 9436671..a92f81a 100644
--- a/admin/trackhttp.go
+++ b/admin/trackhttp.go
@@ -39,7 +39,7 @@ func serveTrack(app *model.AppState) http.Handler {
 
         session := r.Context().Value("session").(*model.Session)
 
-        err = pages["track"].Execute(w, TrackResponse{
+        err = trackTemplate.Execute(w, TrackResponse{
             Session: session,
             Track: track,
             Releases: releases,
diff --git a/admin/views/totp-confirm.html b/admin/views/totp-confirm.html
index ac39e52..b0810e2 100644
--- a/admin/views/totp-confirm.html
+++ b/admin/views/totp-confirm.html
@@ -3,6 +3,9 @@
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
 <link rel="stylesheet" href="/admin/static/admin.css">
 <style>
+.qr-code {
+    border: 1px solid #8888;
+}
 code {
     user-select: all;
 }
@@ -16,15 +19,19 @@ code {
     {{end}}
 
     <form action="/admin/account/totp-confirm?totp-name={{.NameEscaped}}" method="POST" id="totp-setup">
-        <p><strong>Your TOTP secret: </strong><code>{{.TOTP.Secret}}</code></p>
-
-        <!-- TODO: TOTP secret QR codes -->
+        <img src="data:image/png;base64,{{.QRBase64Image}}" alt="" class="qr-code">
 
         <p>
-        Please store this into your two-factor authentication app or
-        password manager, then enter your code below:
+        Scan the QR code above into your authentication app or password manager,
+        then enter your 2FA code below.
         </p>
 
+        <p>
+        If the QR code does not work, you may also enter this secret code:
+        </p>
+
+        <p><code>{{.TOTP.Secret}}</code></p>
+
         <label for="totp">TOTP:</label>
         <input type="text" name="totp" value="" autocomplete="one-time-code" required autofocus>
 
diff --git a/controller/qr.go b/controller/qr.go
index c4c2520..7ada0f8 100644
--- a/controller/qr.go
+++ b/controller/qr.go
@@ -8,8 +8,21 @@ import (
 	"image"
 	"image/color"
 	"image/png"
+
+    "github.com/skip2/go-qrcode"
 )
 
+func GenerateQRCode(data string) (string, error) {
+    imgBytes, err := qrcode.Encode(data, qrcode.Medium, 256)
+    if err != nil {
+        return "", err
+    }
+    base64Img := base64.StdEncoding.EncodeToString(imgBytes)
+    return base64Img, nil
+}
+
+// vvv DEPRECATED vvv
+
 const margin = 4
 
 type QRCodeECCLevel int64
@@ -20,7 +33,7 @@ const (
     HIGH
 )
 
-func GenerateQRCode(data []byte) (string, error) {
+func noDepsGenerateQRCode() (string, error) {
     version := 1
 
     size := 0
diff --git a/go.mod b/go.mod
index 73a1cf1..f8717a2 100644
--- a/go.mod
+++ b/go.mod
@@ -8,4 +8,8 @@ require (
 )
 
 require golang.org/x/crypto v0.27.0 // indirect
-require github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+
+require (
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect
+)
diff --git a/go.sum b/go.sum
index 35e1b20..15259a1 100644
--- a/go.sum
+++ b/go.sum
@@ -8,7 +8,9 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
-golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
diff --git a/main.go b/main.go
index ac1de59..3b25ac4 100644
--- a/main.go
+++ b/main.go
@@ -404,7 +404,7 @@ func createServeMux(app *model.AppState) *http.ServeMux {
         }
 
         if r.URL.Path == "/" || r.URL.Path == "/index.html" {
-            err := templates.Pages["index"].Execute(w, nil)
+            err := templates.IndexTemplate.Execute(w, nil)
             if err != nil {
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             }
diff --git a/templates/templates.go b/templates/templates.go
index 094e61d..8d1a5ca 100644
--- a/templates/templates.go
+++ b/templates/templates.go
@@ -5,29 +5,24 @@ import (
 	"path/filepath"
 )
 
-var Pages = map[string]*template.Template{
-    "index": template.Must(template.ParseFiles(
-        filepath.Join("views", "layout.html"),
-        filepath.Join("views", "header.html"),
-        filepath.Join("views", "footer.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("views", "index.html"),
-    )),
-    "music": template.Must(template.ParseFiles(
-        filepath.Join("views", "layout.html"),
-        filepath.Join("views", "header.html"),
-        filepath.Join("views", "footer.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("views", "music.html"),
-    )),
-    "music-gateway": template.Must(template.ParseFiles(
-        filepath.Join("views", "layout.html"),
-        filepath.Join("views", "header.html"),
-        filepath.Join("views", "footer.html"),
-        filepath.Join("views", "prideflag.html"),
-        filepath.Join("views", "music-gateway.html"),
-    )),
-}
-
-var Components = map[string]*template.Template{
-}
+var IndexTemplate = template.Must(template.ParseFiles(
+    filepath.Join("views", "layout.html"),
+    filepath.Join("views", "header.html"),
+    filepath.Join("views", "footer.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("views", "index.html"),
+))
+var MusicTemplate = template.Must(template.ParseFiles(
+    filepath.Join("views", "layout.html"),
+    filepath.Join("views", "header.html"),
+    filepath.Join("views", "footer.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("views", "music.html"),
+))
+var MusicGatewayTemplate = template.Must(template.ParseFiles(
+    filepath.Join("views", "layout.html"),
+    filepath.Join("views", "header.html"),
+    filepath.Join("views", "footer.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("views", "music-gateway.html"),
+))
diff --git a/view/music.go b/view/music.go
index e3eb449..7b86270 100644
--- a/view/music.go
+++ b/view/music.go
@@ -47,7 +47,7 @@ func ServeCatalog(app *model.AppState) http.Handler {
             }
         }
 
-        err = templates.Pages["music"].Execute(w, releases)
+        err = templates.MusicTemplate.Execute(w, releases)
         if err != nil {
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
@@ -79,7 +79,7 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler {
             response.Links = release.Links
         }
 
-        err := templates.Pages["music-gateway"].Execute(w, response)
+        err := templates.MusicGatewayTemplate.Execute(w, response)
 
         if err != nil {
             fmt.Printf("Error rendering music gateway for %s: %s\n", release.ID, err)

From b91b6e7ce01c3c9f23847fbe342dbef89392f7b9 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 26 Jan 2025 20:37:20 +0000
Subject: [PATCH 03/88] polished up TOTP enrolment

---
 admin/accounthttp.go                    | 57 ++++++++++++++-----------
 admin/views/totp-confirm.html           |  7 +++
 controller/totp.go                      | 16 ++++++-
 main.go                                 | 17 ++++++++
 model/totp.go                           |  1 +
 schema_migration/000-init.sql           |  7 +--
 schema_migration/001-pre-versioning.sql |  7 +--
 7 files changed, 81 insertions(+), 31 deletions(-)

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 408b4c5..5e3f4b6 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -1,6 +1,7 @@
 package admin
 
 import (
+	"database/sql"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -190,6 +191,13 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
     })
 }
 
+type totpConfirmData struct {
+    Session *model.Session
+    TOTP *model.TOTP
+    NameEscaped string
+    QRBase64Image string
+}
+
 func totpSetupHandler(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         if r.Method == http.MethodGet {
@@ -212,13 +220,6 @@ func totpSetupHandler(app *model.AppState) http.Handler {
             return
         }
 
-        type totpSetupData struct {
-            Session *model.Session
-            TOTP *model.TOTP
-            NameEscaped string
-            QRBase64Image string
-        }
-
         err := r.ParseForm()
         if err != nil {
             http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
@@ -243,7 +244,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
         if err != nil {
             fmt.Printf("WARN: Failed to create TOTP method: %s\n", err)
             controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-            err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session })
+            err := totpSetupTemplate.Execute(w, totpConfirmData{ Session: session })
             if err != nil {
                 fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -254,17 +255,10 @@ func totpSetupHandler(app *model.AppState) http.Handler {
         qrBase64Image, err := controller.GenerateQRCode(
             controller.GenerateTOTPURI(session.Account.Username, totp.Secret))
         if err != nil {
-            fmt.Printf("WARN: Failed to generate TOTP setup QR code: %s\n", err)
-            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-            err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session })
-            if err != nil {
-                fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
-                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-            }
-            return
+            fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err)
         }
 
-        err = totpConfirmTemplate.Execute(w, totpSetupData{
+        err = totpConfirmTemplate.Execute(w, totpConfirmData{
             Session: session,
             TOTP: &totp,
             NameEscaped: url.PathEscape(totp.Name),
@@ -284,11 +278,6 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             return
         }
 
-        type totpConfirmData struct {
-            Session *model.Session
-            TOTP *model.TOTP
-        }
-
         session := r.Context().Value("session").(*model.Session)
 
         err := r.ParseForm()
@@ -309,7 +298,7 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
 
         totp, err := controller.GetTOTP(app.DB, session.Account.ID, name)
         if err != nil {
-            fmt.Printf("WARN: Failed to fetch TOTP method: %s\n", err)
+            fmt.Printf("WARN: Failed to fetch TOTP method: %v\n", err)
             controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
             http.Redirect(w, r, "/admin/account", http.StatusFound)
             return
@@ -319,19 +308,39 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             return
         }
 
+        qrBase64Image, err := controller.GenerateQRCode(
+            controller.GenerateTOTPURI(session.Account.Username, totp.Secret))
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err)
+        }
+
         confirmCode := controller.GenerateTOTP(totp.Secret, 0)
         if code != confirmCode {
             confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
             if code != confirmCodeOffset {
-                controller.SetSessionError(app.DB, session, "Incorrect TOTP code. Please try again.")
+                session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." }
                 err = totpConfirmTemplate.Execute(w, totpConfirmData{
                     Session: session,
                     TOTP: totp,
+                    NameEscaped: url.PathEscape(totp.Name),
+                    QRBase64Image: qrBase64Image,
                 })
+                if err != nil {
+                    fmt.Fprintf(os.Stderr, "WARN: Failed to render TOTP setup page: %v\n", err)
+                    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+                }
                 return
             }
         }
 
+        err = controller.ConfirmTOTP(app.DB, session.Account.ID, name)
+        if err != nil {
+            fmt.Printf("WARN: Failed to confirm TOTP method: %s\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            http.Redirect(w, r, "/admin/account", http.StatusFound)
+            return
+        }
+
         controller.SetSessionError(app.DB, session, "")
         controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" created successfully.", totp.Name))
         http.Redirect(w, r, "/admin/account", http.StatusFound)
diff --git a/admin/views/totp-confirm.html b/admin/views/totp-confirm.html
index b0810e2..7d305ec 100644
--- a/admin/views/totp-confirm.html
+++ b/admin/views/totp-confirm.html
@@ -19,6 +19,7 @@ code {
     {{end}}
 
     <form action="/admin/account/totp-confirm?totp-name={{.NameEscaped}}" method="POST" id="totp-setup">
+        {{if .QRBase64Image}}
         <img src="data:image/png;base64,{{.QRBase64Image}}" alt="" class="qr-code">
 
         <p>
@@ -29,6 +30,12 @@ code {
         <p>
         If the QR code does not work, you may also enter this secret code:
         </p>
+        {{else}}
+        <p>
+        Paste the below secret code into your authentication app or password manager,
+        then enter your 2FA code below:
+        </p>
+        {{end}}
 
         <p><code>{{.TOTP.Secret}}</code></p>
 
diff --git a/controller/totp.go b/controller/totp.go
index dbbeec7..88f6bc3 100644
--- a/controller/totp.go
+++ b/controller/totp.go
@@ -78,7 +78,7 @@ func GetTOTPsForAccount(db *sqlx.DB, accountID string) ([]model.TOTP, error) {
     err := db.Select(
         &totps,
         "SELECT * FROM totp " +
-        "WHERE account=$1 " +
+        "WHERE account=$1 AND confirmed=true " +
         "ORDER BY created_at ASC",
         accountID,
     )
@@ -130,6 +130,15 @@ func GetTOTP(db *sqlx.DB, accountID string, name string) (*model.TOTP, error) {
     return &totp, nil
 }
 
+func ConfirmTOTP(db *sqlx.DB, accountID string, name string) error {
+    _, err := db.Exec(
+        "UPDATE totp SET confirmed=true WHERE account=$1 AND name=$2",
+        accountID,
+        name,
+    )
+    return err
+}
+
 func CreateTOTP(db *sqlx.DB, totp *model.TOTP) error {
     _, err := db.Exec(
         "INSERT INTO totp (account, name, secret) " +
@@ -149,3 +158,8 @@ func DeleteTOTP(db *sqlx.DB, accountID string, name string) error {
     )
     return err
 }
+
+func DeleteUnconfirmedTOTPs(db *sqlx.DB) error {
+    _, err := db.Exec("DELETE FROM totp WHERE confirmed=false")
+    return err
+}
diff --git a/main.go b/main.go
index 3b25ac4..7e8e06f 100644
--- a/main.go
+++ b/main.go
@@ -215,6 +215,15 @@ func main() {
             code := controller.GenerateTOTP(totp.Secret, 0)
             fmt.Printf("%s\n", code)
             return
+        
+        case "cleanTOTP":
+            err := controller.DeleteUnconfirmedTOTPs(app.DB)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Failed to clean up TOTP methods: %v\n", err)
+                os.Exit(1)
+            }
+            fmt.Printf("Cleaned up dangling TOTP methods successfully.\n")
+            return
 
         case "createInvite":
             fmt.Printf("Creating invite...\n")
@@ -342,6 +351,7 @@ func main() {
             "listTOTP <username>:\n\tLists an account's TOTP methods.\n" +
             "deleteTOTP <username> <name>:\n\tDeletes an account's TOTP method.\n" +
             "testTOTP <username> <name>:\n\tGenerates the code for an account's TOTP method.\n" +
+            "cleanTOTP:\n\tCleans up unconfirmed (dangling) TOTP methods.\n" +
             "\n" +
             "createInvite:\n\tCreates an invite code to register new accounts.\n" +
             "purgeInvites:\n\tDeletes all available invite codes.\n" +
@@ -381,6 +391,13 @@ func main() {
         os.Exit(1)
     }
 
+    // clean up unconfirmed TOTP methods
+    err = controller.DeleteUnconfirmedTOTPs(app.DB)
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "FATAL: Failed to clean up unconfirmed TOTP methods: %v\n", err)
+        os.Exit(1)
+    }
+
     // start the web server!
     mux := createServeMux(&app)
     fmt.Printf("Now serving at http://%s:%d\n", app.Config.Host, app.Config.Port)
diff --git a/model/totp.go b/model/totp.go
index 8d8422f..cfad10a 100644
--- a/model/totp.go
+++ b/model/totp.go
@@ -9,4 +9,5 @@ type TOTP struct {
     AccountID   string      `json:"accountID" db:"account"`
     Secret      string      `json:"-" db:"secret"`
     CreatedAt   time.Time   `json:"created_at" db:"created_at"`
+    Confirmed   bool        `json:"-" db:"confirmed"`
 }
diff --git a/schema_migration/000-init.sql b/schema_migration/000-init.sql
index ff5c1af..8751180 100644
--- a/schema_migration/000-init.sql
+++ b/schema_migration/000-init.sql
@@ -23,12 +23,12 @@ ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account
 -- Invites
 CREATE TABLE arimelody.invite (
     code text NOT NULL, 
-    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, 
     expires_at TIMESTAMP NOT NULL
 );
 ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code);
 
--- Session
+-- Sessions
 CREATE TABLE arimelody.session (
     token TEXT,
     user_agent TEXT NOT NULL,
@@ -40,12 +40,13 @@ CREATE TABLE arimelody.session (
 );
 ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token);
 
--- TOTPs
+-- TOTP methods
 CREATE TABLE arimelody.totp (
     name TEXT NOT NULL,
     account UUID NOT NULL,
     secret TEXT,
     created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
+    confirmed BOOLEAN DEFAULT false,
 );
 ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name);
 
diff --git a/schema_migration/001-pre-versioning.sql b/schema_migration/001-pre-versioning.sql
index cd0c061..37de432 100644
--- a/schema_migration/001-pre-versioning.sql
+++ b/schema_migration/001-pre-versioning.sql
@@ -23,12 +23,12 @@ ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account
 -- Invites
 CREATE TABLE arimelody.invite (
     code text NOT NULL, 
-    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, 
     expires_at TIMESTAMP NOT NULL
 );
 ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code);
 
--- Session
+-- Sessions
 CREATE TABLE arimelody.session (
     token TEXT,
     user_agent TEXT NOT NULL,
@@ -40,12 +40,13 @@ CREATE TABLE arimelody.session (
 );
 ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token);
 
--- TOTPs
+-- TOTP methods
 CREATE TABLE arimelody.totp (
     name TEXT NOT NULL,
     account UUID NOT NULL,
     secret TEXT,
     created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
+    confirmed BOOLEAN DEFAULT false,
 );
 ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name);
 

From 2fc855450e7b077ba87f0f021a42dc5ebdf5b89b Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 26 Jan 2025 20:43:41 +0000
Subject: [PATCH 04/88] update bundler script, rename schema-migration
 directory

---
 bundle.sh                                                     | 2 +-
 controller/migrator.go                                        | 2 +-
 {schema_migration => schema-migration}/000-init.sql           | 0
 {schema_migration => schema-migration}/001-pre-versioning.sql | 0
 4 files changed, 2 insertions(+), 2 deletions(-)
 rename {schema_migration => schema-migration}/000-init.sql (100%)
 rename {schema_migration => schema-migration}/001-pre-versioning.sql (100%)

diff --git a/bundle.sh b/bundle.sh
index 4e7068b..dc7c023 100755
--- a/bundle.sh
+++ b/bundle.sh
@@ -6,4 +6,4 @@ if [ ! -f arimelody-web ]; then
     exit 1
 fi
 
-tar czvf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/
+tar czvf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
diff --git a/controller/migrator.go b/controller/migrator.go
index 3624255..d0011ee 100644
--- a/controller/migrator.go
+++ b/controller/migrator.go
@@ -50,7 +50,7 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) {
 func ApplyMigration(db *sqlx.DB, scriptFile string) {
     fmt.Printf("Applying schema migration %s...\n", scriptFile)
 
-    bytes, err := os.ReadFile("schema_migration/" + scriptFile + ".sql")
+    bytes, err := os.ReadFile("schema-migration/" + scriptFile + ".sql")
     if err != nil {
         fmt.Fprintf(os.Stderr, "FATAL: Failed to open schema file \"%s\": %v\n", scriptFile, err)
         os.Exit(1)
diff --git a/schema_migration/000-init.sql b/schema-migration/000-init.sql
similarity index 100%
rename from schema_migration/000-init.sql
rename to schema-migration/000-init.sql
diff --git a/schema_migration/001-pre-versioning.sql b/schema-migration/001-pre-versioning.sql
similarity index 100%
rename from schema_migration/001-pre-versioning.sql
rename to schema-migration/001-pre-versioning.sql

From 2e93c3c5e59f5e1dbb6b18844966eed1240e3802 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 26 Jan 2025 20:50:02 +0000
Subject: [PATCH 05/88] fix typo in schema migrations...oops!

---
 schema-migration/000-init.sql           | 4 ++--
 schema-migration/001-pre-versioning.sql | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/schema-migration/000-init.sql b/schema-migration/000-init.sql
index 8751180..918edaa 100644
--- a/schema-migration/000-init.sql
+++ b/schema-migration/000-init.sql
@@ -45,8 +45,8 @@ CREATE TABLE arimelody.totp (
     name TEXT NOT NULL,
     account UUID NOT NULL,
     secret TEXT,
-    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
-    confirmed BOOLEAN DEFAULT false,
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp,
+    confirmed BOOLEAN DEFAULT false
 );
 ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name);
 
diff --git a/schema-migration/001-pre-versioning.sql b/schema-migration/001-pre-versioning.sql
index 37de432..2edee4a 100644
--- a/schema-migration/001-pre-versioning.sql
+++ b/schema-migration/001-pre-versioning.sql
@@ -45,12 +45,12 @@ CREATE TABLE arimelody.totp (
     name TEXT NOT NULL,
     account UUID NOT NULL,
     secret TEXT,
-    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
-    confirmed BOOLEAN DEFAULT false,
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp,
+    confirmed BOOLEAN DEFAULT false
 );
 ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name);
 
 -- Foreign keys
 ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
-ALTER TABLE arimelody.token ADD CONSTRAINT token_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
+ALTER TABLE arimelody.session ADD CONSTRAINT session FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
 ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;

From 1efe52a8cbd1615a7d00e2a97a0457f882822c7f Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 26 Jan 2025 23:41:35 +0000
Subject: [PATCH 06/88] fixed critical login TOTP bypass bug! whoops!!!!!

---
 admin/accounthttp.go                    |  19 +--
 admin/http.go                           | 201 +++++++++++++++---------
 admin/views/login-totp.html             |  11 +-
 controller/session.go                   |  21 ++-
 model/session.go                        |   7 +-
 schema-migration/000-init.sql           |   2 +
 schema-migration/001-pre-versioning.sql |   4 +-
 7 files changed, 166 insertions(+), 99 deletions(-)

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 5e3f4b6..098eb59 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -134,7 +134,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
             return
         }
 
-        if !r.Form.Has("password") || !r.Form.Has("totp") {
+        if !r.Form.Has("password") {
             http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
             return
         }
@@ -153,23 +153,6 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
             return
         }
 
-        totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp"))
-        if err != nil {
-            fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err)
-            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-            http.Redirect(w, r, "/admin/account", http.StatusFound)
-            return
-        }
-        if totpMethod == nil {
-            fmt.Printf(
-                "[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n",
-                time.Now().Format(time.UnixDate),
-                session.Account.Username,
-            )
-            controller.SetSessionError(app.DB, session, "Incorrect TOTP.")
-            http.Redirect(w, r, "/admin/account", http.StatusFound)
-        }
-
         err = controller.DeleteAccount(app.DB, session.Account.ID)
         if err != nil {
             fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err)
diff --git a/admin/http.go b/admin/http.go
index 6fd8f59..83d2a18 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -31,20 +31,21 @@ func Handler(app *model.AppState) http.Handler {
     }))
 
     mux.Handle("/login", loginHandler(app))
-    mux.Handle("/logout", requireAccount(app, logoutHandler(app)))
+    mux.Handle("/totp", loginTOTPHandler(app))
+    mux.Handle("/logout", requireAccount(logoutHandler(app)))
 
     mux.Handle("/register", registerAccountHandler(app))
 
-    mux.Handle("/account", requireAccount(app, accountIndexHandler(app)))
-    mux.Handle("/account/", requireAccount(app, http.StripPrefix("/account", accountHandler(app))))
+    mux.Handle("/account", requireAccount(accountIndexHandler(app)))
+    mux.Handle("/account/", requireAccount(http.StripPrefix("/account", accountHandler(app))))
 
-    mux.Handle("/release/", requireAccount(app, http.StripPrefix("/release", serveRelease(app))))
-    mux.Handle("/artist/", requireAccount(app, http.StripPrefix("/artist", serveArtist(app))))
-    mux.Handle("/track/", requireAccount(app, http.StripPrefix("/track", serveTrack(app))))
+    mux.Handle("/release/", requireAccount(http.StripPrefix("/release", serveRelease(app))))
+    mux.Handle("/artist/", requireAccount(http.StripPrefix("/artist", serveArtist(app))))
+    mux.Handle("/track/", requireAccount(http.StripPrefix("/track", serveTrack(app))))
 
     mux.Handle("/static/", http.StripPrefix("/static", staticHandler()))
 
-    mux.Handle("/", requireAccount(app, AdminIndexHandler(app)))
+    mux.Handle("/", requireAccount(AdminIndexHandler(app)))
 
     // response wrapper to make sure a session cookie exists
     return enforceSession(app, mux)
@@ -243,7 +244,6 @@ func loginHandler(app *model.AppState) http.Handler {
                 http.Redirect(w, r, "/admin", http.StatusFound)
                 return
             }
-
             render()
             return
         }
@@ -254,18 +254,15 @@ func loginHandler(app *model.AppState) http.Handler {
             return
         }
 
-        type LoginRequest struct {
-            Username string `json:"username"`
-            Password string `json:"password"`
-            TOTP string `json:"totp"`
-        }
-        credentials := LoginRequest{
-            Username: r.Form.Get("username"),
-            Password: r.Form.Get("password"),
-            TOTP: r.Form.Get("totp"),
+        if !r.Form.Has("username") || !r.Form.Has("password") {
+            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+            return
         }
 
-        account, err := controller.GetAccountByUsername(app.DB, credentials.Username)
+        username := r.FormValue("username")
+        password := r.FormValue("password")
+
+        account, err := controller.GetAccountByUsername(app.DB, username)
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account for login: %v\n", err)
             controller.SetSessionError(app.DB, session, "Invalid username or password.")
@@ -278,7 +275,7 @@ func loginHandler(app *model.AppState) http.Handler {
             return
         }
 
-        err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password))
+        err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
         if err != nil {
             fmt.Printf(
                 "[%s] INFO: Account \"%s\" attempted login with incorrect password.\n",
@@ -290,68 +287,126 @@ func loginHandler(app *model.AppState) http.Handler {
             return
         }
 
-        var totpMethod *model.TOTP
-        if len(credentials.TOTP) == 0 {
-            // check if user has TOTP
-            totps, err := controller.GetTOTPsForAccount(app.DB, account.ID)
+        totps, err := controller.GetTOTPsForAccount(app.DB, account.ID)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            render()
+            return
+        }
+
+        if len(totps) > 0 {
+            err = controller.SetSessionAttemptAccount(app.DB, session, account)
             if err != nil {
-                fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err)
+                fmt.Fprintf(os.Stderr, "WARN: Failed to set attempt session: %v\n", err)
                 controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
                 render()
                 return
             }
-
-            if len(totps) > 0 {
-                type loginTOTPData struct {
-                    Session *model.Session
-                    Username string
-                    Password string
-                }
-                err = loginTOTPTemplate.Execute(w, loginTOTPData{
-                    Session: session,
-                    Username: credentials.Username,
-                    Password: credentials.Password,
-                })
-                if err != nil {
-                    fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err)
-                    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-                    return
-                }
-            }
-        } else {
-            totpMethod, err = controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP)
-            if err != nil {
-                fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err)
-                controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-                render()
-                return
-            }
-            if totpMethod == nil {
-                controller.SetSessionError(app.DB, session, "Invalid TOTP.")
-                render()
-                return
-            }
+            http.Redirect(w, r, "/admin/totp", http.StatusFound)
+            return
         }
 
-        if totpMethod != nil {
-            fmt.Printf(
-                "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n",
-                time.Now().Format(time.UnixDate),
-                account.Username,
-                totpMethod.Name,
-            )
-        } else {
-            fmt.Printf(
-                "[%s] INFO: Account \"%s\" logged in\n",
-                time.Now().Format(time.UnixDate),
-                account.Username,
-            )
-        }
+        fmt.Printf(
+            "[%s] INFO: Account \"%s\" logged in\n",
+            time.Now().Format(time.UnixDate),
+            account.Username,
+        )
 
         // TODO: log login activity to user
 
         // login success!
-        controller.SetSessionAccount(app.DB, session, account)
+        err = controller.SetSessionAccount(app.DB, session, account)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to set session account: %v\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            render()
+            return
+        }
+        controller.SetSessionMessage(app.DB, session, "")
+        controller.SetSessionError(app.DB, session, "")
+        http.Redirect(w, r, "/admin", http.StatusFound)
+    })
+}
+
+func loginTOTPHandler(app *model.AppState) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
+        if session.AttemptAccount == nil {
+            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+            return
+        }
+
+        type loginTOTPData struct {
+            Session *model.Session
+        }
+
+        render := func() {
+            err := loginTOTPTemplate.Execute(w, loginTOTPData{ Session: session })
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err)
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+                return
+            }
+        }
+
+        if r.Method == http.MethodGet {
+            render()
+            return
+        }
+
+        if r.Method != http.MethodPost {
+            http.NotFound(w, r)
+            return
+        }
+
+        r.ParseForm()
+
+        if !r.Form.Has("totp") {
+            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+            return
+        }
+
+        totpCode := r.FormValue("totp")
+
+        if len(totpCode) != controller.TOTP_CODE_LENGTH {
+            controller.SetSessionError(app.DB, session, "Invalid TOTP.")
+            render()
+            return
+        }
+
+        totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.AttemptAccount.ID, totpCode)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to check TOTPs: %v\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            render()
+            return
+        }
+        if totpMethod == nil {
+            controller.SetSessionError(app.DB, session, "Invalid TOTP.")
+            render()
+            return
+        }
+
+        fmt.Printf(
+            "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n",
+            time.Now().Format(time.UnixDate),
+            session.AttemptAccount.Username,
+            totpMethod.Name,
+        )
+
+        err = controller.SetSessionAccount(app.DB, session, session.AttemptAccount)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to set session account: %v\n", err)
+            controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
+            render()
+            return
+        }
+        err = controller.SetSessionAttemptAccount(app.DB, session, nil)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to clear attempt session: %v\n", err)
+        }
         controller.SetSessionMessage(app.DB, session, "")
         controller.SetSessionError(app.DB, session, "")
         http.Redirect(w, r, "/admin", http.StatusFound)
@@ -387,7 +442,7 @@ func logoutHandler(app *model.AppState) http.Handler {
     })
 }
 
-func requireAccount(app *model.AppState, next http.Handler) http.HandlerFunc {
+func requireAccount(next http.Handler) http.HandlerFunc {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         session := r.Context().Value("session").(*model.Session)
         if session.Account == nil {
@@ -425,12 +480,12 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler {
         sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
         if err != nil && err != http.ErrNoCookie {
             fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session cookie: %v\n", err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
 
         var session *model.Session
-        
+
         if sessionCookie != nil {
             // fetch existing session
             session, err = controller.GetSession(app.DB, sessionCookie.Value)
diff --git a/admin/views/login-totp.html b/admin/views/login-totp.html
index d959e3c..33e8c88 100644
--- a/admin/views/login-totp.html
+++ b/admin/views/login-totp.html
@@ -26,14 +26,19 @@ input {
 
 {{define "content"}}
 <main>
-    <form action="/admin/login" method="POST" id="login-totp">
+    {{if .Session.Message.Valid}}
+    <p id="message">{{html .Session.Message.String}}</p>
+    {{end}}
+    {{if .Session.Error.Valid}}
+    <p id="error">{{html .Session.Error.String}}</p>
+    {{end}}
+
+    <form action="/admin/totp" method="POST" id="login-totp">
         <h1>Two-Factor Authentication</h1>
 
         <div>
             <label for="totp">TOTP</label>
             <input type="text" name="totp" value="" autocomplete="one-time-code" required autofocus>
-            <input type="hidden" name="username" value="{{.Username}}">
-            <input type="hidden" name="password" value="{{.Password}}">
         </div>
 
         <button type="submit" class="save">Login</button>
diff --git a/controller/session.go b/controller/session.go
index c9c4cbb..6e566f5 100644
--- a/controller/session.go
+++ b/controller/session.go
@@ -49,6 +49,17 @@ func CreateSession(db *sqlx.DB, userAgent string) (*model.Session, error) {
 //     return err
 // }
 
+func SetSessionAttemptAccount(db *sqlx.DB, session *model.Session, account *model.Account) error {
+    var err error
+    session.AttemptAccount = account
+    if account == nil {
+        _, err = db.Exec("UPDATE session SET attempt_account=NULL WHERE token=$1", session.Token)
+    } else {
+        _, err = db.Exec("UPDATE session SET attempt_account=$2 WHERE token=$1", session.Token, account.ID)
+    }
+    return err
+}
+
 func SetSessionAccount(db *sqlx.DB, session *model.Session, account *model.Account) error {
     var err error
     session.Account = account
@@ -89,7 +100,8 @@ func SetSessionError(db *sqlx.DB, session *model.Session, message string) error
 func GetSession(db *sqlx.DB, token string) (*model.Session, error) {
     type dbSession struct {
         model.Session
-        AccountID sql.NullString    `db:"account"`
+        AttemptAccountID sql.NullString `db:"attempt_account"`
+        AccountID sql.NullString        `db:"account"`
     }
 
     session := dbSession{}
@@ -109,6 +121,13 @@ func GetSession(db *sqlx.DB, token string) (*model.Session, error) {
         }
     }
 
+    if session.AttemptAccountID.Valid {
+        session.AttemptAccount, err = GetAccountByID(db, session.AttemptAccountID.String)
+        if err != nil {
+            return nil, err
+        }
+    }
+
     return &session.Session, err
 }
 
diff --git a/model/session.go b/model/session.go
index c1983a1..de016e1 100644
--- a/model/session.go
+++ b/model/session.go
@@ -6,12 +6,13 @@ import (
 )
 
 type Session struct {
-    Token string `json:"token" db:"token"`
+    Token string `json:"-" db:"token"`
     UserAgent string `json:"user_agent" db:"user_agent"`
     CreatedAt time.Time `json:"created_at" db:"created_at"`
-    ExpiresAt time.Time `json:"expires_at" db:"expires_at"`
+    ExpiresAt time.Time `json:"-" db:"expires_at"`
 
-    Account *Account `json:"-" db:"account"`
+    Account *Account `json:"-" db:"-"`
+    AttemptAccount *Account `json:"-" db:"-"`
     Message sql.NullString `json:"-" db:"message"`
     Error sql.NullString `json:"-" db:"error"`
 }
diff --git a/schema-migration/000-init.sql b/schema-migration/000-init.sql
index 918edaa..42b982a 100644
--- a/schema-migration/000-init.sql
+++ b/schema-migration/000-init.sql
@@ -35,6 +35,7 @@ CREATE TABLE arimelody.session (
     created_at TIMESTAMP NOT NULL DEFAULT current_timestamp,
     expires_at TIMESTAMP DEFAULT NULL,
     account UUID,
+    attempt_account UUID,
     message TEXT,
     error TEXT
 );
@@ -120,6 +121,7 @@ ALTER TABLE arimelody.musicreleasetrack ADD CONSTRAINT musicreleasetrack_pk PRIM
 
 ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
 ALTER TABLE arimelody.session ADD CONSTRAINT session_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
+ALTER TABLE arimelody.session ADD CONSTRAINT session_attempt_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
 ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
 
 ALTER TABLE arimelody.musiccredit ADD CONSTRAINT musiccredit_artist_fk FOREIGN KEY (artist) REFERENCES artist(id) ON DELETE CASCADE ON UPDATE CASCADE;
diff --git a/schema-migration/001-pre-versioning.sql b/schema-migration/001-pre-versioning.sql
index 2edee4a..1447bae 100644
--- a/schema-migration/001-pre-versioning.sql
+++ b/schema-migration/001-pre-versioning.sql
@@ -35,6 +35,7 @@ CREATE TABLE arimelody.session (
     created_at TIMESTAMP NOT NULL DEFAULT current_timestamp,
     expires_at TIMESTAMP DEFAULT NULL,
     account UUID,
+    attempt_account UUID,
     message TEXT,
     error TEXT
 );
@@ -52,5 +53,6 @@ ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name);
 
 -- Foreign keys
 ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
-ALTER TABLE arimelody.session ADD CONSTRAINT session FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
+ALTER TABLE arimelody.session ADD CONSTRAINT session_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
+ALTER TABLE arimelody.session ADD CONSTRAINT session_attempt_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;
 ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE;

From 70825ae8757da9a39a4f3b5b96ceff35bfda223f Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 27 Jan 2025 00:27:03 +0000
Subject: [PATCH 07/88] fixed viewing invisible releases with admin session

---
 admin/http.go         | 23 +++--------------------
 api/release.go        |  8 +++++++-
 controller/account.go | 14 --------------
 controller/session.go | 28 ++++++++++++++++++++++++++++
 view/music.go         |  9 ++++++++-
 5 files changed, 46 insertions(+), 36 deletions(-)

diff --git a/admin/http.go b/admin/http.go
index 83d2a18..0ca61a3 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -477,30 +477,13 @@ func staticHandler() http.Handler {
 
 func enforceSession(app *model.AppState, next http.Handler) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
-        if err != nil && err != http.ErrNoCookie {
-            fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session cookie: %v\n", err)
+        session, err := controller.GetSessionFromRequest(app.DB, r)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
 
-        var session *model.Session
-
-        if sessionCookie != nil {
-            // fetch existing session
-            session, err = controller.GetSession(app.DB, sessionCookie.Value)
-
-            if err != nil && !strings.Contains(err.Error(), "no rows") {
-                fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
-                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-                return
-            }
-
-            if session != nil {
-                // TODO: consider running security checks here (i.e. user agent mismatches)
-            }
-        }
-
         if session == nil {
             // create a new session
             session, err = controller.CreateSession(app.DB, r.UserAgent())
diff --git a/api/release.go b/api/release.go
index 4e7372f..b89cec8 100644
--- a/api/release.go
+++ b/api/release.go
@@ -19,7 +19,13 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler {
         // only allow authorised users to view hidden releases
         privileged := false
         if !release.Visible {
-            session := r.Context().Value("session").(*model.Session)
+            session, err := controller.GetSessionFromRequest(app.DB, r)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+                return
+            }
+
             if session != nil && session.Account != nil {
                 // TODO: check privilege on release
                 privileged = true
diff --git a/controller/account.go b/controller/account.go
index 0cf3364..9c7c1e1 100644
--- a/controller/account.go
+++ b/controller/account.go
@@ -2,7 +2,6 @@ package controller
 
 import (
 	"arimelody-web/model"
-	"net/http"
 	"strings"
 
 	"github.com/jmoiron/sqlx"
@@ -77,19 +76,6 @@ func GetAccountBySession(db *sqlx.DB, sessionToken string) (*model.Account, erro
     return &account, nil
 }
 
-func GetSessionFromRequest(db *sqlx.DB, r *http.Request) string {
-    tokenStr := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
-    if len(tokenStr) > 0 {
-        return tokenStr
-    }
-
-    cookie, err := r.Cookie(model.COOKIE_TOKEN)
-    if err != nil {
-        return ""
-    }
-    return cookie.Value
-}
-
 func CreateAccount(db *sqlx.DB, account *model.Account) error {
     err := db.Get(
         &account.ID,
diff --git a/controller/session.go b/controller/session.go
index 6e566f5..cf423fe 100644
--- a/controller/session.go
+++ b/controller/session.go
@@ -2,6 +2,10 @@ package controller
 
 import (
 	"database/sql"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
 	"time"
 
 	"arimelody-web/model"
@@ -11,6 +15,30 @@ import (
 
 const TOKEN_LEN = 64
 
+func GetSessionFromRequest(db *sqlx.DB, r *http.Request) (*model.Session, error) {
+    sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
+    if err != nil && err != http.ErrNoCookie {
+        return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v", err))
+    }
+
+    var session *model.Session
+
+    if sessionCookie != nil {
+        // fetch existing session
+        session, err = GetSession(db, sessionCookie.Value)
+
+        if err != nil && !strings.Contains(err.Error(), "no rows") {
+            return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v", err))
+        }
+
+        if session != nil {
+            // TODO: consider running security checks here (i.e. user agent mismatches)
+        }
+    }
+
+    return session, nil
+}
+
 func CreateSession(db *sqlx.DB, userAgent string) (*model.Session, error) {
     tokenString := GenerateAlnumString(TOKEN_LEN)
 
diff --git a/view/music.go b/view/music.go
index 7b86270..89e428c 100644
--- a/view/music.go
+++ b/view/music.go
@@ -3,6 +3,7 @@ package view
 import (
 	"fmt"
 	"net/http"
+	"os"
 
 	"arimelody-web/controller"
 	"arimelody-web/model"
@@ -59,7 +60,13 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler {
         // only allow authorised users to view hidden releases
         privileged := false
         if !release.Visible {
-            session := r.Context().Value("session").(*model.Session)
+            session, err := controller.GetSessionFromRequest(app.DB, r)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+                return
+            }
+
             if session != nil && session.Account != nil {
                 // TODO: check privilege on release
                 privileged = true

From b7fce821b42f2334a0749538d14e204a1d63f111 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 27 Jan 2025 18:30:27 +0000
Subject: [PATCH 08/88] update prideflag.js

---
 public/script/prideflag.js | 116 ++++++++++++++++++++-----------------
 1 file changed, 62 insertions(+), 54 deletions(-)

diff --git a/public/script/prideflag.js b/public/script/prideflag.js
index 19181e6..03aecf9 100644
--- a/public/script/prideflag.js
+++ b/public/script/prideflag.js
@@ -1,66 +1,74 @@
-/**
- * 🏳️‍🌈🏳️‍⚧️💖 pride flag 💖🏳️‍⚧️🏳️‍🌈
- * made with ❤️ by ari melody, 2023
- * 
- * web: https://arimelody.me
- * source: https://github.com/mellodoot/prideflag
- */
+//
+// pride flag - copyright (c) 2024 ari melody
+// 
+// this code is provided AS-IS, WITHOUT ANY WARRANTY, to be
+// freely redistributed and/or modified as you please, however
+// retaining this license in any redistribution.
+// 
+// please use this flag to link to an LGBTQI+-supporting page
+// of your choosing!
+// 
+// web: https://arimelody.me
+// source: https://git.arimelody.me/ari/prideflag
+//
+
+const pride_url = "https://git.arimelody.me/ari/prideflag";
 
 const pride_flag_svg =
-        `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120">
-                <path id="red" d="M120,80 L100,100 L120,120 Z" style="fill:#d20605"/>
-                <path id="orange" d="M120,80 V40 L80,80 L100,100 Z" style="fill:#ef9c00"/>
-                <path id="yellow" d="M120,40 V0 L60,60 L80,80 Z" style="fill:#e5fe02"/>
-                <path id="green" d="M120,0 H80 L40,40 L60,60 Z" style="fill:#09be01"/>
-                <path id="blue" d="M80,0 H40 L20,20 L40,40 Z" style="fill:#081a9a"/>
-                <path id="purple" d="M40,0 H0 L20,20 Z" style="fill:#76008a"/>
-                
-                <rect id="black" x="60" width="60" height="60" style="fill:#010101"/>
-                <rect id="brown" x="70" width="50" height="50" style="fill:#603814"/>
-                <rect id="lightblue" x="80" width="40" height="40" style="fill:#73d6ed"/>
-                <rect id="pink" x="90" width="30" height="30" style="fill:#ffafc8"/>
-                <rect id="white" x="100" width="20" height="20" style="fill:#fff"/>
-                
-                <rect id="intyellow" x="110" width="10" height="10" style="fill:#fed800"/>
-                <circle id="intpurple" cx="120" cy="0" r="5" stroke="#7601ad" stroke-width="2" fill="none"/>
-        </svg>`;
+    `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120">
+        <path id="red" d="M120,80 L100,100 L120,120 Z" style="fill:#d20605"/>
+        <path id="orange" d="M120,80 V40 L80,80 L100,100 Z" style="fill:#ef9c00"/>
+        <path id="yellow" d="M120,40 V0 L60,60 L80,80 Z" style="fill:#e5fe02"/>
+        <path id="green" d="M120,0 H80 L40,40 L60,60 Z" style="fill:#09be01"/>
+        <path id="blue" d="M80,0 H40 L20,20 L40,40 Z" style="fill:#081a9a"/>
+        <path id="purple" d="M40,0 H0 L20,20 Z" style="fill:#76008a"/>
+
+        <rect id="black" x="60" width="60" height="60" style="fill:#010101"/>
+        <rect id="brown" x="70" width="50" height="50" style="fill:#603814"/>
+        <rect id="lightblue" x="80" width="40" height="40" style="fill:#73d6ed"/>
+        <rect id="pink" x="90" width="30" height="30" style="fill:#ffafc8"/>
+        <rect id="white" x="100" width="20" height="20" style="fill:#fff"/>
+        
+        <rect id="intyellow" x="110" width="10" height="10" style="fill:#fed800"/>
+        <circle id="intpurple" cx="120" cy="0" r="5" stroke="#7601ad" stroke-width="2" fill="none"/>
+    </svg>`;
 
 const pride_flag_css =
-        `#pride-flag svg {
-                position: fixed;
-                top: 0;
-                right: 0;
-                width: 120px;
-                transform-origin: 100% 0%;
-                transition: transform .5s cubic-bezier(.32,1.63,.41,1.01);
-                z-index: 8008135;
-                pointer-events: none;
-        }
-        #pride-flag svg:hover {
-                transform: scale(110%);
-        }
-        #pride-flag svg:active {
-                transform: scale(110%);
-        }
-        #pride-flag svg * {
-                pointer-events: all;
-        }`;
+    `#prideflag {
+        position: fixed;
+        top: 0;
+        right: 0;
+        width: 120px;
+        transform-origin: 100% 0%;
+        transition: transform .5s cubic-bezier(.32,1.63,.41,1.01);
+        z-index: 8008135;
+        pointer-events: none;
+    }
+    #prideflag:hover {
+        transform: scale(110%);
+    }
+    #prideflag:active {
+        transform: scale(110%);
+    }
+    #prideflag * {
+        pointer-events: all;
+    }`;
 
 function create_pride_flag() {
-        const container = document.createElement("a");
-        container.id = "pride-flag";
-        container.href = "https://github.com/mellodoot/prideflag";
-        container.target = "_blank";
-        container.innerHTML = pride_flag_svg;
-        return container;
+    const flag = document.createElement("a");
+    flag.id = "prideflag";
+    flag.href = pride_url;
+    flag.target = "_blank";
+    flag.innerHTML = pride_flag_svg;
+    return flag;
 }
 
 function load_pride_flag_style() {
-        const pride_stylesheet = document.createElement('style');
-        pride_stylesheet.textContent = pride_flag_css;
-        document.head.appendChild(pride_stylesheet);
+    const pride_stylesheet = document.createElement('style');
+    pride_stylesheet.textContent = pride_flag_css;
+    document.head.appendChild(pride_stylesheet);
 }
 
 load_pride_flag_style();
-pride_flag = create_pride_flag();
-document.querySelector("main").appendChild(pride_flag);
+flag = create_pride_flag();
+document.body.appendChild(flag);

From 64780611def2c65a7ac25ab9aa8faff7c7009beb Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 27 Jan 2025 18:30:50 +0000
Subject: [PATCH 09/88] add license (MIT)

---
 LICENSE.md        | 22 ++++++++++++++++++++++
 views/footer.html |  2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 LICENSE.md

diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..95557e7
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025-present ari melody
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/views/footer.html b/views/footer.html
index 46450d7..a3ed996 100644
--- a/views/footer.html
+++ b/views/footer.html
@@ -2,7 +2,7 @@
 
 <footer>
         <div id="footer">
-                <small><em>*made with ♥ by ari, 2024*</em></small>
+                <small><em>*made with ♥ by ari, 2025*</em></small>
         </div>
 </footer>
 

From 4b36603b892bbe1b0f20aa088aebef0e05816e95 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 27 Jan 2025 19:57:46 +0000
Subject: [PATCH 10/88] add missing command arg to readme

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 7e7860c..e5df7f6 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ need to be up for this, making this ideal for some offline maintenance.
 - `listTOTP <username>`: Lists an account's TOTP methods.
 - `deleteTOTP <username> <name>`: Deletes an account's TOTP method.
 - `testTOTP <username> <name>`: Generates the code for an account's TOTP method.
+- `cleanTOTP`: Cleans up unconfirmed (dangling) TOTP methods.
 - `createInvite`: Creates an invite code to register new accounts.
 - `purgeInvites`: Deletes all available invite codes.
 - `listAccounts`: Lists all active accounts.

From e6c5ecc4693a3170a2bf8960ea46f7e146527f0d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 4 Feb 2025 09:29:44 +0000
Subject: [PATCH 11/88] a11y: ARIA text for footer line

+ fixed indentation on some view sources
---
 admin/components/credits/addcredit.html |  2 +-
 admin/components/tracks/addtrack.html   |  2 +-
 views/404.html                          | 18 +++---
 views/footer.html                       |  6 +-
 views/header.html                       | 76 ++++++++++++-------------
 views/layout.html                       | 20 +++----
 views/prideflag.html                    | 30 +++++-----
 7 files changed, 77 insertions(+), 77 deletions(-)

diff --git a/admin/components/credits/addcredit.html b/admin/components/credits/addcredit.html
index 32c43fa..c09a550 100644
--- a/admin/components/credits/addcredit.html
+++ b/admin/components/credits/addcredit.html
@@ -1,6 +1,6 @@
 <dialog id="addcredit">
     <header>
-        <h2>Add artist credit</h2>
+        <h2>Add Artist Credit</h2>
     </header>
 
     <ul>
diff --git a/admin/components/tracks/addtrack.html b/admin/components/tracks/addtrack.html
index f402763..a6dd433 100644
--- a/admin/components/tracks/addtrack.html
+++ b/admin/components/tracks/addtrack.html
@@ -1,6 +1,6 @@
 <dialog id="addtrack">
     <header>
-        <h2>Add track</h2>
+        <h2>Add Track</h2>
     </header>
 
     <ul>
diff --git a/views/404.html b/views/404.html
index b9007bd..19a0957 100644
--- a/views/404.html
+++ b/views/404.html
@@ -6,16 +6,16 @@
 
 {{define "content"}}
 <main>
-        <h1>
-                # 404 - not found!
-        </h1>
+    <h1>
+        # 404 - not found!
+    </h1>
 
-        <p>
-                the page you're looking for does not exist.
-                <br>
-                if you like, you can head back <a href="/">home</a> or <a href="{{.Target}}">try again!</a>
-        </p>
+    <p>
+    the page you're looking for does not exist.
+    <br>
+    if you like, you can head back <a href="/">home</a> or <a href="{{.Target}}">try again!</a>
+    </p>
 
-        <p><small>status: ERR_NOT_FOUND</small></p>
+    <p><small>status: ERR_NOT_FOUND</small></p>
 </main>
 {{end}}
diff --git a/views/footer.html b/views/footer.html
index a3ed996..217c4b5 100644
--- a/views/footer.html
+++ b/views/footer.html
@@ -1,9 +1,9 @@
 {{define "footer"}}
 
 <footer>
-        <div id="footer">
-                <small><em>*made with ♥ by ari, 2025*</em></small>
-        </div>
+  <div id="footer">
+    <small><em>*made with <span aria-label="love">♥</span> by ari, 2025*</em></small>
+  </div>
 </footer>
 
 {{end}}
diff --git a/views/header.html b/views/header.html
index db8987d..291b8ac 100644
--- a/views/header.html
+++ b/views/header.html
@@ -1,44 +1,44 @@
 {{define "header"}}
 
 <header>
-        <nav>
-                <div id="header-home">
-                        <img src="/img/favicon.png" id="header-icon" width="100" height="100" alt="">
-                        <div id="header-text">
-                                <h1>ari melody</h1>
-                                <h2>your local SPACEGIRL 💫</h2>
-                        </div>
-                </div>
-                <a id="header-links-toggle">
-                        <svg viewBox="0 0 70 50" xmlns="http://www.w3.org/2000/svg" width="24" height="24">
-                                <rect y="00" width="70" height="10" rx="5" fill="#eee" />
-                                <rect y="20" width="70" height="10" rx="5" fill="#eee" />
-                                <rect y="40" width="70" height="10" rx="5" fill="#eee" />
-                        </svg>
-                </a>
-                <ul id="header-links">
-                        <li>
-                                <a href="/" preload="mouseover">home</a>
-                        </li>
-                        <li>
-                                <a href="/music" preload="mouseover">music</a>
-                        </li>
-                        <li>
-                                <a href="https://git.arimelody.me/ari/arimelody.me" target="_blank">source</a>
-                        </li>
-                        <li>
-                                <!-- coming later! -->
-                                <span title="coming later!">blog</span>
-                        </li>
-                        <li>
-                                <!-- coming later! -->
-                                <span title="coming later!">art</span>
-                        </li>
-                        <li id="toggle-crt">
-                                <a href="javascript:void(0)">crt</a>
-                        </li>
-                </ul>
-        </nav>
+    <nav>
+        <div id="header-home">
+            <img src="/img/favicon.png" id="header-icon" width="100" height="100" alt="">
+            <div id="header-text">
+                <h1>ari melody</h1>
+                <h2>your local SPACEGIRL 💫</h2>
+            </div>
+        </div>
+        <a id="header-links-toggle">
+            <svg viewBox="0 0 70 50" xmlns="http://www.w3.org/2000/svg" width="24" height="24">
+                <rect y="00" width="70" height="10" rx="5" fill="#eee" />
+                <rect y="20" width="70" height="10" rx="5" fill="#eee" />
+                <rect y="40" width="70" height="10" rx="5" fill="#eee" />
+            </svg>
+        </a>
+        <ul id="header-links">
+            <li>
+                <a href="/" preload="mouseover">home</a>
+            </li>
+            <li>
+                <a href="/music" preload="mouseover">music</a>
+            </li>
+            <li>
+                <a href="https://git.arimelody.me/ari/arimelody.me" target="_blank">source</a>
+            </li>
+            <li>
+                <!-- coming later! -->
+                <span title="coming later!">blog</span>
+            </li>
+            <li>
+                <!-- coming later! -->
+                <span title="coming later!">art</span>
+            </li>
+            <li id="toggle-crt">
+                <a href="javascript:void(0)">crt</a>
+            </li>
+        </ul>
+    </nav>
 </header>
 
 {{end}}
diff --git a/views/layout.html b/views/layout.html
index a9b7940..753e4bf 100644
--- a/views/layout.html
+++ b/views/layout.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="en">
 
-<head>
+    <head>
         <meta http-equiv="content-type" content="text/html; charset=UTF-8">
         <meta charset="UTF-8">
         <meta http-equiv="X-UA-Compatible" content="IE=edge">
@@ -10,25 +10,25 @@
         {{block "head" .}}{{end}}
 
         <script type="module", src="/script/main.js"></script>
-</head>
+    </head>
 
-<body>
+    <body>
         {{template "header"}}
 
         {{block "content" .}}
         <main>
-                <h1>
-                        # hello, world!
-                </h1>
-                <p>
-                        this is a default page!
-                </p>
+            <h1>
+                # hello, world!
+            </h1>
+            <p>
+            this is a default page!
+            </p>
         </main>
         {{end}}
 
         {{template "footer"}}
         <div id="overlay"></div>
         {{template "prideflag"}}
-</body>
+    </body>
 
 </html>
diff --git a/views/prideflag.html b/views/prideflag.html
index 5e25f70..47ce4c7 100644
--- a/views/prideflag.html
+++ b/views/prideflag.html
@@ -1,21 +1,21 @@
 {{define "prideflag"}}
 <a href="https://github.com/arimelody/prideflag" target="_blank" id="prideflag">
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120" hx-preserve="true">
-                <path id="red" d="M120,80 L100,100 L120,120 Z" style="fill:#d20605"/>
-                <path id="orange" d="M120,80 V40 L80,80 L100,100 Z" style="fill:#ef9c00"/>
-                <path id="yellow" d="M120,40 V0 L60,60 L80,80 Z" style="fill:#e5fe02"/>
-                <path id="green" d="M120,0 H80 L40,40 L60,60 Z" style="fill:#09be01"/>
-                <path id="blue" d="M80,0 H40 L20,20 L40,40 Z" style="fill:#081a9a"/>
-                <path id="purple" d="M40,0 H0 L20,20 Z" style="fill:#76008a"/>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120" hx-preserve="true">
+        <path id="red" d="M120,80 L100,100 L120,120 Z" style="fill:#d20605"/>
+        <path id="orange" d="M120,80 V40 L80,80 L100,100 Z" style="fill:#ef9c00"/>
+        <path id="yellow" d="M120,40 V0 L60,60 L80,80 Z" style="fill:#e5fe02"/>
+        <path id="green" d="M120,0 H80 L40,40 L60,60 Z" style="fill:#09be01"/>
+        <path id="blue" d="M80,0 H40 L20,20 L40,40 Z" style="fill:#081a9a"/>
+        <path id="purple" d="M40,0 H0 L20,20 Z" style="fill:#76008a"/>
 
-                <rect id="black" x="60" width="60" height="60" style="fill:#010101"/>
-                <rect id="brown" x="70" width="50" height="50" style="fill:#603814"/>
-                <rect id="lightblue" x="80" width="40" height="40" style="fill:#73d6ed"/>
-                <rect id="pink" x="90" width="30" height="30" style="fill:#ffafc8"/>
-                <rect id="white" x="100" width="20" height="20" style="fill:#fff"/>
+        <rect id="black" x="60" width="60" height="60" style="fill:#010101"/>
+        <rect id="brown" x="70" width="50" height="50" style="fill:#603814"/>
+        <rect id="lightblue" x="80" width="40" height="40" style="fill:#73d6ed"/>
+        <rect id="pink" x="90" width="30" height="30" style="fill:#ffafc8"/>
+        <rect id="white" x="100" width="20" height="20" style="fill:#fff"/>
 
-                <rect id="intyellow" x="110" width="10" height="10" style="fill:#fed800"/>
-                <circle id="intpurple" cx="120" cy="0" r="5" stroke="#7601ad" stroke-width="2" fill="none"/>
-        </svg>
+        <rect id="intyellow" x="110" width="10" height="10" style="fill:#fed800"/>
+        <circle id="intpurple" cx="120" cy="0" r="5" stroke="#7601ad" stroke-width="2" fill="none"/>
+    </svg>
 </a>
 {{end}}

From e07c68a56486c08279a233101f79e144ca02f846 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 4 Feb 2025 09:39:56 +0000
Subject: [PATCH 12/88] music gateway: minor css tweaks

---
 public/style/music-gateway.css | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/style/music-gateway.css b/public/style/music-gateway.css
index 0bb7232..1c10e0b 100644
--- a/public/style/music-gateway.css
+++ b/public/style/music-gateway.css
@@ -613,6 +613,10 @@ footer a:hover {
         margin: 0 auto;
     }
 
+    #tracks h2 {
+        margin: 0 auto .8em  auto;
+    }
+
     #lyrics p.album-track-subheading {
         margin-bottom: 1em;
     }

From 8ccf6f242b49b0952c5aba2852a1e46039b52bcc Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Thu, 6 Feb 2025 09:14:03 +0000
Subject: [PATCH 13/88] remove redundant console.log

---
 public/script/main.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/public/script/main.js b/public/script/main.js
index 5c22ce4..95023e5 100644
--- a/public/script/main.js
+++ b/public/script/main.js
@@ -49,7 +49,6 @@ document.addEventListener("DOMContentLoaded", () => {
         .filter((e) => e.innerText != "")
         .forEach((e) => {
             type_out(e);
-            console.log(e);
         });
     [...document.querySelectorAll("ol, ul")]
         .filter((e) => e.innerText != "")

From e80a6753a54631f7380452c6189c8698d76b3913 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Thu, 6 Feb 2025 12:32:51 +0000
Subject: [PATCH 14/88] create log class, edit fatal-but-not-really logs

---
 admin/releasehttp.go |  8 +++---
 api/api.go           |  6 ++---
 log/log.go           | 58 ++++++++++++++++++++++++++++++++++++++++++++
 view/music.go        |  2 +-
 4 files changed, 66 insertions(+), 8 deletions(-)
 create mode 100644 log/log.go

diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index be5052b..7ef4d37 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -22,7 +22,7 @@ func serveRelease(app *model.AppState) http.Handler {
                 http.NotFound(w, r)
                 return
             }
-            fmt.Printf("FATAL: Failed to pull full release data for %s: %s\n", releaseID, err)
+            fmt.Printf("WARN: Failed to pull full release data for %s: %s\n", releaseID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -86,7 +86,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         artists, err := controller.GetArtistsNotOnRelease(app.DB, release.ID)
         if err != nil {
-            fmt.Printf("FATAL: Failed to pull artists not on %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to pull artists not on %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -113,7 +113,7 @@ func serveNewCredit(app *model.AppState) http.Handler {
         artistID := strings.Split(r.URL.Path, "/")[3]
         artist, err := controller.GetArtist(app.DB, artistID)
         if err != nil {
-            fmt.Printf("FATAL: Failed to pull artists %s: %s\n", artistID, err)
+            fmt.Printf("WARN: Failed to pull artists %s: %s\n", artistID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -166,7 +166,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         tracks, err := controller.GetTracksNotOnRelease(app.DB, release.ID)
         if err != nil {
-            fmt.Printf("FATAL: Failed to pull tracks not on %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to pull tracks not on %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
diff --git a/api/api.go b/api/api.go
index 50b1c63..9a2c340 100644
--- a/api/api.go
+++ b/api/api.go
@@ -27,7 +27,7 @@ func Handler(app *model.AppState) http.Handler {
                 http.NotFound(w, r)
                 return
             }
-            fmt.Printf("FATAL: Error while retrieving artist %s: %s\n", artistID, err)
+            fmt.Printf("WARN: Error while retrieving artist %s: %s\n", artistID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -69,7 +69,7 @@ func Handler(app *model.AppState) http.Handler {
                 http.NotFound(w, r)
                 return
             }
-            fmt.Printf("FATAL: Error while retrieving release %s: %s\n", releaseID, err)
+            fmt.Printf("WARN: Error while retrieving release %s: %s\n", releaseID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -111,7 +111,7 @@ func Handler(app *model.AppState) http.Handler {
                 http.NotFound(w, r)
                 return
             }
-            fmt.Printf("FATAL: Error while retrieving track %s: %s\n", trackID, err)
+            fmt.Printf("WARN: Error while retrieving track %s: %s\n", trackID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
diff --git a/log/log.go b/log/log.go
new file mode 100644
index 0000000..734cc9f
--- /dev/null
+++ b/log/log.go
@@ -0,0 +1,58 @@
+package log
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+)
+
+type (
+    Logger struct {
+        DB *sqlx.DB
+    }
+
+    Log struct {
+        ID string `json:"id" db:"id"`
+        Type string `json:"type" db:"type"`
+        Content string `json:"content" db:"content"`
+        CreatedAt time.Time `json:"created_at" db:"created_at"`
+    }
+)
+
+const (
+    TYPE_ACCOUNT = "account"
+)
+
+func (self *Logger) Info(logType string, format string, args ...any) {
+    fmt.Printf(fmt.Sprintf("[%s] INFO: %s", logType, format), args...)
+    // TODO: push logs to DB
+}
+
+func (self *Logger) Warn(logType string, format string, args ...any) {
+    fmt.Fprintf(os.Stderr, fmt.Sprintf("[%s] WARN: %s", logType, format), args...)
+    // TODO: push logs to DB
+}
+
+func (self *Logger) Fatal(logType string, format string, args ...any) {
+    fmt.Fprintf(os.Stderr, fmt.Sprintf("[%s] FATAL: %s", logType, format), args...)
+    // we won't need to push fatal logs to DB, as these usually precede a panic or crash
+}
+
+func (self *Logger) Fetch(id string) *Log {
+    // TODO: log fetch
+    return nil
+}
+
+func (self *Logger) Search(typeFilters []string, content string, offset int, limit int) []Log {
+    // TODO: log search
+    return []Log{}
+}
+
+func (self *Logger) Delete(id string) error {
+    // TODO: log deletion
+    // consider: logging the deletion of logs?
+    //           or just not deleting logs at all
+    return nil
+}
diff --git a/view/music.go b/view/music.go
index 89e428c..2d40ef0 100644
--- a/view/music.go
+++ b/view/music.go
@@ -37,7 +37,7 @@ func ServeCatalog(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         releases, err := controller.GetAllReleases(app.DB, true, 0, true)
         if err != nil {
-            fmt.Printf("FATAL: Failed to pull releases for catalog: %s\n", err)
+            fmt.Printf("WARN: Failed to pull releases for catalog: %s\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }

From aa144b719afbb2c3c2b7d8e7725f73e44819d6d3 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Thu, 6 Feb 2025 13:45:33 +0000
Subject: [PATCH 15/88] audit log basic db implementation

---
 controller/migrator.go              |  6 ++++-
 log/log.go                          | 38 +++++++++++++++++++++++++----
 schema-migration/000-init.sql       | 14 +++++++++--
 schema-migration/002-audit-logs.sql | 12 +++++++++
 4 files changed, 62 insertions(+), 8 deletions(-)
 create mode 100644 schema-migration/002-audit-logs.sql

diff --git a/controller/migrator.go b/controller/migrator.go
index d0011ee..b053a27 100644
--- a/controller/migrator.go
+++ b/controller/migrator.go
@@ -8,7 +8,7 @@ import (
 	"github.com/jmoiron/sqlx"
 )
 
-const DB_VERSION int = 2
+const DB_VERSION int = 3
 
 func CheckDBVersionAndMigrate(db *sqlx.DB) {
     db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody")
@@ -41,6 +41,10 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) {
             ApplyMigration(db, "001-pre-versioning")
             oldDBVersion = 2
 
+        case 2:
+            ApplyMigration(db, "002-audit-logs")
+            oldDBVersion = 3
+
         }
     }
 
diff --git a/log/log.go b/log/log.go
index 734cc9f..b90a39b 100644
--- a/log/log.go
+++ b/log/log.go
@@ -22,17 +22,35 @@ type (
 )
 
 const (
-    TYPE_ACCOUNT = "account"
+    TYPE_ACCOUNT string = "account"
+    TYPE_MUSIC string = "music"
+    TYPE_BLOG string = "blog"
+    TYPE_ARTWORK string = "artwork"
+    TYPE_MISC string = "misc"
+)
+
+type LogLevel int
+const (
+    LEVEL_INFO LogLevel = 0
+    LEVEL_WARN LogLevel = 1
 )
 
 func (self *Logger) Info(logType string, format string, args ...any) {
-    fmt.Printf(fmt.Sprintf("[%s] INFO: %s", logType, format), args...)
-    // TODO: push logs to DB
+    logString := fmt.Sprintf(format, args...)
+    fmt.Printf("[%s] INFO: %s", logType, logString)
+    err := createLog(self.DB, LEVEL_INFO, logType, logString)
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "WARN: Failed to push log to database: %v\n", err)
+    }
 }
 
 func (self *Logger) Warn(logType string, format string, args ...any) {
-    fmt.Fprintf(os.Stderr, fmt.Sprintf("[%s] WARN: %s", logType, format), args...)
-    // TODO: push logs to DB
+    logString := fmt.Sprintf(format, args...)
+    fmt.Fprintf(os.Stderr, "[%s] WARN: %s", logType, logString)
+    err := createLog(self.DB, LEVEL_WARN, logType, logString)
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "WARN: Failed to push log to database: %v\n", err)
+    }
 }
 
 func (self *Logger) Fatal(logType string, format string, args ...any) {
@@ -56,3 +74,13 @@ func (self *Logger) Delete(id string) error {
     //           or just not deleting logs at all
     return nil
 }
+
+func createLog(db *sqlx.DB, logLevel LogLevel, logType string, content string) error {
+    _, err := db.Exec(
+        "INSERT INTO auditlog (level, type, content) VALUES ($1,$2,$3)",
+        logLevel,
+        logType,
+        content,
+    )
+    return err
+}
diff --git a/schema-migration/000-init.sql b/schema-migration/000-init.sql
index 42b982a..f70dee6 100644
--- a/schema-migration/000-init.sql
+++ b/schema-migration/000-init.sql
@@ -2,6 +2,15 @@
 -- Tables
 --
 
+-- Audit logs
+CREATE TABLE arimelody.auditlog (
+    id UUID DEFAULT gen_random_uuid(), 
+    level int NOT NULL DEFAULT 0,
+    type TEXT NOT NULL, 
+    content TEXT NOT NULL, 
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
+);
+
 -- Accounts
 CREATE TABLE arimelody.account (
     id UUID DEFAULT gen_random_uuid(), 
@@ -9,7 +18,7 @@ CREATE TABLE arimelody.account (
     password TEXT NOT NULL, 
     email TEXT,
     avatar_url TEXT,
-    created_at TIMESTAMP DEFAULT current_timestamp
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
 );
 ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id);
 
@@ -74,7 +83,8 @@ CREATE TABLE arimelody.musicrelease (
     buyname text,
     buylink text,
     copyright text,
-    copyrightURL text
+    copyrightURL text,
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp,
 );
 ALTER TABLE arimelody.musicrelease ADD CONSTRAINT musicrelease_pk PRIMARY KEY (id);
 
diff --git a/schema-migration/002-audit-logs.sql b/schema-migration/002-audit-logs.sql
new file mode 100644
index 0000000..7da43b5
--- /dev/null
+++ b/schema-migration/002-audit-logs.sql
@@ -0,0 +1,12 @@
+-- Audit logs
+CREATE TABLE arimelody.auditlog (
+    id UUID DEFAULT gen_random_uuid(), 
+    level int NOT NULL DEFAULT 0,
+    type TEXT NOT NULL, 
+    content TEXT NOT NULL, 
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
+);
+
+-- Need moar timestamps
+ALTER TABLE arimelody.musicrelease ADD COLUMN created_at TIMESTAMP NOT NULL DEFAULT current_timestamp;
+ALTER TABLE arimelody.account ALTER COLUMN created_at SET NOT NULL;

From b7938b02e8d615d2375fa6fa88b0d629835e7e9e Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 7 Feb 2025 12:06:52 +0000
Subject: [PATCH 16/88] fix session handling on public API

---
 api/api.go | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/api/api.go b/api/api.go
index 50b1c63..4edd07b 100644
--- a/api/api.go
+++ b/api/api.go
@@ -38,10 +38,10 @@ func Handler(app *model.AppState) http.Handler {
             ServeArtist(app, artist).ServeHTTP(w, r)
         case http.MethodPut:
             // PUT /api/v1/artist/{id} (admin)
-            requireAccount(app, UpdateArtist(app, artist)).ServeHTTP(w, r)
+            requireAccount(UpdateArtist(app, artist)).ServeHTTP(w, r)
         case http.MethodDelete:
             // DELETE /api/v1/artist/{id} (admin)
-            requireAccount(app, DeleteArtist(app, artist)).ServeHTTP(w, r)
+            requireAccount(DeleteArtist(app, artist)).ServeHTTP(w, r)
         default:
             http.NotFound(w, r)
         }
@@ -53,7 +53,7 @@ func Handler(app *model.AppState) http.Handler {
             ServeAllArtists(app).ServeHTTP(w, r)
         case http.MethodPost:
             // POST /api/v1/artist (admin)
-            requireAccount(app, CreateArtist(app)).ServeHTTP(w, r)
+            requireAccount(CreateArtist(app)).ServeHTTP(w, r)
         default:
             http.NotFound(w, r)
         }
@@ -80,10 +80,10 @@ func Handler(app *model.AppState) http.Handler {
             ServeRelease(app, release).ServeHTTP(w, r)
         case http.MethodPut:
             // PUT /api/v1/music/{id} (admin)
-            requireAccount(app, UpdateRelease(app, release)).ServeHTTP(w, r)
+            requireAccount(UpdateRelease(app, release)).ServeHTTP(w, r)
         case http.MethodDelete:
             // DELETE /api/v1/music/{id} (admin)
-            requireAccount(app, DeleteRelease(app, release)).ServeHTTP(w, r)
+            requireAccount(DeleteRelease(app, release)).ServeHTTP(w, r)
         default:
             http.NotFound(w, r)
         }
@@ -95,7 +95,7 @@ func Handler(app *model.AppState) http.Handler {
             ServeCatalog(app).ServeHTTP(w, r)
         case http.MethodPost:
             // POST /api/v1/music (admin)
-            requireAccount(app, CreateRelease(app)).ServeHTTP(w, r)
+            requireAccount(CreateRelease(app)).ServeHTTP(w, r)
         default:
             http.NotFound(w, r)
         }
@@ -119,13 +119,13 @@ func Handler(app *model.AppState) http.Handler {
         switch r.Method {
         case http.MethodGet:
             // GET /api/v1/track/{id} (admin)
-            requireAccount(app, ServeTrack(app, track)).ServeHTTP(w, r)
+            requireAccount(ServeTrack(app, track)).ServeHTTP(w, r)
         case http.MethodPut:
             // PUT /api/v1/track/{id} (admin)
-            requireAccount(app, UpdateTrack(app, track)).ServeHTTP(w, r)
+            requireAccount(UpdateTrack(app, track)).ServeHTTP(w, r)
         case http.MethodDelete:
             // DELETE /api/v1/track/{id} (admin)
-            requireAccount(app, DeleteTrack(app, track)).ServeHTTP(w, r)
+            requireAccount(DeleteTrack(app, track)).ServeHTTP(w, r)
         default:
             http.NotFound(w, r)
         }
@@ -134,19 +134,15 @@ func Handler(app *model.AppState) http.Handler {
         switch r.Method {
         case http.MethodGet:
             // GET /api/v1/track (admin)
-            requireAccount(app, ServeAllTracks(app)).ServeHTTP(w, r)
+            requireAccount(ServeAllTracks(app)).ServeHTTP(w, r)
         case http.MethodPost:
             // POST /api/v1/track (admin)
-            requireAccount(app, CreateTrack(app)).ServeHTTP(w, r)
+            requireAccount(CreateTrack(app)).ServeHTTP(w, r)
         default:
             http.NotFound(w, r)
         }
     }))
 
-    return mux
-}
-
-func requireAccount(app *model.AppState, next http.Handler) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         session, err := getSession(app, r)
         if err != nil {
@@ -154,7 +150,15 @@ func requireAccount(app *model.AppState, next http.Handler) http.Handler {
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
-        if session.Account == nil {
+        ctx := context.WithValue(r.Context(), "session", session)
+        mux.ServeHTTP(w, r.WithContext(ctx))
+    })
+}
+
+func requireAccount(next http.Handler) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+        if session == nil || session.Account == nil {
             http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
             return
         }

From 1397274967f1ac279f695f85126e8f1e31a42e01 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 7 Feb 2025 12:41:25 +0000
Subject: [PATCH 17/88] log search implementation

---
 log/log.go | 67 ++++++++++++++++++++++++++++++++++++++++++++----------
 main.go    | 19 +++++++++++++---
 2 files changed, 71 insertions(+), 15 deletions(-)

diff --git a/log/log.go b/log/log.go
index b90a39b..3344bbe 100644
--- a/log/log.go
+++ b/log/log.go
@@ -15,6 +15,7 @@ type (
 
     Log struct {
         ID string `json:"id" db:"id"`
+        Level LogLevel `json:"level" db:"level"`
         Type string `json:"type" db:"type"`
         Content string `json:"content" db:"content"`
         CreatedAt time.Time `json:"created_at" db:"created_at"`
@@ -35,6 +36,8 @@ const (
     LEVEL_WARN LogLevel = 1
 )
 
+const DEFAULT_LOG_PAGE_LENGTH = 25
+
 func (self *Logger) Info(logType string, format string, args ...any) {
     logString := fmt.Sprintf(format, args...)
     fmt.Printf("[%s] INFO: %s", logType, logString)
@@ -58,21 +61,61 @@ func (self *Logger) Fatal(logType string, format string, args ...any) {
     // we won't need to push fatal logs to DB, as these usually precede a panic or crash
 }
 
-func (self *Logger) Fetch(id string) *Log {
-    // TODO: log fetch
-    return nil
+func (self *Logger) Fetch(id string) (*Log, error) {
+    log := Log{}
+    err := self.DB.Get(&log, "SELECT * FROM auditlog WHERE id=$1", id)
+    return &log, err
 }
 
-func (self *Logger) Search(typeFilters []string, content string, offset int, limit int) []Log {
-    // TODO: log search
-    return []Log{}
-}
+func (self *Logger) Search(levelFilters []LogLevel, typeFilters []string, content string, offset int, limit int) ([]*Log, error) {
+    logs := []*Log{}
 
-func (self *Logger) Delete(id string) error {
-    // TODO: log deletion
-    // consider: logging the deletion of logs?
-    //           or just not deleting logs at all
-    return nil
+    params := []any{ limit, offset }
+    conditions := ""
+
+    if len(content) > 0 {
+      content = "%" + content + "%"
+      conditions += " WHERE content LIKE $3"
+      params = append(params, content)
+    }
+
+    if len(levelFilters) > 0 {
+        conditions += " AND level IN ("
+        for i := range levelFilters {
+            conditions += fmt.Sprintf("$%d", len(params) + 1)
+            if i < len(levelFilters) - 1 {
+                conditions += ","
+            }
+            params = append(params, levelFilters[i])
+        }
+        conditions += ")"
+    }
+
+    if len(typeFilters) > 0 {
+        conditions += " AND type IN ("
+        for i := range typeFilters {
+            conditions += fmt.Sprintf("$%d", len(params) + 1)
+            if i < len(typeFilters) - 1 {
+                conditions += ","
+            }
+            params = append(params, typeFilters[i])
+        }
+        conditions += ")"
+    }
+
+    query := fmt.Sprintf(
+        "SELECT * FROM auditlog%s ORDER BY created_at DESC LIMIT $1 OFFSET $2",
+        conditions,
+    )
+
+    // TODO: remove after testing
+    fmt.Println(query)
+
+    err := self.DB.Select(&logs, query, params...)
+    if err != nil {
+        return nil, err
+    }
+    return logs, nil
 }
 
 func createLog(db *sqlx.DB, logLevel LogLevel, logType string, content string) error {
diff --git a/main.go b/main.go
index 7e8e06f..b18681b 100644
--- a/main.go
+++ b/main.go
@@ -3,7 +3,7 @@ package main
 import (
 	"errors"
 	"fmt"
-	"log"
+	stdLog "log"
 	"math"
 	"math/rand"
 	"net/http"
@@ -20,6 +20,7 @@ import (
 	"arimelody-web/model"
 	"arimelody-web/templates"
 	"arimelody-web/view"
+  "arimelody-web/log"
 
 	"github.com/jmoiron/sqlx"
 	_ "github.com/lib/pq"
@@ -341,7 +342,19 @@ func main() {
 
             fmt.Printf("Account \"%s\" deleted successfully.\n", account.Username)
             return
-            
+
+        case "testLogSearch":
+            // TODO: rename to "logs"; add parameters
+            logger := log.Logger { DB: app.DB }
+            logs, err := logger.Search([]log.LogLevel{ log.LEVEL_INFO, log.LEVEL_WARN }, []string{ log.TYPE_ACCOUNT, log.TYPE_MUSIC }, "ari", 0, 100)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch logs: %v\n", err)
+                os.Exit(1)
+            }
+            for _, log := range(logs) {
+                fmt.Printf("[%s] [%s] [%d] [%s] %s\n", log.CreatedAt.Format(time.UnixDate), log.ID, log.Level, log.Type, log.Content)
+            }
+            return
         }
 
         // command help
@@ -401,7 +414,7 @@ func main() {
     // start the web server!
     mux := createServeMux(&app)
     fmt.Printf("Now serving at http://%s:%d\n", app.Config.Host, app.Config.Port)
-    log.Fatal(
+    stdLog.Fatal(
         http.ListenAndServe(fmt.Sprintf("%s:%d", app.Config.Host, app.Config.Port), 
         HTTPLog(DefaultHeaders(mux)),
     ))

From d9b71381b02b3ccf421d50413be33b55f7a2102b Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 7 Feb 2025 16:40:58 +0000
Subject: [PATCH 18/88] logs in use; new audit log panel!

---
 admin/accounthttp.go    | 20 +++++-----
 admin/http.go           | 41 ++++++++------------
 admin/logshttp.go       | 67 ++++++++++++++++++++++++++++++++
 admin/static/logs.css   | 85 +++++++++++++++++++++++++++++++++++++++++
 admin/templates.go      | 39 ++++++++++++++++++-
 admin/views/layout.html |  7 ++++
 admin/views/logs.html   | 68 +++++++++++++++++++++++++++++++++
 api/artist.go           | 13 +++++++
 api/release.go          | 31 +++++++++++----
 api/track.go            | 20 +++++++---
 api/uploads.go          |  3 ++
 controller/ip.go        | 19 +++++++++
 log/log.go              | 37 ++++++++++++------
 main.go                 | 35 ++++++++++++-----
 model/appstate.go       |  7 +++-
 model/release.go        |  1 +
 16 files changed, 418 insertions(+), 75 deletions(-)
 create mode 100644 admin/logshttp.go
 create mode 100644 admin/static/logs.css
 create mode 100644 admin/views/logs.html
 create mode 100644 controller/ip.go

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 098eb59..fc03d77 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -6,9 +6,9 @@ import (
 	"net/http"
 	"net/url"
 	"os"
-	"time"
 
 	"arimelody-web/controller"
+	"arimelody-web/log"
 	"arimelody-web/model"
 
 	"golang.org/x/crypto/bcrypt"
@@ -115,6 +115,8 @@ func changePasswordHandler(app *model.AppState) http.Handler {
             return
         }
 
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(r))
+
         controller.SetSessionError(app.DB, session, "")
         controller.SetSessionMessage(app.DB, session, "Password updated successfully.")
         http.Redirect(w, r, "/admin/account", http.StatusFound)
@@ -143,11 +145,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
 
         // check password
         if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil {
-            fmt.Printf(
-                "[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n",
-                time.Now().Format(time.UnixDate),
-                session.Account.Username,
-            )
+            app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(r))
             controller.SetSessionError(app.DB, session, "Incorrect password.")
             http.Redirect(w, r, "/admin/account", http.StatusFound)
             return
@@ -161,11 +159,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
             return
         }
 
-        fmt.Printf(
-            "[%s] INFO: Account \"%s\" deleted by user request.\n",
-            time.Now().Format(time.UnixDate),
-            session.Account.Username,
-        )
+        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(r))
 
         controller.SetSessionAccount(app.DB, session, nil)
         controller.SetSessionError(app.DB, session, "")
@@ -324,6 +318,8 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             return
         }
 
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" created TOTP method \"%s\".", session.Account.Username, totp.Name)
+
         controller.SetSessionError(app.DB, session, "")
         controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" created successfully.", totp.Name))
         http.Redirect(w, r, "/admin/account", http.StatusFound)
@@ -365,6 +361,8 @@ func totpDeleteHandler(app *model.AppState) http.Handler {
             return
         }
 
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" deleted TOTP method \"%s\".", session.Account.Username, totp.Name)
+
         controller.SetSessionError(app.DB, session, "")
         controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" deleted successfully.", totp.Name))
         http.Redirect(w, r, "/admin/account", http.StatusFound)
diff --git a/admin/http.go b/admin/http.go
index 0ca61a3..c70dd1d 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"arimelody-web/controller"
+	"arimelody-web/log"
 	"arimelody-web/model"
 
 	"golang.org/x/crypto/bcrypt"
@@ -39,6 +40,8 @@ func Handler(app *model.AppState) http.Handler {
     mux.Handle("/account", requireAccount(accountIndexHandler(app)))
     mux.Handle("/account/", requireAccount(http.StripPrefix("/account", accountHandler(app))))
 
+    mux.Handle("/logs", requireAccount(logsHandler(app)))
+
     mux.Handle("/release/", requireAccount(http.StripPrefix("/release", serveRelease(app))))
     mux.Handle("/artist/", requireAccount(http.StripPrefix("/artist", serveArtist(app))))
     mux.Handle("/track/", requireAccount(http.StripPrefix("/track", serveTrack(app))))
@@ -198,15 +201,12 @@ func registerAccountHandler(app *model.AppState) http.Handler {
             return
         }
 
-        fmt.Printf(
-            "[%s]: Account registered: %s (%s)\n",
-            time.Now().Format(time.UnixDate),
-            account.Username,
-            account.ID,
-        )
+        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(r))
 
         err = controller.DeleteInvite(app.DB, invite.Code)
-        if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) }
+        if err != nil {
+            app.Log.Warn(log.TYPE_ACCOUNT, "Failed to delete expired invite \"%s\": %v", invite.Code, err)
+        }
 
         // registration success!
         controller.SetSessionAccount(app.DB, session, &account)
@@ -277,11 +277,7 @@ func loginHandler(app *model.AppState) http.Handler {
 
         err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
         if err != nil {
-            fmt.Printf(
-                "[%s] INFO: Account \"%s\" attempted login with incorrect password.\n",
-                time.Now().Format(time.UnixDate),
-                account.Username,
-            )
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(r))
             controller.SetSessionError(app.DB, session, "Invalid username or password.")
             render()
             return
@@ -307,15 +303,11 @@ func loginHandler(app *model.AppState) http.Handler {
             return
         }
 
-        fmt.Printf(
-            "[%s] INFO: Account \"%s\" logged in\n",
-            time.Now().Format(time.UnixDate),
-            account.Username,
-        )
-
-        // TODO: log login activity to user
-
         // login success!
+        // TODO: log login activity to user
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(r))
+        app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" does not have any TOTP methods assigned.", account.Username)
+
         err = controller.SetSessionAccount(app.DB, session, account)
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to set session account: %v\n", err)
@@ -371,6 +363,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
         totpCode := r.FormValue("totp")
 
         if len(totpCode) != controller.TOTP_CODE_LENGTH {
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r))
             controller.SetSessionError(app.DB, session, "Invalid TOTP.")
             render()
             return
@@ -384,17 +377,13 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
             return
         }
         if totpMethod == nil {
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r))
             controller.SetSessionError(app.DB, session, "Invalid TOTP.")
             render()
             return
         }
 
-        fmt.Printf(
-            "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n",
-            time.Now().Format(time.UnixDate),
-            session.AttemptAccount.Username,
-            totpMethod.Name,
-        )
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(r))
 
         err = controller.SetSessionAccount(app.DB, session, session.AttemptAccount)
         if err != nil {
diff --git a/admin/logshttp.go b/admin/logshttp.go
new file mode 100644
index 0000000..93dc5b7
--- /dev/null
+++ b/admin/logshttp.go
@@ -0,0 +1,67 @@
+package admin
+
+import (
+	"arimelody-web/log"
+	"arimelody-web/model"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+)
+
+func logsHandler(app *model.AppState) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        if r.Method != http.MethodGet {
+            http.NotFound(w, r)
+            return
+        }
+
+        session := r.Context().Value("session").(*model.Session)
+
+        levelFilter := []log.LogLevel{}
+        typeFilter := []string{}
+
+        query := r.URL.Query().Get("q")
+
+        for key, value := range r.URL.Query() {
+            if strings.HasPrefix(key, "level-") && value[0] == "on" {
+                m := map[string]log.LogLevel{
+                    "info": log.LEVEL_INFO,
+                    "warn": log.LEVEL_WARN,
+                }
+                level, ok := m[strings.TrimPrefix(key, "level-")]
+                if ok {
+                    levelFilter = append(levelFilter, level)
+                }
+                continue
+            }
+
+            if strings.HasPrefix(key, "type-") && value[0] == "on" {
+                typeFilter = append(typeFilter, string(strings.TrimPrefix(key, "type-")))
+                continue
+            }
+        }
+
+        logs, err := app.Log.Search(levelFilter, typeFilter, query, 100, 0)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to fetch audit logs: %v\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+
+        type LogsResponse struct {
+            Session *model.Session
+            Logs []*log.Log
+        }
+
+        err = logsTemplate.Execute(w, LogsResponse{
+            Session: session,
+            Logs: logs,
+        })
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to render audit logs page: %v\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+    })
+}
diff --git a/admin/static/logs.css b/admin/static/logs.css
new file mode 100644
index 0000000..6ed91b5
--- /dev/null
+++ b/admin/static/logs.css
@@ -0,0 +1,85 @@
+main {
+    width: min(1080px, calc(100% - 2em))!important
+}
+
+form {
+    margin: 1em 0;
+}
+
+div#search {
+    display: flex;
+}
+
+#search input {
+    margin: 0;
+    flex-grow: 1;
+
+    border-right: none;
+    border-top-right-radius: 0;
+    border-bottom-right-radius: 0;
+}
+
+#search button {
+    padding: 0 .5em;
+
+    border-top-left-radius: 0;
+    border-bottom-left-radius: 0;
+}
+
+form #filters p {
+    margin: .5em 0 0 0;
+}
+form #filters label {
+    display: inline;
+}
+form #filters input {
+    margin-right: 1em;
+    display: inline;
+}
+
+#logs {
+    width: 100%;
+    border-collapse: collapse;
+}
+
+#logs tr {
+}
+
+#logs tr td {
+    border-bottom: 1px solid #8888;
+}
+
+#logs tr td:nth-child(even) {
+    background: #00000004;
+}
+
+#logs th, #logs td {
+    padding: .4em .8em;
+}
+
+td, th {
+    width: 1%;
+    text-align: left;
+    white-space: nowrap;
+}
+td.log-level,
+th.log-level,
+td.log-type,
+th.log-type {
+    text-align: center;
+}
+td.log-content,
+td.log-content {
+    width: 100%;
+}
+
+.log:hover {
+    background: #fff8;
+}
+
+.log.warn {
+    background: #ffe86a;
+}
+.log.warn:hover {
+    background: #ffec81;
+}
diff --git a/admin/templates.go b/admin/templates.go
index 49c118b..12cdf08 100644
--- a/admin/templates.go
+++ b/admin/templates.go
@@ -1,8 +1,12 @@
 package admin
 
 import (
-    "html/template"
-    "path/filepath"
+	"arimelody-web/log"
+	"fmt"
+	"html/template"
+	"path/filepath"
+	"strings"
+	"time"
 )
 
 var indexTemplate = template.Must(template.ParseFiles(
@@ -48,6 +52,37 @@ var totpConfirmTemplate = template.Must(template.ParseFiles(
     filepath.Join("admin", "views", "totp-confirm.html"),
 ))
 
+var logsTemplate = template.Must(template.New("layout.html").Funcs(template.FuncMap{
+    "parseLevel": func(level log.LogLevel) string {
+        switch level {
+        case log.LEVEL_INFO:
+            return "INFO"
+        case log.LEVEL_WARN:
+            return "WARN"
+        }
+        return fmt.Sprintf("%d?", level)
+    },
+    "titleCase": func(logType string) string {
+        runes := []rune(logType)
+        for i, r := range runes {
+            if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' {
+                runes[i] = r + ('A' - 'a')
+            }
+        }
+        return string(runes)
+    },
+    "lower": func(str string) string { return strings.ToLower(str) },
+    "prettyTime": func(t time.Time) string {
+        // return t.Format("2006-01-02 15:04:05")
+        // return t.Format("15:04:05, 2 Jan 2006")
+        return t.Format("02 Jan 2006, 15:04:05")
+    },
+}).ParseFiles(
+    filepath.Join("admin", "views", "layout.html"),
+    filepath.Join("views", "prideflag.html"),
+    filepath.Join("admin", "views", "logs.html"),
+))
+
 var releaseTemplate = template.Must(template.ParseFiles(
     filepath.Join("admin", "views", "layout.html"),
     filepath.Join("views", "prideflag.html"),
diff --git a/admin/views/layout.html b/admin/views/layout.html
index 8c34c8e..52b0620 100644
--- a/admin/views/layout.html
+++ b/admin/views/layout.html
@@ -23,7 +23,14 @@
                 <div class="nav-item">
                     <a href="/admin">home</a>
                 </div>
+                {{if .Session.Account}}
+                <div class="nav-item">
+                    <a href="/admin/logs">logs</a>
+                </div>
+                {{end}}
+
                 <div class="flex-fill"></div>
+
                 {{if .Session.Account}}
                 <div class="nav-item">
                     <a href="/admin/account">account ({{.Session.Account.Username}})</a>
diff --git a/admin/views/logs.html b/admin/views/logs.html
new file mode 100644
index 0000000..e3a3ccb
--- /dev/null
+++ b/admin/views/logs.html
@@ -0,0 +1,68 @@
+{{define "head"}}
+<title>Audit Logs - ari melody 💫</title>
+<link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
+<link rel="stylesheet" href="/admin/static/admin.css">
+<link rel="stylesheet" href="/admin/static/logs.css">
+{{end}}
+
+{{define "content"}}
+<main>
+    <h1>Audit Logs</h1>
+
+    <form action="/admin/logs" method="GET">
+        <div id="search">
+            <input type="text" name="q" value="" placeholder="Filter by message...">
+            <button type="submit" class="save">Search</button>
+        </div>
+        <div id="filters">
+            <div>
+                <p>Level:</p>
+                <label for="level-info">Info</label>
+                <input type="checkbox" name="level-info" id="level-info">
+                <label for="level-warn">Warning</label>
+                <input type="checkbox" name="level-warn" id="level-warn">
+            </div>
+            <div>
+                <p>Type:</p>
+                <label for="type-account">Account</label>
+                <input type="checkbox" name="type-account" id="type-account">
+                <label for="type-music">Music</label>
+                <input type="checkbox" name="type-music" id="type-music">
+                <label for="type-artist">Artist</label>
+                <input type="checkbox" name="type-artist" id="type-artist">
+                <label for="type-blog">Blog</label>
+                <input type="checkbox" name="type-blog" id="type-blog">
+                <label for="type-artwork">Artwork</label>
+                <input type="checkbox" name="type-artwork" id="type-artwork">
+                <label for="type-files">Files</label>
+                <input type="checkbox" name="type-files" id="type-files">
+                <label for="type-misc">Misc</label>
+                <input type="checkbox" name="type-misc" id="type-misc">
+            </div>
+        </div>
+    </form>
+    
+    <hr>
+
+    <table id="logs">
+        <thead>
+            <tr>
+                <th class="log-time">Time</th>
+                <th class="log-level">Level</th>
+                <th class="log-type">Type</th>
+                <th class="log-content">Message</th>
+            </tr>
+        </thead>
+        <tbody>
+            {{range .Logs}}
+            <tr class="log {{lower (parseLevel .Level)}}">
+                <td class="log-time">{{prettyTime .CreatedAt}}</td>
+                <td class="log-level">{{parseLevel .Level}}</td>
+                <td class="log-type">{{titleCase .Type}}</td>
+                <td class="log-content">{{.Content}}</td>
+            </tr>
+            {{end}}
+        </tbody>
+    </table>
+</main>
+{{end}}
diff --git a/api/artist.go b/api/artist.go
index 51c9d62..9006cc3 100644
--- a/api/artist.go
+++ b/api/artist.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"arimelody-web/controller"
+	"arimelody-web/log"
 	"arimelody-web/model"
 )
 
@@ -88,6 +89,8 @@ func ServeArtist(app *model.AppState, artist *model.Artist) http.Handler {
 
 func CreateArtist(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         var artist model.Artist
         err := json.NewDecoder(r.Body).Decode(&artist)
         if err != nil {
@@ -112,12 +115,16 @@ func CreateArtist(app *model.AppState) http.Handler {
             return
         }
 
+        app.Log.Info(log.TYPE_ARTIST, "Artist \"%s\" created by \"%s\".", artist.Name, session.Account.Username)
+
         w.WriteHeader(http.StatusCreated)
     })
 }
 
 func UpdateArtist(app *model.AppState, artist *model.Artist) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         err := json.NewDecoder(r.Body).Decode(&artist)
         if err != nil {
             fmt.Printf("WARN: Failed to update artist: %s\n", err)
@@ -158,11 +165,15 @@ func UpdateArtist(app *model.AppState, artist *model.Artist) http.Handler {
             fmt.Printf("WARN: Failed to update artist %s: %s\n", artist.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_ARTIST, "Artist \"%s\" updated by \"%s\".", artist.Name, session.Account.Username)
     })
 }
 
 func DeleteArtist(app *model.AppState, artist *model.Artist) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         err := controller.DeleteArtist(app.DB, artist.ID)
         if err != nil {
             if strings.Contains(err.Error(), "no rows") {
@@ -172,5 +183,7 @@ func DeleteArtist(app *model.AppState, artist *model.Artist) http.Handler {
             fmt.Printf("WARN: Failed to delete artist %s: %s\n", artist.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_ARTIST, "Artist \"%s\" deleted by \"%s\".", artist.Name, session.Account.Username)
     })
 }
diff --git a/api/release.go b/api/release.go
index b89cec8..efed8dd 100644
--- a/api/release.go
+++ b/api/release.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"arimelody-web/controller"
+	"arimelody-web/log"
 	"arimelody-web/model"
 )
 
@@ -189,10 +190,7 @@ func ServeCatalog(app *model.AppState) http.Handler {
 
 func CreateRelease(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method != http.MethodPost {
-            http.NotFound(w, r)
-            return
-        }
+        session := r.Context().Value("session").(*model.Session)
 
         var release model.Release
         err := json.NewDecoder(r.Body).Decode(&release)
@@ -226,6 +224,8 @@ func CreateRelease(app *model.AppState) http.Handler {
             return
         }
 
+        app.Log.Info(log.TYPE_MUSIC, "Release \"%s\" created by \"%s\".", release.ID, session.Account.Username)
+
         w.Header().Add("Content-Type", "application/json")
         w.WriteHeader(http.StatusCreated)
         encoder := json.NewEncoder(w)
@@ -240,6 +240,8 @@ func CreateRelease(app *model.AppState) http.Handler {
 
 func UpdateRelease(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         if r.URL.Path == "/" {
             http.NotFound(w, r)
             return
@@ -304,11 +306,15 @@ func UpdateRelease(app *model.AppState, release *model.Release) http.Handler {
             fmt.Printf("WARN: Failed to update release %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_MUSIC, "Release \"%s\" updated by \"%s\".", release.ID, session.Account.Username)
     })
 }
 
 func UpdateReleaseTracks(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         var trackIDs = []string{}
         err := json.NewDecoder(r.Body).Decode(&trackIDs)
         if err != nil {
@@ -325,11 +331,15 @@ func UpdateReleaseTracks(app *model.AppState, release *model.Release) http.Handl
             fmt.Printf("WARN: Failed to update tracks for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_MUSIC, "Tracklist for release \"%s\" updated by \"%s\".", release.ID, session.Account.Username)
     })
 }
 
 func UpdateReleaseCredits(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         type creditJSON struct {
             Artist  string
             Role    string
@@ -366,15 +376,14 @@ func UpdateReleaseCredits(app *model.AppState, release *model.Release) http.Hand
             fmt.Printf("WARN: Failed to update links for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_MUSIC, "Credits for release \"%s\" updated by \"%s\".", release.ID, session.Account.Username)
     })
 }
 
 func UpdateReleaseLinks(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method != http.MethodPut {
-            http.NotFound(w, r)
-            return
-        }
+        session := r.Context().Value("session").(*model.Session)
 
         var links = []*model.Link{}
         err := json.NewDecoder(r.Body).Decode(&links)
@@ -392,11 +401,15 @@ func UpdateReleaseLinks(app *model.AppState, release *model.Release) http.Handle
             fmt.Printf("WARN: Failed to update links for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_MUSIC, "Links for release \"%s\" updated by \"%s\".", release.ID, session.Account.Username)
     })
 }
 
 func DeleteRelease(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         err := controller.DeleteRelease(app.DB, release.ID)
         if err != nil {
             if strings.Contains(err.Error(), "no rows") {
@@ -406,5 +419,7 @@ func DeleteRelease(app *model.AppState, release *model.Release) http.Handler {
             fmt.Printf("WARN: Failed to delete release %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_MUSIC, "Release \"%s\" deleted by \"%s\".", release.ID, session.Account.Username)
     })
 }
diff --git a/api/track.go b/api/track.go
index c342e08..e7d7c07 100644
--- a/api/track.go
+++ b/api/track.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 
 	"arimelody-web/controller"
+	"arimelody-web/log"
 	"arimelody-web/model"
 )
 
@@ -75,10 +76,7 @@ func ServeTrack(app *model.AppState, track *model.Track) http.Handler {
 
 func CreateTrack(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method != http.MethodPost {
-            http.NotFound(w, r)
-            return
-        }
+        session := r.Context().Value("session").(*model.Session)
 
         var track model.Track
         err := json.NewDecoder(r.Body).Decode(&track)
@@ -99,6 +97,8 @@ func CreateTrack(app *model.AppState) http.Handler {
             return
         }
 
+        app.Log.Info(log.TYPE_MUSIC, "Track \"%s\" (%s) created by \"%s\".", track.Title, track.ID, session.Account.Username)
+
         w.Header().Add("Content-Type", "text/plain")
         w.WriteHeader(http.StatusCreated)
         w.Write([]byte(id))
@@ -107,11 +107,13 @@ func CreateTrack(app *model.AppState) http.Handler {
 
 func UpdateTrack(app *model.AppState, track *model.Track) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method != http.MethodPut || r.URL.Path == "/" {
+        if r.URL.Path == "/" {
             http.NotFound(w, r)
             return
         }
 
+        session := r.Context().Value("session").(*model.Session)
+
         err := json.NewDecoder(r.Body).Decode(&track)
         if err != nil {
             http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
@@ -130,6 +132,8 @@ func UpdateTrack(app *model.AppState, track *model.Track) http.Handler {
             return
         }
 
+        app.Log.Info(log.TYPE_MUSIC, "Track \"%s\" (%s) updated by \"%s\".", track.Title, track.ID, session.Account.Username)
+
         w.Header().Add("Content-Type", "application/json")
         encoder := json.NewEncoder(w)
         encoder.SetIndent("", "\t")
@@ -142,16 +146,20 @@ func UpdateTrack(app *model.AppState, track *model.Track) http.Handler {
 
 func DeleteTrack(app *model.AppState, track *model.Track) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method != http.MethodDelete || r.URL.Path == "/" {
+        if r.URL.Path == "/" {
             http.NotFound(w, r)
             return
         }
 
+        session := r.Context().Value("session").(*model.Session)
+
         var trackID = r.URL.Path[1:]
         err := controller.DeleteTrack(app.DB, trackID)
         if err != nil {
             fmt.Printf("WARN: Failed to delete track %s: %s\n", trackID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
+
+        app.Log.Info(log.TYPE_MUSIC, "Track \"%s\" (%s) deleted by \"%s\".", track.Title, track.ID, session.Account.Username)
     })
 }
diff --git a/api/uploads.go b/api/uploads.go
index ddcf6ee..60ab7dd 100644
--- a/api/uploads.go
+++ b/api/uploads.go
@@ -1,6 +1,7 @@
 package api
 
 import (
+	"arimelody-web/log"
 	"arimelody-web/model"
 	"bufio"
 	"encoding/base64"
@@ -49,5 +50,7 @@ func HandleImageUpload(app *model.AppState, data *string, directory string, file
         return "", nil
 	}
 
+    app.Log.Info(log.TYPE_FILES, "\"%s/%s.%s\" created.", directory, filename, ext)
+
 	return filename, nil
 }
diff --git a/controller/ip.go b/controller/ip.go
new file mode 100644
index 0000000..4b1126d
--- /dev/null
+++ b/controller/ip.go
@@ -0,0 +1,19 @@
+package controller
+
+import (
+	"net/http"
+	"slices"
+)
+
+// Returns the request's original IP address, resolving the `x-forwarded-for`
+// header if the request originates from a trusted proxy.
+func ResolveIP(r *http.Request) string {
+    trustedProxies := []string{ "10.4.20.69" }
+    if slices.Contains(trustedProxies, r.RemoteAddr) {
+        forwardedFor := r.Header.Get("x-forwarded-for")
+        if len(forwardedFor) > 0 {
+            return forwardedFor
+        }
+    }
+    return r.RemoteAddr
+}
diff --git a/log/log.go b/log/log.go
index 3344bbe..3d023ab 100644
--- a/log/log.go
+++ b/log/log.go
@@ -25,8 +25,10 @@ type (
 const (
     TYPE_ACCOUNT string = "account"
     TYPE_MUSIC string = "music"
+    TYPE_ARTIST string = "artist"
     TYPE_BLOG string = "blog"
     TYPE_ARTWORK string = "artwork"
+    TYPE_FILES string = "files"
     TYPE_MISC string = "misc"
 )
 
@@ -40,7 +42,7 @@ const DEFAULT_LOG_PAGE_LENGTH = 25
 
 func (self *Logger) Info(logType string, format string, args ...any) {
     logString := fmt.Sprintf(format, args...)
-    fmt.Printf("[%s] INFO: %s", logType, logString)
+    fmt.Printf("[%s] [%s] INFO: %s\n", time.Now().Format(time.UnixDate), logType, logString)
     err := createLog(self.DB, LEVEL_INFO, logType, logString)
     if err != nil {
         fmt.Fprintf(os.Stderr, "WARN: Failed to push log to database: %v\n", err)
@@ -49,25 +51,20 @@ func (self *Logger) Info(logType string, format string, args ...any) {
 
 func (self *Logger) Warn(logType string, format string, args ...any) {
     logString := fmt.Sprintf(format, args...)
-    fmt.Fprintf(os.Stderr, "[%s] WARN: %s", logType, logString)
+    fmt.Fprintf(os.Stderr, "[%s] [%s] WARN: %s\n", time.Now().Format(time.UnixDate), logType, logString)
     err := createLog(self.DB, LEVEL_WARN, logType, logString)
     if err != nil {
         fmt.Fprintf(os.Stderr, "WARN: Failed to push log to database: %v\n", err)
     }
 }
 
-func (self *Logger) Fatal(logType string, format string, args ...any) {
-    fmt.Fprintf(os.Stderr, fmt.Sprintf("[%s] FATAL: %s", logType, format), args...)
-    // we won't need to push fatal logs to DB, as these usually precede a panic or crash
-}
-
 func (self *Logger) Fetch(id string) (*Log, error) {
     log := Log{}
     err := self.DB.Get(&log, "SELECT * FROM auditlog WHERE id=$1", id)
     return &log, err
 }
 
-func (self *Logger) Search(levelFilters []LogLevel, typeFilters []string, content string, offset int, limit int) ([]*Log, error) {
+func (self *Logger) Search(levelFilters []LogLevel, typeFilters []string, content string, limit int, offset int) ([]*Log, error) {
     logs := []*Log{}
 
     params := []any{ limit, offset }
@@ -80,7 +77,11 @@ func (self *Logger) Search(levelFilters []LogLevel, typeFilters []string, conten
     }
 
     if len(levelFilters) > 0 {
-        conditions += " AND level IN ("
+        if len(conditions) > 0 {
+            conditions += " AND level IN ("
+        } else {
+            conditions += " WHERE level IN ("
+        }
         for i := range levelFilters {
             conditions += fmt.Sprintf("$%d", len(params) + 1)
             if i < len(levelFilters) - 1 {
@@ -92,7 +93,11 @@ func (self *Logger) Search(levelFilters []LogLevel, typeFilters []string, conten
     }
 
     if len(typeFilters) > 0 {
-        conditions += " AND type IN ("
+        if len(conditions) > 0 {
+            conditions += " AND type IN ("
+        } else {
+            conditions += " WHERE type IN ("
+        }
         for i := range typeFilters {
             conditions += fmt.Sprintf("$%d", len(params) + 1)
             if i < len(typeFilters) - 1 {
@@ -108,8 +113,16 @@ func (self *Logger) Search(levelFilters []LogLevel, typeFilters []string, conten
         conditions,
     )
 
-    // TODO: remove after testing
-    fmt.Println(query)
+    /*
+    fmt.Printf("%s (", query)
+    for i, param := range params {
+        fmt.Print(param)
+        if i < len(params) - 1 {
+            fmt.Print(", ")
+        }
+    }
+    fmt.Print(")\n")
+    */
 
     err := self.DB.Select(&logs, query, params...)
     if err != nil {
diff --git a/main.go b/main.go
index b18681b..03e9d77 100644
--- a/main.go
+++ b/main.go
@@ -19,8 +19,8 @@ import (
 	"arimelody-web/controller"
 	"arimelody-web/model"
 	"arimelody-web/templates"
+    "arimelody-web/log"
 	"arimelody-web/view"
-  "arimelody-web/log"
 
 	"github.com/jmoiron/sqlx"
 	_ "github.com/lib/pq"
@@ -78,6 +78,8 @@ func main() {
     app.DB.SetMaxIdleConns(10)
     defer app.DB.Close()
 
+    app.Log = log.Logger{ DB: app.DB }
+
     // handle command arguments
     if len(os.Args) > 1 {
         arg := os.Args[1]
@@ -119,6 +121,7 @@ func main() {
                 os.Exit(1)
             }
 
+            app.Log.Info(log.TYPE_ACCOUNT, "TOTP method \"%s\" for \"%s\" created via config utility.", totp.Name, account.Username)
             url := controller.GenerateTOTPURI(account.Username, totp.Secret)
             fmt.Printf("%s\n", url)
             return
@@ -148,6 +151,7 @@ func main() {
                 os.Exit(1)
             }
 
+            app.Log.Info(log.TYPE_ACCOUNT, "TOTP method \"%s\" for \"%s\" deleted via config utility.", totpName, account.Username)
             fmt.Printf("TOTP method \"%s\" deleted.\n", totpName)
             return
 
@@ -223,6 +227,7 @@ func main() {
                 fmt.Fprintf(os.Stderr, "FATAL: Failed to clean up TOTP methods: %v\n", err)
                 os.Exit(1)
             }
+            app.Log.Info(log.TYPE_ACCOUNT, "TOTP methods pruned via config utility.")
             fmt.Printf("Cleaned up dangling TOTP methods successfully.\n")
             return
 
@@ -234,6 +239,7 @@ func main() {
                 os.Exit(1)
             }
 
+            app.Log.Info(log.TYPE_ACCOUNT, "Invite generted via config utility (%s).", invite.Code)
             fmt.Printf(
                 "Here you go! This code expires in %d hours: %s\n",
                 int(math.Ceil(invite.ExpiresAt.Sub(invite.CreatedAt).Hours())),
@@ -249,6 +255,7 @@ func main() {
                 os.Exit(1)
             }
 
+            app.Log.Info(log.TYPE_ACCOUNT, "Invites purged via config utility.")
             fmt.Printf("Invites deleted successfully.\n")
             return
 
@@ -301,11 +308,12 @@ func main() {
             account.Password = string(hashedPassword)
             err = controller.UpdateAccount(app.DB, account)
             if err != nil {
-                fmt.Fprintf(os.Stderr, "FATAL: Failed to delete account: %v\n", err)
+                fmt.Fprintf(os.Stderr, "FATAL: Failed to update password: %v\n", err)
                 os.Exit(1)
             }
 
-            fmt.Printf("Account \"%s\" deleted successfully.\n", account.Username)
+            app.Log.Info(log.TYPE_ACCOUNT, "Password for '%s' updated via config utility.", account.Username)
+            fmt.Printf("Password for \"%s\" updated successfully.\n", account.Username)
             return
 
         case "deleteAccount":
@@ -340,19 +348,28 @@ func main() {
                 os.Exit(1)
             }
 
+            app.Log.Info(log.TYPE_ACCOUNT, "Account '%s' deleted via config utility.", account.Username)
             fmt.Printf("Account \"%s\" deleted successfully.\n", account.Username)
             return
 
-        case "testLogSearch":
-            // TODO: rename to "logs"; add parameters
-            logger := log.Logger { DB: app.DB }
-            logs, err := logger.Search([]log.LogLevel{ log.LEVEL_INFO, log.LEVEL_WARN }, []string{ log.TYPE_ACCOUNT, log.TYPE_MUSIC }, "ari", 0, 100)
+        case "logs":
+            // TODO: add log search parameters
+            logs, err := app.Log.Search([]log.LogLevel{}, []string{}, "", 100, 0)
             if err != nil {
                 fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch logs: %v\n", err)
                 os.Exit(1)
             }
-            for _, log := range(logs) {
-                fmt.Printf("[%s] [%s] [%d] [%s] %s\n", log.CreatedAt.Format(time.UnixDate), log.ID, log.Level, log.Type, log.Content)
+            for _, item := range(logs) {
+                levelStr := ""
+                switch item.Level {
+                case log.LEVEL_INFO:
+                    levelStr = "INFO"
+                case log.LEVEL_WARN:
+                    levelStr = "WARN"
+                default:
+                    levelStr = fmt.Sprintf("? (%d)", item.Level)
+                }
+                fmt.Printf("[%s] %s:\n\t[%s] %s: %s\n", item.CreatedAt.Format(time.UnixDate), item.ID, item.Type, levelStr, item.Content)
             }
             return
         }
diff --git a/model/appstate.go b/model/appstate.go
index 6a965d5..2516b6e 100644
--- a/model/appstate.go
+++ b/model/appstate.go
@@ -1,6 +1,10 @@
 package model
 
-import "github.com/jmoiron/sqlx"
+import (
+	"github.com/jmoiron/sqlx"
+
+    "arimelody-web/log"
+)
 
 type (
     DBConfig struct {
@@ -29,5 +33,6 @@ type (
     AppState struct {
         DB *sqlx.DB
         Config Config
+        Log log.Logger
     }
 )
diff --git a/model/release.go b/model/release.go
index 7b0c8d5..42d6fba 100644
--- a/model/release.go
+++ b/model/release.go
@@ -24,6 +24,7 @@ type (
         Tracks          []*Track    `json:"tracks"`
         Credits         []*Credit   `json:"credits"`
         Links           []*Link     `json:"links"`
+        CreatedAt       time.Time   `json:"-" db:"created_at"`
     }
 )
 

From 23dbbf26e3068e987301833524297f22f0aa1bbe Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 7 Feb 2025 16:54:36 +0000
Subject: [PATCH 19/88] handle x-forwarded-for in IP logs

---
 admin/accounthttp.go |  6 +++---
 admin/http.go        | 12 ++++++------
 controller/config.go |  1 +
 controller/ip.go     | 10 ++++++----
 model/appstate.go    |  1 +
 5 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index fc03d77..125abdc 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -115,7 +115,7 @@ func changePasswordHandler(app *model.AppState) http.Handler {
             return
         }
 
-        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r))
 
         controller.SetSessionError(app.DB, session, "")
         controller.SetSessionMessage(app.DB, session, "Password updated successfully.")
@@ -145,7 +145,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
 
         // check password
         if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil {
-            app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(app, r))
             controller.SetSessionError(app.DB, session, "Incorrect password.")
             http.Redirect(w, r, "/admin/account", http.StatusFound)
             return
@@ -159,7 +159,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
             return
         }
 
-        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r))
 
         controller.SetSessionAccount(app.DB, session, nil)
         controller.SetSessionError(app.DB, session, "")
diff --git a/admin/http.go b/admin/http.go
index c70dd1d..b16c209 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -201,7 +201,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
             return
         }
 
-        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(app, r))
 
         err = controller.DeleteInvite(app.DB, invite.Code)
         if err != nil {
@@ -277,7 +277,7 @@ func loginHandler(app *model.AppState) http.Handler {
 
         err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
         if err != nil {
-            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r))
             controller.SetSessionError(app.DB, session, "Invalid username or password.")
             render()
             return
@@ -305,7 +305,7 @@ func loginHandler(app *model.AppState) http.Handler {
 
         // login success!
         // TODO: log login activity to user
-        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(app, r))
         app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" does not have any TOTP methods assigned.", account.Username)
 
         err = controller.SetSessionAccount(app.DB, session, account)
@@ -363,7 +363,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
         totpCode := r.FormValue("totp")
 
         if len(totpCode) != controller.TOTP_CODE_LENGTH {
-            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
             controller.SetSessionError(app.DB, session, "Invalid TOTP.")
             render()
             return
@@ -377,13 +377,13 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
             return
         }
         if totpMethod == nil {
-            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
             controller.SetSessionError(app.DB, session, "Invalid TOTP.")
             render()
             return
         }
 
-        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(app, r))
 
         err = controller.SetSessionAccount(app.DB, session, session.AttemptAccount)
         if err != nil {
diff --git a/controller/config.go b/controller/config.go
index 8772b6b..5a69d49 100644
--- a/controller/config.go
+++ b/controller/config.go
@@ -21,6 +21,7 @@ func GetConfig() model.Config {
         BaseUrl: "https://arimelody.me",
         Host: "0.0.0.0",
         Port: 8080,
+        TrustedProxies: []string{ "127.0.0.1" },
         DB: model.DBConfig{
             Host: "127.0.0.1",
             Port: 5432,
diff --git a/controller/ip.go b/controller/ip.go
index 4b1126d..ae9d587 100644
--- a/controller/ip.go
+++ b/controller/ip.go
@@ -1,19 +1,21 @@
 package controller
 
 import (
+	"arimelody-web/model"
 	"net/http"
 	"slices"
+	"strings"
 )
 
 // Returns the request's original IP address, resolving the `x-forwarded-for`
 // header if the request originates from a trusted proxy.
-func ResolveIP(r *http.Request) string {
-    trustedProxies := []string{ "10.4.20.69" }
-    if slices.Contains(trustedProxies, r.RemoteAddr) {
+func ResolveIP(app *model.AppState, r *http.Request) string {
+    addr := strings.Split(r.RemoteAddr, ":")[0]
+    if slices.Contains(app.Config.TrustedProxies, addr) {
         forwardedFor := r.Header.Get("x-forwarded-for")
         if len(forwardedFor) > 0 {
             return forwardedFor
         }
     }
-    return r.RemoteAddr
+    return addr
 }
diff --git a/model/appstate.go b/model/appstate.go
index 2516b6e..233e0db 100644
--- a/model/appstate.go
+++ b/model/appstate.go
@@ -26,6 +26,7 @@ type (
         Host string `toml:"host"`
         Port int64 `toml:"port"`
         DataDirectory string `toml:"data_dir"`
+        TrustedProxies []string `toml:"trusted_proxies"`
         DB DBConfig `toml:"db"`
         Discord DiscordConfig `toml:"discord"`
     }

From edb4d7df3a9544de8dcbafe1f162ed882114e9d3 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 7 Feb 2025 17:15:02 +0000
Subject: [PATCH 20/88] trim extra IPs from x-forwarded-for header

---
 bundle.sh        | 2 +-
 controller/ip.go | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/bundle.sh b/bundle.sh
index dc7c023..277bb9c 100755
--- a/bundle.sh
+++ b/bundle.sh
@@ -6,4 +6,4 @@ if [ ! -f arimelody-web ]; then
     exit 1
 fi
 
-tar czvf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
+tar czf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
diff --git a/controller/ip.go b/controller/ip.go
index ae9d587..233d76a 100644
--- a/controller/ip.go
+++ b/controller/ip.go
@@ -14,6 +14,8 @@ func ResolveIP(app *model.AppState, r *http.Request) string {
     if slices.Contains(app.Config.TrustedProxies, addr) {
         forwardedFor := r.Header.Get("x-forwarded-for")
         if len(forwardedFor) > 0 {
+            // discard extra IPs; cloudflare tends to append their nodes
+            forwardedFor = strings.Split(forwardedFor, ", ")[0]
             return forwardedFor
         }
     }

From 3cb8d2940aadcc78072736975337d6766512611e Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sat, 8 Feb 2025 12:25:19 +0000
Subject: [PATCH 21/88] fix white-space on log message

---
 admin/static/logs.css | 1 +
 1 file changed, 1 insertion(+)

diff --git a/admin/static/logs.css b/admin/static/logs.css
index 6ed91b5..f0df299 100644
--- a/admin/static/logs.css
+++ b/admin/static/logs.css
@@ -71,6 +71,7 @@ th.log-type {
 td.log-content,
 td.log-content {
     width: 100%;
+    white-space: collapse;
 }
 
 .log:hover {

From 0fc6c9f86d6b1b74ead9179d4cd0fd4961b68711 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Wed, 19 Feb 2025 01:59:12 +0000
Subject: [PATCH 22/88] update public gpg key

---
 public/keys/ari melody_0x92678188_public.asc | 31 ++++++++++++++------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/public/keys/ari melody_0x92678188_public.asc b/public/keys/ari melody_0x92678188_public.asc
index 2b37d88..80a4676 100644
--- a/public/keys/ari melody_0x92678188_public.asc	
+++ b/public/keys/ari melody_0x92678188_public.asc	
@@ -1,13 +1,26 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO
-JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJMEExYKADsWIQTu
-jeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbAwULCQgHAgIiAgYVCgkICwIEFgID
-AQIeBwIXgAAKCRDPmYKckmeBiGCbAP4wTcLCU5ZlfSTJrFtGhQKWA6DxtUO7Cegk
-Vu8SgkY3KgEA1/YqjZ1vSaqPDN4137vmhkhfduoYOjN0iptNj39u2wG4OARk1bTd
-EgorBgEEAZdVAQUBAQdAnA2drPzQBoXNdwIrFnovuF0CjX+8+8QSugCF4a5ZEXED
-AQgHiHgEGBYKACAWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbDAAKCRDP
-mYKckmeBiC/xAQD1hu4WcstR40lkUxMqhZ44wmizrDA+eGCdh7Ge3Gy79wEAx385
-GnYoNplMTA4BTGs7orV4WSfSkoBx0+px1UOewgs=
-=M1Bp
+JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJkEExYKAEECGwMF
+CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQTujeuNYocuegkeKt/PmYKckmeB
+iAUCZ7UqUAUJCIMP8wAKCRDPmYKckmeBiO/NAP0SoJL4aKZqCeYiSoDF/Uw6nMmZ
++oR1Uig41wQ/IDbhCAEApP2vbjSIu6pcp0AQlL7qcoyPWv+XkqPSFqW9KEZZVwqI
+kwQTFgoAOxYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJk1bTdAhsDBQsJCAcCAiIC
+BhUKCQgLAgQWAgMBAh4HAheAAAoJEM+ZgpySZ4GIYJsA/jBNwsJTlmV9JMmsW0aF
+ApYDoPG1Q7sJ6CRW7xKCRjcqAQDX9iqNnW9Jqo8M3jXfu+aGSF926hg6M3SKm02P
+f27bAbgzBGe1JooWCSsGAQQB2kcPAQEHQJbfh5iLHEpZndMgekqYzqTrUoAJ8ZIL
+d4WH0dcw9tOaiPUEGBYKACYCGwIWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZ7Uq
+VgUJBaOeTACBdiAEGRYKAB0WIQQlu5dWmBR/P3ZxngxgtfA4bj3bfgUCZ7UmigAK
+CRBgtfA4bj3bfux+AP4y5ydrjnGBMX7GuB2nh55SRdscSiXsZ66ntnjXyQcbWgEA
+pDuu7FqXzXcnluuZxNFDT740Rnzs60tTeplDqGGWcAQJEM+ZgpySZ4GIc0kA/iSw
+Nw+r3FC75omwrPpJF13B5fq93FweFx+oSaES6qzkAQDvgCK77qKKbvCju0g8zSsK
+EZnv6xR4uvtGdVkvLpBdC7gzBGe1JpkWCSsGAQQB2kcPAQEHQGnU4lXFLchhKYkC
+PshP+jvuRsNoedaDOK2p4dkQC8JuiH4EGBYKACYCGyAWIQTujeuNYocuegkeKt/P
+mYKckmeBiAUCZ7UqXgUJBaOeRQAKCRDPmYKckmeBiL9KAQCJZIBhuSsoYa61I0XZ
+cKzGZbB0h9pD6eg1VRswNIgHtQEAwu9Hgs1rs9cySvKbO7WgK6Qh6EfrvGgGOXCO
+m3wVsg24OARntSo5EgorBgEEAZdVAQUBAQdA+/k586W1OHxndzDJNpbd+wqjyjr0
+D5IXxfDs00advB0DAQgHiH4EGBYKACYWIQTujeuNYocuegkeKt/PmYKckmeBiAUC
+Z7UqOQIbDAUJBaOagAAKCRDPmYKckmeBiEFxAQCgziQt2l3u7jnZVij4zop+K2Lv
+TVFtkbG61tf6brRzBgD/X6c6X5BRyQC51JV1I1RFRBdeMAIXzcLFg2v3WUMccQs=
+=YmHI
 -----END PGP PUBLIC KEY BLOCK-----

From 739390d7f5b8c1c7fa820a0753afc7bb611ca48c Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 14 Mar 2025 00:33:59 +0000
Subject: [PATCH 23/88] funny cursor teehee

---
 public/script/cursor.js | 273 ++++++++++++++++++++++++++++++++++++++++
 public/script/main.js   |   1 +
 public/style/cursor.css |  43 +++++++
 public/style/main.css   |   1 +
 4 files changed, 318 insertions(+)
 create mode 100644 public/script/cursor.js
 create mode 100644 public/style/cursor.css

diff --git a/public/script/cursor.js b/public/script/cursor.js
new file mode 100644
index 0000000..94f1a8e
--- /dev/null
+++ b/public/script/cursor.js
@@ -0,0 +1,273 @@
+const CURSOR_TICK_RATE = 1000/30;
+const CURSOR_LERP_RATE = 1/100;
+const CURSOR_CHAR_MAX_LIFE = 5000;
+const CURSOR_MAX_CHARS = 50;
+/** @type HTMLElement */
+let cursorContainer;
+/** @type Cursor */
+let myCursor;
+/** @type Map<number, Cursor> */
+let cursors = new Map();
+/** @type Array<FunChar> */
+let chars = new Array();
+
+let lastCursorUpdateTime = 0;
+let lastCharUpdateTime = 0;
+
+class Cursor {
+    /** @type number */ id;
+
+    // real coordinates (canonical)
+    /** @type number */ x;
+    /** @type number */ y;
+
+    // update coordinates (interpolated)
+    /** @type number */ rx;
+    /** @type number */ ry;
+
+    /** @type HTMLElement */
+    #element;
+    /** @type HTMLElement */
+    #char;
+
+    /**
+     * @param {number} id
+     * @param {number} x
+     * @param {number} y
+     */
+    constructor(id, x, y) {
+        this.id = id;
+        this.x = x;
+        this.y = y;
+        this.rx = x;
+        this.ry = y;
+
+        const element = document.createElement("i");
+        element.classList.add("cursor");
+        element.id = "cursor" + id;
+        const colour = randomColour();
+        element.style.borderColor = colour;
+        element.style.color = colour;
+        element.innerText = "0x" + navigator.userAgent.hashCode();
+
+        const char = document.createElement("p");
+        char.className = "char";
+        element.appendChild(char);
+
+        this.#element = element;
+        this.#char = char;
+        cursorContainer.appendChild(this.#element);
+    }
+
+    destroy() {
+        this.#element.remove();
+    }
+
+    /**
+     * @param {number} x
+     * @param {number} y
+     */
+    move(x, y) {
+        this.x = x;
+        this.y = y;
+    }
+
+    /**
+     * @param {number} deltaTime
+     */
+    update(deltaTime) {
+        this.rx += (this.x - this.rx) * CURSOR_LERP_RATE * deltaTime;
+        this.ry += (this.y - this.ry) * CURSOR_LERP_RATE * deltaTime;
+        this.#element.style.left = this.rx + "px";
+        this.#element.style.top = this.ry + "px";
+    }
+
+    /**
+     * @param {string} text
+     */
+    print(text) {
+        if (text.length > 1) return;
+        this.#char.innerText = text;
+    }
+}
+
+class FunChar {
+    /** @type number */ x; y;
+    /** @type number */ xa; ya;
+    /** @type number */ r; ra;
+    /** @type HTMLElement */ element;
+    /** @type number */ life;
+
+    /**
+     * @param {number} x
+     * @param {number} y
+     * @param {number} xa
+     * @param {number} ya
+     * @param {string} text
+     */
+    constructor(x, y, xa, ya, text) {
+        this.x = x;
+        this.y = y;
+        this.xa = xa + Math.random() * .2 - .1;
+        this.ya = ya + Math.random() * -.25;
+        this.r = this.xa * 100;
+        this.ra = this.r * 0.01;
+        this.life = 0;
+
+        const char = document.createElement("i");
+        char.className = "funchar";
+        char.innerText = text;
+        char.style.left = x + "px";
+        char.style.top = y + "px";
+        char.style.transform = `rotate(${this.r}deg)`;
+        this.element = char;
+        cursorContainer.appendChild(this.element);
+    }
+
+    /**
+     * @param {number} deltaTime
+     */
+    update(deltaTime) {
+        this.life += deltaTime;
+        if (this.life > CURSOR_CHAR_MAX_LIFE ||
+            this.y > window.outerHeight ||
+            this.x < 0 ||
+            this.x > window.outerWidth
+        ) {
+            this.destroy();
+            return;
+        }
+
+        this.x += this.xa * deltaTime;
+        this.y += this.ya * deltaTime;
+        this.r += this.ra * deltaTime;
+        this.ya = Math.min(this.ya + 0.0005 * deltaTime, 10);
+
+        this.element.style.left = this.x + "px";
+        this.element.style.top = this.y + "px";
+        this.element.style.transform = `rotate(${this.r}deg)`;
+    }
+
+    destroy() {
+        chars = chars.filter(char => char !== this);
+        this.element.remove();
+    }
+}
+
+String.prototype.hashCode = function() {
+    var hash = 0;
+    if (this.length === 0) return hash;
+    for (let i = 0; i < this.length; i++) {
+        const chr = this.charCodeAt(i);
+        hash = ((hash << 5) - hash) + chr;
+        hash |= 0; // convert to 32-bit integer
+    }
+    return Math.round(Math.abs(hash)).toString(16).slice(0, 8).padStart(8, '0');
+};
+
+/**
+ * @returns string
+ */
+function randomColour() {
+    const min = 128;
+    const range = 100;
+    const red   = Math.round((min + Math.random() * range)).toString(16);
+    const green = Math.round((min + Math.random() * range)).toString(16);
+    const blue  = Math.round((min + Math.random() * range)).toString(16);
+
+    return "#" + red + green + blue;
+}
+
+/**
+ * @param {MouseEvent} event 
+ */
+function handleMouseMove(event) {
+    if (!myCursor) return;
+    myCursor.move(event.x, event.y);
+}
+
+/**
+ * @param {KeyboardEvent} event
+ */
+function handleKeyDown(event) {
+    if (event.key.length > 1) return;
+    if (event.metaKey || event.ctrlKey) return;
+    if (window.cursorFunMode === true) {
+        const yOffset = -20;
+        const accelMultiplier = 0.002;
+        if (chars.length < CURSOR_MAX_CHARS)
+            chars.push(new FunChar(
+                myCursor.x, myCursor.y + yOffset,
+                (myCursor.x - myCursor.rx) * accelMultiplier, (myCursor.y - myCursor.ry) * accelMultiplier,
+                event.key));
+    } else {
+        myCursor.print(event.key);
+    }
+}
+
+function handleKeyUp() {
+    if (!window.cursorFunMode) {
+        myCursor.print("");
+    }
+}
+
+/**
+ * @param {number} time
+ */
+function updateCursors(time) {
+    const deltaTime = time - lastCursorUpdateTime;
+
+    cursors.forEach(cursor => {
+        cursor.update(deltaTime);
+    });
+
+    lastCursorUpdateTime = time;
+    requestAnimationFrame(updateCursors);
+}
+
+/**
+ * @param {number} time
+ */
+function updateChars(time) {
+    const deltaTime = time - lastCharUpdateTime;
+
+    chars.forEach(char => {
+        char.update(deltaTime);
+    });
+
+    lastCharUpdateTime = time;
+    requestAnimationFrame(updateChars);
+}
+
+function cursorSetup() {
+    window.cursorFunMode = false;
+    cursorContainer = document.createElement("div");
+    cursorContainer.id = "cursors";
+    document.body.appendChild(cursorContainer);
+    myCursor = new Cursor(0, window.innerWidth / 2, window.innerHeight / 2);
+    cursors.set(0, myCursor);
+    document.addEventListener("mousemove", handleMouseMove);
+    document.addEventListener("keydown", handleKeyDown);
+    document.addEventListener("keyup", handleKeyUp);
+    requestAnimationFrame(updateCursors);
+    requestAnimationFrame(updateChars);
+    console.debug(`Cursor tracking @ ${window.location.pathname}`);
+}
+
+function cursorDestroy() {
+    document.removeEventListener("mousemove", handleMouseMove);
+    document.removeEventListener("keydown", handleKeyDown);
+    document.removeEventListener("keyup", handleKeyUp);
+    cursors.forEach(cursor => {
+        cursor.destroy();
+    });
+    cursors.clear();
+    chars.forEach(cursor => {
+        cursor.destroy();
+    });
+    chars = new Array();
+    myCursor = null;
+    console.debug(`Cursor no longer tracking.`);
+}
+
+cursorSetup();
diff --git a/public/script/main.js b/public/script/main.js
index 95023e5..c1d5101 100644
--- a/public/script/main.js
+++ b/public/script/main.js
@@ -1,5 +1,6 @@
 import "./header.js";
 import "./config.js";
+import "./cursor.js";
 
 function type_out(e) {
     const text = e.innerText;
diff --git a/public/style/cursor.css b/public/style/cursor.css
new file mode 100644
index 0000000..477e525
--- /dev/null
+++ b/public/style/cursor.css
@@ -0,0 +1,43 @@
+#cursors i.cursor {
+    position: fixed;
+    padding: 4px;
+
+    display: block;
+    z-index: 1000;
+
+    background: #0008;
+    border: 2px solid #808080;
+    border-radius: 2px;
+
+    font-style: normal;
+    font-size: 10px;
+    font-weight: bold;
+    white-space: nowrap;
+
+    user-select: none;
+    pointer-events: none;
+}
+
+#cursors i.cursor .char {
+    position: absolute;
+    transform: translateY(-44px);
+    margin: 0;
+    font-size: 20px;
+    color: var(--on-background);
+}
+
+#cursors .funchar {
+    position: fixed;
+    margin: 0;
+
+    display: block;
+    z-index: 1000;
+
+    font-style: normal;
+    font-size: 20px;
+    font-weight: bold;
+    color: var(--on-background);
+
+    user-select: none;
+    pointer-events: none;
+}
diff --git a/public/style/main.css b/public/style/main.css
index f7f2131..4e9e113 100644
--- a/public/style/main.css
+++ b/public/style/main.css
@@ -2,6 +2,7 @@
 @import url("/style/header.css");
 @import url("/style/footer.css");
 @import url("/style/prideflag.css");
+@import url("/style/cursor.css");
 
 @font-face {
     font-family: "Monaspace Argon";

From a797e82a6814fb285cd6ad5ca71cfdee9807032d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 14 Mar 2025 16:26:30 +0000
Subject: [PATCH 24/88] waow i really like doing config overhauls don't i +
 cursor improvements

---
 public/script/config.js | 122 ++++++++++++++++++++++++++++++++--------
 public/script/cursor.js | 122 ++++++++++++++++++++++++++++------------
 public/style/cursor.css |  26 ++++++++-
 3 files changed, 208 insertions(+), 62 deletions(-)

diff --git a/public/script/config.js b/public/script/config.js
index 2bb33a6..1ab8b5a 100644
--- a/public/script/config.js
+++ b/public/script/config.js
@@ -1,33 +1,107 @@
-const DEFAULT_CONFIG = {
-    crt: false
-};
-const config = (() => {
-    let saved = localStorage.getItem("config");
-    if (saved) {
-        const config = JSON.parse(saved);
-        setCRT(config.crt || DEFAULT_CONFIG.crt);
-        return config;
+const ARIMELODY_CONFIG_NAME = "arimelody.me-config";
+
+class Config {
+    _crt = false;
+    _cursor = false;
+    _cursorFunMode = false;
+
+    /** @type Map<string, Array<Function>> */
+    #listeners = new Map();
+
+    constructor(values) {
+        function thisOrElse(values, name, defaultValue) {
+            if (values === null) return defaultValue;
+            if (values[name] === undefined) return defaultValue;
+            return values[name];
+        }
+
+        this.#listeners.set('crt', new Array());
+        this.crt = thisOrElse(values, 'crt', false);
+        this.#listeners.set('cursor', new Array());
+        this.cursor = thisOrElse(values, 'cursor', false);
+        this.#listeners.set('cursorFunMode', new Array());
+        this.cursorFunMode = thisOrElse(values, 'cursorFunMode', false);
+        this.save();
     }
 
-    localStorage.setItem("config", JSON.stringify(DEFAULT_CONFIG));
-    return DEFAULT_CONFIG;
-})();
+    /**
+     * Appends a listener function to be called when the config value of `name`
+     * is changed.
+     */
+    addListener(name, callback) {
+        const callbacks = this.#listeners.get(name);
+        if (!callbacks) return;
+        callbacks.push(callback);
+    }
 
-function saveConfig() {
-    localStorage.setItem("config", JSON.stringify(config));
+    /**
+     * Removes the listener function `callback` from the list of callbacks when
+     * the config value of `name` is changed.
+     */
+    removeListener(name, callback) {
+        const callbacks = this.#listeners.get(name);
+        if (!callbacks) return;
+        callbacks.set(name, callbacks.filter(c => c !== callback));
+    }
+
+    save() {
+        localStorage.setItem(ARIMELODY_CONFIG_NAME, JSON.stringify({
+            crt: this.crt,
+            cursor: this.cursor,
+            cursorFunMode: this.cursorFunMode
+        }));
+    }
+
+    get crt() { return this._crt }
+    set crt(/** @type boolean */ enabled) {
+        this._crt = enabled;
+
+        if (enabled) {
+            document.body.classList.add("crt");
+        } else {
+            document.body.classList.remove("crt");
+        }
+        document.getElementById('toggle-crt').className = enabled ? "" : "disabled";
+
+        this.#listeners.get('crt').forEach(callback => {
+            callback(this._crt);
+        })
+
+        this.save();
+    }
+
+    get cursor() { return this._cursor }
+    set cursor(/** @type boolean */ value) {
+        this._cursor = value;
+        this.#listeners.get('cursor').forEach(callback => {
+            callback(this._cursor);
+        })
+        this.save();
+    }
+
+    get cursorFunMode() { return this._cursorFunMode }
+    set cursorFunMode(/** @type boolean */ value) {
+        this._cursorFunMode = value;
+        this.#listeners.get('cursorFunMode').forEach(callback => {
+            callback(this._cursorFunMode);
+        })
+        this.save();
+    }
 }
 
+const config = (() => {
+    let values = null;
+
+    const saved = localStorage.getItem(ARIMELODY_CONFIG_NAME);
+    if (saved)
+        values = JSON.parse(saved);
+
+    return new Config(values);
+})();
+
 document.getElementById("toggle-crt").addEventListener("click", () => {
     config.crt = !config.crt;
-    setCRT(config.crt);
-    saveConfig();
 });
 
-function setCRT(/** @type boolean */ enabled) {
-    if (enabled) {
-        document.body.classList.add("crt");
-    } else {
-        document.body.classList.remove("crt");
-    }
-    document.getElementById('toggle-crt').className = enabled ? "" : "disabled";
-}
+window.config = config;
+export default config;
diff --git a/public/script/cursor.js b/public/script/cursor.js
index 94f1a8e..a1df6bb 100644
--- a/public/script/cursor.js
+++ b/public/script/cursor.js
@@ -1,7 +1,10 @@
+import config from './config.js';
+
 const CURSOR_TICK_RATE = 1000/30;
 const CURSOR_LERP_RATE = 1/100;
 const CURSOR_CHAR_MAX_LIFE = 5000;
 const CURSOR_MAX_CHARS = 50;
+
 /** @type HTMLElement */
 let cursorContainer;
 /** @type Cursor */
@@ -11,6 +14,7 @@ let cursors = new Map();
 /** @type Array<FunChar> */
 let chars = new Array();
 
+let running = false;
 let lastCursorUpdateTime = 0;
 let lastCharUpdateTime = 0;
 
@@ -42,16 +46,16 @@ class Cursor {
         this.rx = x;
         this.ry = y;
 
-        const element = document.createElement("i");
-        element.classList.add("cursor");
-        element.id = "cursor" + id;
+        const element = document.createElement('i');
+        element.classList.add('cursor');
+        element.id = 'cursor' + id;
         const colour = randomColour();
         element.style.borderColor = colour;
         element.style.color = colour;
-        element.innerText = "0x" + navigator.userAgent.hashCode();
+        element.innerText = '0x' + navigator.userAgent.hashCode();
 
-        const char = document.createElement("p");
-        char.className = "char";
+        const char = document.createElement('p');
+        char.className = 'char';
         element.appendChild(char);
 
         this.#element = element;
@@ -61,6 +65,7 @@ class Cursor {
 
     destroy() {
         this.#element.remove();
+        this.#char.remove();
     }
 
     /**
@@ -78,8 +83,8 @@ class Cursor {
     update(deltaTime) {
         this.rx += (this.x - this.rx) * CURSOR_LERP_RATE * deltaTime;
         this.ry += (this.y - this.ry) * CURSOR_LERP_RATE * deltaTime;
-        this.#element.style.left = this.rx + "px";
-        this.#element.style.top = this.ry + "px";
+        this.#element.style.left = this.rx + 'px';
+        this.#element.style.top = this.ry + 'px';
     }
 
     /**
@@ -89,6 +94,16 @@ class Cursor {
         if (text.length > 1) return;
         this.#char.innerText = text;
     }
+
+    /**
+     * @param {boolean} active 
+     */
+    click(active) {
+        if (active)
+            this.#element.classList.add('click');
+        else
+            this.#element.classList.remove('click');
+    }
 }
 
 class FunChar {
@@ -114,11 +129,11 @@ class FunChar {
         this.ra = this.r * 0.01;
         this.life = 0;
 
-        const char = document.createElement("i");
-        char.className = "funchar";
+        const char = document.createElement('i');
+        char.className = 'funchar';
         char.innerText = text;
-        char.style.left = x + "px";
-        char.style.top = y + "px";
+        char.style.left = x + 'px';
+        char.style.top = y + 'px';
         char.style.transform = `rotate(${this.r}deg)`;
         this.element = char;
         cursorContainer.appendChild(this.element);
@@ -130,9 +145,9 @@ class FunChar {
     update(deltaTime) {
         this.life += deltaTime;
         if (this.life > CURSOR_CHAR_MAX_LIFE ||
-            this.y > window.outerHeight ||
+            this.y > document.body.clientHeight ||
             this.x < 0 ||
-            this.x > window.outerWidth
+            this.x > document.body.clientWidth
         ) {
             this.destroy();
             return;
@@ -143,8 +158,8 @@ class FunChar {
         this.r += this.ra * deltaTime;
         this.ya = Math.min(this.ya + 0.0005 * deltaTime, 10);
 
-        this.element.style.left = this.x + "px";
-        this.element.style.top = this.y + "px";
+        this.element.style.left = (this.x - window.scrollX) + 'px';
+        this.element.style.top = (this.y - window.scrollY) + 'px';
         this.element.style.transform = `rotate(${this.r}deg)`;
     }
 
@@ -175,7 +190,7 @@ function randomColour() {
     const green = Math.round((min + Math.random() * range)).toString(16);
     const blue  = Math.round((min + Math.random() * range)).toString(16);
 
-    return "#" + red + green + blue;
+    return '#' + red + green + blue;
 }
 
 /**
@@ -186,18 +201,25 @@ function handleMouseMove(event) {
     myCursor.move(event.x, event.y);
 }
 
+function handleMouseDown() {
+    myCursor.click(true);
+}
+function handleMouseUp() {
+    myCursor.click(false);
+}
+
 /**
  * @param {KeyboardEvent} event
  */
 function handleKeyDown(event) {
     if (event.key.length > 1) return;
     if (event.metaKey || event.ctrlKey) return;
-    if (window.cursorFunMode === true) {
+    if (config.cursorFunMode === true) {
         const yOffset = -20;
         const accelMultiplier = 0.002;
         if (chars.length < CURSOR_MAX_CHARS)
             chars.push(new FunChar(
-                myCursor.x, myCursor.y + yOffset,
+                myCursor.x + window.scrollX, myCursor.y + window.scrollY + yOffset,
                 (myCursor.x - myCursor.rx) * accelMultiplier, (myCursor.y - myCursor.ry) * accelMultiplier,
                 event.key));
     } else {
@@ -206,8 +228,8 @@ function handleKeyDown(event) {
 }
 
 function handleKeyUp() {
-    if (!window.cursorFunMode) {
-        myCursor.print("");
+    if (!config.cursorFunMode) {
+        myCursor.print('');
     }
 }
 
@@ -215,6 +237,8 @@ function handleKeyUp() {
  * @param {number} time
  */
 function updateCursors(time) {
+    if (!running) return;
+
     const deltaTime = time - lastCursorUpdateTime;
 
     cursors.forEach(cursor => {
@@ -229,6 +253,8 @@ function updateCursors(time) {
  * @param {number} time
  */
 function updateChars(time) {
+    if (!running) return;
+
     const deltaTime = time - lastCharUpdateTime;
 
     chars.forEach(char => {
@@ -240,34 +266,60 @@ function updateChars(time) {
 }
 
 function cursorSetup() {
-    window.cursorFunMode = false;
-    cursorContainer = document.createElement("div");
-    cursorContainer.id = "cursors";
+    if (running) throw new Error('Only one instance of Cursor can run at a time.');
+    running = true;
+
+    cursorContainer = document.createElement('div');
+    cursorContainer.id = 'cursors';
     document.body.appendChild(cursorContainer);
+
     myCursor = new Cursor(0, window.innerWidth / 2, window.innerHeight / 2);
     cursors.set(0, myCursor);
-    document.addEventListener("mousemove", handleMouseMove);
-    document.addEventListener("keydown", handleKeyDown);
-    document.addEventListener("keyup", handleKeyUp);
+
+    document.addEventListener('mousemove', handleMouseMove);
+    document.addEventListener('mousedown', handleMouseDown);
+    document.addEventListener('mouseup', handleMouseUp);
+    document.addEventListener('keydown', handleKeyDown);
+    document.addEventListener('keyup', handleKeyUp);
+
     requestAnimationFrame(updateCursors);
     requestAnimationFrame(updateChars);
+
     console.debug(`Cursor tracking @ ${window.location.pathname}`);
 }
 
 function cursorDestroy() {
-    document.removeEventListener("mousemove", handleMouseMove);
-    document.removeEventListener("keydown", handleKeyDown);
-    document.removeEventListener("keyup", handleKeyUp);
+    if (!running) return;
+
+    document.removeEventListener('mousemove', handleMouseMove);
+    document.removeEventListener('mousedown', handleMouseDown);
+    document.removeEventListener('mouseup', handleMouseUp);
+    document.removeEventListener('keydown', handleKeyDown);
+    document.removeEventListener('keyup', handleKeyUp);
+    
+    chars.forEach(char => {
+        char.destroy();
+    });
+    chars = new Array();
     cursors.forEach(cursor => {
         cursor.destroy();
     });
     cursors.clear();
-    chars.forEach(cursor => {
-        cursor.destroy();
-    });
-    chars = new Array();
     myCursor = null;
+
+    cursorContainer.remove();
+
     console.debug(`Cursor no longer tracking.`);
+    running = false;
 }
 
-cursorSetup();
+if (config.cursor === true) {
+    cursorSetup();
+}
+
+config.addListener('cursor', enabled => {
+    if (enabled === true)
+        cursorSetup();
+    else
+        cursorDestroy();
+});
diff --git a/public/style/cursor.css b/public/style/cursor.css
index 477e525..e53cee5 100644
--- a/public/style/cursor.css
+++ b/public/style/cursor.css
@@ -13,9 +13,11 @@
     font-size: 10px;
     font-weight: bold;
     white-space: nowrap;
+}
 
-    user-select: none;
-    pointer-events: none;
+#cursors i.cursor.click {
+    color: var(--on-background) !important;
+    border-color: var(--on-background) !important;
 }
 
 #cursors i.cursor .char {
@@ -27,7 +29,7 @@
 }
 
 #cursors .funchar {
-    position: fixed;
+    position: absolute;
     margin: 0;
 
     display: block;
@@ -37,7 +39,25 @@
     font-size: 20px;
     font-weight: bold;
     color: var(--on-background);
+}
+
+#cursors {
+    width: 100vw;
+    height: 100vh;
+    position: fixed;
+    top: 0;
+    left: 0;
+
+    z-index: 1000;
+    overflow: clip;
 
     user-select: none;
     pointer-events: none;
 }
+
+@media (prefers-color-scheme: light) {
+    #cursors i.cursor {
+        filter: saturate(5) brightness(0.8);
+        background: #fff8;
+    }
+}

From 4b3c8f94497c6a5d5e5e5e73e128326736cefd1d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 14 Mar 2025 20:42:44 +0000
Subject: [PATCH 25/88] lol cursor is multiplayer now

---
 cursor/cursor.go        | 189 ++++++++++++++++++++++++++++++
 go.mod                  |   1 +
 go.sum                  |   2 +
 log/log.go              |   1 +
 main.go                 |  16 ++-
 public/script/cursor.js | 253 ++++++++++++++++++++++++----------------
 public/style/cursor.css |   7 +-
 7 files changed, 362 insertions(+), 107 deletions(-)
 create mode 100644 cursor/cursor.go

diff --git a/cursor/cursor.go b/cursor/cursor.go
new file mode 100644
index 0000000..a74c998
--- /dev/null
+++ b/cursor/cursor.go
@@ -0,0 +1,189 @@
+package cursor
+
+import (
+	"arimelody-web/model"
+	"fmt"
+	"math/rand"
+	"net/http"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gorilla/websocket"
+)
+
+type CursorClient struct {
+    ID int32
+    Conn *websocket.Conn
+    Route string
+    X int16
+    Y int16
+    Disconnected bool
+}
+
+type CursorMessage struct {
+    Data []byte
+    Route string
+    Exclude []*CursorClient
+}
+
+func (client *CursorClient) Send(data []byte) {
+    err := client.Conn.WriteMessage(websocket.TextMessage, data)
+    if err != nil {
+        client.Disconnect()
+    }
+}
+
+func (client *CursorClient) Disconnect() {
+    client.Disconnected = true
+    broadcast <- CursorMessage{
+        []byte(fmt.Sprintf("leave:%d", client.ID)),
+        client.Route,
+        []*CursorClient{},
+    }
+}
+
+var clients = make(map[int32]*CursorClient)
+var broadcast = make(chan CursorMessage)
+var mutex = &sync.Mutex{}
+
+func StartCursor(app *model.AppState) {
+    var includes = func (clients []*CursorClient, client *CursorClient) bool {
+        for _, c := range clients {
+            if c.ID == client.ID { return true }
+        }
+        return false
+    }
+    
+    log("Cursor message handler ready!")
+
+    for {
+        message := <-broadcast
+        mutex.Lock()
+        for _, client := range clients {
+            if client.Route != message.Route { continue }
+            if includes(message.Exclude, client) { continue }
+            client.Send(message.Data)
+        }
+        mutex.Unlock()
+    }
+}
+
+func handleClient(client *CursorClient) {
+    msgType, message, err := client.Conn.ReadMessage()
+    if err != nil {
+        client.Disconnect()
+        return
+    }
+    if msgType != websocket.TextMessage { return }
+
+    args := strings.Split(string(message), ":")
+    if len(args) == 0 { return }
+    switch args[0] {
+    case "loc":
+        if len(args) < 2 { return }
+        
+        client.Route = args[1]
+
+        mutex.Lock()
+        for _, otherClient := range clients {
+            if otherClient.ID == client.ID { continue }
+            if otherClient.Route != client.Route { continue }
+            client.Send([]byte(fmt.Sprintf("join:%d", otherClient.ID)))
+            client.Send([]byte(fmt.Sprintf("pos:%d:%d:%d", otherClient.ID, otherClient.X, otherClient.Y)))
+        }
+        mutex.Unlock()
+        broadcast <- CursorMessage{
+            []byte(fmt.Sprintf("join:%d", client.ID)),
+            client.Route,
+            []*CursorClient{ client },
+        }
+    case "char":
+        if len(args) < 2 { return }
+        // haha, turns out using ':' as a separator means you can't type ':'s
+        // i should really be writing byte packets, not this nonsense
+        msg := byte(':')
+        if len(args[1]) > 0 {
+            msg = args[1][0]
+        }
+        broadcast <- CursorMessage{
+            []byte(fmt.Sprintf("char:%d:%c", client.ID, msg)),
+            client.Route,
+            []*CursorClient{ client },
+        }
+    case "nochar":
+        broadcast <- CursorMessage{
+            []byte(fmt.Sprintf("nochar:%d", client.ID)),
+            client.Route,
+            []*CursorClient{ client },
+        }
+    case "pos":
+        if len(args) < 3 { return }
+        x, err := strconv.ParseInt(args[1], 10, 32)
+        y, err := strconv.ParseInt(args[2], 10, 32)
+        if err != nil { return }
+        client.X = int16(x)
+        client.Y = int16(y)
+        broadcast <- CursorMessage{
+            []byte(fmt.Sprintf("pos:%d:%d:%d", client.ID, client.X, client.Y)),
+            client.Route,
+            []*CursorClient{ client },
+        }
+    }
+}
+
+func Handler(app *model.AppState) http.HandlerFunc {
+    var upgrader = websocket.Upgrader{
+        CheckOrigin: func (r *http.Request) bool {
+            origin := r.Header.Get("Origin")
+            return origin == app.Config.BaseUrl
+        },
+    }
+
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        conn, err := upgrader.Upgrade(w, r, nil)
+        if err != nil {
+            log("Failed to upgrade to WebSocket connection: %v\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+        defer conn.Close()
+
+        client := CursorClient{
+            ID: rand.Int31(),
+            Conn: conn,
+            X: 0.0,
+            Y: 0.0,
+            Disconnected: false,
+        }
+
+        err = client.Conn.WriteMessage(websocket.TextMessage, []byte(fmt.Sprintf("id:%d", client.ID)))
+        if err != nil {
+            client.Conn.Close()
+            return
+        }
+
+        mutex.Lock()
+        clients[client.ID] = &client
+        mutex.Unlock()
+
+        // log("Client connected: %s (%s)", fmt.Sprintf("0x%08x", client.ID), client.Conn.RemoteAddr().String())
+
+        for {
+            if client.Disconnected {
+                mutex.Lock()
+                delete(clients, client.ID)
+                client.Conn.Close()
+                mutex.Unlock()
+                return
+            }
+            handleClient(&client)
+        }
+    })
+}
+
+func log(format string, args ...any) {
+    logString := fmt.Sprintf(format, args...)
+    fmt.Printf("[%s] [CURSOR] %s\n", time.Now().Format(time.UnixDate), logString)
+}
diff --git a/go.mod b/go.mod
index f8717a2..a1c6c76 100644
--- a/go.mod
+++ b/go.mod
@@ -10,6 +10,7 @@ require (
 require golang.org/x/crypto v0.27.0 // indirect
 
 require (
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect
 )
diff --git a/go.sum b/go.sum
index 15259a1..f2ec7e7 100644
--- a/go.sum
+++ b/go.sum
@@ -2,6 +2,8 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
diff --git a/log/log.go b/log/log.go
index 3d023ab..2d1c0c2 100644
--- a/log/log.go
+++ b/log/log.go
@@ -30,6 +30,7 @@ const (
     TYPE_ARTWORK string = "artwork"
     TYPE_FILES string = "files"
     TYPE_MISC string = "misc"
+    TYPE_CURSOR string = "cursor"
 )
 
 type LogLevel int
diff --git a/main.go b/main.go
index 03e9d77..2252622 100644
--- a/main.go
+++ b/main.go
@@ -1,11 +1,13 @@
 package main
 
 import (
+	"bufio"
 	"errors"
 	"fmt"
 	stdLog "log"
 	"math"
 	"math/rand"
+	"net"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -17,9 +19,10 @@ import (
 	"arimelody-web/api"
 	"arimelody-web/colour"
 	"arimelody-web/controller"
+	"arimelody-web/cursor"
+	"arimelody-web/log"
 	"arimelody-web/model"
 	"arimelody-web/templates"
-    "arimelody-web/log"
 	"arimelody-web/view"
 
 	"github.com/jmoiron/sqlx"
@@ -428,6 +431,8 @@ func main() {
         os.Exit(1)
     }
 
+    go cursor.StartCursor(&app)
+
     // start the web server!
     mux := createServeMux(&app)
     fmt.Printf("Now serving at http://%s:%d\n", app.Config.Host, app.Config.Port)
@@ -444,6 +449,7 @@ func createServeMux(app *model.AppState) *http.ServeMux {
     mux.Handle("/api/", http.StripPrefix("/api", api.Handler(app)))
     mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(app)))
     mux.Handle("/uploads/", http.StripPrefix("/uploads", staticHandler(filepath.Join(app.Config.DataDirectory, "uploads"))))
+    mux.Handle("/cursor-ws", cursor.Handler(app))
     mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         if r.Method == http.MethodHead {
             w.WriteHeader(http.StatusOK)
@@ -536,6 +542,14 @@ type LoggingResponseWriter struct {
     Status int
 }
 
+func (lrw *LoggingResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+    hijack, ok := lrw.ResponseWriter.(http.Hijacker)
+    if !ok {
+        return nil, nil, errors.New("Server does not support hijacking\n")
+    }
+    return hijack.Hijack()
+}
+
 func (lrw *LoggingResponseWriter) WriteHeader(status int) {
     lrw.Status = status
     lrw.ResponseWriter.WriteHeader(status)
diff --git a/public/script/cursor.js b/public/script/cursor.js
index a1df6bb..059a2bd 100644
--- a/public/script/cursor.js
+++ b/public/script/cursor.js
@@ -2,8 +2,9 @@ import config from './config.js';
 
 const CURSOR_TICK_RATE = 1000/30;
 const CURSOR_LERP_RATE = 1/100;
+const CURSOR_FUNCHAR_RATE = 20;
 const CURSOR_CHAR_MAX_LIFE = 5000;
-const CURSOR_MAX_CHARS = 50;
+const CURSOR_MAX_CHARS = 64;
 
 /** @type HTMLElement */
 let cursorContainer;
@@ -11,61 +12,57 @@ let cursorContainer;
 let myCursor;
 /** @type Map<number, Cursor> */
 let cursors = new Map();
-/** @type Array<FunChar> */
-let chars = new Array();
+
+/** @type WebSocket */
+let ws;
 
 let running = false;
-let lastCursorUpdateTime = 0;
-let lastCharUpdateTime = 0;
+let lastUpdate = 0;
 
 class Cursor {
-    /** @type number */ id;
-
-    // real coordinates (canonical)
-    /** @type number */ x;
-    /** @type number */ y;
-
-    // update coordinates (interpolated)
-    /** @type number */ rx;
-    /** @type number */ ry;
-
     /** @type HTMLElement */
     #element;
     /** @type HTMLElement */
-    #char;
+    #charElement;
+    #funCharCooldown = CURSOR_FUNCHAR_RATE;
 
     /**
-     * @param {number} id
+     * @param {string} id
      * @param {number} x
      * @param {number} y
      */
     constructor(id, x, y) {
-        this.id = id;
+        // real coordinates (canonical)
         this.x = x;
         this.y = y;
+        // render coordinates (interpolated)
         this.rx = x;
         this.ry = y;
+        this.msg = '';
+        this.funChars = new Array();
 
         const element = document.createElement('i');
         element.classList.add('cursor');
-        element.id = 'cursor' + id;
         const colour = randomColour();
         element.style.borderColor = colour;
         element.style.color = colour;
-        element.innerText = '0x' + navigator.userAgent.hashCode();
-
-        const char = document.createElement('p');
-        char.className = 'char';
-        element.appendChild(char);
-
+        cursorContainer.appendChild(element);
         this.#element = element;
-        this.#char = char;
-        cursorContainer.appendChild(this.#element);
+
+        const char = document.createElement('i');
+        char.className = 'char';
+        cursorContainer.appendChild(char);
+        this.#charElement = char;
+
+        this.setID(id);
     }
 
     destroy() {
         this.#element.remove();
-        this.#char.remove();
+        this.#charElement.remove();
+        this.funChars.forEach(char => {
+            char.destroy();
+        });
     }
 
     /**
@@ -85,14 +82,52 @@ class Cursor {
         this.ry += (this.y - this.ry) * CURSOR_LERP_RATE * deltaTime;
         this.#element.style.left = this.rx + 'px';
         this.#element.style.top = this.ry + 'px';
+        this.#charElement.style.left = this.rx + 'px';
+        this.#charElement.style.top = (this.ry - 24) + 'px';
+
+        if (this.#funCharCooldown > 0)
+            this.#funCharCooldown -= deltaTime;
+
+        if (this.msg.length > 0) {
+            if (config.cursorFunMode === true) {
+                if (this.#funCharCooldown <= 0) {
+                    this.#funCharCooldown = CURSOR_FUNCHAR_RATE;
+                    if (this.funChars.length >= CURSOR_MAX_CHARS) {
+                        const char = this.funChars.shift();
+                        char.destroy();
+                    }
+                    const yOffset = -20;
+                    const accelMultiplier = 0.002;
+                    this.funChars.push(new FunChar(
+                        this.x + window.scrollX, this.y + window.scrollY + yOffset,
+                        (this.x - this.rx) * accelMultiplier, (this.y - this.ry) * accelMultiplier,
+                        this.msg));
+                }
+            } else {
+                this.#charElement.innerText = this.msg;
+            }
+        } else {
+            this.#charElement.innerText = '';
+        }
+
+        this.funChars.forEach(char => {
+            if (char.life > CURSOR_CHAR_MAX_LIFE ||
+                char.y > document.body.clientHeight ||
+                char.x < 0 ||
+                char.x > document.body.clientWidth
+            ) {
+                this.funChars = this.funChars.filter(c => c !== this);
+                char.destroy();
+                return;
+            }
+            char.update(deltaTime);
+        });
     }
 
-    /**
-     * @param {string} text
-     */
-    print(text) {
-        if (text.length > 1) return;
-        this.#char.innerText = text;
+    setID(id) {
+        this.id = id;
+        this.#element.id = 'cursor' + id;
+        this.#element.innerText = '0x' + id.toString(16).slice(0, 8).padStart(8, '0');
     }
 
     /**
@@ -107,12 +142,6 @@ class Cursor {
 }
 
 class FunChar {
-    /** @type number */ x; y;
-    /** @type number */ xa; ya;
-    /** @type number */ r; ra;
-    /** @type HTMLElement */ element;
-    /** @type number */ life;
-
     /**
      * @param {number} x
      * @param {number} y
@@ -144,14 +173,6 @@ class FunChar {
      */
     update(deltaTime) {
         this.life += deltaTime;
-        if (this.life > CURSOR_CHAR_MAX_LIFE ||
-            this.y > document.body.clientHeight ||
-            this.x < 0 ||
-            this.x > document.body.clientWidth
-        ) {
-            this.destroy();
-            return;
-        }
 
         this.x += this.xa * deltaTime;
         this.y += this.ya * deltaTime;
@@ -164,22 +185,10 @@ class FunChar {
     }
 
     destroy() {
-        chars = chars.filter(char => char !== this);
         this.element.remove();
     }
 }
 
-String.prototype.hashCode = function() {
-    var hash = 0;
-    if (this.length === 0) return hash;
-    for (let i = 0; i < this.length; i++) {
-        const chr = this.charCodeAt(i);
-        hash = ((hash << 5) - hash) + chr;
-        hash |= 0; // convert to 32-bit integer
-    }
-    return Math.round(Math.abs(hash)).toString(16).slice(0, 8).padStart(8, '0');
-};
-
 /**
  * @returns string
  */
@@ -198,6 +207,8 @@ function randomColour() {
  */
 function handleMouseMove(event) {
     if (!myCursor) return;
+    if (ws && ws.readyState == WebSocket.OPEN)
+        ws.send(`pos:${event.x}:${event.y}`);
     myCursor.move(event.x, event.y);
 }
 
@@ -211,26 +222,19 @@ function handleMouseUp() {
 /**
  * @param {KeyboardEvent} event
  */
-function handleKeyDown(event) {
+function handleKeyPress(event) {
     if (event.key.length > 1) return;
     if (event.metaKey || event.ctrlKey) return;
-    if (config.cursorFunMode === true) {
-        const yOffset = -20;
-        const accelMultiplier = 0.002;
-        if (chars.length < CURSOR_MAX_CHARS)
-            chars.push(new FunChar(
-                myCursor.x + window.scrollX, myCursor.y + window.scrollY + yOffset,
-                (myCursor.x - myCursor.rx) * accelMultiplier, (myCursor.y - myCursor.ry) * accelMultiplier,
-                event.key));
-    } else {
-        myCursor.print(event.key);
-    }
+    if (myCursor.msg === event.key) return;
+    if (ws && ws.readyState == WebSocket.OPEN)
+        ws.send(`char:${event.key}`);
+    myCursor.msg = event.key;
 }
 
 function handleKeyUp() {
-    if (!config.cursorFunMode) {
-        myCursor.print('');
-    }
+    if (ws && ws.readyState == WebSocket.OPEN)
+        ws.send(`nochar`);
+    myCursor.msg = '';
 }
 
 /**
@@ -239,32 +243,16 @@ function handleKeyUp() {
 function updateCursors(time) {
     if (!running) return;
 
-    const deltaTime = time - lastCursorUpdateTime;
+    const deltaTime = time - lastUpdate;
 
     cursors.forEach(cursor => {
         cursor.update(deltaTime);
     });
 
-    lastCursorUpdateTime = time;
+    lastUpdate = time;
     requestAnimationFrame(updateCursors);
 }
 
-/**
- * @param {number} time
- */
-function updateChars(time) {
-    if (!running) return;
-
-    const deltaTime = time - lastCharUpdateTime;
-
-    chars.forEach(char => {
-        char.update(deltaTime);
-    });
-
-    lastCharUpdateTime = time;
-    requestAnimationFrame(updateChars);
-}
-
 function cursorSetup() {
     if (running) throw new Error('Only one instance of Cursor can run at a time.');
     running = true;
@@ -273,19 +261,82 @@ function cursorSetup() {
     cursorContainer.id = 'cursors';
     document.body.appendChild(cursorContainer);
 
-    myCursor = new Cursor(0, window.innerWidth / 2, window.innerHeight / 2);
+    myCursor = new Cursor("You!", window.innerWidth / 2, window.innerHeight / 2);
     cursors.set(0, myCursor);
 
     document.addEventListener('mousemove', handleMouseMove);
     document.addEventListener('mousedown', handleMouseDown);
     document.addEventListener('mouseup', handleMouseUp);
-    document.addEventListener('keydown', handleKeyDown);
+    document.addEventListener('keypress', handleKeyPress);
     document.addEventListener('keyup', handleKeyUp);
 
     requestAnimationFrame(updateCursors);
-    requestAnimationFrame(updateChars);
 
-    console.debug(`Cursor tracking @ ${window.location.pathname}`);
+    ws = new WebSocket("/cursor-ws");
+
+    ws.addEventListener("open", () => {
+        console.log("Cursor connected to server successfully.");
+
+        ws.send(`loc:${window.location.pathname}`);
+    });
+    ws.addEventListener("error", error => {
+        console.error("Cursor WebSocket error:", error);
+    });
+    ws.addEventListener("close", () => {
+        console.log("Cursor connection closed.");
+    });
+
+    ws.addEventListener("message", event => {
+        const args = String(event.data).split(":");
+        if (args.length == 0) return;
+
+        let id = 0;
+        /** @type Cursor */
+        let cursor;
+        if (args.length > 1) {
+            id = Number(args[1]);
+            cursor = cursors.get(id);
+        }
+
+        switch (args[0]) {
+            case 'id': {
+                myCursor.setID(Number(args[1]));
+                break;
+            }
+            case 'join': {
+                if (id === myCursor.id) break;
+                cursors.set(id, new Cursor(id, 0, 0));
+                break;
+            }
+            case 'leave': {
+                if (!cursor || cursor === myCursor) break;
+                cursors.get(id).destroy();
+                cursors.delete(id);
+                break;
+            }
+            case 'char': {
+                if (!cursor || cursor === myCursor) break;
+                cursor.msg = args[2];
+                break;
+            }
+            case 'nochar': {
+                if (!cursor || cursor === myCursor) break;
+                cursor.msg = '';
+                break;
+            }
+            case 'pos': {
+                if (!cursor || cursor === myCursor) break;
+                cursor.move(Number(args[2]), Number(args[3]));
+                break;
+            }
+            default: {
+                console.warn("Cursor: Unknown command received from server:", args[0]);
+                break;
+            }
+        }
+    });
+
+    console.log(`Cursor tracking @ ${window.location.pathname}`);
 }
 
 function cursorDestroy() {
@@ -294,13 +345,9 @@ function cursorDestroy() {
     document.removeEventListener('mousemove', handleMouseMove);
     document.removeEventListener('mousedown', handleMouseDown);
     document.removeEventListener('mouseup', handleMouseUp);
-    document.removeEventListener('keydown', handleKeyDown);
+    document.removeEventListener('keypress', handleKeyPress);
     document.removeEventListener('keyup', handleKeyUp);
     
-    chars.forEach(char => {
-        char.destroy();
-    });
-    chars = new Array();
     cursors.forEach(cursor => {
         cursor.destroy();
     });
@@ -309,7 +356,7 @@ function cursorDestroy() {
 
     cursorContainer.remove();
 
-    console.debug(`Cursor no longer tracking.`);
+    console.log(`Cursor no longer tracking.`);
     running = false;
 }
 
diff --git a/public/style/cursor.css b/public/style/cursor.css
index e53cee5..8561716 100644
--- a/public/style/cursor.css
+++ b/public/style/cursor.css
@@ -20,15 +20,16 @@
     border-color: var(--on-background) !important;
 }
 
-#cursors i.cursor .char {
+#cursors i.char {
     position: absolute;
-    transform: translateY(-44px);
     margin: 0;
+    font-style: normal;
     font-size: 20px;
+    font-weight: bold;
     color: var(--on-background);
 }
 
-#cursors .funchar {
+#cursors i.funchar {
     position: absolute;
     margin: 0;
 

From 7eac4765586e4cdc5f228777519c287e4f353e10 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 14 Mar 2025 20:47:58 +0000
Subject: [PATCH 26/88] random scripts are silly. MAKEFILES are where it's at

---
 .gitignore |  1 +
 Makefile   | 12 ++++++++++++
 bundle.sh  |  9 ---------
 3 files changed, 13 insertions(+), 9 deletions(-)
 create mode 100644 Makefile
 delete mode 100755 bundle.sh

diff --git a/.gitignore b/.gitignore
index 9bdf788..2e63958 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ docker-compose*.yml
 !docker-compose.example.yml
 config*.toml
 arimelody-web
+arimelody-web.tar.gz
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..f9784d5
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,12 @@
+EXEC = arimelody-web
+
+.PHONY: all
+
+all:
+	go build -o $(EXEC)
+
+bundle: $(EXEC)
+	tar czf $(EXEC).tar.gz $(EXEC) admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
+
+clean:
+	rm $(EXEC) $(EXEC).tar.gz
diff --git a/bundle.sh b/bundle.sh
deleted file mode 100755
index 277bb9c..0000000
--- a/bundle.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-# simple script to pack up arimelody.me for production distribution
-
-if [ ! -f arimelody-web ]; then
-    echo "[FATAL] ./arimelody-web not found! please run \`go build -o arimelody-web\` first."
-    exit 1
-fi
-
-tar czf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/

From 3f3164bc153a70df2bd6352fb514a62646f7cc1c Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 14 Mar 2025 20:55:09 +0000
Subject: [PATCH 27/88] and the goddess spoke: don't make this silly mistake
 again

---
 Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index f9784d5..11e565a 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,9 @@
 EXEC = arimelody-web
 
-.PHONY: all
+.PHONY: $(EXEC)
 
-all:
-	go build -o $(EXEC)
+$(EXEC):
+	GOOS=linux GOARCH=amd64 go build -o $(EXEC)
 
 bundle: $(EXEC)
 	tar czf $(EXEC).tar.gz $(EXEC) admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/

From ecda8dde24e23b089da9db09b156d64ee70ee95f Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sat, 15 Mar 2025 17:54:58 +0000
Subject: [PATCH 28/88] hell yeah i love canvas rendering

---
 cursor/cursor.go        |  28 ++--
 public/script/cursor.js | 297 ++++++++++++++++++++++------------------
 public/style/cursor.css |  63 +--------
 3 files changed, 188 insertions(+), 200 deletions(-)

diff --git a/cursor/cursor.go b/cursor/cursor.go
index a74c998..4e4504f 100644
--- a/cursor/cursor.go
+++ b/cursor/cursor.go
@@ -17,8 +17,9 @@ type CursorClient struct {
     ID int32
     Conn *websocket.Conn
     Route string
-    X int16
-    Y int16
+    X float32
+    Y float32
+    Click bool
     Disconnected bool
 }
 
@@ -91,7 +92,7 @@ func handleClient(client *CursorClient) {
             if otherClient.ID == client.ID { continue }
             if otherClient.Route != client.Route { continue }
             client.Send([]byte(fmt.Sprintf("join:%d", otherClient.ID)))
-            client.Send([]byte(fmt.Sprintf("pos:%d:%d:%d", otherClient.ID, otherClient.X, otherClient.Y)))
+            client.Send([]byte(fmt.Sprintf("pos:%d:%f:%f", otherClient.ID, otherClient.X, otherClient.Y)))
         }
         mutex.Unlock()
         broadcast <- CursorMessage{
@@ -118,15 +119,26 @@ func handleClient(client *CursorClient) {
             client.Route,
             []*CursorClient{ client },
         }
+    case "click":
+        if len(args) < 2 { return }
+        click := 0
+        if args[1][0] == '1' {
+            click = 1
+        }
+        broadcast <- CursorMessage{
+            []byte(fmt.Sprintf("click:%d:%d", client.ID, click)),
+            client.Route,
+            []*CursorClient{ client },
+        }
     case "pos":
         if len(args) < 3 { return }
-        x, err := strconv.ParseInt(args[1], 10, 32)
-        y, err := strconv.ParseInt(args[2], 10, 32)
+        x, err := strconv.ParseFloat(args[1], 32)
+        y, err := strconv.ParseFloat(args[2], 32)
         if err != nil { return }
-        client.X = int16(x)
-        client.Y = int16(y)
+        client.X = float32(x)
+        client.Y = float32(y)
         broadcast <- CursorMessage{
-            []byte(fmt.Sprintf("pos:%d:%d:%d", client.ID, client.X, client.Y)),
+            []byte(fmt.Sprintf("pos:%d:%f:%f", client.ID, client.X, client.Y)),
             client.Route,
             []*CursorClient{ client },
         }
diff --git a/public/script/cursor.js b/public/script/cursor.js
index 059a2bd..188cdbb 100644
--- a/public/script/cursor.js
+++ b/public/script/cursor.js
@@ -1,13 +1,14 @@
 import config from './config.js';
 
-const CURSOR_TICK_RATE = 1000/30;
 const CURSOR_LERP_RATE = 1/100;
 const CURSOR_FUNCHAR_RATE = 20;
 const CURSOR_CHAR_MAX_LIFE = 5000;
 const CURSOR_MAX_CHARS = 64;
 
-/** @type HTMLElement */
-let cursorContainer;
+/** @type HTMLCanvasElement */
+let canvas;
+/** @type CanvasRenderingContext2D */
+let ctx;
 /** @type Cursor */
 let myCursor;
 /** @type Map<number, Cursor> */
@@ -19,11 +20,12 @@ let ws;
 let running = false;
 let lastUpdate = 0;
 
+let cursorBoxHeight = 0;
+let cursorBoxRadius = 0;
+let cursorIDFontSize = 0;
+let cursorCharFontSize = 0;
+
 class Cursor {
-    /** @type HTMLElement */
-    #element;
-    /** @type HTMLElement */
-    #charElement;
     #funCharCooldown = CURSOR_FUNCHAR_RATE;
 
     /**
@@ -32,46 +34,20 @@ class Cursor {
      * @param {number} y
      */
     constructor(id, x, y) {
+        this.id = id;
+
         // real coordinates (canonical)
         this.x = x;
         this.y = y;
         // render coordinates (interpolated)
         this.rx = x;
         this.ry = y;
+
         this.msg = '';
+        /** @type Array<FunChar> */
         this.funChars = new Array();
-
-        const element = document.createElement('i');
-        element.classList.add('cursor');
-        const colour = randomColour();
-        element.style.borderColor = colour;
-        element.style.color = colour;
-        cursorContainer.appendChild(element);
-        this.#element = element;
-
-        const char = document.createElement('i');
-        char.className = 'char';
-        cursorContainer.appendChild(char);
-        this.#charElement = char;
-
-        this.setID(id);
-    }
-
-    destroy() {
-        this.#element.remove();
-        this.#charElement.remove();
-        this.funChars.forEach(char => {
-            char.destroy();
-        });
-    }
-
-    /**
-     * @param {number} x
-     * @param {number} y
-     */
-    move(x, y) {
-        this.x = x;
-        this.y = y;
+        this.colour = randomColour();
+        this.click = false;
     }
 
     /**
@@ -80,64 +56,80 @@ class Cursor {
     update(deltaTime) {
         this.rx += (this.x - this.rx) * CURSOR_LERP_RATE * deltaTime;
         this.ry += (this.y - this.ry) * CURSOR_LERP_RATE * deltaTime;
-        this.#element.style.left = this.rx + 'px';
-        this.#element.style.top = this.ry + 'px';
-        this.#charElement.style.left = this.rx + 'px';
-        this.#charElement.style.top = (this.ry - 24) + 'px';
 
         if (this.#funCharCooldown > 0)
             this.#funCharCooldown -= deltaTime;
 
-        if (this.msg.length > 0) {
-            if (config.cursorFunMode === true) {
+        const x = this.rx * innerWidth - scrollX;
+        const y = this.ry * innerHeight - scrollY;
+        const onBackground = ctx.fillStyle = getComputedStyle(document.body).getPropertyValue('--on-background');
+
+        if (config.cursorFunMode === true) {
+            if (this.msg.length > 0) {
                 if (this.#funCharCooldown <= 0) {
                     this.#funCharCooldown = CURSOR_FUNCHAR_RATE;
                     if (this.funChars.length >= CURSOR_MAX_CHARS) {
-                        const char = this.funChars.shift();
-                        char.destroy();
+                        this.funChars.shift();
                     }
-                    const yOffset = -20;
+                    const yOffset = -10 / innerHeight;
                     const accelMultiplier = 0.002;
                     this.funChars.push(new FunChar(
-                        this.x + window.scrollX, this.y + window.scrollY + yOffset,
+                        this.x, this.y + yOffset,
                         (this.x - this.rx) * accelMultiplier, (this.y - this.ry) * accelMultiplier,
                         this.msg));
                 }
-            } else {
-                this.#charElement.innerText = this.msg;
             }
-        } else {
-            this.#charElement.innerText = '';
+
+            this.funChars.forEach(char => {
+                if (char.life > CURSOR_CHAR_MAX_LIFE ||
+                    char.y - scrollY > innerHeight ||
+                    char.x < 0 ||
+                    char.x * innerWidth - scrollX > innerWidth
+                ) {
+                    this.funChars = this.funChars.filter(c => c !== this);
+                    return;
+                }
+                char.update(deltaTime);
+            });
+        } else if (this.msg.length > 0) {
+            ctx.font = 'normal bold ' + cursorCharFontSize + 'px monospace';
+            ctx.fillStyle = onBackground;
+            ctx.fillText(
+                this.msg,
+                (x + 6) * devicePixelRatio,
+                (y + -8) * devicePixelRatio);
         }
 
-        this.funChars.forEach(char => {
-            if (char.life > CURSOR_CHAR_MAX_LIFE ||
-                char.y > document.body.clientHeight ||
-                char.x < 0 ||
-                char.x > document.body.clientWidth
-            ) {
-                this.funChars = this.funChars.filter(c => c !== this);
-                char.destroy();
-                return;
-            }
-            char.update(deltaTime);
-        });
-    }
+        const lightTheme = matchMedia && matchMedia('(prefers-color-scheme: light)').matches;
 
-    setID(id) {
-        this.id = id;
-        this.#element.id = 'cursor' + id;
-        this.#element.innerText = '0x' + id.toString(16).slice(0, 8).padStart(8, '0');
-    }
+        if (lightTheme)
+            ctx.filter = 'saturate(5) brightness(0.8)';
 
-    /**
-     * @param {boolean} active 
-     */
-    click(active) {
-        if (active)
-            this.#element.classList.add('click');
-        else
-            this.#element.classList.remove('click');
+        const idText = '0x' + this.id.toString(16).padStart(8, '0');
+        const colour = this.click ? onBackground : this.colour;
+
+        ctx.beginPath();
+        ctx.roundRect(
+            (x) * devicePixelRatio,
+            (y) * devicePixelRatio,
+            (12 + 7.2 * idText.length) * devicePixelRatio,
+            cursorBoxHeight,
+            cursorBoxRadius);
+        ctx.closePath();
+        ctx.fillStyle = lightTheme ? '#fff8' : '#0008';
+        ctx.fill();
+        ctx.strokeStyle = colour;
+        ctx.lineWidth = devicePixelRatio;
+        ctx.stroke();
+
+        ctx.font = cursorIDFontSize + 'px monospace';
+        ctx.fillStyle = colour;
+        ctx.fillText(
+            idText,
+            (x + 6) * devicePixelRatio,
+            (y + 14) * devicePixelRatio);
+
+        ctx.filter = '';
     }
 }
 
@@ -152,20 +144,12 @@ class FunChar {
     constructor(x, y, xa, ya, text) {
         this.x = x;
         this.y = y;
-        this.xa = xa + Math.random() * .2 - .1;
-        this.ya = ya + Math.random() * -.25;
-        this.r = this.xa * 100;
+        this.xa = xa + Math.random() * .0005 - .00025;
+        this.ya = ya + Math.random() * -.00025;
+        this.r = this.xa * 1000;
         this.ra = this.r * 0.01;
+        this.text = text;
         this.life = 0;
-
-        const char = document.createElement('i');
-        char.className = 'funchar';
-        char.innerText = text;
-        char.style.left = x + 'px';
-        char.style.top = y + 'px';
-        char.style.transform = `rotate(${this.r}deg)`;
-        this.element = char;
-        cursorContainer.appendChild(this.element);
     }
 
     /**
@@ -177,15 +161,27 @@ class FunChar {
         this.x += this.xa * deltaTime;
         this.y += this.ya * deltaTime;
         this.r += this.ra * deltaTime;
-        this.ya = Math.min(this.ya + 0.0005 * deltaTime, 10);
+        this.ya = Math.min(this.ya + 0.000001 * deltaTime, 10);
 
-        this.element.style.left = (this.x - window.scrollX) + 'px';
-        this.element.style.top = (this.y - window.scrollY) + 'px';
-        this.element.style.transform = `rotate(${this.r}deg)`;
-    }
+        const x = this.x * innerWidth - scrollX;
+        const y = this.y * innerHeight - scrollY;
 
-    destroy() {
-        this.element.remove();
+        const translateOffset = {
+            x: (x + 7.2) * devicePixelRatio,
+            y: (y - 7.2) * devicePixelRatio,
+        };
+        ctx.translate(translateOffset.x, translateOffset.y);
+        ctx.rotate(this.r);
+        ctx.translate(-translateOffset.x, -translateOffset.y);
+
+        ctx.font = 'normal bold ' + cursorCharFontSize + 'px monospace';
+        ctx.fillStyle = getComputedStyle(document.body).getPropertyValue('--on-background');
+        ctx.fillText(
+            this.text,
+            x * devicePixelRatio,
+            y * devicePixelRatio);
+
+        ctx.resetTransform();
     }
 }
 
@@ -205,18 +201,37 @@ function randomColour() {
 /**
  * @param {MouseEvent} event 
  */
+let mouseMoveLock = false;
+const mouseMoveCooldown = 1000/30;
 function handleMouseMove(event) {
     if (!myCursor) return;
-    if (ws && ws.readyState == WebSocket.OPEN)
-        ws.send(`pos:${event.x}:${event.y}`);
-    myCursor.move(event.x, event.y);
+
+    const x = event.pageX / innerWidth;
+    const y = event.pageY / innerHeight;
+    const f = 10000; // four digit floating-point precision
+
+    if (!mouseMoveLock) {
+        mouseMoveLock = true;
+        if (ws && ws.readyState == WebSocket.OPEN)
+            ws.send(`pos:${Math.round(x * f) / f}:${Math.round(y * f) / f}`);
+        setTimeout(() => {
+            mouseMoveLock = false;
+        }, mouseMoveCooldown);
+    }
+
+    myCursor.x = x;
+    myCursor.y = y;
 }
 
 function handleMouseDown() {
-    myCursor.click(true);
+    myCursor.click = true;
+    if (ws && ws.readyState == WebSocket.OPEN)
+        ws.send('click:1');
 }
 function handleMouseUp() {
-    myCursor.click(false);
+    myCursor.click = false;
+    if (ws && ws.readyState == WebSocket.OPEN)
+        ws.send('click:0');
 }
 
 /**
@@ -238,56 +253,69 @@ function handleKeyUp() {
 }
 
 /**
- * @param {number} time
+ * @param {number} timestamp
  */
-function updateCursors(time) {
+function update(timestamp) {
     if (!running) return;
 
-    const deltaTime = time - lastUpdate;
+    const deltaTime = timestamp - lastUpdate;
+    lastUpdate = timestamp;
+
+    ctx.clearRect(0, 0, canvas.width, canvas.height);
 
     cursors.forEach(cursor => {
         cursor.update(deltaTime);
     });
 
-    lastUpdate = time;
-    requestAnimationFrame(updateCursors);
+    requestAnimationFrame(update);
+}
+
+function handleWindowResize() {
+    canvas.width = innerWidth * devicePixelRatio;
+    canvas.height = innerHeight * devicePixelRatio;
+    cursorBoxHeight = 20 * devicePixelRatio;
+    cursorBoxRadius = 4 * devicePixelRatio;
+    cursorIDFontSize = 12 * devicePixelRatio;
+    cursorCharFontSize = 20 * devicePixelRatio;
 }
 
 function cursorSetup() {
     if (running) throw new Error('Only one instance of Cursor can run at a time.');
     running = true;
 
-    cursorContainer = document.createElement('div');
-    cursorContainer.id = 'cursors';
-    document.body.appendChild(cursorContainer);
+    canvas = document.createElement('canvas');
+    canvas.id = 'cursors';
+    handleWindowResize();
+    document.body.appendChild(canvas);
 
-    myCursor = new Cursor("You!", window.innerWidth / 2, window.innerHeight / 2);
+    ctx = canvas.getContext('2d');
+
+    myCursor = new Cursor('You!', innerWidth / 2, innerHeight / 2);
     cursors.set(0, myCursor);
 
+    addEventListener('resize', handleWindowResize);
     document.addEventListener('mousemove', handleMouseMove);
     document.addEventListener('mousedown', handleMouseDown);
     document.addEventListener('mouseup', handleMouseUp);
     document.addEventListener('keypress', handleKeyPress);
     document.addEventListener('keyup', handleKeyUp);
 
-    requestAnimationFrame(updateCursors);
+    requestAnimationFrame(update);
 
-    ws = new WebSocket("/cursor-ws");
+    ws = new WebSocket('/cursor-ws');
+    ws.addEventListener('open', () => {
+        console.log('Cursor connected to server successfully.');
 
-    ws.addEventListener("open", () => {
-        console.log("Cursor connected to server successfully.");
-
-        ws.send(`loc:${window.location.pathname}`);
+        ws.send(`loc:${location.pathname}`);
     });
-    ws.addEventListener("error", error => {
-        console.error("Cursor WebSocket error:", error);
+    ws.addEventListener('error', error => {
+        console.error('Cursor WebSocket error:', error);
     });
-    ws.addEventListener("close", () => {
-        console.log("Cursor connection closed.");
+    ws.addEventListener('close', () => {
+        console.log('Cursor connection closed.');
     });
-
-    ws.addEventListener("message", event => {
-        const args = String(event.data).split(":");
+    ws.addEventListener('message', event => {
+        const args = String(event.data).split(':');
         if (args.length == 0) return;
 
         let id = 0;
@@ -300,7 +328,7 @@ function cursorSetup() {
 
         switch (args[0]) {
             case 'id': {
-                myCursor.setID(Number(args[1]));
+                myCursor.id = Number(args[1]);
                 break;
             }
             case 'join': {
@@ -310,7 +338,6 @@ function cursorSetup() {
             }
             case 'leave': {
                 if (!cursor || cursor === myCursor) break;
-                cursors.get(id).destroy();
                 cursors.delete(id);
                 break;
             }
@@ -324,33 +351,37 @@ function cursorSetup() {
                 cursor.msg = '';
                 break;
             }
+            case 'click': {
+                if (!cursor || cursor === myCursor) break;
+                cursor.click = args[2] == '1';
+                break;
+            }
             case 'pos': {
                 if (!cursor || cursor === myCursor) break;
-                cursor.move(Number(args[2]), Number(args[3]));
+                cursor.x = Number(args[2]);
+                cursor.y = Number(args[3]);
                 break;
             }
             default: {
-                console.warn("Cursor: Unknown command received from server:", args[0]);
+                console.warn('Cursor: Unknown command received from server:', args[0]);
                 break;
             }
         }
     });
 
-    console.log(`Cursor tracking @ ${window.location.pathname}`);
+    console.log(`Cursor tracking @ ${location.pathname}`);
 }
 
 function cursorDestroy() {
     if (!running) return;
 
+    removeEventListener('resize', handleWindowResize);
     document.removeEventListener('mousemove', handleMouseMove);
     document.removeEventListener('mousedown', handleMouseDown);
     document.removeEventListener('mouseup', handleMouseUp);
     document.removeEventListener('keypress', handleKeyPress);
     document.removeEventListener('keyup', handleKeyUp);
     
-    cursors.forEach(cursor => {
-        cursor.destroy();
-    });
     cursors.clear();
     myCursor = null;
 
diff --git a/public/style/cursor.css b/public/style/cursor.css
index 8561716..73019ee 100644
--- a/public/style/cursor.css
+++ b/public/style/cursor.css
@@ -1,64 +1,9 @@
-#cursors i.cursor {
-    position: fixed;
-    padding: 4px;
-
-    display: block;
-    z-index: 1000;
-
-    background: #0008;
-    border: 2px solid #808080;
-    border-radius: 2px;
-
-    font-style: normal;
-    font-size: 10px;
-    font-weight: bold;
-    white-space: nowrap;
-}
-
-#cursors i.cursor.click {
-    color: var(--on-background) !important;
-    border-color: var(--on-background) !important;
-}
-
-#cursors i.char {
-    position: absolute;
-    margin: 0;
-    font-style: normal;
-    font-size: 20px;
-    font-weight: bold;
-    color: var(--on-background);
-}
-
-#cursors i.funchar {
-    position: absolute;
-    margin: 0;
-
-    display: block;
-    z-index: 1000;
-
-    font-style: normal;
-    font-size: 20px;
-    font-weight: bold;
-    color: var(--on-background);
-}
-
-#cursors {
-    width: 100vw;
-    height: 100vh;
+canvas#cursors {
     position: fixed;
     top: 0;
     left: 0;
-
-    z-index: 1000;
-    overflow: clip;
-
-    user-select: none;
+    width: 100vw;
+    height: 100vh;
     pointer-events: none;
-}
-
-@media (prefers-color-scheme: light) {
-    #cursors i.cursor {
-        filter: saturate(5) brightness(0.8);
-        background: #fff8;
-    }
+    z-index: 100;
 }

From 51283c1a4fb8040c5911a3fcbcc1522735c61e0a Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sat, 15 Mar 2025 22:37:23 +0000
Subject: [PATCH 29/88] oops

---
 schema-migration/000-init.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/schema-migration/000-init.sql b/schema-migration/000-init.sql
index f70dee6..b56c6b6 100644
--- a/schema-migration/000-init.sql
+++ b/schema-migration/000-init.sql
@@ -84,7 +84,7 @@ CREATE TABLE arimelody.musicrelease (
     buylink text,
     copyright text,
     copyrightURL text,
-    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp,
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
 );
 ALTER TABLE arimelody.musicrelease ADD CONSTRAINT musicrelease_pk PRIMARY KEY (id);
 

From e5ae16755086830bdd01d8784586f6f25ce4806d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sat, 15 Mar 2025 22:47:37 +0000
Subject: [PATCH 30/88] incredibly important wii update

---
 views/index.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/views/index.html b/views/index.html
index 636c369..ba0ca15 100644
--- a/views/index.html
+++ b/views/index.html
@@ -197,7 +197,9 @@
         <img src="/img/buttons/misc/sprunk.gif" alt="sprunk" width="88" height="31">
         <img src="/img/buttons/misc/tohell.gif" alt="go straight to hell" width="88" height="31">
         <img src="/img/buttons/misc/virusalert.gif" alt="virus alert! click here" onclick="alert('meow :3')" width="88" height="31">
-        <img src="/img/buttons/misc/wii.gif" alt="wii" width="88" height="31">
+        <a href="http://wiishopchannel.net/" target="_blank">
+            <img src="/img/buttons/misc/wii.gif" alt="wii" width="88" height="31">
+        </a>
         <img src="/img/buttons/misc/www2.gif" alt="www" width="88" height="31">
         <img src="/img/buttons/misc/iemandatory.gif" alt="get mandatory internet explorer" width="88" height="31">
         <img src="/img/buttons/misc/learn_html.gif" alt="HTML - learn it today!" width="88" height="31">

From 6db35b2f995376680395e94a1056141f3db521b7 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 24 Mar 2025 19:39:10 +0000
Subject: [PATCH 31/88] model function unit tests!

---
 .../components/release/release-list-item.html |   2 +-
 model/artist.go                               |   4 -
 model/artist_test.go                          |  23 +++
 model/link.go                                 |   4 +-
 model/link_test.go                            |  23 +++
 model/release.go                              |   4 -
 model/release_test.go                         | 157 ++++++++++++++++++
 model/track_test.go                           |  43 +++++
 views/music-gateway.html                      |  10 +-
 9 files changed, 254 insertions(+), 16 deletions(-)
 create mode 100644 model/artist_test.go
 create mode 100644 model/link_test.go
 create mode 100644 model/release_test.go
 create mode 100644 model/track_test.go

diff --git a/admin/components/release/release-list-item.html b/admin/components/release/release-list-item.html
index 677318d..4b8f41e 100644
--- a/admin/components/release/release-list-item.html
+++ b/admin/components/release/release-list-item.html
@@ -7,7 +7,7 @@
         <h3 class="release-title">
             <a href="/admin/release/{{.ID}}">{{.Title}}</a>
             <small>
-                <span title="{{.PrintReleaseDate}}">{{.GetReleaseYear}}</span>
+                <span title="{{.PrintReleaseDate}}">{{.ReleaseDate.Year}}</span>
                 {{if not .Visible}}(hidden){{end}}
             </small>
         </h3>
diff --git a/model/artist.go b/model/artist.go
index 733e537..63871c7 100644
--- a/model/artist.go
+++ b/model/artist.go
@@ -9,10 +9,6 @@ type (
 	}
 )
 
-func (artist Artist) GetWebsite() string {
-	return artist.Website
-}
-
 func (artist Artist) GetAvatar() string {
 	if artist.Avatar == "" {
 		return "/img/default-avatar.png"
diff --git a/model/artist_test.go b/model/artist_test.go
new file mode 100644
index 0000000..feb9a18
--- /dev/null
+++ b/model/artist_test.go
@@ -0,0 +1,23 @@
+package model
+
+import (
+    "testing"
+)
+
+func Test_Artist_GetAvatar(t *testing.T) {
+    want := "testavatar.png"
+    artist := Artist{ Avatar: want }
+
+    got := artist.GetAvatar()
+    if want != got {
+        t.Errorf(`correct value not returned when avatar is populated (want "%s", got "%s")`, want, got)
+    }
+
+    artist = Artist{}
+
+    want = "/img/default-avatar.png" 
+    got = artist.GetAvatar()
+    if want != got {
+        t.Errorf(`default value not returned when avatar is empty (want "%s", got "%s")`, want, got)
+    }
+}
diff --git a/model/link.go b/model/link.go
index 8b48ced..1a5bb8f 100644
--- a/model/link.go
+++ b/model/link.go
@@ -11,6 +11,6 @@ type Link struct {
 }
 
 func (link Link) NormaliseName() string {
-	rgx := regexp.MustCompile(`[^a-z0-9]`)
-	return strings.ToLower(rgx.ReplaceAllString(link.Name, ""))
+	rgx := regexp.MustCompile(`[^a-z0-9\-]`)
+	return rgx.ReplaceAllString(strings.ToLower(link.Name), "")
 }
diff --git a/model/link_test.go b/model/link_test.go
new file mode 100644
index 0000000..b368094
--- /dev/null
+++ b/model/link_test.go
@@ -0,0 +1,23 @@
+package model
+
+import (
+    "testing"
+)
+
+func Test_Link_NormaliseName(t *testing.T) {
+    link := Link{
+        Name: "!c@o#o$l%-^a&w*e(s)o_m=e+-[l{i]n}k-0123456789ABCDEF",
+    }
+
+    want := "cool-awesome-link-0123456789abcdef"
+    got := link.NormaliseName()
+    if want != got {
+        t.Errorf(`name with invalid characters not properly formatted (want "%s", got "%s")`, want, got)
+    }
+
+    link.Name = want
+    got = link.NormaliseName()
+    if want != got {
+        t.Errorf(`valid name mangled by formatter (want "%s", got "%s")`, want, got)
+    }
+}
diff --git a/model/release.go b/model/release.go
index 42d6fba..afaacca 100644
--- a/model/release.go
+++ b/model/release.go
@@ -50,10 +50,6 @@ func (release Release) PrintReleaseDate() string {
     return release.ReleaseDate.Format("02 January 2006")
 }
 
-func (release Release) GetReleaseYear() int {
-    return release.ReleaseDate.Year()
-}
-
 func (release Release) GetArtwork() string {
     if release.Artwork == "" {
         return "/img/default-cover-art.png"
diff --git a/model/release_test.go b/model/release_test.go
new file mode 100644
index 0000000..11a58a1
--- /dev/null
+++ b/model/release_test.go
@@ -0,0 +1,157 @@
+package model
+
+import (
+	"testing"
+	"time"
+)
+
+func Test_Release_DescriptionHTML(t *testing.T) {
+    release := Release{
+        Description: "this is\na test\n<strong>description!</strong>",
+    }
+
+    // descriptions are set by privileged users,
+    // so we'll allow HTML injection here
+    want := "this is<br>a test<br><strong>description!</strong>"
+    got := release.GetDescriptionHTML()
+    if want != string(got) {
+        t.Errorf(`release description incorrectly formatted (want "%s", got "%s")`, want, got)
+    }
+}
+
+func Test_Release_ReleaseDate(t *testing.T) {
+    release := Release{
+        ReleaseDate: time.Date(2025, time.July, 26, 16, 0, 0, 0, time.UTC),
+    }
+
+    want := "2025-07-26T16:00"
+    got := release.TextReleaseDate()
+    if want != got {
+        t.Errorf(`release date incorrectly formatted (want "%s", got "%s")`, want, got)
+    }
+
+    want = "26 July 2025"
+    got = release.PrintReleaseDate()
+    if want != got {
+        t.Errorf(`release date (print) incorrectly formatted (want "%s", got "%s")`, want, got)
+    }
+}
+
+func Test_Release_Artwork(t *testing.T) {
+    want := "testartwork.png"
+    release := Release{ Artwork: want }
+
+    got := release.GetArtwork()
+    if want != got {
+        t.Errorf(`correct value not returned when artwork is populated (want "%s", got "%s")`, want, got)
+    }
+
+    release = Release{}
+
+    want = "/img/default-cover-art.png" 
+    got = release.GetArtwork()
+    if want != got {
+        t.Errorf(`default value not returned when artwork is empty (want "%s", got "%s")`, want, got)
+    }
+}
+
+func Test_Release_IsSingle(t *testing.T) {
+    release := Release{
+        Tracks: []*Track{},
+    }
+
+    if release.IsSingle() {
+        t.Errorf("IsSingle() == true when no tracks are present")
+    }
+
+    release.Tracks = append(release.Tracks, &Track{})
+    if !release.IsSingle() {
+        t.Errorf("IsSingle() == false when one track is present")
+    }
+
+    release.Tracks = append(release.Tracks, &Track{})
+    if release.IsSingle() {
+        t.Errorf("IsSingle() == true when >1 tracks are present")
+    }
+}
+
+func Test_Release_IsReleased(t *testing.T) {
+    release := Release {
+        ReleaseDate: time.Now(),
+    }
+
+    if !release.IsReleased() {
+        t.Errorf("IsRelease() == false when release date in the past")
+    }
+
+    release.ReleaseDate = time.Now().Add(time.Hour)
+    if release.IsReleased() {
+        t.Errorf("IsRelease() == true when release date in the future")
+    }
+}
+
+func Test_Release_PrintArtists(t *testing.T) {
+    artist1 := "ari melody"
+    artist2 := "aridoodle"
+    artist3 := "idk"
+    artist4 := "guest"
+    
+    release := Release {
+        Credits: []*Credit{
+            { Artist: Artist{ Name: artist1 }, Primary: true },
+            { Artist: Artist{ Name: artist2 }, Primary: true },
+            { Artist: Artist{ Name: artist3 }, Primary: false },
+            { Artist: Artist{ Name: artist4 }, Primary: true },
+        },
+    }
+
+    {
+        want := []string{ artist1, artist2, artist4 }
+        got := release.GetUniqueArtistNames(true)
+        if len(want) != len(got) {
+            t.Errorf(`len(GetUniqueArtistNames) (primary only) == %d, want %d`, len(got), len(want))
+        }
+        for i := range got {
+            if want[i] != got[i] {
+                t.Errorf(`GetUniqueArtistNames[%d] (primary only) == %s, want %s`, i, got[i], want[i])
+            }
+        }
+
+        want = []string{ artist1, artist2, artist3, artist4 }
+        got = release.GetUniqueArtistNames(false)
+        if len(want) != len(got) {
+            t.Errorf(`len(GetUniqueArtistNames) == %d, want %d`, len(got), len(want))
+        }
+        for i := range got {
+            if want[i] != got[i] {
+                t.Errorf(`GetUniqueArtistNames[%d] == %s, want %s`, i, got[i], want[i])
+            }
+        }
+    }
+
+    {
+        want := "ari melody, aridoodle & guest"
+        got := release.PrintArtists(true, true)
+        if want != got {
+            t.Errorf(`PrintArtists (primary only, ampersand) == "%s", want "%s"`, want, got)
+        }
+
+        want = "ari melody, aridoodle, guest"
+        got = release.PrintArtists(true, false)
+        if want != got {
+            t.Errorf(`PrintArtists (primary only) == "%s", want "%s"`, want, got)
+        }
+
+        want = "ari melody, aridoodle, idk & guest"
+        got = release.PrintArtists(false, true)
+        if want != got {
+            t.Errorf(`PrintArtists (all, ampersand) == "%s", want "%s"`, want, got)
+        }
+
+        want = "ari melody, aridoodle, idk, guest"
+        got = release.PrintArtists(false, false)
+        if want != got {
+            t.Errorf(`PrintArtists (all) == "%s", want "%s"`, want, got)
+        }
+    }
+}
diff --git a/model/track_test.go b/model/track_test.go
new file mode 100644
index 0000000..fd500d7
--- /dev/null
+++ b/model/track_test.go
@@ -0,0 +1,43 @@
+package model
+
+import (
+    "testing"
+)
+
+func Test_Track_DescriptionHTML(t *testing.T) {
+    track := Track{
+        Description: "this is\na test\n<strong>description!</strong>",
+    }
+
+    // descriptions are set by privileged users,
+    // so we'll allow HTML injection here
+    want := "this is<br>a test<br><strong>description!</strong>"
+    got := track.GetDescriptionHTML()
+    if want != string(got) {
+        t.Errorf(`track description incorrectly formatted (want "%s", got "%s")`, want, got)
+    }
+}
+
+func Test_Track_LyricsHTML(t *testing.T) {
+    track := Track{
+        Lyrics: "these are\ntest\n<strong>lyrics!</strong>",
+    }
+
+    // lyrics are set by privileged users,
+    // so we'll allow HTML injection here
+    want := "these are<br>test<br><strong>lyrics!</strong>"
+    got := track.GetLyricsHTML()
+    if want != string(got) {
+        t.Errorf(`track lyrics incorrectly formatted (want "%s", got "%s")`, want, got)
+    }
+}
+
+func Test_Track_Add(t *testing.T) {
+    track := Track{}
+
+    want := 4
+    got := track.Add(2, 2)
+    if want != got {
+        t.Errorf(`somehow, we screwed up addition. (want %d, got %d)`, want, got)
+    }
+}
diff --git a/views/music-gateway.html b/views/music-gateway.html
index 1bf3a2f..0f4441c 100644
--- a/views/music-gateway.html
+++ b/views/music-gateway.html
@@ -4,7 +4,7 @@
 
 <meta name="description" content="Stream &quot;{{.Title}}&quot; by {{.PrintArtists true true}} on all platforms!">
 <meta name="author" content="{{.PrintArtists true true}}">
-<meta name="keywords" content="{{.PrintArtists true false}}, music, {{.Title}}, {{.ID}}, {{.GetReleaseYear}}">
+<meta name="keywords" content="{{.PrintArtists true false}}, music, {{.Title}}, {{.ID}}, {{.ReleaseDate.Year}}">
 
 <meta property="og:url" content="https://arimelody.me/music/{{.ID}}">
 <meta property="og:type" content="website">
@@ -54,7 +54,7 @@
             <div id="overview">
                 <div id="title-container">
                     <h1 id="title">{{.Title}}</h1>
-                    <span id="year" title="{{.PrintReleaseDate}}">{{.GetReleaseYear}}</span>
+                    <span id="year" title="{{.PrintReleaseDate}}">{{.ReleaseDate.Year}}</span>
                 </div>
                 <p id="artist">{{.PrintArtists true true}}</p>
                 {{if .IsReleased}}
@@ -91,7 +91,7 @@
                 {{end}}
 
                 {{if and .Copyright .CopyrightURL}}
-                <p id="copyright">{{.Title}} &copy; {{.GetReleaseYear}} by {{.PrintArtists true true}} is licensed under <a href="{{.CopyrightURL}}" target="_blank">{{.Copyright}}</a></p>
+                <p id="copyright">{{.Title}} &copy; {{.ReleaseDate.Year}} by {{.PrintArtists true true}} is licensed under <a href="{{.CopyrightURL}}" target="_blank">{{.Copyright}}</a></p>
                 {{end}}
 
                 <button id="share">share</button>
@@ -105,8 +105,8 @@
                 <ul>
                     {{range .Credits}}
                     {{$Artist := .Artist}}
-                    {{if $Artist.GetWebsite}}
-                    <li><strong><a href="{{$Artist.GetWebsite}}">{{$Artist.Name}}</a></strong>: {{.Role}}</li>
+                    {{if $Artist.Website}}
+                    <li><strong><a href="{{$Artist.Website}}">{{$Artist.Name}}</a></strong>: {{.Role}}</li>
                     {{else}}
                     <li><strong>{{$Artist.Name}}</strong>: {{.Role}}</li>
                     {{end}}

From ed86aff2a24657f5ee1d4f204c6ceaf97132d419 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 31 Mar 2025 13:36:02 +0100
Subject: [PATCH 32/88] fix config not saving with broken listeners, fix cursor
 ReferenceError

---
 cursor/cursor.go        | 10 +++++-----
 public/script/config.js |  7 +++----
 public/script/cursor.js |  4 +---
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/cursor/cursor.go b/cursor/cursor.go
index 4e4504f..4ed59e3 100644
--- a/cursor/cursor.go
+++ b/cursor/cursor.go
@@ -88,13 +88,13 @@ func handleClient(client *CursorClient) {
         client.Route = args[1]
 
         mutex.Lock()
-        for _, otherClient := range clients {
-            if otherClient.ID == client.ID { continue }
-            if otherClient.Route != client.Route { continue }
-            client.Send([]byte(fmt.Sprintf("join:%d", otherClient.ID)))
-            client.Send([]byte(fmt.Sprintf("pos:%d:%f:%f", otherClient.ID, otherClient.X, otherClient.Y)))
+        for otherClientID, otherClient := range clients {
+            if otherClientID == client.ID || otherClient.Route != client.Route { continue }
+            client.Send([]byte(fmt.Sprintf("join:%d", otherClientID)))
+            client.Send([]byte(fmt.Sprintf("pos:%d:%f:%f", otherClientID, otherClient.X, otherClient.Y)))
         }
         mutex.Unlock()
+        
         broadcast <- CursorMessage{
             []byte(fmt.Sprintf("join:%d", client.ID)),
             client.Route,
diff --git a/public/script/config.js b/public/script/config.js
index 1ab8b5a..402a74b 100644
--- a/public/script/config.js
+++ b/public/script/config.js
@@ -55,6 +55,7 @@ class Config {
     get crt() { return this._crt }
     set crt(/** @type boolean */ enabled) {
         this._crt = enabled;
+        this.save();
 
         if (enabled) {
             document.body.classList.add("crt");
@@ -66,26 +67,24 @@ class Config {
         this.#listeners.get('crt').forEach(callback => {
             callback(this._crt);
         })
-
-        this.save();
     }
 
     get cursor() { return this._cursor }
     set cursor(/** @type boolean */ value) {
         this._cursor = value;
+        this.save();
         this.#listeners.get('cursor').forEach(callback => {
             callback(this._cursor);
         })
-        this.save();
     }
 
     get cursorFunMode() { return this._cursorFunMode }
     set cursorFunMode(/** @type boolean */ value) {
         this._cursorFunMode = value;
+        this.save();
         this.#listeners.get('cursorFunMode').forEach(callback => {
             callback(this._cursorFunMode);
         })
-        this.save();
     }
 }
 
diff --git a/public/script/cursor.js b/public/script/cursor.js
index 188cdbb..79637fe 100644
--- a/public/script/cursor.js
+++ b/public/script/cursor.js
@@ -328,7 +328,7 @@ function cursorSetup() {
 
         switch (args[0]) {
             case 'id': {
-                myCursor.id = Number(args[1]);
+                myCursor.id = id;
                 break;
             }
             case 'join': {
@@ -385,8 +385,6 @@ function cursorDestroy() {
     cursors.clear();
     myCursor = null;
 
-    cursorContainer.remove();
-
     console.log(`Cursor no longer tracking.`);
     running = false;
 }

From 5cc9a1ca7653351841c216d4b29e50941d72de53 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 31 Mar 2025 13:44:29 +0100
Subject: [PATCH 33/88] clear cursor display when shutting down

---
 public/script/cursor.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/public/script/cursor.js b/public/script/cursor.js
index 79637fe..ff87068 100644
--- a/public/script/cursor.js
+++ b/public/script/cursor.js
@@ -381,6 +381,8 @@ function cursorDestroy() {
     document.removeEventListener('mouseup', handleMouseUp);
     document.removeEventListener('keypress', handleKeyPress);
     document.removeEventListener('keyup', handleKeyUp);
+
+    ctx.clearRect(0, 0, canvas.width, canvas.height);
     
     cursors.clear();
     myCursor = null;

From 1c0e541c8914229f74d402690a05ee1a2c6168fd Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 29 Apr 2025 11:32:48 +0100
Subject: [PATCH 34/88] lock accounts after enough failed login attempts

---
 admin/http.go                      | 49 ++++++++++++++++++++--
 controller/account.go              | 23 +++++++++++
 controller/migrator.go             |  6 ++-
 main.go                            | 66 +++++++++++++++++++++++++++++-
 model/account.go                   | 17 ++++----
 schema-migration/000-init.sql      |  2 +
 schema-migration/003-fail-lock.sql |  3 ++
 7 files changed, 153 insertions(+), 13 deletions(-)
 create mode 100644 schema-migration/003-fail-lock.sql

diff --git a/admin/http.go b/admin/http.go
index b16c209..4d09264 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -274,11 +274,20 @@ func loginHandler(app *model.AppState) http.Handler {
             render()
             return
         }
+		if account.Locked {
+			controller.SetSessionError(app.DB, session, "This account is locked.")
+			render()
+			return
+		}
 
         err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
         if err != nil {
             app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r))
-            controller.SetSessionError(app.DB, session, "Invalid username or password.")
+			if locked := handleFailedLogin(app, account); locked {
+				controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
+			} else {
+				controller.SetSessionError(app.DB, session, "Invalid username or password.")
+			}
             render()
             return
         }
@@ -299,6 +308,8 @@ func loginHandler(app *model.AppState) http.Handler {
                 render()
                 return
             }
+			controller.SetSessionMessage(app.DB, session, "")
+			controller.SetSessionError(app.DB, session, "")
             http.Redirect(w, r, "/admin/totp", http.StatusFound)
             return
         }
@@ -377,8 +388,14 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
             return
         }
         if totpMethod == nil {
-            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
-            controller.SetSessionError(app.DB, session, "Invalid TOTP.")
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
+			if locked := handleFailedLogin(app, session.AttemptAccount); locked {
+				controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
+				controller.SetSessionAttemptAccount(app.DB, session, nil)
+				http.Redirect(w, r, "/admin", http.StatusFound)
+			} else {
+				controller.SetSessionError(app.DB, session, "Incorrect TOTP.")
+			}
             render()
             return
         }
@@ -496,3 +513,29 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler {
         next.ServeHTTP(w, r.WithContext(ctx))
     })
 }
+
+func handleFailedLogin(app *model.AppState, account *model.Account) bool {
+	locked, err := controller.IncrementAccountFails(app.DB, account.ID)
+	if err != nil {
+		fmt.Fprintf(
+			os.Stderr,
+			"WARN: Failed to increment login failures for \"%s\": %v\n",
+			account.Username,
+			err,
+		)
+		app.Log.Warn(
+			log.TYPE_ACCOUNT,
+			"Failed to increment login failures for \"%s\"",
+			account.Username,
+		)
+	}
+	if locked {
+		app.Log.Warn(
+			log.TYPE_ACCOUNT,
+			"Account \"%s\" was locked: %d failed login attempts",
+			account.Username,
+			model.MAX_LOGIN_FAIL_ATTEMPTS,
+		)
+	}
+	return locked
+}
diff --git a/controller/account.go b/controller/account.go
index 9c7c1e1..e4f5dc4 100644
--- a/controller/account.go
+++ b/controller/account.go
@@ -110,3 +110,26 @@ func DeleteAccount(db *sqlx.DB, accountID string) error {
     _, err := db.Exec("DELETE FROM account WHERE id=$1", accountID)
     return err
 }
+
+func IncrementAccountFails(db *sqlx.DB, accountID string) (bool, error) {
+	failAttempts := 0
+	err := db.Get(&failAttempts, "UPDATE account SET fail_attempts = fail_attempts + 1 WHERE id=$1 RETURNING fail_attempts", accountID)
+	if err != nil { return false, err }
+	locked := false
+	if failAttempts >= model.MAX_LOGIN_FAIL_ATTEMPTS {
+		err = LockAccount(db, accountID)
+		if err != nil { return false, err }
+		locked = true
+	}
+	return locked, err
+}
+
+func LockAccount(db *sqlx.DB, accountID string) error {
+	_, err := db.Exec("UPDATE account SET locked = true WHERE id=$1", accountID)
+	return err
+}
+
+func UnlockAccount(db *sqlx.DB, accountID string) error {
+	_, err := db.Exec("UPDATE account SET locked = false, fail_attempts = 0 WHERE id=$1", accountID)
+	return err
+}
diff --git a/controller/migrator.go b/controller/migrator.go
index b053a27..b970a1b 100644
--- a/controller/migrator.go
+++ b/controller/migrator.go
@@ -8,7 +8,7 @@ import (
 	"github.com/jmoiron/sqlx"
 )
 
-const DB_VERSION int = 3
+const DB_VERSION int = 4
 
 func CheckDBVersionAndMigrate(db *sqlx.DB) {
     db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody")
@@ -45,6 +45,10 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) {
             ApplyMigration(db, "002-audit-logs")
             oldDBVersion = 3
 
+        case 3:
+            ApplyMigration(db, "003-fail-lock")
+            oldDBVersion = 4
+
         }
     }
 
diff --git a/main.go b/main.go
index 2252622..360f7ac 100644
--- a/main.go
+++ b/main.go
@@ -276,11 +276,13 @@ func main() {
                     "User: %s\n" +
                     "\tID: %s\n" +
                     "\tEmail: %s\n" +
-                    "\tCreated: %s\n",
+                    "\tCreated: %s\n" +
+                    "\tLocked: %t\n",
                     account.Username,
                     account.ID,
                     email,
                     account.CreatedAt,
+					account.Locked,
                 )
             }
             return
@@ -355,6 +357,64 @@ func main() {
             fmt.Printf("Account \"%s\" deleted successfully.\n", account.Username)
             return
 
+        case "lockAccount":
+            if len(os.Args) < 3 {
+                fmt.Fprintf(os.Stderr, "FATAL: `username` must be specified for lockAccount\n")
+                os.Exit(1)
+            }
+            username := os.Args[2]
+            fmt.Printf("Unlocking account \"%s\"...\n", username)
+
+            account, err := controller.GetAccountByUsername(app.DB, username)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err)
+                os.Exit(1)
+            }
+
+            if account == nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username)
+                os.Exit(1)
+            }
+
+            err = controller.LockAccount(app.DB, account.ID)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Failed to lock account: %v\n", err)
+                os.Exit(1)
+            }
+
+            app.Log.Info(log.TYPE_ACCOUNT, "Account '%s' locked via config utility.", account.Username)
+            fmt.Printf("Account \"%s\" locked successfully.\n", account.Username)
+            return
+
+        case "unlockAccount":
+            if len(os.Args) < 3 {
+                fmt.Fprintf(os.Stderr, "FATAL: `username` must be specified for unlockAccount\n")
+                os.Exit(1)
+            }
+            username := os.Args[2]
+            fmt.Printf("Unlocking account \"%s\"...\n", username)
+
+            account, err := controller.GetAccountByUsername(app.DB, username)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err)
+                os.Exit(1)
+            }
+
+            if account == nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username)
+                os.Exit(1)
+            }
+
+            err = controller.UnlockAccount(app.DB, account.ID)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "FATAL: Failed to unlock account: %v\n", err)
+                os.Exit(1)
+            }
+
+            app.Log.Info(log.TYPE_ACCOUNT, "Account '%s' unlocked via config utility.", account.Username)
+            fmt.Printf("Account \"%s\" unlocked successfully.\n", account.Username)
+            return
+
         case "logs":
             // TODO: add log search parameters
             logs, err := app.Log.Search([]log.LogLevel{}, []string{}, "", 100, 0)
@@ -389,7 +449,9 @@ func main() {
             "createInvite:\n\tCreates an invite code to register new accounts.\n" +
             "purgeInvites:\n\tDeletes all available invite codes.\n" +
             "listAccounts:\n\tLists all active accounts.\n",
-            "deleteAccount <username>:\n\tDeletes an account with a given `username`.\n",
+            "deleteAccount <username>:\n\tDeletes the account under `username`.\n",
+            "unlockAccount <username>:\n\tUnlocks the account under `username`.\n",
+			"logs:\n\tShows system logs.\n",
         )
         return
     }
diff --git a/model/account.go b/model/account.go
index 166e880..ad65b82 100644
--- a/model/account.go
+++ b/model/account.go
@@ -6,15 +6,18 @@ import (
 )
 
 const COOKIE_TOKEN string = "AM_SESSION"
+const MAX_LOGIN_FAIL_ATTEMPTS int = 3
 
 type (
-    Account struct {
-        ID          string          `json:"id" db:"id"`
-        Username    string          `json:"username" db:"username"`
-        Password    string          `json:"password" db:"password"`
-        Email       sql.NullString  `json:"email" db:"email"`
-        AvatarURL   sql.NullString  `json:"avatar_url" db:"avatar_url"`
-        CreatedAt   time.Time       `json:"created_at" db:"created_at"`
+	Account struct {
+		ID          	string          `json:"id" db:"id"`
+		Username    	string          `json:"username" db:"username"`
+		Password    	string          `json:"password" db:"password"`
+		Email       	sql.NullString  `json:"email" db:"email"`
+		AvatarURL   	sql.NullString  `json:"avatar_url" db:"avatar_url"`
+		CreatedAt   	time.Time       `json:"created_at" db:"created_at"`
+		FailAttempts	int				`json:"fail_attempts" db:"fail_attempts"`
+		Locked			bool			`json:"locked" db:"locked"`
 
         Privileges  []AccountPrivilege  `json:"privileges"`
     }
diff --git a/schema-migration/000-init.sql b/schema-migration/000-init.sql
index b56c6b6..2174109 100644
--- a/schema-migration/000-init.sql
+++ b/schema-migration/000-init.sql
@@ -19,6 +19,8 @@ CREATE TABLE arimelody.account (
     email TEXT,
     avatar_url TEXT,
     created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
+    fail_attempts INT NOT NULL DEFAULT 0,
+    locked BOOLEAN DEFAULT false,
 );
 ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id);
 
diff --git a/schema-migration/003-fail-lock.sql b/schema-migration/003-fail-lock.sql
new file mode 100644
index 0000000..32d19bf
--- /dev/null
+++ b/schema-migration/003-fail-lock.sql
@@ -0,0 +1,3 @@
+-- it would be nice to prevent brute-forcing
+ALTER TABLE arimelody.account ADD COLUMN fail_attempts INT NOT NULL DEFAULT 0;
+ALTER TABLE arimelody.account ADD COLUMN locked BOOLEAN DEFAULT false;

From 562ed2e0150331aff4937a456ee6904bfc2c676f Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 29 Apr 2025 16:31:39 +0100
Subject: [PATCH 35/88] session validation/invalidation

---
 admin/http.go         |  2 +-
 api/release.go        |  2 +-
 controller/session.go | 19 ++++++++++++++++---
 view/music.go         |  2 +-
 4 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/admin/http.go b/admin/http.go
index 4d09264..bdacad3 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -483,7 +483,7 @@ func staticHandler() http.Handler {
 
 func enforceSession(app *model.AppState, next http.Handler) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        session, err := controller.GetSessionFromRequest(app.DB, r)
+        session, err := controller.GetSessionFromRequest(app, r)
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
diff --git a/api/release.go b/api/release.go
index efed8dd..5cb87b0 100644
--- a/api/release.go
+++ b/api/release.go
@@ -20,7 +20,7 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler {
         // only allow authorised users to view hidden releases
         privileged := false
         if !release.Visible {
-            session, err := controller.GetSessionFromRequest(app.DB, r)
+            session, err := controller.GetSessionFromRequest(app, r)
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
diff --git a/controller/session.go b/controller/session.go
index cf423fe..dce7ad0 100644
--- a/controller/session.go
+++ b/controller/session.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 	"time"
 
+	"arimelody-web/log"
 	"arimelody-web/model"
 
 	"github.com/jmoiron/sqlx"
@@ -15,7 +16,7 @@ import (
 
 const TOKEN_LEN = 64
 
-func GetSessionFromRequest(db *sqlx.DB, r *http.Request) (*model.Session, error) {
+func GetSessionFromRequest(app *model.AppState, r *http.Request) (*model.Session, error) {
     sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
     if err != nil && err != http.ErrNoCookie {
         return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v", err))
@@ -25,14 +26,26 @@ func GetSessionFromRequest(db *sqlx.DB, r *http.Request) (*model.Session, error)
 
     if sessionCookie != nil {
         // fetch existing session
-        session, err = GetSession(db, sessionCookie.Value)
+        session, err = GetSession(app.DB, sessionCookie.Value)
 
         if err != nil && !strings.Contains(err.Error(), "no rows") {
             return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v", err))
         }
 
         if session != nil {
-            // TODO: consider running security checks here (i.e. user agent mismatches)
+			if session.UserAgent != r.UserAgent() {
+				msg := "Session user agent mismatch. A cookie may have been hijacked!"
+				if session.Account != nil {
+					account, _ := GetAccountByID(app.DB, session.Account.ID)
+					msg += " (Account \"" + account.Username + "\")"
+				}
+				app.Log.Warn(log.TYPE_ACCOUNT, msg)
+				err = DeleteSession(app.DB, session.Token)
+				if err != nil {
+					app.Log.Warn(log.TYPE_ACCOUNT, "Failed to delete affected session")
+				}
+				return nil, nil
+			}
         }
     }
 
diff --git a/view/music.go b/view/music.go
index 2d40ef0..dfe884e 100644
--- a/view/music.go
+++ b/view/music.go
@@ -60,7 +60,7 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler {
         // only allow authorised users to view hidden releases
         privileged := false
         if !release.Visible {
-            session, err := controller.GetSessionFromRequest(app.DB, r)
+            session, err := controller.GetSessionFromRequest(app, r)
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

From fe4a7888989192548cab21f2137f8f7a372d7451 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 29 Apr 2025 23:22:48 +0100
Subject: [PATCH 36/88] update cli utility docs

---
 README.md | 3 +++
 main.go   | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e5df7f6..464379e 100644
--- a/README.md
+++ b/README.md
@@ -47,3 +47,6 @@ need to be up for this, making this ideal for some offline maintenance.
 - `purgeInvites`: Deletes all available invite codes.
 - `listAccounts`: Lists all active accounts.
 - `deleteAccount <username>`: Deletes an account with a given `username`.
+- `lockAccount <username>`: Locks the account under `username`.
+- `unlockAccount <username>`: Unlocks the account under `username`.
+- `logs`: Shows system logs.
diff --git a/main.go b/main.go
index 360f7ac..c0f6ee2 100644
--- a/main.go
+++ b/main.go
@@ -450,8 +450,9 @@ func main() {
             "purgeInvites:\n\tDeletes all available invite codes.\n" +
             "listAccounts:\n\tLists all active accounts.\n",
             "deleteAccount <username>:\n\tDeletes the account under `username`.\n",
+            "lockAccount <username>:\n\tLocks the account under `username`.\n",
             "unlockAccount <username>:\n\tUnlocks the account under `username`.\n",
-			"logs:\n\tShows system logs.\n",
+            "logs:\n\tShows system logs.\n",
         )
         return
     }

From 23a02617f91384953b0d24813a75d4a32e3a4e14 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 29 Apr 2025 23:25:32 +0100
Subject: [PATCH 37/88] fix indentation (tabs to 4 spaces) (oops)

---
 admin/accounthttp.go   |  18 +++----
 admin/artisthttp.go    |   6 +--
 admin/http.go          | 108 ++++++++++++++++++++---------------------
 admin/logshttp.go      |  12 ++---
 admin/releasehttp.go   |  10 ++--
 admin/templates.go     |  12 ++---
 admin/trackhttp.go     |   6 +--
 api/api.go             |  16 +++---
 api/artist.go          |  78 ++++++++++++++---------------
 api/release.go         |  36 +++++++-------
 api/track.go           |  36 +++++++-------
 api/uploads.go         |  70 +++++++++++++-------------
 controller/account.go  |  34 ++++++-------
 controller/artist.go   |  56 ++++++++++-----------
 controller/config.go   |  12 ++---
 controller/invite.go   |  10 ++--
 controller/ip.go       |   8 +--
 controller/migrator.go |   8 +--
 controller/qr.go       |  14 +++---
 controller/release.go  |   8 +--
 controller/session.go  |  44 ++++++++---------
 controller/totp.go     |  26 +++++-----
 controller/track.go    |  44 ++++++++---------
 cursor/cursor.go       |  18 +++----
 discord/discord.go     |  14 +++---
 log/log.go             |   8 +--
 main.go                |  52 ++++++++++----------
 model/account.go       |  22 ++++-----
 model/appstate.go      |   2 +-
 model/artist.go        |  20 ++++----
 model/link.go          |  12 ++---
 model/release.go       |  32 ++++++------
 model/release_test.go  |   4 +-
 model/session.go       |   4 +-
 model/totp.go          |   2 +-
 model/track.go         |  16 +++---
 templates/templates.go |   4 +-
 view/music.go          |  12 ++---
 38 files changed, 447 insertions(+), 447 deletions(-)

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 125abdc..945a507 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -1,17 +1,17 @@
 package admin
 
 import (
-	"database/sql"
-	"fmt"
-	"net/http"
-	"net/url"
-	"os"
+    "database/sql"
+    "fmt"
+    "net/http"
+    "net/url"
+    "os"
 
-	"arimelody-web/controller"
-	"arimelody-web/log"
-	"arimelody-web/model"
+    "arimelody-web/controller"
+    "arimelody-web/log"
+    "arimelody-web/model"
 
-	"golang.org/x/crypto/bcrypt"
+    "golang.org/x/crypto/bcrypt"
 )
 
 func accountHandler(app *model.AppState) http.Handler {
diff --git a/admin/artisthttp.go b/admin/artisthttp.go
index 6dfbbfd..9fa6bb2 100644
--- a/admin/artisthttp.go
+++ b/admin/artisthttp.go
@@ -1,9 +1,9 @@
 package admin
 
 import (
-	"fmt"
-	"net/http"
-	"strings"
+    "fmt"
+    "net/http"
+    "strings"
 
     "arimelody-web/model"
     "arimelody-web/controller"
diff --git a/admin/http.go b/admin/http.go
index bdacad3..76eb5f2 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -1,20 +1,20 @@
 package admin
 
 import (
-	"context"
-	"database/sql"
-	"fmt"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
+    "context"
+    "database/sql"
+    "fmt"
+    "net/http"
+    "os"
+    "path/filepath"
+    "strings"
+    "time"
 
-	"arimelody-web/controller"
-	"arimelody-web/log"
-	"arimelody-web/model"
+    "arimelody-web/controller"
+    "arimelody-web/log"
+    "arimelody-web/model"
 
-	"golang.org/x/crypto/bcrypt"
+    "golang.org/x/crypto/bcrypt"
 )
 
 func Handler(app *model.AppState) http.Handler {
@@ -274,20 +274,20 @@ func loginHandler(app *model.AppState) http.Handler {
             render()
             return
         }
-		if account.Locked {
-			controller.SetSessionError(app.DB, session, "This account is locked.")
-			render()
-			return
-		}
+        if account.Locked {
+            controller.SetSessionError(app.DB, session, "This account is locked.")
+            render()
+            return
+        }
 
         err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
         if err != nil {
             app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r))
-			if locked := handleFailedLogin(app, account); locked {
-				controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
-			} else {
-				controller.SetSessionError(app.DB, session, "Invalid username or password.")
-			}
+            if locked := handleFailedLogin(app, account); locked {
+                controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
+            } else {
+                controller.SetSessionError(app.DB, session, "Invalid username or password.")
+            }
             render()
             return
         }
@@ -308,8 +308,8 @@ func loginHandler(app *model.AppState) http.Handler {
                 render()
                 return
             }
-			controller.SetSessionMessage(app.DB, session, "")
-			controller.SetSessionError(app.DB, session, "")
+            controller.SetSessionMessage(app.DB, session, "")
+            controller.SetSessionError(app.DB, session, "")
             http.Redirect(w, r, "/admin/totp", http.StatusFound)
             return
         }
@@ -389,13 +389,13 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
         }
         if totpMethod == nil {
             app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
-			if locked := handleFailedLogin(app, session.AttemptAccount); locked {
-				controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
-				controller.SetSessionAttemptAccount(app.DB, session, nil)
-				http.Redirect(w, r, "/admin", http.StatusFound)
-			} else {
-				controller.SetSessionError(app.DB, session, "Incorrect TOTP.")
-			}
+            if locked := handleFailedLogin(app, session.AttemptAccount); locked {
+                controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
+                controller.SetSessionAttemptAccount(app.DB, session, nil)
+                http.Redirect(w, r, "/admin", http.StatusFound)
+            } else {
+                controller.SetSessionError(app.DB, session, "Incorrect TOTP.")
+            }
             render()
             return
         }
@@ -515,27 +515,27 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler {
 }
 
 func handleFailedLogin(app *model.AppState, account *model.Account) bool {
-	locked, err := controller.IncrementAccountFails(app.DB, account.ID)
-	if err != nil {
-		fmt.Fprintf(
-			os.Stderr,
-			"WARN: Failed to increment login failures for \"%s\": %v\n",
-			account.Username,
-			err,
-		)
-		app.Log.Warn(
-			log.TYPE_ACCOUNT,
-			"Failed to increment login failures for \"%s\"",
-			account.Username,
-		)
-	}
-	if locked {
-		app.Log.Warn(
-			log.TYPE_ACCOUNT,
-			"Account \"%s\" was locked: %d failed login attempts",
-			account.Username,
-			model.MAX_LOGIN_FAIL_ATTEMPTS,
-		)
-	}
-	return locked
+    locked, err := controller.IncrementAccountFails(app.DB, account.ID)
+    if err != nil {
+        fmt.Fprintf(
+            os.Stderr,
+            "WARN: Failed to increment login failures for \"%s\": %v\n",
+            account.Username,
+            err,
+        )
+        app.Log.Warn(
+            log.TYPE_ACCOUNT,
+            "Failed to increment login failures for \"%s\"",
+            account.Username,
+        )
+    }
+    if locked {
+        app.Log.Warn(
+            log.TYPE_ACCOUNT,
+            "Account \"%s\" was locked: %d failed login attempts",
+            account.Username,
+            model.MAX_LOGIN_FAIL_ATTEMPTS,
+        )
+    }
+    return locked
 }
diff --git a/admin/logshttp.go b/admin/logshttp.go
index 93dc5b7..7249b16 100644
--- a/admin/logshttp.go
+++ b/admin/logshttp.go
@@ -1,12 +1,12 @@
 package admin
 
 import (
-	"arimelody-web/log"
-	"arimelody-web/model"
-	"fmt"
-	"net/http"
-	"os"
-	"strings"
+    "arimelody-web/log"
+    "arimelody-web/model"
+    "fmt"
+    "net/http"
+    "os"
+    "strings"
 )
 
 func logsHandler(app *model.AppState) http.Handler {
diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index 7ef4d37..c6b68ab 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -1,12 +1,12 @@
 package admin
 
 import (
-	"fmt"
-	"net/http"
-	"strings"
+    "fmt"
+    "net/http"
+    "strings"
 
-	"arimelody-web/controller"
-	"arimelody-web/model"
+    "arimelody-web/controller"
+    "arimelody-web/model"
 )
 
 func serveRelease(app *model.AppState) http.Handler {
diff --git a/admin/templates.go b/admin/templates.go
index 12cdf08..606d569 100644
--- a/admin/templates.go
+++ b/admin/templates.go
@@ -1,12 +1,12 @@
 package admin
 
 import (
-	"arimelody-web/log"
-	"fmt"
-	"html/template"
-	"path/filepath"
-	"strings"
-	"time"
+    "arimelody-web/log"
+    "fmt"
+    "html/template"
+    "path/filepath"
+    "strings"
+    "time"
 )
 
 var indexTemplate = template.Must(template.ParseFiles(
diff --git a/admin/trackhttp.go b/admin/trackhttp.go
index a92f81a..93eacdb 100644
--- a/admin/trackhttp.go
+++ b/admin/trackhttp.go
@@ -1,9 +1,9 @@
 package admin
 
 import (
-	"fmt"
-	"net/http"
-	"strings"
+    "fmt"
+    "net/http"
+    "strings"
 
     "arimelody-web/model"
     "arimelody-web/controller"
diff --git a/api/api.go b/api/api.go
index d3c83ce..398db4b 100644
--- a/api/api.go
+++ b/api/api.go
@@ -1,15 +1,15 @@
 package api
 
 import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"os"
-	"strings"
+    "context"
+    "errors"
+    "fmt"
+    "net/http"
+    "os"
+    "strings"
 
-	"arimelody-web/controller"
-	"arimelody-web/model"
+    "arimelody-web/controller"
+    "arimelody-web/model"
 )
 
 func Handler(app *model.AppState) http.Handler {
diff --git a/api/artist.go b/api/artist.go
index 9006cc3..01899a6 100644
--- a/api/artist.go
+++ b/api/artist.go
@@ -1,66 +1,66 @@
 package api
 
 import (
-	"encoding/json"
-	"fmt"
-	"io/fs"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
+    "encoding/json"
+    "fmt"
+    "io/fs"
+    "net/http"
+    "os"
+    "path/filepath"
+    "strings"
+    "time"
 
-	"arimelody-web/controller"
-	"arimelody-web/log"
-	"arimelody-web/model"
+    "arimelody-web/controller"
+    "arimelody-web/log"
+    "arimelody-web/model"
 )
 
 func ServeAllArtists(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         var artists = []*model.Artist{}
         artists, err := controller.GetAllArtists(app.DB)
-		if err != nil {
+        if err != nil {
             fmt.Printf("WARN: Failed to serve all artists: %s\n", err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-			return
-		}
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
 
-		w.Header().Add("Content-Type", "application/json")
+        w.Header().Add("Content-Type", "application/json")
         encoder := json.NewEncoder(w)
         encoder.SetIndent("", "\t")
         err = encoder.Encode(artists)
-		if err != nil {
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		}
+        if err != nil {
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+        }
     })
 }
 
 func ServeArtist(app *model.AppState, artist *model.Artist) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		type (
-			creditJSON struct {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        type (
+            creditJSON struct {
                 ID              string      `json:"id"`
                 Title           string      `json:"title"`
                 ReleaseDate     time.Time   `json:"releaseDate" db:"release_date"`
                 Artwork         string      `json:"artwork"`
-				Role            string      `json:"role"`
-				Primary         bool        `json:"primary"`
-			}
-			artistJSON struct {
-				*model.Artist
-				Credits map[string]creditJSON `json:"credits"`
-			}
-		)
+                Role            string      `json:"role"`
+                Primary         bool        `json:"primary"`
+            }
+            artistJSON struct {
+                *model.Artist
+                Credits map[string]creditJSON `json:"credits"`
+            }
+        )
 
         session := r.Context().Value("session").(*model.Session)
         show_hidden_releases := session != nil && session.Account != nil
 
         dbCredits, err := controller.GetArtistCredits(app.DB, artist.ID, show_hidden_releases)
-		if err != nil {
+        if err != nil {
             fmt.Printf("WARN: Failed to retrieve artist credits for %s: %v\n", artist.ID, err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-			return
-		}
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
 
         var credits = map[string]creditJSON{}
         for _, credit := range dbCredits {
@@ -74,17 +74,17 @@ func ServeArtist(app *model.AppState, artist *model.Artist) http.Handler {
             }
         }
 
-		w.Header().Add("Content-Type", "application/json")
+        w.Header().Add("Content-Type", "application/json")
         encoder := json.NewEncoder(w)
         encoder.SetIndent("", "\t")
         err = encoder.Encode(artistJSON{
             Artist: artist,
             Credits: credits,
         })
-		if err != nil {
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		}
-	})
+        if err != nil {
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+        }
+    })
 }
 
 func CreateArtist(app *model.AppState) http.Handler {
diff --git a/api/release.go b/api/release.go
index 5cb87b0..e07f0d7 100644
--- a/api/release.go
+++ b/api/release.go
@@ -1,22 +1,22 @@
 package api
 
 import (
-	"encoding/json"
-	"fmt"
-	"io/fs"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
+    "encoding/json"
+    "fmt"
+    "io/fs"
+    "net/http"
+    "os"
+    "path/filepath"
+    "strings"
+    "time"
 
-	"arimelody-web/controller"
-	"arimelody-web/log"
-	"arimelody-web/model"
+    "arimelody-web/controller"
+    "arimelody-web/log"
+    "arimelody-web/model"
 )
 
 func ServeRelease(app *model.AppState, release *model.Release) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         // only allow authorised users to view hidden releases
         privileged := false
         if !release.Visible {
@@ -116,15 +116,15 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler {
             }
         }
 
-		w.Header().Add("Content-Type", "application/json")
+        w.Header().Add("Content-Type", "application/json")
         encoder := json.NewEncoder(w)
         encoder.SetIndent("", "\t")
         err := encoder.Encode(response)
-		if err != nil {
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-			return
-		}
-	})
+        if err != nil {
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+    })
 }
 
 func ServeCatalog(app *model.AppState) http.Handler {
diff --git a/api/track.go b/api/track.go
index e7d7c07..4e48418 100644
--- a/api/track.go
+++ b/api/track.go
@@ -1,13 +1,13 @@
 package api
 
 import (
-	"encoding/json"
-	"fmt"
-	"net/http"
+    "encoding/json"
+    "fmt"
+    "net/http"
 
-	"arimelody-web/controller"
-	"arimelody-web/log"
-	"arimelody-web/model"
+    "arimelody-web/controller"
+    "arimelody-web/log"
+    "arimelody-web/model"
 )
 
 type (
@@ -29,7 +29,7 @@ func ServeAllTracks(app *model.AppState) http.Handler {
         dbTracks, err := controller.GetAllTracks(app.DB)
         if err != nil {
             fmt.Printf("WARN: Failed to pull tracks from DB: %s\n", err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
 
         for _, track := range dbTracks {
@@ -39,23 +39,23 @@ func ServeAllTracks(app *model.AppState) http.Handler {
             })
         }
 
-		w.Header().Add("Content-Type", "application/json")
+        w.Header().Add("Content-Type", "application/json")
         encoder := json.NewEncoder(w)
         encoder.SetIndent("", "\t")
         err = encoder.Encode(tracks)
-		if err != nil {
+        if err != nil {
             fmt.Printf("WARN: Failed to serve all tracks: %s\n", err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		}
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+        }
     })
 }
 
 func ServeTrack(app *model.AppState, track *model.Track) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         dbReleases, err := controller.GetTrackReleases(app.DB, track.ID, false)
         if err != nil {
             fmt.Printf("WARN: Failed to pull track releases for %s from DB: %s\n", track.ID, err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
         
         releases := []string{}
@@ -63,15 +63,15 @@ func ServeTrack(app *model.AppState, track *model.Track) http.Handler {
             releases = append(releases, release.ID)
         }
 
-		w.Header().Add("Content-Type", "application/json")
+        w.Header().Add("Content-Type", "application/json")
         encoder := json.NewEncoder(w)
         encoder.SetIndent("", "\t")
         err = encoder.Encode(Track{ track, releases })
-		if err != nil {
+        if err != nil {
             fmt.Printf("WARN: Failed to serve track %s: %s\n", track.ID, err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		}
-	})
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+        }
+    })
 }
 
 func CreateTrack(app *model.AppState) http.Handler {
diff --git a/api/uploads.go b/api/uploads.go
index 60ab7dd..4678f22 100644
--- a/api/uploads.go
+++ b/api/uploads.go
@@ -1,56 +1,56 @@
 package api
 
 import (
-	"arimelody-web/log"
-	"arimelody-web/model"
-	"bufio"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
+    "arimelody-web/log"
+    "arimelody-web/model"
+    "bufio"
+    "encoding/base64"
+    "errors"
+    "fmt"
+    "os"
+    "path/filepath"
+    "strings"
 )
 
 func HandleImageUpload(app *model.AppState, data *string, directory string, filename string) (string, error) {
-	split := strings.Split(*data, ";base64,")
-	header := split[0]
-	imageData, err := base64.StdEncoding.DecodeString(split[1])
-	ext, _ := strings.CutPrefix(header, "data:image/")
+    split := strings.Split(*data, ";base64,")
+    header := split[0]
+    imageData, err := base64.StdEncoding.DecodeString(split[1])
+    ext, _ := strings.CutPrefix(header, "data:image/")
     directory = filepath.Join(app.Config.DataDirectory, directory)
 
-	switch ext {
-	case "png":
-	case "jpg":
-	case "jpeg":
-	default:
-		return "", errors.New("Invalid image type. Allowed: .png, .jpg, .jpeg")
-	}
+    switch ext {
+    case "png":
+    case "jpg":
+    case "jpeg":
+    default:
+        return "", errors.New("Invalid image type. Allowed: .png, .jpg, .jpeg")
+    }
     filename = fmt.Sprintf("%s.%s", filename, ext)
 
-	// ensure directory exists
-	os.MkdirAll(directory, os.ModePerm)
+    // ensure directory exists
+    os.MkdirAll(directory, os.ModePerm)
 
-	imagePath := filepath.Join(directory, filename)
-	file, err := os.Create(imagePath)
-	if err != nil {
-		return "", err
-	}
-	defer file.Close()
+    imagePath := filepath.Join(directory, filename)
+    file, err := os.Create(imagePath)
+    if err != nil {
+        return "", err
+    }
+    defer file.Close()
 
     // TODO: generate compressed versions of image (512x512?)
 
-	buffer := bufio.NewWriter(file)
-	_, err = buffer.Write(imageData)
-	if err != nil {
+    buffer := bufio.NewWriter(file)
+    _, err = buffer.Write(imageData)
+    if err != nil {
         return "", nil
-	}
+    }
 
-	if err := buffer.Flush(); err != nil {
+    if err := buffer.Flush(); err != nil {
         return "", nil
-	}
+    }
 
     app.Log.Info(log.TYPE_FILES, "\"%s/%s.%s\" created.", directory, filename, ext)
 
-	return filename, nil
+    return filename, nil
 }
diff --git a/controller/account.go b/controller/account.go
index e4f5dc4..ab64ca5 100644
--- a/controller/account.go
+++ b/controller/account.go
@@ -1,10 +1,10 @@
 package controller
 
 import (
-	"arimelody-web/model"
-	"strings"
+    "arimelody-web/model"
+    "strings"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 func GetAllAccounts(db *sqlx.DB) ([]model.Account, error) {
@@ -112,24 +112,24 @@ func DeleteAccount(db *sqlx.DB, accountID string) error {
 }
 
 func IncrementAccountFails(db *sqlx.DB, accountID string) (bool, error) {
-	failAttempts := 0
-	err := db.Get(&failAttempts, "UPDATE account SET fail_attempts = fail_attempts + 1 WHERE id=$1 RETURNING fail_attempts", accountID)
-	if err != nil { return false, err }
-	locked := false
-	if failAttempts >= model.MAX_LOGIN_FAIL_ATTEMPTS {
-		err = LockAccount(db, accountID)
-		if err != nil { return false, err }
-		locked = true
-	}
-	return locked, err
+    failAttempts := 0
+    err := db.Get(&failAttempts, "UPDATE account SET fail_attempts = fail_attempts + 1 WHERE id=$1 RETURNING fail_attempts", accountID)
+    if err != nil { return false, err }
+    locked := false
+    if failAttempts >= model.MAX_LOGIN_FAIL_ATTEMPTS {
+        err = LockAccount(db, accountID)
+        if err != nil { return false, err }
+        locked = true
+    }
+    return locked, err
 }
 
 func LockAccount(db *sqlx.DB, accountID string) error {
-	_, err := db.Exec("UPDATE account SET locked = true WHERE id=$1", accountID)
-	return err
+    _, err := db.Exec("UPDATE account SET locked = true WHERE id=$1", accountID)
+    return err
 }
 
 func UnlockAccount(db *sqlx.DB, accountID string) error {
-	_, err := db.Exec("UPDATE account SET locked = false, fail_attempts = 0 WHERE id=$1", accountID)
-	return err
+    _, err := db.Exec("UPDATE account SET locked = false, fail_attempts = 0 WHERE id=$1", accountID)
+    return err
 }
diff --git a/controller/artist.go b/controller/artist.go
index 1a613aa..f086778 100644
--- a/controller/artist.go
+++ b/controller/artist.go
@@ -1,48 +1,48 @@
 package controller
 
 import (
-	"arimelody-web/model"
+    "arimelody-web/model"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 // DATABASE
 
 func GetArtist(db *sqlx.DB, id string) (*model.Artist, error) {
-	var artist = model.Artist{}
+    var artist = model.Artist{}
 
-	err := db.Get(&artist, "SELECT * FROM artist WHERE id=$1", id)
-	if err != nil {
-		return nil, err
-	}
+    err := db.Get(&artist, "SELECT * FROM artist WHERE id=$1", id)
+    if err != nil {
+        return nil, err
+    }
 
-	return &artist, nil
+    return &artist, nil
 }
 
 func GetAllArtists(db *sqlx.DB) ([]*model.Artist, error) {
-	var artists = []*model.Artist{}
+    var artists = []*model.Artist{}
 
-	err := db.Select(&artists, "SELECT * FROM artist")
-	if err != nil {
-		return nil, err
-	}
+    err := db.Select(&artists, "SELECT * FROM artist")
+    if err != nil {
+        return nil, err
+    }
 
-	return artists, nil
+    return artists, nil
 }
 
 func GetArtistsNotOnRelease(db *sqlx.DB, releaseID string) ([]*model.Artist, error) {
-	var artists = []*model.Artist{}
+    var artists = []*model.Artist{}
 
-	err := db.Select(&artists,
+    err := db.Select(&artists,
         "SELECT * FROM artist "+
         "WHERE id NOT IN "+
         "(SELECT artist FROM musiccredit WHERE release=$1)",
         releaseID)
-	if err != nil {
-		return nil, err
-	}
+    if err != nil {
+        return nil, err
+    }
 
-	return artists, nil
+    return artists, nil
 }
 
 func GetArtistCredits(db *sqlx.DB, artistID string, show_hidden bool) ([]*model.Credit, error) {
@@ -54,9 +54,9 @@ func GetArtistCredits(db *sqlx.DB, artistID string, show_hidden bool) ([]*model.
     if !show_hidden { query += "AND visible=true " }
     query += "ORDER BY release_date DESC"
     rows, err := db.Query(query, artistID)
-	if err != nil {
-		return nil, err
-	}
+    if err != nil {
+        return nil, err
+    }
     defer rows.Close()
     
     type NamePrimary struct {
@@ -102,13 +102,13 @@ func GetArtistCredits(db *sqlx.DB, artistID string, show_hidden bool) ([]*model.
 
 func CreateArtist(db *sqlx.DB, artist *model.Artist) error {
     _, err := db.Exec(
-		"INSERT INTO artist (id, name, website, avatar) "+
+        "INSERT INTO artist (id, name, website, avatar) "+
         "VALUES ($1, $2, $3, $4)",
-		artist.ID,
-		artist.Name,
-		artist.Website,
+        artist.ID,
+        artist.Name,
+        artist.Website,
         artist.Avatar,
-	)
+    )
     if err != nil {
         return err
     }
diff --git a/controller/config.go b/controller/config.go
index 5a69d49..1d3cbbb 100644
--- a/controller/config.go
+++ b/controller/config.go
@@ -1,14 +1,14 @@
 package controller
 
 import (
-	"errors"
-	"fmt"
-	"os"
-	"strconv"
+    "errors"
+    "fmt"
+    "os"
+    "strconv"
 
-	"arimelody-web/model"
+    "arimelody-web/model"
 
-	"github.com/pelletier/go-toml/v2"
+    "github.com/pelletier/go-toml/v2"
 )
 
 func GetConfig() model.Config {
diff --git a/controller/invite.go b/controller/invite.go
index f30db64..a7bde40 100644
--- a/controller/invite.go
+++ b/controller/invite.go
@@ -1,12 +1,12 @@
 package controller
 
 import (
-	"arimelody-web/model"
-	"math/rand"
-	"strings"
-	"time"
+    "arimelody-web/model"
+    "math/rand"
+    "strings"
+    "time"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 var inviteChars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
diff --git a/controller/ip.go b/controller/ip.go
index 233d76a..cbc3054 100644
--- a/controller/ip.go
+++ b/controller/ip.go
@@ -1,10 +1,10 @@
 package controller
 
 import (
-	"arimelody-web/model"
-	"net/http"
-	"slices"
-	"strings"
+    "arimelody-web/model"
+    "net/http"
+    "slices"
+    "strings"
 )
 
 // Returns the request's original IP address, resolving the `x-forwarded-for`
diff --git a/controller/migrator.go b/controller/migrator.go
index b970a1b..4b99b9c 100644
--- a/controller/migrator.go
+++ b/controller/migrator.go
@@ -1,11 +1,11 @@
 package controller
 
 import (
-	"fmt"
-	"os"
-	"time"
+    "fmt"
+    "os"
+    "time"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 const DB_VERSION int = 4
diff --git a/controller/qr.go b/controller/qr.go
index 7ada0f8..6b04e69 100644
--- a/controller/qr.go
+++ b/controller/qr.go
@@ -1,13 +1,13 @@
 package controller
 
 import (
-	"bytes"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"image"
-	"image/color"
-	"image/png"
+    "bytes"
+    "encoding/base64"
+    "errors"
+    "fmt"
+    "image"
+    "image/color"
+    "image/png"
 
     "github.com/skip2/go-qrcode"
 )
diff --git a/controller/release.go b/controller/release.go
index 362669a..3dcad26 100644
--- a/controller/release.go
+++ b/controller/release.go
@@ -1,12 +1,12 @@
 package controller
 
 import (
-	"errors"
-	"fmt"
+    "errors"
+    "fmt"
 
-	"arimelody-web/model"
+    "arimelody-web/model"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) {
diff --git a/controller/session.go b/controller/session.go
index dce7ad0..b037575 100644
--- a/controller/session.go
+++ b/controller/session.go
@@ -1,17 +1,17 @@
 package controller
 
 import (
-	"database/sql"
-	"errors"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
+    "database/sql"
+    "errors"
+    "fmt"
+    "net/http"
+    "strings"
+    "time"
 
-	"arimelody-web/log"
-	"arimelody-web/model"
+    "arimelody-web/log"
+    "arimelody-web/model"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 const TOKEN_LEN = 64
@@ -33,19 +33,19 @@ func GetSessionFromRequest(app *model.AppState, r *http.Request) (*model.Session
         }
 
         if session != nil {
-			if session.UserAgent != r.UserAgent() {
-				msg := "Session user agent mismatch. A cookie may have been hijacked!"
-				if session.Account != nil {
-					account, _ := GetAccountByID(app.DB, session.Account.ID)
-					msg += " (Account \"" + account.Username + "\")"
-				}
-				app.Log.Warn(log.TYPE_ACCOUNT, msg)
-				err = DeleteSession(app.DB, session.Token)
-				if err != nil {
-					app.Log.Warn(log.TYPE_ACCOUNT, "Failed to delete affected session")
-				}
-				return nil, nil
-			}
+            if session.UserAgent != r.UserAgent() {
+                msg := "Session user agent mismatch. A cookie may have been hijacked!"
+                if session.Account != nil {
+                    account, _ := GetAccountByID(app.DB, session.Account.ID)
+                    msg += " (Account \"" + account.Username + "\")"
+                }
+                app.Log.Warn(log.TYPE_ACCOUNT, msg)
+                err = DeleteSession(app.DB, session.Token)
+                if err != nil {
+                    app.Log.Warn(log.TYPE_ACCOUNT, "Failed to delete affected session")
+                }
+                return nil, nil
+            }
         }
     }
 
diff --git a/controller/totp.go b/controller/totp.go
index 88f6bc3..076d3a1 100644
--- a/controller/totp.go
+++ b/controller/totp.go
@@ -1,20 +1,20 @@
 package controller
 
 import (
-	"arimelody-web/model"
-	"crypto/hmac"
-	"crypto/rand"
-	"crypto/sha1"
-	"encoding/base32"
-	"encoding/binary"
-	"fmt"
-	"math"
-	"net/url"
-	"os"
-	"strings"
-	"time"
+    "arimelody-web/model"
+    "crypto/hmac"
+    "crypto/rand"
+    "crypto/sha1"
+    "encoding/base32"
+    "encoding/binary"
+    "fmt"
+    "math"
+    "net/url"
+    "os"
+    "strings"
+    "time"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 const TOTP_SECRET_LENGTH = 32
diff --git a/controller/track.go b/controller/track.go
index fa4efc1..ee7581c 100644
--- a/controller/track.go
+++ b/controller/track.go
@@ -1,9 +1,9 @@
 package controller
 
 import (
-	"arimelody-web/model"
+    "arimelody-web/model"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 // DATABASE
@@ -13,19 +13,19 @@ func GetTrack(db *sqlx.DB, id string) (*model.Track, error) {
 
     stmt, _ := db.Preparex("SELECT * FROM musictrack WHERE id=$1")
     err := stmt.Get(&track, id)
-	if err != nil {
+    if err != nil {
         return nil, err
-	}
+    }
     return &track, nil
 }
 
 func GetAllTracks(db *sqlx.DB) ([]*model.Track, error) {
     var tracks = []*model.Track{}
 
-	err := db.Select(&tracks, "SELECT * FROM musictrack")
-	if err != nil {
+    err := db.Select(&tracks, "SELECT * FROM musictrack")
+    if err != nil {
         return nil, err
-	}
+    }
 
     return tracks, nil
 }
@@ -33,33 +33,33 @@ func GetAllTracks(db *sqlx.DB) ([]*model.Track, error) {
 func GetOrphanTracks(db *sqlx.DB) ([]*model.Track, error) {
     var tracks = []*model.Track{}
 
-	err := db.Select(&tracks, "SELECT * FROM musictrack WHERE id NOT IN (SELECT track FROM musicreleasetrack)")
-	if err != nil {
+    err := db.Select(&tracks, "SELECT * FROM musictrack WHERE id NOT IN (SELECT track FROM musicreleasetrack)")
+    if err != nil {
         return nil, err
-	}
+    }
 
     return tracks, nil
 }
 
 func GetTracksNotOnRelease(db *sqlx.DB, releaseID string) ([]*model.Track, error) {
-	var tracks = []*model.Track{}
+    var tracks = []*model.Track{}
 
-	err := db.Select(&tracks,
+    err := db.Select(&tracks,
         "SELECT * FROM musictrack "+
         "WHERE id NOT IN "+
         "(SELECT track FROM musicreleasetrack WHERE release=$1)",
         releaseID)
-	if err != nil {
-		return nil, err
-	}
+    if err != nil {
+        return nil, err
+    }
 
-	return tracks, nil
+    return tracks, nil
 }
 
 func GetTrackReleases(db *sqlx.DB, trackID string, full bool) ([]*model.Release, error) {
     var releases = []*model.Release{}
 
-	err := db.Select(&releases,
+    err := db.Select(&releases,
         "SELECT id,title,type,release_date,artwork,buylink "+
         "FROM musicrelease "+
         "JOIN musicreleasetrack ON release=id "+
@@ -67,9 +67,9 @@ func GetTrackReleases(db *sqlx.DB, trackID string, full bool) ([]*model.Release,
         "ORDER BY release_date",
         trackID,
     )
-	if err != nil {
+    if err != nil {
         return nil, err
-	}
+    }
 
     type NamePrimary struct {
         Name    string  `json:"name"`
@@ -114,14 +114,14 @@ func GetTrackReleases(db *sqlx.DB, trackID string, full bool) ([]*model.Release,
 func PullOrphanTracks(db *sqlx.DB) ([]*model.Track, error) {
     var tracks = []*model.Track{}
 
-	err := db.Select(&tracks,
+    err := db.Select(&tracks,
         "SELECT id, title, description, lyrics, preview_url FROM musictrack "+
         "WHERE id NOT IN "+
         "(SELECT track FROM musicreleasetrack)",
     )
-	if err != nil {
+    if err != nil {
         return nil, err
-	}
+    }
 
     return tracks, nil
 }
diff --git a/cursor/cursor.go b/cursor/cursor.go
index 4ed59e3..56edb56 100644
--- a/cursor/cursor.go
+++ b/cursor/cursor.go
@@ -1,16 +1,16 @@
 package cursor
 
 import (
-	"arimelody-web/model"
-	"fmt"
-	"math/rand"
-	"net/http"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
+    "arimelody-web/model"
+    "fmt"
+    "math/rand"
+    "net/http"
+    "strconv"
+    "strings"
+    "sync"
+    "time"
 
-	"github.com/gorilla/websocket"
+    "github.com/gorilla/websocket"
 )
 
 type CursorClient struct {
diff --git a/discord/discord.go b/discord/discord.go
index d46f32d..0eb9b97 100644
--- a/discord/discord.go
+++ b/discord/discord.go
@@ -1,13 +1,13 @@
 package discord
 
 import (
-	"arimelody-web/model"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
+    "arimelody-web/model"
+    "encoding/json"
+    "errors"
+    "fmt"
+    "net/http"
+    "net/url"
+    "strings"
 )
 
 const API_ENDPOINT = "https://discord.com/api/v10"
diff --git a/log/log.go b/log/log.go
index 2d1c0c2..88d328b 100644
--- a/log/log.go
+++ b/log/log.go
@@ -1,11 +1,11 @@
 package log
 
 import (
-	"fmt"
-	"os"
-	"time"
+    "fmt"
+    "os"
+    "time"
 
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 )
 
 type (
diff --git a/main.go b/main.go
index c0f6ee2..23c7dc4 100644
--- a/main.go
+++ b/main.go
@@ -1,33 +1,33 @@
 package main
 
 import (
-	"bufio"
-	"errors"
-	"fmt"
-	stdLog "log"
-	"math"
-	"math/rand"
-	"net"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
+    "bufio"
+    "errors"
+    "fmt"
+    stdLog "log"
+    "math"
+    "math/rand"
+    "net"
+    "net/http"
+    "os"
+    "path/filepath"
+    "strconv"
+    "strings"
+    "time"
 
-	"arimelody-web/admin"
-	"arimelody-web/api"
-	"arimelody-web/colour"
-	"arimelody-web/controller"
-	"arimelody-web/cursor"
-	"arimelody-web/log"
-	"arimelody-web/model"
-	"arimelody-web/templates"
-	"arimelody-web/view"
+    "arimelody-web/admin"
+    "arimelody-web/api"
+    "arimelody-web/colour"
+    "arimelody-web/controller"
+    "arimelody-web/cursor"
+    "arimelody-web/log"
+    "arimelody-web/model"
+    "arimelody-web/templates"
+    "arimelody-web/view"
 
-	"github.com/jmoiron/sqlx"
-	_ "github.com/lib/pq"
-	"golang.org/x/crypto/bcrypt"
+    "github.com/jmoiron/sqlx"
+    _ "github.com/lib/pq"
+    "golang.org/x/crypto/bcrypt"
 )
 
 // used for database migrations
@@ -282,7 +282,7 @@ func main() {
                     account.ID,
                     email,
                     account.CreatedAt,
-					account.Locked,
+                    account.Locked,
                 )
             }
             return
diff --git a/model/account.go b/model/account.go
index ad65b82..67424b7 100644
--- a/model/account.go
+++ b/model/account.go
@@ -1,23 +1,23 @@
 package model
 
 import (
-	"database/sql"
-	"time"
+    "database/sql"
+    "time"
 )
 
 const COOKIE_TOKEN string = "AM_SESSION"
 const MAX_LOGIN_FAIL_ATTEMPTS int = 3
 
 type (
-	Account struct {
-		ID          	string          `json:"id" db:"id"`
-		Username    	string          `json:"username" db:"username"`
-		Password    	string          `json:"password" db:"password"`
-		Email       	sql.NullString  `json:"email" db:"email"`
-		AvatarURL   	sql.NullString  `json:"avatar_url" db:"avatar_url"`
-		CreatedAt   	time.Time       `json:"created_at" db:"created_at"`
-		FailAttempts	int				`json:"fail_attempts" db:"fail_attempts"`
-		Locked			bool			`json:"locked" db:"locked"`
+    Account struct {
+        ID              string          `json:"id" db:"id"`
+        Username        string          `json:"username" db:"username"`
+        Password        string          `json:"password" db:"password"`
+        Email           sql.NullString  `json:"email" db:"email"`
+        AvatarURL       sql.NullString  `json:"avatar_url" db:"avatar_url"`
+        CreatedAt       time.Time       `json:"created_at" db:"created_at"`
+        FailAttempts    int                `json:"fail_attempts" db:"fail_attempts"`
+        Locked            bool            `json:"locked" db:"locked"`
 
         Privileges  []AccountPrivilege  `json:"privileges"`
     }
diff --git a/model/appstate.go b/model/appstate.go
index 233e0db..a910a29 100644
--- a/model/appstate.go
+++ b/model/appstate.go
@@ -1,7 +1,7 @@
 package model
 
 import (
-	"github.com/jmoiron/sqlx"
+    "github.com/jmoiron/sqlx"
 
     "arimelody-web/log"
 )
diff --git a/model/artist.go b/model/artist.go
index 63871c7..746a7dd 100644
--- a/model/artist.go
+++ b/model/artist.go
@@ -1,17 +1,17 @@
 package model
 
 type (
-	Artist struct {
-		ID      string `json:"id"`
-		Name    string `json:"name"`
-		Website string `json:"website"`
-		Avatar  string `json:"avatar"`
-	}
+    Artist struct {
+        ID      string `json:"id"`
+        Name    string `json:"name"`
+        Website string `json:"website"`
+        Avatar  string `json:"avatar"`
+    }
 )
 
 func (artist Artist) GetAvatar() string {
-	if artist.Avatar == "" {
-		return "/img/default-avatar.png"
-	}
-	return artist.Avatar
+    if artist.Avatar == "" {
+        return "/img/default-avatar.png"
+    }
+    return artist.Avatar
 }
diff --git a/model/link.go b/model/link.go
index 1a5bb8f..ba83e22 100644
--- a/model/link.go
+++ b/model/link.go
@@ -1,16 +1,16 @@
 package model
 
 import (
-	"regexp"
-	"strings"
+    "regexp"
+    "strings"
 )
 
 type Link struct {
-	Name    string  `json:"name"`
-	URL     string  `json:"url"`
+    Name    string  `json:"name"`
+    URL     string  `json:"url"`
 }
 
 func (link Link) NormaliseName() string {
-	rgx := regexp.MustCompile(`[^a-z0-9\-]`)
-	return rgx.ReplaceAllString(strings.ToLower(link.Name), "")
+    rgx := regexp.MustCompile(`[^a-z0-9\-]`)
+    return rgx.ReplaceAllString(strings.ToLower(link.Name), "")
 }
diff --git a/model/release.go b/model/release.go
index afaacca..e64317b 100644
--- a/model/release.go
+++ b/model/release.go
@@ -1,9 +1,9 @@
 package model
 
 import (
-	"html/template"
-	"strings"
-	"time"
+    "html/template"
+    "strings"
+    "time"
 )
 
 type (
@@ -73,23 +73,23 @@ func (release Release) GetUniqueArtistNames(only_primary bool) []string {
         names = append(names, credit.Artist.Name)
     }
 
-	return names
+    return names
 }
 
 func (release Release) PrintArtists(only_primary bool, ampersand bool) string {
     names := release.GetUniqueArtistNames(only_primary)
 
-	if len(names) == 0 {
-		return "Unknown Artist"
-	} else if len(names) == 1 {
-		return names[0]
-	}
+    if len(names) == 0 {
+        return "Unknown Artist"
+    } else if len(names) == 1 {
+        return names[0]
+    }
 
-	if ampersand {
-		res := strings.Join(names[:len(names)-1], ", ")
-		res += " & " + names[len(names)-1]
-		return res
-	} else {
-		return strings.Join(names[:], ", ")
-	}
+    if ampersand {
+        res := strings.Join(names[:len(names)-1], ", ")
+        res += " & " + names[len(names)-1]
+        return res
+    } else {
+        return strings.Join(names[:], ", ")
+    }
 }
diff --git a/model/release_test.go b/model/release_test.go
index 11a58a1..b0ddaf5 100644
--- a/model/release_test.go
+++ b/model/release_test.go
@@ -1,8 +1,8 @@
 package model
 
 import (
-	"testing"
-	"time"
+    "testing"
+    "time"
 )
 
 func Test_Release_DescriptionHTML(t *testing.T) {
diff --git a/model/session.go b/model/session.go
index de016e1..7382de3 100644
--- a/model/session.go
+++ b/model/session.go
@@ -1,8 +1,8 @@
 package model
 
 import (
-	"database/sql"
-	"time"
+    "database/sql"
+    "time"
 )
 
 type Session struct {
diff --git a/model/totp.go b/model/totp.go
index cfad10a..108dae5 100644
--- a/model/totp.go
+++ b/model/totp.go
@@ -1,7 +1,7 @@
 package model
 
 import (
-	"time"
+    "time"
 )
 
 type TOTP struct {
diff --git a/model/track.go b/model/track.go
index ca54ddd..deaf086 100644
--- a/model/track.go
+++ b/model/track.go
@@ -1,20 +1,20 @@
 package model
 
 import (
-	"html/template"
-	"strings"
+    "html/template"
+    "strings"
 )
 
 type (
-	Track struct {
-		ID          string  `json:"id"`
-		Title       string  `json:"title"`
-		Description string  `json:"description"`
+    Track struct {
+        ID          string  `json:"id"`
+        Title       string  `json:"title"`
+        Description string  `json:"description"`
         Lyrics      string  `json:"lyrics" db:"lyrics"`
-		PreviewURL  string  `json:"previewURL" db:"preview_url"`
+        PreviewURL  string  `json:"previewURL" db:"preview_url"`
 
         Number      int
-	}
+    }
 )
 
 func (track Track) GetDescriptionHTML() template.HTML {
diff --git a/templates/templates.go b/templates/templates.go
index 8d1a5ca..752c78d 100644
--- a/templates/templates.go
+++ b/templates/templates.go
@@ -1,8 +1,8 @@
 package templates
 
 import (
-	"html/template"
-	"path/filepath"
+    "html/template"
+    "path/filepath"
 )
 
 var IndexTemplate = template.Must(template.ParseFiles(
diff --git a/view/music.go b/view/music.go
index dfe884e..8ed5279 100644
--- a/view/music.go
+++ b/view/music.go
@@ -1,13 +1,13 @@
 package view
 
 import (
-	"fmt"
-	"net/http"
-	"os"
+    "fmt"
+    "net/http"
+    "os"
 
-	"arimelody-web/controller"
-	"arimelody-web/model"
-	"arimelody-web/templates"
+    "arimelody-web/controller"
+    "arimelody-web/model"
+    "arimelody-web/templates"
 )
 
 // HTTP HANDLER METHODS

From 37fa1f4fa878fbd21cbe4fbb0bcc6933c2194203 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 29 Apr 2025 23:42:08 +0100
Subject: [PATCH 38/88] and she never dealt with indentation issues ever again

---
 .editorconfig | 7 +++++++
 main.go       | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 .editorconfig

diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..a882442
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,7 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
diff --git a/main.go b/main.go
index 23c7dc4..29539ac 100644
--- a/main.go
+++ b/main.go
@@ -223,7 +223,7 @@ func main() {
             code := controller.GenerateTOTP(totp.Secret, 0)
             fmt.Printf("%s\n", code)
             return
-        
+
         case "cleanTOTP":
             err := controller.DeleteUnconfirmedTOTPs(app.DB)
             if err != nil {
@@ -346,7 +346,7 @@ func main() {
             if !strings.HasPrefix(res, "y") {
                 return
             }
-            
+
             err = controller.DeleteAccount(app.DB, account.ID)
             if err != nil {
                 fmt.Fprintf(os.Stderr, "FATAL: Failed to delete account: %v\n", err)

From 76cf1bb0d53c5f394e69860bb1325b0e6a3551bc Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Wed, 30 Apr 2025 18:21:47 +0100
Subject: [PATCH 39/88] log IP address for account locks :troll:

---
 admin/http.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/admin/http.go b/admin/http.go
index 76eb5f2..245a152 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -283,7 +283,7 @@ func loginHandler(app *model.AppState) http.Handler {
         err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
         if err != nil {
             app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r))
-            if locked := handleFailedLogin(app, account); locked {
+            if locked := handleFailedLogin(app, account, r); locked {
                 controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
             } else {
                 controller.SetSessionError(app.DB, session, "Invalid username or password.")
@@ -389,7 +389,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
         }
         if totpMethod == nil {
             app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
-            if locked := handleFailedLogin(app, session.AttemptAccount); locked {
+            if locked := handleFailedLogin(app, session.AttemptAccount, r); locked {
                 controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.")
                 controller.SetSessionAttemptAccount(app.DB, session, nil)
                 http.Redirect(w, r, "/admin", http.StatusFound)
@@ -514,7 +514,7 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler {
     })
 }
 
-func handleFailedLogin(app *model.AppState, account *model.Account) bool {
+func handleFailedLogin(app *model.AppState, account *model.Account, r *http.Request) bool {
     locked, err := controller.IncrementAccountFails(app.DB, account.ID)
     if err != nil {
         fmt.Fprintf(
@@ -532,9 +532,10 @@ func handleFailedLogin(app *model.AppState, account *model.Account) bool {
     if locked {
         app.Log.Warn(
             log.TYPE_ACCOUNT,
-            "Account \"%s\" was locked: %d failed login attempts",
+            "Account \"%s\" was locked: %d failed login attempts (IP: %s)",
             account.Username,
             model.MAX_LOGIN_FAIL_ATTEMPTS,
+            controller.ResolveIP(app, r),
         )
     }
     return locked

From 35e149e186fbaa8f0e5f4a5429c61e5e9289eeb2 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 5 May 2025 17:54:44 +0100
Subject: [PATCH 40/88] oops

---
 schema-migration/000-init.sql | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/schema-migration/000-init.sql b/schema-migration/000-init.sql
index 2174109..90385ac 100644
--- a/schema-migration/000-init.sql
+++ b/schema-migration/000-init.sql
@@ -18,9 +18,9 @@ CREATE TABLE arimelody.account (
     password TEXT NOT NULL, 
     email TEXT,
     avatar_url TEXT,
-    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp
+    created_at TIMESTAMP NOT NULL DEFAULT current_timestamp,
     fail_attempts INT NOT NULL DEFAULT 0,
-    locked BOOLEAN DEFAULT false,
+    locked BOOLEAN DEFAULT false
 );
 ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id);
 

From 30c4252e40a5d2671ae78288a85695f855a71a7a Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Wed, 21 May 2025 15:49:21 +0100
Subject: [PATCH 41/88] hamburger dropdown: match theme background colour

---
 public/style/header.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/style/header.css b/public/style/header.css
index 48971b5..531649a 100644
--- a/public/style/header.css
+++ b/public/style/header.css
@@ -154,7 +154,7 @@ header ul li a:hover {
         flex-direction: column;
         gap: 1rem;
         border-bottom: 1px solid #888;
-        background: #080808;
+        background: var(--background);
         display: none;
     }
 

From da1cd0204e37ebae2f526d6f8a8f5766c19daa2c Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 23 May 2025 12:23:05 +0100
Subject: [PATCH 42/88] update socials and projects

---
 views/index.html | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/views/index.html b/views/index.html
index ba0ca15..f18d87a 100644
--- a/views/index.html
+++ b/views/index.html
@@ -91,14 +91,17 @@
         <li>
             <a href="https://twitch.tv/arispacegirl" target="_blank">twitch</a>
         </li>
-        <li>
-            <a href="https://sptfy.com/mellodoot" target="_blank">spotify</a>
-        </li>
         <li>
             <a href="https://arimelody.bandcamp.com" target="_blank">bandcamp</a>
         </li>
         <li>
-            <a href="https://github.com/arimelody" target="_blank">github</a>
+            <a href="https://codeberg.org/arimelody" target="_blank">codeberg</a>
+        </li>
+        <li>
+            <a href="https://bsky.app/profile/arimelody.me" target="_blank">bluesky</a>
+        </li>
+        <li>
+            <a href="https://discord.gg/MmJtBebF28" target="_blank">discord</a>
         </li>
     </ul>
 
@@ -106,6 +109,11 @@
     <strong>projects i've worked on 🛠️</strong>
     </p>
     <ul class="links">
+        <li>
+            <a href="https://codeberg.org/arimelody/mcstatusface" target="_blank">
+                mcstatusface
+            </a>
+        </li>
         <li>
             <a href="https://catdance.arimelody.me" target="_blank">
                 catdance

From fe84a59326f4806001fa0b09da6d535fd4fcf1a6 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 15 Jun 2025 02:51:23 +0100
Subject: [PATCH 43/88] add thermia web button

---
 public/img/buttons/thermia.gif | Bin 0 -> 10184 bytes
 views/index.html               |   4 ++--
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 public/img/buttons/thermia.gif

diff --git a/public/img/buttons/thermia.gif b/public/img/buttons/thermia.gif
new file mode 100644
index 0000000000000000000000000000000000000000..a7ee70ae2577b21a6a6f29d8a20e7ce4477bfcbf
GIT binary patch
literal 10184
zcmeHt2~<;O*KSAxgb*MjnNE_E<Rl~^fq;mhqKpC>HC9wqR0c(~)(>YKstE}*N(7Zr
z2%yN|00J^r85IOa5D<rg;;gMW)!JI`p_I!1^?vLA-}>!c_pbFNkgNqKduPAze)hBX
z^B!;C8BUXe{1F_)HUxtE$#jmF-+T`@rI)>p9A$uj|MW8&jfLN(@GoNIvMBf+XJ&3e
zAXyN|1QLZnvLuo%NtO&Ul}@2DsC2-R!KN`-G$w}*a3o|)J1WDT#+bxlO#wJ`7LUo{
zGda*y00ck*z!kE1R&1V#1BpR_HCG7#NZmL*PZ09u30F*<IO6n6Ka4)Ps=|GwjHI?B
z8`}fS%@YbY*Qz{CzB<0uO%-OcqBLUayW}f@6Ly$cqO~y>L+5-idZ@3vd%5?~3#>X)
zqmA4i6|0Vki^Cw@O_`jO0|$5qQ_MLTS-h;wOkSS(k)s9X*~f~Di%RlN9KoV>$p<qy
z+4`Ki(xa#HO9~sC&z?M2aM~RYo;#POzf@CKc<n|@Z}*K;ZRLplS84}S>oSjD=zH9E
z>2}4y!2Q9Y!wpZ~Hs5-FxAMTN>e?d@o|^zPY5KHn>A${B@h%OTtm&w54ryx-`i@|3
zw%a33o?Ac|mK#+>U_(3%P5bY}UpRfhcfPIf#m=g0cbW)JZnd5Clw-3#89VzLw$_kB
zmFq;eX79LRf226uJqY`4+_fV&a!P_NpPwnC7wn$AB`y)`xAtc8$|9q#;-?;8Aqe^V
z`5y))OO8*C%bxi4Hd|#*uS3tP45if^Wl&kcr4O6!7N1);OTA-h$`g0hZca{A#`f1C
zmGLp(4AlN;eeTfINgIAEsVZMqa^m$#Y!&xGW7H?f<=eB@b%h;0GiP;XLFP}L?PpLX
zNmc8QY`9yy8>Lj`qN?W-%fJ5q@*PH~l0nAADOuYbcU)Qh?n47Y^Zp6dDed7z$+jH{
z*M%FxZ9N;cX1Is}l?rVhrdR#s@+eNlS{K;36YHaE1OPvOE(!=N42lNUwykW40i#9t
zVxdD}d9keMhDLy{e0kRZuT-fFO#+qo_nHi(-QPF$-Q)X7u14aaB**1Cm7xtA^fa(Q
z2fLz_)5NP#^B1mZIOrc*^x#my)+d5gzv!E;Xf>d8C506fJ<JF*G8h4l;eP>+YBZ6N
zj@qQ6ju#gBSrz>W<#+3Uv53CsbLe4Q!PARpelWf8O40jn@1qZwfBMY=hmC2;8;(^-
zQac|W`yGjYlR*Q70m2W#`W@PqBnkshVi3t3k|l=<Fla0m9RL^{M^lSwW<-!c=2Pe(
zl@3`lKq?@iGWm2SNCO}`V8vvE07pb;+0xmQ=q!-Mw_@=@HpJryWB^yp5y)A*DQp3s
zYh?`zA)d$zvbN!gCxSv(GoqV0$=iZF3s0Gix13L)EhN&Gk{HWKjDHvUqtHgvu<?<(
zJ`OmtMzCozPO9&Ix(VO5qljx^O}rS*yMOv6UhQeV_#N%HgXfN|oAhy(<hz;BVu)-@
zR=Yz~+XO0QK1EC3x58Z)mEu8(PfRoC2=#iZJ}Ty*AipTpQ=5=Lqn4d6D>;y^Eia>;
zOdxw;rS<hHPs;A5Xs^ts&dM`Ymzt;^*||OK>AQtR!oK58r8U&#D+*mrUH#byh;R3#
zMRx3c{wDp^%LC_syz*%1?Wd0e3(9ANcc0yZA=w*PenXoUg@0xSg`H?=j-^dldpoT(
z$s`!?=-~%79gIuh%_kNax%-<Olpm9?bd(j$=1P~{y&YFLl&4Oax_t+lULi_xyRV=x
zNN>Agcy!hi-{I>QDbe5DTNiihV&yaG9xrzI`+McNH_OAicsnE9n=!=$^%oD%>MfbT
z#Vw3|dHn#PyYL}TyhVSnIh8=J%|!<!Mw(*(F<kJtA>w|liOkbesBdt8u$Rd=9;P#Z
z5r>=h4^O;76dL6=E=|X>YAo;V|J}R~#eN3S-(oBp&MyjyLM2gH1Tu?AVbTBwgT<h;
z0XhpNFE)e4VsID$2LL!6fHU2k$Rkl9A_bx{tSp%#D!`=!JQ|BnXIs%>I^*yFjsW0@
z>3}tpBc%gUI!DIj*f2RFfFoyeCNeorOwME`hs);kV7_BR_5ja;4MCtlz_pTsLL06X
z#1{+sA}fJ4Unms{qynMThAR>atgRtyDP(O6Nv3nHCh)~}e91(f*pVleLz2l{(PW;;
zg)5qgrzl|b5NV4^bQnFs6d=@+wT{YJPv!i(F#5lCz40d%0;W_1hT=)VL}@W-Pjo`0
zv4KHi6q2Az)gqJ7$SlOcLwQj$8(*3%Pev;~9!UY%042}l6wRa{vZlB`vAnYCJH#Xx
zh0CP8Nh}4cGtwDS^axm~j4Le0`N&&W?`m0s9tFhIkgVN)_yPLi>h%Ga;h*kl%)v)J
zLOz7V9`AW^OCOH%O_X0tGQk)}#zJc%*3-FW?Ti`x13~E4q@Qu@T}H2N$KoRUzFS%|
z9C#Z1DYByb!m01iX(4QUeP7T(Q?$i4-h9V7eyFvNN-4M6D{j|po?=J*xG)eEO8_0o
zffpC(794-tQ@PaF@vfi73|JX{RbR5S6937>SGu^Y@K#;K{C$GD(=m7IRj;2Scs%cc
z=2(NFfnkmJK1LkB?uFe@md<Pf^tI#p%NO=VPYqkgzO=@s6|eIxS^lVLQ!_h#QOA0<
z=9M#h&#ID>Wz}}(G%e$5n`{1wAKGxCPP#$xj2`KHGO}%+s&V*+cgeD6Wp8Si`sRgo
zPhH()eEId`u96kD%GF#`sbbZ8x2m%re|dkRhT{hrhR?Y-aWiQr+A=KAN263}&1P^b
zmu<TnN4%^+D8seb0&*bAcv`sr;1&WS-@tfQc!M4!($u+PqXs<!XQUN<g#$#xO?&Y8
zVRd3gE@(g`W+5677CsI6p{4<@TC|}d8u>S)Ts4}`$S+cVM!H|P>7|n>qg^hG&SEpz
zaHGp3Qg|dw35jY&p^K?Z>F?D+2$u%NNKp_mI5IlRhQ_j`v27V_XF3PsK(-u#1Cwh9
zfc5}59pFu73r0I(0Voi1;ipu@6Nw?Q1d><_t))V#3urYBw6f=l9Qa}<fmBJLE+aFS
zlbI{XKoA93W67BX@WN@_jWq5q2IRq)c=E01@~zcOK`cv@z!Hrv!x%-fPsP9#2`!I1
z8ji=v6Oe{)W|F6pkT&|Y6sm8@EiELR-Ti!U$lh+sT~f^Ah(*s%ZQ8QaT_kgniGoFd
z3lOJexg@g)iwKFpK@B2xZ-xh9e~Kqr?0oDP>)75TcY>_AEZf64F*(_RRa;kEo_R8{
zzSf~C88CLYoz&VI>v^j4xTkU6wQK3;uAJ$qVznWT7T();CEB^nd8q4FbyIEM&HkpA
z)(gW?F*yOoq8kUkA4Wz$6<$@EejBXY@VLPM(V)Up9ide-v%D7ke45o)O~~`+0tuq~
zJ-ERODWc}Z6%qKO9jRV35}oA8f=ihQ>;qRn(y_U9NurInFB<3{UC9q^dJ@>vB)Wc#
zm+JLwfLy%bsG?*^)Q2F?tGU9eC2#wKt+2-&y5e0jwhH^baPu|?)E&&3UbA_{Ou~f7
zWfqJ_w@uiJ>e9h&L7Z6mCRb7W1s#9Z*--l#Mx<RIA5QM9DSzbiGTNuGj2ConeZ=ea
zPmj#;iDF1-Ien@SO><1~CC|Qwkmfk9S!hI`2f}j$vgZE5(o&6AmZ97M@@7P;&5URW
zF#KBJ<gbv#m98Q@`u``SjF2mlL?M$XG<Y~9S+dBMG&%q`lkgA-Fh)=VGb<aO5J^-q
znZ|`DLk1gSz<3#HBdr;18G~)Z;MiF*9Vv8sI%^W0?aY8F7K8v$2!OUs(3-`SvADJ@
zE<8O>VuErOcM^*?nF%@rTo*Qfbe;quF;8gCgV|IlmGMM2d@&3tTNqP9DGVqlPzW=q
zozU7|D4i&jP7=zd^2F01iHlG+T`2p;lI_amy0Z9gY`zy8@@7MGIRYg|uz(|6%n|Nk
z@O-#d9zvP7P^RFCXY(bqgtFN}*#e=>5~0m<p^b{ck7V$*Oi0JFO6Q2PKuIyrrWCTR
z722N_P8bE_-}*X6u6W8!3O-7UH=k*aM;aipXjDp~#*n7V&>AM08|ENUsp&ad`P8M5
zyjTvMlp7mi$X0GvWQ<V;u^b{6YZ_0sL{-<;pKV1rE0!yqi=D;G#m*!f+>{y12Ytjm
z@F5rp_K6=~dGhQ<Bv0%!xO|2H7s;IS)o;If|GKKg5ra-qVanBMr3lv;?z<)dH#sjj
zo=>CH@{e3LoslSxh2kEs@-cRsc}7>^y*J+>xgSxDAIfdJn8}#5u_d}|Il<zW4<CP_
zmg^nFn4@IY8{JS#JSVBNtKH`g3^;zq5$tS6N<>b*n&fRRU9=5+c*8ViZq6J{*Qd_4
zOB!-pbUcrl;Z7Z?CzsXlFdk;kq!k^go=lZL9>~=!J-eDRVXH#4YVM(p+^_EfZ#XGe
za$HtFRP1<d&Y7-wj&Uok_`26&t3%xNmBxG1Pi^`~PvgpX7qMXZWA^1OC<~FFk7JQr
zea(~(>x71lbC#uS7`m9g==-zrRX>I|L~Y{OPI&jc-+^IXJeYev<W&u|{xKrI+4ODX
z*4wPpA-2B`f8VD;lX$;+_w!o25%WBKT{q10!_N>6YRL;D7KB<JS0)<I3wSsPkE^uH
zeo_8G&1S`-$7C<dGmq~j%zNO_X0qg^KHeWm?8{IWZ>}ICtX2+dC9?2v5BwZ77wKyJ
ze%Qa$*lP0zq`4+c)k<tF)v0iVHXXur&Qk{zHsB3j15*9Co@tkgbZSd_BEl8r8rBfH
z$zoS{l%d7nM$G02a|8xqh|s|4Z)GL56N{Ye9DE(^l`bwJ9xh=sXS`3@@xMg|nu>2T
zLE@uuWp?i8)!}VHyP_I4pt%Ub=ekHiU=bz=)8B1_Y_5pQmqWt8df2J-KCo=wct2=6
zyw0T9<+(o?8=T<ghic4HxLK}nLZWo?c1u1kxZ}-wITr0sw*FOV=oS@-k4KL4%K8^x
z;h^A%{_5<{=+M?WAJ?yak1kBn*%`WR@QouFJfa&5!_TMDP|_|(MDJ@^039I*2?p^h
z%;zWt2pk-x$zP)UKl`)7>w*<r*F!B`hPURi*nyBw6m&j(YrtS${zUB!UmR(dNybGh
z{5bhS2K&N%_BFbkZZ<YPcJe>njbF&mvGKxjA^Yf!(1BX6_qIe|0uKeIw;R-}@U^A4
zo6155id(!thvWde8QHo>`1A0_!CUsH_0gR|K_ZVXKB)6}v^^KdPhj74Q{-cGh3SV{
z#3viW+b>Zt5!uEjpAEXe#*AU3e;9-_VZ2TF8>57n@~f^f)zmv8uSofvJDLsT*$8sT
z_5yWj^7;sx$8(m(8GrLC^x35QA4@S}a=fuWQwhbwa3>I5)7NANYr1d6(@iHj8(sU>
zeS2h)C>-uU{%T1zx>`u%-)G}f;|AU_U;nvcRP_4KdUU+_Pkwv}G>o7Z?m|b|Vf+~b
zii#n2>LFrPzn@HDw-UF^F=}CH#G;4eD!^D#QU7TJHh^S!ny(?%9&S;);SQ~Bc(^KQ
z-E6*H?3TkMzj2TsU*JaF!=-ezj*fl_6hl-7;9J_{i|kD2m((%u8mSgLNB0*L%pPAk
z#>(-3i2}CtXCNplt#;|WQs)P4=nkWXvLCWhMj8wjiy0Ti7=8R}8w^Yt4$N&k-JnlI
zMp7T9RD>(GAEc2TS5d~98DqVFZ3d)aZ_m%2h`fQUc+4m?J9t4AkI}IlqMt5y*<XT5
zH5_MbjJW?W22a0mYw%}K@N%QLn6j%jo=%l**b~XJ8yL%cgfdm!qdh3uu?(vAqP;a5
zSNz9Xj6e1Xwl=a)W?Bm*_xV&Kt;}&7O7yuJk6k^MU4|po*#GnY$Hd3a!~dVBTz}{M
zKXMrMWhH<=hJOIGYs>YSDhiJG2%MQVC*7kF885(QW8He!zObBq0%%?7IIp`v{i|D}
zlD$#7?4#V`r)>(<=B*K^-3W>8bX!TNgf*Qd!3Z!C_Vf%k5tE(mPTbET#(Lx>AN9Zx
z(=!jdQ>>>{RIn?O_Z_pX`mRWi*`JZ&$UcAJd{KdCVcU7f<_s3b-Ol;iwY{AQeJKcm
zJLY8H(8Z3<rU%XJZp7)zmv`%?Px)@jtCA-zm(L%0q{z#1OK^O#BG1d#FTKWLA4#P7
zG_`Vx@v|(n7E3+-bU^JlCDur=@r~0Et3IWQw(8C6C#1Gi8E0W#!FvCuRHsc_?Y0x|
z&h9<zsxcS4ReUAL^@%#9tjH%^JEGiRbH{F73_5&Xxy{ZCs9UDTmo#rJTX-4eUlum&
z^3#kL>-sCef`#9GICB!8r#QU(*U;|u3-b?23F_|s$t&v8dg#-RZ;Hzye%Retc;VFP
z2OVh>ep)I<H(?I>eI3u9UF+by$160<HOR>ROmId>NA_Wpw>pzaOQeeWxa6hh{gs2L
zz(FI^2@w9sfL`Nq?7N0bJ_7?9k9e;6+FdV6d9FYGc<svJ>Z{F$OayM_I?SmBo+!Y~
z9^r#%HrRQ>P<S;q5FFPUj^*lDE`Jf#>x&xuAFJ-Pe^%Y0|ETV8f&6bj#)N@?Lv`1{
zqI<!p=3Z4?n_6C37x`IoZy%A|yGA7UP8Op%vhUI@SaR=DKw4OFfBF=9dg;m?mlv<U
zhZXmsE?9B@_}lgVYO`1Gl3FmNpVL&~V60EFc1TCK9w^P7;7*_6dfR{QfNLnwzPAm;
z+^J2W8Z%7oZGC3$eE;f&wGU5!A&&JMOHutYv@B%6b7Jg_ll{?|K8A7p)jtTm^ta(7
zS34vcQRG|xRpkzwJME`l=&|btK#j&|ao3?$K5ap5v2MR~T|B(>`m^2?mwVUm%vxlO
zCpf>yvT>ks5@+hhZm`qon<Va#7Lj(X`jve1w5`yPTl4AFbJlaC{eP`_qc^d!w|ee&
zv*MYh6FcR8Zts>SjA+7rm0O{~UYx_#{?N|AXcXOiiK#>v^7TF>E;^Gf*}Ehu|N5hu
zL@&P3nKUgdo-_As{q{YMri%lEB+W@xFYkBcOqYGs^TZLGo@R$X{P`2YsP7s`27@$8
z&&4szw$??wCL+i{Zlu_-uR(25>3RX2#0W1%8yjPJY62-E7=gn!1U5voTN~6w+sDQR
z1Wu_x9ZLkcjV1`(OBLF2;h6?QPk*H=_*Yg_jV8{Q(Z|22u|N3spN^zq;T=AehVL*L
zJ(z}jsV{XlJu1JCKcR*h_<wRp{RiKIICE5<k0&0`9(_3?wnrL|i0vk$V*A{@#Sfrq
z3%b|k=D8P%S~k7CgKN7rBDU|6NFAk;U<u8U7UwQuI;Jq`i|C28L%ZD5_GWs}lMm>L
zd|6>3vv6<HVQEQOjt4F=B?VxPi0xUqu-Fb%rO<Hh<`YK5c6xN@K2KbJXYbi_4Sk)=
zHbg<uy{_D7S($98;!IUd6EmY<kv1Z?zd}UC=mT*3t0doccq{!Hc4z5_e`!@^7pT#u
z!Kz-{tm=dk%e5g5`$Jli+$USkJAZ=it`p5)QZL%q+I~PDbke^u(5o}kDUQ5W-4=Se
zAxE^JqWT6;Ggt599K~-;Y=!yul&=2F;F|6d_d|}A@o(40QQYIsKHou+nr2I~dje)T
zK3S5nmfARfu<V=OJw1+BE1C1-(<slw5AW<PD;-?>Bhh+!y)`?<1niX4mYg2p+f&ZM
zdrcnk=hWX+hbU?**0kQ#y6V*KxVx&IKmYdXh<QLFA$fkFPipST=UUp@!1u=)GceOk
z6wut4Q&z;AIw<kB1FjyM3OT&C*sBH&DkJ<!k7dfiC_}W{xc>eBePY$ZKpwpz3l`k}
zd$(eJz7Ok<o3J3sKiz~iS{z1S4L^b4J}8jZu{e1~Df+x5Ma}FC`FJ<NcK!i{Ix?TE
z^_&+}(;|y9<P6*luq&B{3(ap0B4(mP-`q(fnb0R^9YXdzzW(91<GhN9;e`s~FC82B
zfuWnjqQkeWkB!l2x0uqk$pImeOH+1zo07RNZv8*@X07HMZHw4`kQW@VCp{xMF)_!w
zY}3AS-jd^At=e3DE^@Crr({J-OhdaqT3T@ISZnsht}b0(^7-!m?xR=k-n=z<@BYx>
zl?RX8YeNT~{4n88s<!CIw@^>!^>;rGr@Z+E(fb1FBkwJW#O&PV_S!bLZg~)6ato!^
zyD+wre51duEdMN$cshXTd-{m)oaPy`<hsDz3tma`kc-D#3p~{r3K^T?G|!y2Xg&Zn
zZs5Aj`_^U6$9j35tH#8)V}X-C*FD+5l<g_AQoEv&cmzhN-0;i^jiE_R#wl!HBD1Fa
EFTbFaWdHyG

literal 0
HcmV?d00001

diff --git a/views/index.html b/views/index.html
index f18d87a..070d648 100644
--- a/views/index.html
+++ b/views/index.html
@@ -162,8 +162,8 @@
         <a href="https://mae.wtf" target="_blank">
             <img src="/img/buttons/mae.png" alt="vimae web button" width="88" height="31">
         </a>
-        <a href="https://zvava.org" target="_blank">
-            <img src="/img/buttons/zvava.png" alt="zvava web button" width="88" height="31">
+        <a href="https://girlthi.ng/~thermia/" target="_blank">
+            <img src="/img/buttons/thermia.png" alt="thermia web button" width="88" height="31">
         </a>
         <a href="https://elke.cafe" target="_blank">
             <img src="/img/buttons/elke.gif" alt="elke web button" width="88" height="31">

From 69e2e22e47c452151ba686ed6528b10a145b3227 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 16 Jun 2025 20:32:46 +0100
Subject: [PATCH 44/88] homepage rework for socials and projects

---
 controller/qr.go              |  67 --------------
 public/img/brand/bandcamp.svg |  10 +++
 public/img/brand/bluesky.svg  |  10 +++
 public/img/brand/codeberg.svg | 164 ++++++++++++++++++++++++++++++++++
 public/img/brand/discord.svg  |   1 +
 public/img/brand/twitch.svg   |  21 +++++
 public/img/brand/youtube.svg  |  10 +++
 public/script/index.js        |   7 ++
 public/script/main.js         |  17 ++++
 public/script/music.js        |  12 +--
 public/style/index.css        |  88 ++++++++++++++++--
 views/index.html              | 162 ++++++++++++++++++++++-----------
 12 files changed, 432 insertions(+), 137 deletions(-)
 create mode 100644 public/img/brand/bandcamp.svg
 create mode 100644 public/img/brand/bluesky.svg
 create mode 100644 public/img/brand/codeberg.svg
 create mode 100644 public/img/brand/discord.svg
 create mode 100644 public/img/brand/twitch.svg
 create mode 100644 public/img/brand/youtube.svg

diff --git a/controller/qr.go b/controller/qr.go
index 6b04e69..dd08637 100644
--- a/controller/qr.go
+++ b/controller/qr.go
@@ -1,13 +1,9 @@
 package controller
 
 import (
-    "bytes"
     "encoding/base64"
-    "errors"
-    "fmt"
     "image"
     "image/color"
-    "image/png"
 
     "github.com/skip2/go-qrcode"
 )
@@ -33,69 +29,6 @@ const (
     HIGH
 )
 
-func noDepsGenerateQRCode() (string, error) {
-    version := 1
-
-    size := 0
-    size = 21 + version * 4
-    if version > 10 {
-        return "", errors.New(fmt.Sprintf("QR version %d not supported", version))
-    }
-
-    img := image.NewGray(image.Rect(0, 0, size + margin * 2, size + margin * 2))
-
-    // fill white
-    for y := range size + margin * 2 {
-        for x := range size + margin * 2 {
-            img.Set(x, y, color.White)
-        }
-    }
-
-    // draw alignment squares
-    drawLargeAlignmentSquare(margin, margin, img)
-    drawLargeAlignmentSquare(margin, margin + size - 7, img)
-    drawLargeAlignmentSquare(margin + size - 7, margin, img)
-    drawSmallAlignmentSquare(size - 5, size - 5, img)
-    /*
-    if version > 4 {
-        space := version * 3 - 2
-        end := size / space
-        for y := range size / space + 1 {
-            for x := range size / space + 1 {
-                if x == 0 && y == 0 { continue }
-                if x == 0 && y == end { continue }
-                if x == end && y == 0 { continue }
-                if x == end && y == end { continue }
-                drawSmallAlignmentSquare(
-                    x * space + margin + 4,
-                    y * space + margin + 4,
-                    img,
-                )
-            }
-        }
-    }
-    */
-
-    // draw timing bits
-    for i := margin + 6; i < size - 4; i++ {
-        if (i % 2 == 0) {
-            img.Set(i, margin + 6, color.Black)
-            img.Set(margin + 6, i, color.Black)
-        }
-    }
-    img.Set(margin + 8, size - 4, color.Black)
-
-    var imgBuf bytes.Buffer
-    err := png.Encode(&imgBuf, img)
-    if err != nil {
-        return "", err
-    }
-
-    base64Img := base64.StdEncoding.EncodeToString(imgBuf.Bytes())
-
-    return "data:image/png;base64," + base64Img, nil
-}
-
 func drawLargeAlignmentSquare(x int, y int, img *image.Gray) {
     for yi := range 7 {
         for xi := range 7 {
diff --git a/public/img/brand/bandcamp.svg b/public/img/brand/bandcamp.svg
new file mode 100644
index 0000000..9623ec2
--- /dev/null
+++ b/public/img/brand/bandcamp.svg
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 512 512" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g>
+        <path d="M256,512C397.384,512 512,397.385 512,256C512,114.616 397.384,0 256,0C114.615,0 0,114.616 0,256C0,397.385 114.615,512 256,512Z" style="fill:rgb(35,159,194);"/>
+        <path d="M324.857,238.405C306.507,238.405 297.131,252.847 297.131,274.605C297.131,295.171 307.269,310.609 324.857,310.609C344.746,310.609 352.202,292.407 352.202,274.605C352.188,256.015 342.817,238.405 324.851,238.405L324.857,238.405ZM276.1,184.409L297.896,184.409L297.896,236.624L298.282,236.624C304.209,226.737 316.637,220.603 327.728,220.603C358.89,220.603 374.001,245.137 374.001,275.007C374.001,302.492 360.618,328.405 331.358,328.405C317.974,328.405 303.633,325.051 297.13,311.596L296.752,311.596L296.752,325.647L276.098,325.647L276.098,184.412L276.1,184.409Z" style="fill:white;"/>
+        <path d="M454.389,257.598C452.667,245.136 443.874,238.406 431.827,238.406C420.54,238.406 404.674,244.541 404.674,275.598C404.674,292.61 411.938,310.613 430.87,310.613C443.488,310.613 452.281,301.899 454.389,287.262L476.185,287.262C472.169,313.768 456.302,328.405 430.87,328.405C399.893,328.405 382.876,305.663 382.876,275.598C382.876,244.742 399.129,220.609 431.635,220.609C454.579,220.609 474.089,232.476 476.185,257.6L454.425,257.6L454.389,257.598Z" style="fill:white;"/>
+        <path d="M199.895,325.339L36.407,325.339L112.753,184.409L276.242,184.409L199.895,325.339Z" style="fill:white;"/>
+    </g>
+</svg>
diff --git a/public/img/brand/bluesky.svg b/public/img/brand/bluesky.svg
new file mode 100644
index 0000000..d77fafe
--- /dev/null
+++ b/public/img/brand/bluesky.svg
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 568 501" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(1,0,0,1,-228,-281.442)">
+        <path d="M351.121,315.106C416.241,363.994 486.281,463.123 512,516.315C537.719,463.123 607.759,363.994 672.879,315.106C719.866,279.83 796,252.536 796,339.388C796,356.734 786.055,485.101 780.222,505.943C759.947,578.396 686.067,596.876 620.347,585.691C735.222,605.242 764.444,670.002 701.333,734.762C581.473,857.754 529.061,703.903 515.631,664.481C513.169,657.254 512.017,653.873 512,656.748C511.983,653.873 510.831,657.254 508.369,664.481C494.939,703.903 442.527,857.754 322.667,734.762C259.556,670.002 288.778,605.242 403.653,585.691C337.933,596.876 264.053,578.396 243.778,505.943C237.945,485.101 228,356.734 228,339.388C228,252.536 304.134,279.83 351.121,315.106Z" style="fill:url(#_Linear1);fill-rule:nonzero;"/>
+    </g>
+    <defs>
+        <linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(3.06233e-14,500.117,-500.117,3.06233e-14,512,281.442)"><stop offset="0" style="stop-color:rgb(10,122,255);stop-opacity:1"/><stop offset="1" style="stop-color:rgb(89,185,255);stop-opacity:1"/></linearGradient>
+    </defs>
+</svg>
diff --git a/public/img/brand/codeberg.svg b/public/img/brand/codeberg.svg
new file mode 100644
index 0000000..028b729
--- /dev/null
+++ b/public/img/brand/codeberg.svg
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   width="16"
+   height="16"
+   viewBox="0 0 4.2333332 4.2333335"
+   version="1.1"
+   id="svg1468"
+   sodipodi:docname="codeberg-logo_icon_blue.svg"
+   inkscape:version="1.2-alpha1 (b6a15bb, 2022-02-23)"
+   inkscape:export-filename="/home/mray/Projects/Codeberg/logo/icon/png/codeberg-logo_icon_blue.png"
+   inkscape:export-xdpi="384"
+   inkscape:export-ydpi="384"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/">
+  <title
+     id="title16">Codeberg logo</title>
+  <defs
+     id="defs1462">
+    <linearGradient
+       xlink:href="#linearGradient6924"
+       id="linearGradient6918"
+       x1="42519.285"
+       y1="-7078.7891"
+       x2="42575.336"
+       y2="-6966.9307"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       id="linearGradient6924">
+      <stop
+         style="stop-color:#2185d0;stop-opacity:0"
+         offset="0"
+         id="stop6920" />
+      <stop
+         id="stop6926"
+         offset="0.49517274"
+         style="stop-color:#2185d0;stop-opacity:0.48923996" />
+      <stop
+         style="stop-color:#2185d0;stop-opacity:0.63279623"
+         offset="1"
+         id="stop6922" />
+    </linearGradient>
+    <linearGradient
+       xlink:href="#linearGradient6924-6"
+       id="linearGradient6918-3"
+       x1="42519.285"
+       y1="-7078.7891"
+       x2="42575.336"
+       y2="-6966.9307"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       id="linearGradient6924-6">
+      <stop
+         style="stop-color:#2185d0;stop-opacity:0;"
+         offset="0"
+         id="stop6920-7" />
+      <stop
+         id="stop6926-5"
+         offset="0.49517274"
+         style="stop-color:#2185d0;stop-opacity:0.30000001;" />
+      <stop
+         style="stop-color:#2185d0;stop-opacity:0.30000001;"
+         offset="1"
+         id="stop6922-3" />
+    </linearGradient>
+  </defs>
+  <sodipodi:namedview
+     showborder="false"
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="22.627417"
+     inkscape:cx="12.948893"
+     inkscape:cy="12.661631"
+     inkscape:document-units="px"
+     inkscape:current-layer="svg1468"
+     inkscape:document-rotation="0"
+     showgrid="false"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0"
+     units="px"
+     inkscape:snap-global="false"
+     inkscape:snap-page="true"
+     showguides="false"
+     inkscape:window-width="1531"
+     inkscape:window-height="873"
+     inkscape:window-x="69"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1">
+    <inkscape:grid
+       type="xygrid"
+       id="grid2067" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata1465">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title>Codeberg logo</dc:title>
+        <cc:license
+           rdf:resource="http://creativecommons.org/publicdomain/zero/1.0/" />
+        <dc:creator>
+          <cc:Agent>
+            <dc:title>Robert Martinez</dc:title>
+          </cc:Agent>
+        </dc:creator>
+        <dc:rights>
+          <cc:Agent>
+            <dc:title>Codeberg and the Codeberg Logo are trademarks of Codeberg e.V.</dc:title>
+          </cc:Agent>
+        </dc:rights>
+        <dc:date>2020-04-09</dc:date>
+        <dc:publisher>
+          <cc:Agent>
+            <dc:title>Codeberg e.V.</dc:title>
+          </cc:Agent>
+        </dc:publisher>
+        <dc:source>codeberg.org</dc:source>
+      </cc:Work>
+      <cc:License
+         rdf:about="http://creativecommons.org/publicdomain/zero/1.0/">
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Reproduction" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Distribution" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <g
+     id="g370484"
+     inkscape:label="logo"
+     transform="matrix(0.06551432,0,0,0.06551432,-2.232417,-1.431776)">
+    <path
+       id="path6733-5"
+       style="font-variation-settings:normal;opacity:1;vector-effect:none;fill:url(#linearGradient6918-3);fill-opacity:1;stroke:none;stroke-width:3.67846;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:2;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:stroke markers fill;stop-color:#000000;stop-opacity:1"
+       d="m 42519.285,-7078.7891 a 0.76086879,0.56791688 0 0 0 -0.738,0.6739 l 33.586,125.8886 a 87.182358,87.182358 0 0 0 39.381,-33.7636 l -71.565,-92.5196 a 0.76086879,0.56791688 0 0 0 -0.664,-0.2793 z"
+       transform="matrix(0.37058478,0,0,0.37058478,-15690.065,2662.0533)"
+       inkscape:label="berg" />
+    <path
+       id="path360787"
+       style="opacity:1;fill:#2185d0;fill-opacity:1;stroke-width:17.0055;paint-order:markers fill stroke;stop-color:#000000"
+       d="m 11249.461,-1883.6961 c -12.74,0 -23.067,10.3275 -23.067,23.0671 0,4.3335 1.22,8.5795 3.522,12.2514 l 19.232,-24.8636 c 0.138,-0.1796 0.486,-0.1796 0.624,0 l 19.233,24.8646 c 2.302,-3.6721 3.523,-7.9185 3.523,-12.2524 0,-12.7396 -10.327,-23.0671 -23.067,-23.0671 z"
+       sodipodi:nodetypes="sccccccs"
+       inkscape:label="sky"
+       transform="matrix(1.4006354,0,0,1.4006354,-15690.065,2662.0533)" />
+  </g>
+</svg>
diff --git a/public/img/brand/discord.svg b/public/img/brand/discord.svg
new file mode 100644
index 0000000..b636d15
--- /dev/null
+++ b/public/img/brand/discord.svg
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><svg id="Discord-Logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 126.644 96"><defs><style>.cls-1{fill:#5865f2;}</style></defs><path id="Discord-Symbol-Blurple" class="cls-1" d="M81.15,0c-1.2376,2.1973-2.3489,4.4704-3.3591,6.794-9.5975-1.4396-19.3718-1.4396-28.9945,0-.985-2.3236-2.1216-4.5967-3.3591-6.794-9.0166,1.5407-17.8059,4.2431-26.1405,8.0568C2.779,32.5304-1.6914,56.3725.5312,79.8863c9.6732,7.1476,20.5083,12.603,32.0505,16.0884,2.6014-3.4854,4.8998-7.1981,6.8698-11.0623-3.738-1.3891-7.3497-3.1318-10.8098-5.1523.9092-.6567,1.7932-1.3386,2.6519-1.9953,20.281,9.547,43.7696,9.547,64.0758,0,.8587.7072,1.7427,1.3891,2.6519,1.9953-3.4601,2.0457-7.0718,3.7632-10.835,5.1776,1.97,3.8642,4.2683,7.5769,6.8698,11.0623,11.5419-3.4854,22.3769-8.9156,32.0509-16.0631,2.626-27.2771-4.496-50.9172-18.817-71.8548C98.9811,4.2684,90.1918,1.5659,81.1752.0505l-.0252-.0505ZM42.2802,65.4144c-6.2383,0-11.4159-5.6575-11.4159-12.6535s4.9755-12.6788,11.3907-12.6788,11.5169,5.708,11.4159,12.6788c-.101,6.9708-5.026,12.6535-11.3907,12.6535ZM84.3576,65.4144c-6.2637,0-11.3907-5.6575-11.3907-12.6535s4.9755-12.6788,11.3907-12.6788,11.4917,5.708,11.3906,12.6788c-.101,6.9708-5.026,12.6535-11.3906,12.6535Z"/></svg>
\ No newline at end of file
diff --git a/public/img/brand/twitch.svg b/public/img/brand/twitch.svg
new file mode 100644
index 0000000..3120fea
--- /dev/null
+++ b/public/img/brand/twitch.svg
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 23.0.6, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 2400 2800" style="enable-background:new 0 0 2400 2800;" xml:space="preserve">
+<style type="text/css">
+	.st0{fill:#FFFFFF;}
+	.st1{fill:#9146FF;}
+</style>
+<title>Asset 2</title>
+<g>
+	<polygon class="st0" points="2200,1300 1800,1700 1400,1700 1050,2050 1050,1700 600,1700 600,200 2200,200 	"/>
+	<g>
+		<g id="Layer_1-2">
+			<path class="st1" d="M500,0L0,500v1800h600v500l500-500h400l900-900V0H500z M2200,1300l-400,400h-400l-350,350v-350H600V200h1600
+				V1300z"/>
+			<rect x="1700" y="550" class="st1" width="200" height="600"/>
+			<rect x="1150" y="550" class="st1" width="200" height="600"/>
+		</g>
+	</g>
+</g>
+</svg>
diff --git a/public/img/brand/youtube.svg b/public/img/brand/youtube.svg
new file mode 100644
index 0000000..3286071
--- /dev/null
+++ b/public/img/brand/youtube.svg
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 507 355" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(4.16667,0,0,4.16667,495.608,299.004)">
+        <path d="M0,-58.482C-1.397,-63.709 -5.514,-67.825 -10.741,-69.222C-20.215,-71.761 -58.204,-71.761 -58.204,-71.761C-58.204,-71.761 -96.193,-71.761 -105.667,-69.222C-110.894,-67.825 -115.011,-63.709 -116.408,-58.482C-118.946,-49.008 -118.946,-29.241 -118.946,-29.241C-118.946,-29.241 -118.946,-9.474 -116.408,-0.001C-115.011,5.226 -110.894,9.343 -105.667,10.74C-96.193,13.279 -58.204,13.279 -58.204,13.279C-58.204,13.279 -20.215,13.279 -10.741,10.74C-5.514,9.343 -1.397,5.226 0,-0.001C2.539,-9.474 2.539,-29.241 2.539,-29.241C2.539,-29.241 2.539,-49.008 0,-58.482" style="fill:rgb(255,0,0);fill-rule:nonzero;"/>
+    </g>
+    <g transform="matrix(4.16667,0,0,4.16667,202.472,101.237)">
+        <path d="M0,36.446L31.562,18.223L0,0L0,36.446Z" style="fill:white;fill-rule:nonzero;"/>
+    </g>
+</svg>
diff --git a/public/script/index.js b/public/script/index.js
index 512ed8f..2197bd4 100644
--- a/public/script/index.js
+++ b/public/script/index.js
@@ -1,3 +1,5 @@
+import { hijackClickEvent } from "./main.js";
+
 const hexPrimary = document.getElementById("hex-primary");
 const hexSecondary = document.getElementById("hex-secondary");
 const hexTertiary = document.getElementById("hex-tertiary");
@@ -14,3 +16,8 @@ updateHexColours();
 window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", () => {
     updateHexColours();
 });
+
+document.querySelectorAll("ul#projects li.project-item").forEach(projectItem => {
+    const link = projectItem.querySelector('a');
+    hijackClickEvent(projectItem, link);
+});
diff --git a/public/script/main.js b/public/script/main.js
index c1d5101..19eddc2 100644
--- a/public/script/main.js
+++ b/public/script/main.js
@@ -45,6 +45,23 @@ function fill_list(list) {
     });
 }
 
+export function hijackClickEvent(container, link) {
+    container.addEventListener('click', event => {
+        if (event.target.tagName.toLowerCase() === 'a') return;
+        event.preventDefault();
+        link.dispatchEvent(new MouseEvent('click', {
+            bubbles: true,
+            cancelable: true,
+            view: window,
+            ctrlKey: event.ctrlKey,
+            metaKey: event.metaKey,
+            shiftKey: event.shiftKey,
+            altKey: event.altKey,
+            button: event.button,
+        }));
+    });
+}
+
 document.addEventListener("DOMContentLoaded", () => {
     [...document.querySelectorAll(".typeout")]
         .filter((e) => e.innerText != "")
diff --git a/public/script/music.js b/public/script/music.js
index 273ce2b..91f34ab 100644
--- a/public/script/music.js
+++ b/public/script/music.js
@@ -1,12 +1,6 @@
-import "./main.js";
+import { hijackClickEvent } from "./main.js";
 
 document.querySelectorAll("div.music").forEach(container => {
-    const link = container.querySelector(".music-title a").href
-
-    container.addEventListener("click", event => {
-        if (event.target.href) return;
-
-        event.preventDefault();
-        location = link;
-    });
+    const link = container.querySelector(".music-title a")
+    hijackClickEvent(container, link);
 });
diff --git a/public/style/index.css b/public/style/index.css
index f3cb761..6edb362 100644
--- a/public/style/index.css
+++ b/public/style/index.css
@@ -96,30 +96,36 @@ hr {
     overflow: visible;
 }
 
-ul.links {
+ul.platform-links {
+    padding-left: 1em;
     display: flex;
-    gap: 1em .5em;
+    gap: .5em;
     flex-wrap: wrap;
 }
 
-ul.links li {
+ul.platform-links li {
     list-style: none;
 }
 
-ul.links li a {
+ul.platform-links li a {
     padding: .4em .5em;
+    display: flex;
+    flex-direction: row;
+    justify-content: center;
+    align-items: center;
+    gap: .5em;
     border: 1px solid var(--links);
     color: var(--links);
     border-radius: 2px;
     background-color: transparent;
-    transition-property: color, border-color, background-color;
+    transition-property: color, border-color, background-color, box-shadow;
     transition-duration: .2s;
     animation-delay: 0s;
     animation: list-item-fadein .2s forwards;
     opacity: 0;
 }
 
-ul.links li a:hover {
+ul.platform-links li a:hover {
     color: #eee;
     border-color: #eee;
     background-color: var(--links) !important;
@@ -127,6 +133,75 @@ ul.links li a:hover {
     box-shadow: 0 0 1em var(--links);
 }
 
+ul.platform-links li a img {
+    height: 1em;
+    width: 1em;
+}
+
+ul#projects {
+    padding: 0;
+    list-style: none;
+}
+
+li.project-item {
+    padding: .5em;
+    border: 1px solid var(--links);
+    margin: 1em 0;
+    display: flex;
+    flex-direction: row;
+    gap: .5em;
+    border-radius: 2px;
+    transition-property: color, border-color, background-color, box-shadow;
+    transition-duration: .2s;
+    cursor: pointer;
+}
+li.project-item a {
+    transition: color .2s linear;
+}
+
+li.project-item:hover {
+    color: #eee;
+    border-color: #eee;
+    background-color: var(--links) !important;
+    text-decoration: none;
+    box-shadow: 0 0 1em var(--links);
+}
+li.project-item:hover a {
+    color: #eee;
+}
+
+li.project-item .project-info {
+    display: flex;
+    flex-direction: column;
+    justify-content: center;
+}
+
+li.project-item img.project-icon {
+    width: 2.5em;
+    height: 2.5em;
+    object-fit: cover;
+    border-radius: 2px;
+}
+
+li.project-item span.project-icon {
+    font-size: 2em;
+    display: block;
+    width: 45px;
+    height: 45px;
+    text-align: center;
+    /* background: #0004; */
+    /* border: 1px solid var(--on-background); */
+    border-radius: 2px;
+}
+
+li.project-item a {
+    text-decoration: none;
+}
+
+li.project-item p {
+    margin: 0;
+}
+
 div#web-buttons {
     margin: 2rem 0;
 }
@@ -147,4 +222,3 @@ div#web-buttons {
     transform: translate(-2px, -2px);
     box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee;
 }
-
diff --git a/views/index.html b/views/index.html
index 070d648..f639c55 100644
--- a/views/index.html
+++ b/views/index.html
@@ -17,7 +17,7 @@
 <link rel="me" href="https://ice.arimelody.me/@ari">
 <link rel="me" href="https://wetdry.world/@ari">
 
-<script type="module" src="/script/index.js" defer> </script>
+<script type="module" src="/script/index.js" defer></script>
 {{end}}
 
 {{define "content"}}
@@ -33,7 +33,7 @@
     </p>
 
     <p>
-    i'm a <a href="/music">musician</a>, <a href="https://github.com/arimelody?tab=repositories">developer</a>,
+    i'm a <a href="/music">musician</a>, <a href="https://codeberg.org/arimelody?tab=repositories">developer</a>,
     <a href="https://twitch.tv/arispacegirl">streamer</a>, <a href="https://youtube.com/@arispacegirl">youtuber</a>, 
     and probably a bunch of other things i forgot to mention!
     </p>
@@ -44,7 +44,7 @@
     <p>	
     if you're looking to support me financially, that's so cool of you!!
     if you like, you can buy some of my music over on
-    <a href="https://arimelody.bandcamp.com" target="_blank">bandcamp</a>
+    <a href="https://arimelody.bandcamp.com">bandcamp</a>
     so you can at least get something for your money.
     thank you very much either way!! 💕
     </p>
@@ -84,65 +84,119 @@
     <p>
     <strong>where to find me 🛰️</strong>
     </p>
+    <!--
     <ul class="links">
         <li>
-            <a href="https://youtube.com/@arispacegirl" target="_blank">youtube</a>
+            <a href="https://youtube.com/@arispacegirl">youtube</a>
         </li>
         <li>
-            <a href="https://twitch.tv/arispacegirl" target="_blank">twitch</a>
+            <a href="https://twitch.tv/arispacegirl">twitch</a>
         </li>
         <li>
-            <a href="https://arimelody.bandcamp.com" target="_blank">bandcamp</a>
+            <a href="https://arimelody.bandcamp.com">bandcamp</a>
         </li>
         <li>
-            <a href="https://codeberg.org/arimelody" target="_blank">codeberg</a>
+            <a href="https://codeberg.org/arimelody">codeberg</a>
         </li>
         <li>
-            <a href="https://bsky.app/profile/arimelody.me" target="_blank">bluesky</a>
+            <a href="https://bsky.app/profile/arimelody.me">bluesky</a>
         </li>
         <li>
-            <a href="https://discord.gg/MmJtBebF28" target="_blank">discord</a>
+            <a href="https://discord.gg/MmJtBebF28">discord</a>
+        </li>
+    </ul>
+    -->
+    <ul class="platform-links">
+        <li>
+            <a href="https://youtube.com/@arispacegirl" title="youtube">
+                <img src="/img/brand/youtube.svg" alt="youtube" width="32" height="32"/>
+                youtube
+            </a>
+        </li>
+        <li>
+            <a href="https://twitch.tv/arispacegirl" title="twitch">
+                <img src="/img/brand/twitch.svg" alt="twitch" width="32" height="32"/>
+                twitch
+            </a>
+        </li>
+        <li>
+            <a href="https://arimelody.bandcamp.com" title="bandcamp">
+                <img src="/img/brand/bandcamp.svg" alt="bandcamp" width="32" height="32"/>
+                bandcamp
+            </a>
+        </li>
+        <li>
+            <a href="https://codeberg.org/arimelody" title="codeberg">
+                <img src="/img/brand/codeberg.svg" alt="codeberg" width="32" height="32"/>
+                codeberg
+            </a>
+        </li>
+        <li>
+            <a href="https://bsky.app/profile/arimelody.me" title="bluesky">
+                <img src="/img/brand/bluesky.svg" alt="bluesky" width="32" height="32"/>
+                bluesky
+            </a>
+        </li>
+        <li>
+            <a href="https://discord.gg/MmJtBebF28" title="discord">
+                <img src="/img/brand/discord.svg" alt="discord" width="32" height="32"/>
+                discord
+            </a>
         </li>
     </ul>
 
     <p>
     <strong>projects i've worked on 🛠️</strong>
     </p>
-    <ul class="links">
-        <li>
-            <a href="https://codeberg.org/arimelody/mcstatusface" target="_blank">
-                mcstatusface
-            </a>
+    <ul id="projects">
+        <li class="project-item">
+            <span aria-hidden=true class="project-icon">⛏️</span>
+            <div class="project-info">
+                <a href="https://mcq.bliss.town">McStatusFace</a>
+                <p>minecraft server query utility</p>
+            </div>
         </li>
-        <li>
-            <a href="https://catdance.arimelody.me" target="_blank">
-                catdance
-            </a>
+        <li class="project-item">
+            <img src="https://catdance.arimelody.me/img/favicon.png" alt="catdance icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <div class="project-info">
+                <a href="https://catdance.arimelody.me">catdance</a>
+                <p>watch the cat dance 🐱</p>
+            </div>
         </li>
-        <li>
-            <a href="https://git.arimelody.me/ari/prideflag" target="_blank">
-                pride flag
-            </a>
+        <li class="project-item">
+            <img src="https://git.arimelody.me/repo-avatars/6b0a1ffb78cbc6f906f83152ea42a710220174e8f48a3e44f159ae58dacd7a2f" alt="catdance icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <div class="project-info">
+                <a href="https://git.arimelody.me/ari/prideflag">pride flag</a>
+                <p>progressive pride flag widget for websites</p>
+            </div>
         </li>
-        <li>
-            <a href="https://github.com/arimelody/ipaddrgen" target="_blank">
-                ipaddrgen
-            </a>
+        <li class="project-item">
+            <span aria-hidden=true class="project-icon">👩‍💻</span>
+            <div class="project-info">
+                <a href="https://github.com/arimelody/ipaddrgen">ipaddrgen</a>
+                <p>silly hackerman IP address generator</p>
+            </div>
         </li>
-        <li>
-            <a href="https://impact.arimelody.me/" target="_blank">
-                impact meme
-            </a>
+        <li class="project-item">
+            <img src="https://impact.arimelody.me/favicon.png" alt="impact meme icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <div class="project-info">
+                <a href="https://impact.arimelody.me/">impact meme</a>
+                <p>impact meme generator</p>
+            </div>
         </li>
-        <li>
-            <a href="https://term.arimelody.me/" target="_blank">
-                OpenTerminal
-            </a>
+        <li class="project-item">
+            <img src="https://codeberg.org/repo-avatars/e67303eeda4fa6d268948e71b7b0837357d8c519772701ffc36b84ae7975319f" alt="OpenTerminal icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <div class="project-info">
+                <a href="https://term.arimelody.me/">OpenTerminal</a>
+                <p>communal online text buffer</p>
+            </div>
         </li>
-        <li>
-            <a href="https://silver.bliss.town/" target="_blank">
-                Silver.js
-            </a>
+        <li class="project-item">
+            <span aria-hidden=true class="project-icon">📜</span>
+            <div class="project-info">
+                <a href="https://silver.bliss.town/">Silver.js</a>
+                <p>lightweight reactive state library</p>
+            </div>
         </li>
     </ul>
 
@@ -156,40 +210,40 @@
         <a href="https://arimelody.me">
             <img src="/img/buttons/ari melody.gif" alt="ari melody web button" width="88" height="31">
         </a>
-        <a href="https://supitszaire.com" target="_blank">
+        <a href="https://supitszaire.com">
             <img src="/img/buttons/zaire.gif" alt="zaire web button" width="88" height="31">
         </a>
-        <a href="https://mae.wtf" target="_blank">
+        <a href="https://mae.wtf">
             <img src="/img/buttons/mae.png" alt="vimae web button" width="88" height="31">
         </a>
-        <a href="https://girlthi.ng/~thermia/" target="_blank">
-            <img src="/img/buttons/thermia.png" alt="thermia web button" width="88" height="31">
+        <a href="https://girlthi.ng/~thermia/">
+            <img src="/img/buttons/thermia.gif" alt="thermia web button" width="88" height="31">
         </a>
-        <a href="https://elke.cafe" target="_blank">
+        <a href="https://elke.cafe">
             <img src="/img/buttons/elke.gif" alt="elke web button" width="88" height="31">
         </a>
-        <a href="https://invoxiplaygames.uk/" target="_blank">
+        <a href="https://invoxiplaygames.uk/">
             <img src="/img/buttons/ipg.png" alt="InvoxiPlayGames web button" width="88" height="31">
         </a>
-        <a href="https://ioletsgo.gay" target="_blank">
+        <a href="https://ioletsgo.gay">
             <img src="/img/buttons/ioletsgo.gif" alt="ioletsgo web button" width="88" height="31">
         </a>
-        <a href="https://notnite.com/" target="_blank">
+        <a href="https://notnite.com/">
             <img src="/img/buttons/notnite.png" alt="notnite web button" width="88" height="31">
         </a>
-        <a href="https://www.da.vidbuchanan.co.uk/" target="_blank">
+        <a href="https://www.da.vidbuchanan.co.uk/">
             <img src="/img/buttons/retr0id_now.gif" alt="retr0id web button" width="88" height="31">
         </a>
-        <a href="https://aikoyori.xyz" target="_blank">
+        <a href="https://aikoyori.xyz">
             <img src="/img/buttons/aikoyori.gif" alt="aikoyori web button" width="88" height="31">
         </a>
-        <a href="https://xenia.blahaj.land/" target="_blank">
+        <a href="https://xenia.blahaj.land/">
             <img src="/img/buttons/xenia.png" alt="xenia web button" width="88" height="31">
         </a>
-        <a href="https://stardust.elysium.gay/" target="_blank">
+        <a href="https://stardust.elysium.gay/">
             <img src="/img/buttons/stardust.png" alt="stardust web button" width="88" height="31">
         </a>
-        <a href="https://isabelroses.com/" target="_blank">
+        <a href="https://isabelroses.com/">
             <img src="/img/buttons/isabelroses.gif" alt="isabel roses web button" width="88" height="31">
         </a>
 
@@ -205,16 +259,16 @@
         <img src="/img/buttons/misc/sprunk.gif" alt="sprunk" width="88" height="31">
         <img src="/img/buttons/misc/tohell.gif" alt="go straight to hell" width="88" height="31">
         <img src="/img/buttons/misc/virusalert.gif" alt="virus alert! click here" onclick="alert('meow :3')" width="88" height="31">
-        <a href="http://wiishopchannel.net/" target="_blank">
+        <a href="http://wiishopchannel.net/">
             <img src="/img/buttons/misc/wii.gif" alt="wii" width="88" height="31">
         </a>
         <img src="/img/buttons/misc/www2.gif" alt="www" width="88" height="31">
         <img src="/img/buttons/misc/iemandatory.gif" alt="get mandatory internet explorer" width="88" height="31">
         <img src="/img/buttons/misc/learn_html.gif" alt="HTML - learn it today!" width="88" height="31">
-        <a href="https://smokepowered.com" target="_blank">
+        <a href="https://smokepowered.com">
             <img src="/img/buttons/misc/smokepowered.gif" alt="high on SMOKE" width="88" height="31">
         </a>
-        <a href="https://epicblazed.com" target="_blank">
+        <a href="https://epicblazed.com">
             <img src="/img/buttons/misc/epicblazed.png" alt="epic blazed" width="88" height="31">
         </a>
         <img src="/img/buttons/misc/blink.gif" alt="closeup anime blink" width="88" height="31">

From f7b3faf8e89b240ca1e65eb698734039fcae9ce3 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Mon, 16 Jun 2025 22:41:54 +0100
Subject: [PATCH 45/88] move source link from header to footer

---
 public/style/header.css | 5 ++---
 views/footer.html       | 7 ++++++-
 views/header.html       | 3 ---
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/public/style/header.css b/public/style/header.css
index 531649a..f399d4d 100644
--- a/public/style/header.css
+++ b/public/style/header.css
@@ -25,7 +25,6 @@ nav {
     flex-grow: 1;
     display: flex;
     gap: .5em;
-    cursor: pointer;
 }
 
 img#header-icon {
@@ -36,19 +35,19 @@ img#header-icon {
 }
 
 #header-text {
-    width: 11em;
     display: flex;
     flex-direction: column;
     justify-content: center;
-    flex-grow: 1;
 }
 
 #header-text h1 {
+    width: fit-content;
     margin: 0;
     font-size: 1em;
 }
 
 #header-text h2 {
+    width: fit-content;
     height: 1.2em;
     line-height: 1.2em;
     margin: 0;
diff --git a/views/footer.html b/views/footer.html
index 217c4b5..eccf125 100644
--- a/views/footer.html
+++ b/views/footer.html
@@ -2,7 +2,12 @@
 
 <footer>
   <div id="footer">
-    <small><em>*made with <span aria-label="love">♥</span> by ari, 2025*</em></small>
+      <small>
+          <em>
+              *made with <span aria-label="love">♥</span> by ari, 2025*
+              <a href="https://git.arimelody.me/ari/arimelody.me" target="_blank">source</a>
+          </em>
+      </small>
   </div>
 </footer>
 
diff --git a/views/header.html b/views/header.html
index 291b8ac..03a8384 100644
--- a/views/header.html
+++ b/views/header.html
@@ -23,9 +23,6 @@
             <li>
                 <a href="/music" preload="mouseover">music</a>
             </li>
-            <li>
-                <a href="https://git.arimelody.me/ari/arimelody.me" target="_blank">source</a>
-            </li>
             <li>
                 <!-- coming later! -->
                 <span title="coming later!">blog</span>

From 9274796729a56290d788106e0ed5327643103e4a Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 17 Jun 2025 01:15:08 +0100
Subject: [PATCH 46/88] early implementation of ari melody LIVE tracker

---
 controller/config.go     |  4 ++
 controller/twitch.go     | 97 ++++++++++++++++++++++++++++++++++++++++
 main.go                  | 47 ++++---------------
 model/appstate.go        |  8 ++++
 model/twitch.go          | 43 ++++++++++++++++++
 public/style/colours.css |  1 +
 public/style/index.css   | 81 +++++++++++++++++++++++++++++++++
 view/index.go            | 45 +++++++++++++++++++
 view/static.go           | 31 +++++++++++++
 views/index.html         | 17 +++++++
 10 files changed, 335 insertions(+), 39 deletions(-)
 create mode 100644 controller/twitch.go
 create mode 100644 model/twitch.go
 create mode 100644 view/index.go
 create mode 100644 view/static.go

diff --git a/controller/config.go b/controller/config.go
index 1d3cbbb..fdfa756 100644
--- a/controller/config.go
+++ b/controller/config.go
@@ -77,5 +77,9 @@ func handleConfigOverrides(config *model.Config) error {
     if env, has := os.LookupEnv("ARIMELODY_DISCORD_CLIENT_ID"); has { config.Discord.ClientID = env }
     if env, has := os.LookupEnv("ARIMELODY_DISCORD_SECRET"); has { config.Discord.Secret = env }
 
+    if env, has := os.LookupEnv("ARIMELODY_TWITCH_BROADCASTER"); has { config.Twitch.Broadcaster = env }
+    if env, has := os.LookupEnv("ARIMELODY_TWITCH_CLIENT_ID"); has { config.Twitch.ClientID = env }
+    if env, has := os.LookupEnv("ARIMELODY_TWITCH_SECRET"); has { config.Twitch.Secret = env }
+
     return nil
 }
diff --git a/controller/twitch.go b/controller/twitch.go
new file mode 100644
index 0000000..f7dc509
--- /dev/null
+++ b/controller/twitch.go
@@ -0,0 +1,97 @@
+package controller
+
+import (
+	"arimelody-web/model"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+const TWITCH_API_BASE = "https://api.twitch.tv/helix/"
+
+func TwitchSetup(app *model.AppState) error {
+    app.Twitch = &model.TwitchState{}
+    err := RefreshTwitchToken(app)
+    return err
+}
+
+func RefreshTwitchToken(app *model.AppState) error {
+    if app.Twitch != nil && app.Twitch.Token != nil && time.Now().UTC().After(app.Twitch.Token.ExpiresAt) {
+        return nil
+    }
+
+    requestUrl, _ := url.Parse("https://id.twitch.tv/oauth2/token")
+    req, _ := http.NewRequest(http.MethodPost, requestUrl.String(), bytes.NewBuffer([]byte(url.Values{
+        "client_id": []string{ app.Config.Twitch.ClientID },
+        "client_secret": []string{ app.Config.Twitch.Secret },
+        "grant_type": []string{ "client_credentials" },
+    }.Encode())))
+
+    res, err := http.DefaultClient.Do(req)
+    if err != nil {
+        return err
+    }
+
+    type TwitchOAuthToken struct {
+        AccessToken string `json:"access_token"`
+        ExpiresIn int `json:"expires_in"`
+        TokenType string `json:"token_type"`
+    }
+    oauthResponse := TwitchOAuthToken{}
+    err = json.NewDecoder(res.Body).Decode(&oauthResponse)
+    if err != nil {
+        return err
+    }
+
+    app.Twitch.Token = &model.TwitchOAuthToken{
+        AccessToken: oauthResponse.AccessToken,
+        ExpiresAt: time.Now().UTC().Add(time.Second * time.Duration(oauthResponse.ExpiresIn)).UTC(),
+        TokenType: oauthResponse.TokenType,
+    }
+
+    return nil
+}
+
+var lastStreamState *model.TwitchStreamInfo
+var lastStreamStateAt time.Time
+
+func GetTwitchStatus(app *model.AppState, broadcaster string) (*model.TwitchStreamInfo, error) {
+    if lastStreamState != nil && time.Now().UTC().Before(lastStreamStateAt.Add(time.Minute)) {
+        return lastStreamState, nil
+    }
+
+    fmt.Print("MAKING COSTLY REQUEST TO TWITCH.TV API...\n")
+
+    requestUrl, _ := url.Parse(TWITCH_API_BASE + "streams")
+    requestUrl.RawQuery = url.Values{
+        "user_login": []string{ broadcaster },
+    }.Encode()
+    req, _ := http.NewRequest(http.MethodGet, requestUrl.String(), nil)
+    req.Header.Set("Client-Id", app.Config.Twitch.ClientID)
+    req.Header.Set("Authorization", "Bearer " + app.Twitch.Token.AccessToken)
+
+    res, err := http.DefaultClient.Do(req)
+    if err != nil {
+        return nil, err
+    }
+
+    type StreamsResponse struct {
+        Data []model.TwitchStreamInfo `json:"data"`
+    }
+    streamInfo := StreamsResponse{}
+    err = json.NewDecoder(res.Body).Decode(&streamInfo)
+    if err != nil {
+        return nil, err
+    }
+
+    if len(streamInfo.Data) == 0 {
+        return nil, nil
+    }
+
+    lastStreamState = &streamInfo.Data[0]
+    lastStreamStateAt = time.Now().UTC()
+    return lastStreamState, nil
+}
diff --git a/main.go b/main.go
index 29539ac..8f37639 100644
--- a/main.go
+++ b/main.go
@@ -22,7 +22,6 @@ import (
     "arimelody-web/cursor"
     "arimelody-web/log"
     "arimelody-web/model"
-    "arimelody-web/templates"
     "arimelody-web/view"
 
     "github.com/jmoiron/sqlx"
@@ -40,6 +39,7 @@ func main() {
 
     app := model.AppState{
         Config: controller.GetConfig(),
+        Twitch: nil,
     }
 
     // initialise database connection
@@ -460,6 +460,11 @@ func main() {
     // handle DB migrations
     controller.CheckDBVersionAndMigrate(app.DB)
 
+    err = controller.TwitchSetup(&app)
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "WARN: Failed to set up Twitch integration: %v\n", err)
+    }
+
     // initial invite code
     accountsCount := 0
     err = app.DB.Get(&accountsCount, "SELECT count(*) FROM account")
@@ -511,49 +516,13 @@ func createServeMux(app *model.AppState) *http.ServeMux {
     mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(app)))
     mux.Handle("/api/", http.StripPrefix("/api", api.Handler(app)))
     mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(app)))
-    mux.Handle("/uploads/", http.StripPrefix("/uploads", staticHandler(filepath.Join(app.Config.DataDirectory, "uploads"))))
+    mux.Handle("/uploads/", http.StripPrefix("/uploads", view.StaticHandler(filepath.Join(app.Config.DataDirectory, "uploads"))))
     mux.Handle("/cursor-ws", cursor.Handler(app))
-    mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method == http.MethodHead {
-            w.WriteHeader(http.StatusOK)
-            return
-        }
-
-        if r.URL.Path == "/" || r.URL.Path == "/index.html" {
-            err := templates.IndexTemplate.Execute(w, nil)
-            if err != nil {
-                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-            }
-            return
-        }
-        staticHandler("public").ServeHTTP(w, r)
-    }))
+    mux.Handle("/", view.IndexHandler(app))
 
     return mux
 }
 
-func staticHandler(directory string) http.Handler {
-    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path)))
-
-        // does the file exist?
-        if err != nil {
-            if errors.Is(err, os.ErrNotExist) {
-                http.NotFound(w, r)
-                return
-            }
-        }
-
-        // is thjs a directory? (forbidden)
-        if info.IsDir() {
-            http.NotFound(w, r)
-            return
-        }
-
-        http.FileServer(http.Dir(directory)).ServeHTTP(w, r)
-    })
-}
-
 var PoweredByStrings = []string{
     "nerd rage",
     "estrogen",
diff --git a/model/appstate.go b/model/appstate.go
index a910a29..861a991 100644
--- a/model/appstate.go
+++ b/model/appstate.go
@@ -21,6 +21,12 @@ type (
         Secret string `toml:"secret"`
     }
 
+    TwitchConfig struct {
+        Broadcaster string `toml:"broadcaster"`
+        ClientID string `toml:"client_id"`
+        Secret string `toml:"secret"`
+    }
+
     Config struct {
         BaseUrl string `toml:"base_url" comment:"Used for OAuth redirects."`
         Host string `toml:"host"`
@@ -29,11 +35,13 @@ type (
         TrustedProxies []string `toml:"trusted_proxies"`
         DB DBConfig `toml:"db"`
         Discord DiscordConfig `toml:"discord"`
+        Twitch TwitchConfig `toml:"twitch"`
     }
 
     AppState struct {
         DB *sqlx.DB
         Config Config
         Log log.Logger
+        Twitch *TwitchState
     }
 )
diff --git a/model/twitch.go b/model/twitch.go
new file mode 100644
index 0000000..6bca17d
--- /dev/null
+++ b/model/twitch.go
@@ -0,0 +1,43 @@
+package model
+
+import (
+	"fmt"
+	"strings"
+	"time"
+)
+
+type (
+    TwitchOAuthToken struct {
+        AccessToken string
+        ExpiresAt time.Time
+        TokenType string
+    }
+
+    TwitchState struct {
+        Token *TwitchOAuthToken
+    }
+
+    TwitchStreamInfo struct {
+        ID string `json:"id"`
+        UserID string `json:"user_id"`
+        UserLogin string `json:"user_login"`
+        UserName string `json:"user_name"`
+        GameID string `json:"game_id"`
+        GameName string `json:"game_name"`
+        Type string `json:"type"`
+        Title string `json:"title"`
+        ViewerCount int `json:"viewer_count"`
+        StartedAt string `json:"started_at"`
+        Language string `json:"language"`
+        ThumbnailURL string `json:"thumbnail_url"`
+        TagIDs []string `json:"tag_ids"`
+        Tags []string `json:"tags"`
+        IsMature bool `json:"is_mature"`
+    }
+)
+
+func (info *TwitchStreamInfo) Thumbnail(width int, height int) string {
+    res := strings.Replace(info.ThumbnailURL, "{width}", fmt.Sprintf("%d", width), 1)
+    res = strings.Replace(res, "{height}", fmt.Sprintf("%d", height), 1)
+    return res
+}
diff --git a/public/style/colours.css b/public/style/colours.css
index 2bf607d..de63198 100644
--- a/public/style/colours.css
+++ b/public/style/colours.css
@@ -6,6 +6,7 @@
     --secondary: #f8e05b;
     --tertiary: #f788fe;
     --links: #5eb2ff;
+    --live: #fd3737;
 }
 
 @media (prefers-color-scheme: light) {
diff --git a/public/style/index.css b/public/style/index.css
index 6edb362..f60fdb7 100644
--- a/public/style/index.css
+++ b/public/style/index.css
@@ -222,3 +222,84 @@ div#web-buttons {
     transform: translate(-2px, -2px);
     box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee;
 }
+
+#live-banner {
+    margin: 1em 0 2em 0;
+    padding: 1em;
+    border-radius: 4px;
+    border: 1px solid var(--primary);
+    box-shadow: 0 0 8px var(--primary);
+}
+
+#live-banner h2 {
+    margin: 0 0 .4em 0;
+    color: var(--on-background);
+}
+
+#live-banner p {
+    margin: 0;
+}
+
+.live-highlight {
+    color: var(--primary);
+}
+
+.live-preview {
+    display: flex;
+    flex-direction: row;
+    justify-content: center;
+    gap: 1em;
+}
+
+.live-preview div:first-of-type {
+    text-align: center;
+}
+
+.live-thumbnail {
+    border-radius: 4px;
+}
+
+.live-button {
+    margin: .2em;
+    padding: .4em .5em;
+    display: inline-block;
+    color: var(--primary);
+    border: 1px solid var(--primary);
+    border-radius: 4px;
+    transition: color .1s linear, background-color .1s linear, box-shadow .1s linear;
+}
+
+.live-button:hover {
+    color: var(--background);
+    background-color: var(--primary);
+    box-shadow: 0 0 8px var(--primary);
+    text-decoration: none;
+}
+
+.live-info {
+    display: flex;
+    flex-direction: column;
+    gap: .3em;
+    overflow-x: hidden;
+}
+
+.live-game {
+    overflow: hidden;
+    text-wrap: nowrap;
+    text-overflow: ellipsis;
+}
+
+.live-game .live-game-prefix {
+    opacity: .8;
+}
+
+.live-title {
+    display: -webkit-box;
+    -webkit-line-clamp: 2;
+    -webkit-box-orient: vertical;
+    overflow: hidden;
+}
+
+.live-viewers {
+    opacity: .5;
+}
diff --git a/view/index.go b/view/index.go
new file mode 100644
index 0000000..995de44
--- /dev/null
+++ b/view/index.go
@@ -0,0 +1,45 @@
+package view
+
+import (
+	"arimelody-web/controller"
+	"arimelody-web/model"
+	"arimelody-web/templates"
+	"fmt"
+	"net/http"
+	"os"
+)
+
+func IndexHandler(app *model.AppState) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        if r.Method == http.MethodHead {
+            w.WriteHeader(http.StatusOK)
+            return
+        }
+
+        type IndexData struct {
+            TwitchStatus *model.TwitchStreamInfo
+        }
+
+        var err error
+        var twitchStatus *model.TwitchStreamInfo = nil
+        if len(app.Config.Twitch.Broadcaster) > 0 {
+            twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err)
+            }
+        }
+
+        if r.URL.Path == "/" || r.URL.Path == "/index.html" {
+            err := templates.IndexTemplate.Execute(w, IndexData{
+                TwitchStatus: twitchStatus,
+            })
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to render index page: %v\n", err)
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            }
+            return
+        }
+
+        StaticHandler("public").ServeHTTP(w, r)
+    })
+}
diff --git a/view/static.go b/view/static.go
new file mode 100644
index 0000000..52263a2
--- /dev/null
+++ b/view/static.go
@@ -0,0 +1,31 @@
+package view
+
+import (
+	"errors"
+	"net/http"
+	"os"
+	"path/filepath"
+)
+
+func StaticHandler(directory string) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path)))
+
+        // does the file exist?
+        if err != nil {
+            if errors.Is(err, os.ErrNotExist) {
+                http.NotFound(w, r)
+                return
+            }
+        }
+
+        // is thjs a directory? (forbidden)
+        if info.IsDir() {
+            http.NotFound(w, r)
+            return
+        }
+
+        http.FileServer(http.Dir(directory)).ServeHTTP(w, r)
+    })
+}
+
diff --git a/views/index.html b/views/index.html
index f639c55..98a862c 100644
--- a/views/index.html
+++ b/views/index.html
@@ -22,6 +22,23 @@
 
 {{define "content"}}
 <main>
+    {{if .TwitchStatus}}
+    <div id="live-banner">
+        <h2>ari is <span class="live-highlight">LIVE</span> right now!</h2>
+        <div class="live-preview">
+            <div>
+                <img src="{{.TwitchStatus.Thumbnail 144 81}}" alt="livestream thumbnail" class="live-thumbnail">
+                <a href="https://twitch.tv/{{.TwitchStatus.UserName}}" class="live-button">join in!</a>
+            </div>
+            <div class="live-info">
+                <p class="live-game"><span class="live-game-prefix">streaming:</span> {{.TwitchStatus.GameName}}</p>
+                <p class="live-title">{{.TwitchStatus.Title}}</p>
+                <p class="live-viewers">{{.TwitchStatus.ViewerCount}} viewers</p>
+            </div>
+        </div>
+    </div>
+    {{end}}
+    
     <h1 class="typeout">
         # hello, world!
     </h1>

From 581273370de2029c8258564ab2a180eea93f0a0d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 17 Jun 2025 02:01:06 +0100
Subject: [PATCH 47/88] improvements to LIVE tracker

---
 controller/twitch.go   |  3 ---
 main.go                |  8 +++++---
 model/appstate.go      |  4 ++--
 public/style/index.css | 41 +++++++++++++++++++++++++++++++++++------
 public/style/main.css  |  1 +
 view/index.go          |  2 +-
 views/index.html       |  2 +-
 7 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/controller/twitch.go b/controller/twitch.go
index f7dc509..98d3b9a 100644
--- a/controller/twitch.go
+++ b/controller/twitch.go
@@ -4,7 +4,6 @@ import (
 	"arimelody-web/model"
 	"bytes"
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"net/url"
 	"time"
@@ -63,8 +62,6 @@ func GetTwitchStatus(app *model.AppState, broadcaster string) (*model.TwitchStre
         return lastStreamState, nil
     }
 
-    fmt.Print("MAKING COSTLY REQUEST TO TWITCH.TV API...\n")
-
     requestUrl, _ := url.Parse(TWITCH_API_BASE + "streams")
     requestUrl.RawQuery = url.Values{
         "user_login": []string{ broadcaster },
diff --git a/main.go b/main.go
index 8f37639..0234d79 100644
--- a/main.go
+++ b/main.go
@@ -460,9 +460,11 @@ func main() {
     // handle DB migrations
     controller.CheckDBVersionAndMigrate(app.DB)
 
-    err = controller.TwitchSetup(&app)
-    if err != nil {
-        fmt.Fprintf(os.Stderr, "WARN: Failed to set up Twitch integration: %v\n", err)
+    if app.Config.Twitch != nil {
+        err = controller.TwitchSetup(&app)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to set up Twitch integration: %v\n", err)
+        }
     }
 
     // initial invite code
diff --git a/model/appstate.go b/model/appstate.go
index 861a991..3a1c230 100644
--- a/model/appstate.go
+++ b/model/appstate.go
@@ -34,8 +34,8 @@ type (
         DataDirectory string `toml:"data_dir"`
         TrustedProxies []string `toml:"trusted_proxies"`
         DB DBConfig `toml:"db"`
-        Discord DiscordConfig `toml:"discord"`
-        Twitch TwitchConfig `toml:"twitch"`
+        Discord *DiscordConfig `toml:"discord"`
+        Twitch *TwitchConfig `toml:"twitch"`
     }
 
     AppState struct {
diff --git a/public/style/index.css b/public/style/index.css
index f60fdb7..6efe241 100644
--- a/public/style/index.css
+++ b/public/style/index.css
@@ -231,11 +231,6 @@ div#web-buttons {
     box-shadow: 0 0 8px var(--primary);
 }
 
-#live-banner h2 {
-    margin: 0 0 .4em 0;
-    color: var(--on-background);
-}
-
 #live-banner p {
     margin: 0;
 }
@@ -252,7 +247,11 @@ div#web-buttons {
 }
 
 .live-preview div:first-of-type {
-    text-align: center;
+    display: flex;
+    flex-direction: column;
+    justify-content: space-between;
+    align-items: center;
+    gap: .3em;
 }
 
 .live-thumbnail {
@@ -283,6 +282,36 @@ div#web-buttons {
     overflow-x: hidden;
 }
 
+#live-banner h2 {
+    margin: 0;
+    color: var(--on-background);
+    font-family: 'Inter', sans-serif;
+    font-weight: 800;
+    font-style: italic;
+}
+
+.live-pinger {
+    width: .5em;
+    height: .5em;
+    margin: .1em .2em;
+    display: inline-block;
+    border-radius: 100%;
+    background-color: var(--primary);
+    box-shadow: 0 0 4px var(--primary);
+    animation: live-pinger-pulse 1s infinite alternate ease-in-out;
+}
+
+@keyframes live-pinger-pulse {
+    from {
+        opacity: .8;
+        transform: scale(1.0);
+    }
+    to {
+        opacity: 1;
+        transform: scale(1.1);
+    }
+}
+
 .live-game {
     overflow: hidden;
     text-wrap: nowrap;
diff --git a/public/style/main.css b/public/style/main.css
index 4e9e113..680ee2b 100644
--- a/public/style/main.css
+++ b/public/style/main.css
@@ -3,6 +3,7 @@
 @import url("/style/footer.css");
 @import url("/style/prideflag.css");
 @import url("/style/cursor.css");
+@import url("/font/inter/inter.css");
 
 @font-face {
     font-family: "Monaspace Argon";
diff --git a/view/index.go b/view/index.go
index 995de44..b6e3891 100644
--- a/view/index.go
+++ b/view/index.go
@@ -22,7 +22,7 @@ func IndexHandler(app *model.AppState) http.Handler {
 
         var err error
         var twitchStatus *model.TwitchStreamInfo = nil
-        if len(app.Config.Twitch.Broadcaster) > 0 {
+        if app.Twitch != nil && len(app.Config.Twitch.Broadcaster) > 0 {
             twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster)
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err)
diff --git a/views/index.html b/views/index.html
index 98a862c..6985f6c 100644
--- a/views/index.html
+++ b/views/index.html
@@ -24,13 +24,13 @@
 <main>
     {{if .TwitchStatus}}
     <div id="live-banner">
-        <h2>ari is <span class="live-highlight">LIVE</span> right now!</h2>
         <div class="live-preview">
             <div>
                 <img src="{{.TwitchStatus.Thumbnail 144 81}}" alt="livestream thumbnail" class="live-thumbnail">
                 <a href="https://twitch.tv/{{.TwitchStatus.UserName}}" class="live-button">join in!</a>
             </div>
             <div class="live-info">
+                <h2>ari melody <span class="live-highlight">LIVE</span> <i class="live-pinger"></i></h2>
                 <p class="live-game"><span class="live-game-prefix">streaming:</span> {{.TwitchStatus.GameName}}</p>
                 <p class="live-title">{{.TwitchStatus.Title}}</p>
                 <p class="live-viewers">{{.TwitchStatus.ViewerCount}} viewers</p>

From 375ae84ae33d352421dffcfbe44bbbdff32a3b11 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 22 Jun 2025 18:00:08 +0100
Subject: [PATCH 48/88] update some arimelody.me references to .space

---
 views/index.html | 30 ++++--------------------------
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/views/index.html b/views/index.html
index 6985f6c..37bd2a3 100644
--- a/views/index.html
+++ b/views/index.html
@@ -6,8 +6,8 @@
 
 <meta property="og:title" content="ari melody">
 <meta property="og:type" content="website">
-<meta property="og:url" content="www.arimelody.me">
-<meta property="og:image" content="https://www.arimelody.me/img/favicon.png">
+<meta property="og:url" content="www.arimelody.space">
+<meta property="og:image" content="https://www.arimelody.space/img/favicon.png">
 <meta property="og:site_name" content="ari melody">
 <meta property="og:description" content="home to your local SPACEGIRL 💫">
 
@@ -101,28 +101,6 @@
     <p>
     <strong>where to find me 🛰️</strong>
     </p>
-    <!--
-    <ul class="links">
-        <li>
-            <a href="https://youtube.com/@arispacegirl">youtube</a>
-        </li>
-        <li>
-            <a href="https://twitch.tv/arispacegirl">twitch</a>
-        </li>
-        <li>
-            <a href="https://arimelody.bandcamp.com">bandcamp</a>
-        </li>
-        <li>
-            <a href="https://codeberg.org/arimelody">codeberg</a>
-        </li>
-        <li>
-            <a href="https://bsky.app/profile/arimelody.me">bluesky</a>
-        </li>
-        <li>
-            <a href="https://discord.gg/MmJtBebF28">discord</a>
-        </li>
-    </ul>
-    -->
     <ul class="platform-links">
         <li>
             <a href="https://youtube.com/@arispacegirl" title="youtube">
@@ -149,7 +127,7 @@
             </a>
         </li>
         <li>
-            <a href="https://bsky.app/profile/arimelody.me" title="bluesky">
+            <a href="https://bsky.app/profile/arimelody.space" title="bluesky">
                 <img src="/img/brand/bluesky.svg" alt="bluesky" width="32" height="32"/>
                 bluesky
             </a>
@@ -181,7 +159,7 @@
             </div>
         </li>
         <li class="project-item">
-            <img src="https://git.arimelody.me/repo-avatars/6b0a1ffb78cbc6f906f83152ea42a710220174e8f48a3e44f159ae58dacd7a2f" alt="catdance icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <img src="https://git.arimelody.me/repo-avatars/6b0a1ffb78cbc6f906f83152ea42a710220174e8f48a3e44f159ae58dacd7a2f" alt="pride flag icon" aria-hidden=true class="project-icon" width="64" height="64">
             <div class="project-info">
                 <a href="https://git.arimelody.me/ari/prideflag">pride flag</a>
                 <p>progressive pride flag widget for websites</p>

From 7a354cddf520e5673f347f911c2951401a53da35 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 22 Jun 2025 18:05:21 +0100
Subject: [PATCH 49/88] update some more links!

---
 views/index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/views/index.html b/views/index.html
index 37bd2a3..0e09475 100644
--- a/views/index.html
+++ b/views/index.html
@@ -133,7 +133,7 @@
             </a>
         </li>
         <li>
-            <a href="https://discord.gg/MmJtBebF28" title="discord">
+            <a href="https://arimelody.space/discord" title="discord">
                 <img src="/img/brand/discord.svg" alt="discord" width="32" height="32"/>
                 discord
             </a>
@@ -202,7 +202,7 @@
     </h2>
 
     <div id="web-buttons">
-        <a href="https://arimelody.me">
+        <a href="https://arimelody.space">
             <img src="/img/buttons/ari melody.gif" alt="ari melody web button" width="88" height="31">
         </a>
         <a href="https://supitszaire.com">

From 05ab207a1f365d3a6c0742bda79431a2e3803742 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sat, 5 Jul 2025 18:53:57 +0100
Subject: [PATCH 50/88] live banner: fix horizontal alignment

---
 public/style/index.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/style/index.css b/public/style/index.css
index 6efe241..b970c17 100644
--- a/public/style/index.css
+++ b/public/style/index.css
@@ -242,7 +242,7 @@ div#web-buttons {
 .live-preview {
     display: flex;
     flex-direction: row;
-    justify-content: center;
+    justify-content: start;
     gap: 1em;
 }
 

From 1896633fd18ebf4580e19a2810eb717d8b38e39a Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 18 Jul 2025 23:38:01 +0100
Subject: [PATCH 51/88] clear expired sessions on server start

why wasn't i doing this before?? :sob:
---
 controller/session.go | 4 ++++
 main.go               | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/controller/session.go b/controller/session.go
index b037575..5028789 100644
--- a/controller/session.go
+++ b/controller/session.go
@@ -188,3 +188,7 @@ func DeleteSession(db *sqlx.DB, token string) error {
     return err
 }
 
+func DeleteExpiredSessions(db *sqlx.DB) error {
+    _, err := db.Exec("DELETE FROM session WHERE expires_at<current_timestamp")
+    return err
+}
diff --git a/main.go b/main.go
index 0234d79..7bcd5ac 100644
--- a/main.go
+++ b/main.go
@@ -487,6 +487,13 @@ func main() {
         fmt.Printf("No accounts exist! Generated invite code: %s\n", invite.Code)
     }
 
+    // delete expired sessions
+    err = controller.DeleteExpiredSessions(app.DB)
+    if err != nil {
+        fmt.Fprintf(os.Stderr, "FATAL: Failed to clear expired sessions: %v\n", err)
+        os.Exit(1)
+    }
+
     // delete expired invites
     err = controller.DeleteExpiredInvites(app.DB)
     if err != nil {

From 90ac0487e314782e0fd0390c1b5df09be080d053 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 1 Aug 2025 00:29:47 +0100
Subject: [PATCH 52/88] update web buttons

---
 public/img/buttons/girlonthemoon.png | Bin 0 -> 1556 bytes
 views/index.html                     |   3 +++
 2 files changed, 3 insertions(+)
 create mode 100644 public/img/buttons/girlonthemoon.png

diff --git a/public/img/buttons/girlonthemoon.png b/public/img/buttons/girlonthemoon.png
new file mode 100644
index 0000000000000000000000000000000000000000..4e98a12226a4ae1f958336c54d46413e5cdb5bee
GIT binary patch
literal 1556
zcmV+v2J88WP)<h;3K|Lk000e1NJLTq003A30018d1^@s6W5^2N0004mX+uL$Nkc;*
zaB^>EX>4Tx04R}tkv&MmKpe$iTeVUv3U&~2$k003MMWHI6^c+H)C#RSm|XfHG-*gu
zTpR`0f`cE6RR<SmT^(EnLGS~_U2sx#krMxx6k5c1aNLh~_a1le0Dq&xRI@7qsG4PD
zQb{3~UlD?@=s_O_5kp8~rami*X?TvWd-(Wz7w1{t=l&f1O2K4+PasY(-LQz)iKjO$
zo%23%gq0<Q_?&p$pbHW|a$R=$jdRIiKhKO9*~}bqgjgtbu-w6{Y^cOj#8E}nDBquR
zS>e3JS*_Gq>z@3D;exij#C4jZNMQks5FtQD4I8MyLY!8O6cZWRPkQ)A9KT2|nOqxS
z<d{blDkR4b{s+IiHH(uIZc;c2bidg4M+^w=0?oQ@e;?a+^8^Sy16NwxUu^(0pQP8@
zTJ#7Q*aj}H+nT%wT<!qFPr77CjufEjFBXCKGy0}HFmwxqR^8rO`#607veZ@j1~@nb
z#!8gE=JD>{&ffk#)9UXBXg+eHe!)YF00009a7bBm001r{001r{0eGc9b^rhX2XskI
zMF;5y3lJ+H^yciE0000PbVXQnLvL+uWo~o;Lvm$dbY)~9cWHEJAV*0}P*;Ht7XSbQ
z{z*hZRA}Dqnoo!uRUF4Z@6BYBm~3{Fb=B6gySA{d_>UrM3m!bQD0u2Y@fOyDhrJaK
zMYbX+xQBu_p;+(_+M@>rp?DEg7Q3zpR)qzj(n7m6TQ}R?r1>+M84uae>Ez91CY!8D
z%@+d6d-Hqm_xrx@d%xcsA`ZU(x6J@bEH6s7OYp`8gIuM(F?4{rtTtd%37ao|skKcm
zfb6%BPt7JdHJc3lyIsuB*sSF(zP!4-4K90`y#E?Ym+vOG`p;ELYpdaph<?VIl|om>
zH7)r1FB1>|7`N6~Kc59)^u+rlCZ7pUuu46R02+O&fK+|XvD`MQKKC{cN?a%Xavl#?
zZrbDx;b;|YZG71cRk#Cllh<nDI-yFHSp58Qk_+(TW$Ui?$jC#CXU{YC>NygVhj)KO
zbZhJN^6@c0W3ySb`S_yAce&=|Hk3Y~v>O|Zk{%u+9@V&Au5m3_qFgnb73^GDzho0M
z8MPW?FOp`M_EOd6<OM@Xt{+l~2<g-iv8YC7B+ASq!)Q{d73?N?H%j)i?e-2ivr_Pk
z!E0{A6eM*)-tgJ-nqWK~qfj*1F4X{7%awTfkj9?{$+e0kqHAPEhFH&6)Je`S_^`<+
zY!V9UN2k>7oFf&74^Bh?C|7Orw_$zD=K7{h(UKHojC4{b6SLXaF!|`Wx?R~Yd2+PK
z(S4E+SCiyx0$r2g%Cv?eypEE4;mkg}+FUiv&)7UQ(P*pee4zS(&BZJ5$5y?kW`Qnk
zp3RtilhZLw%l`~kk>>T=tKF|cXjMIUEtp>g5VoobB8s!CLirie1q;U_ytrR55r?ti
z`htu`O)Sf1bE{fkrgwk1X@B~e*);H8yq{3b>xaF3XX5s)F?XYkb7H#$!}0p}l^geQ
z?$-*rjj}(%-3Tfyp?gJk7{9)KTk`o&HI7aSo;aYPJKU(5@Xq&=OE)UPugZ<d+X<+X
zga%buw|z^*;JGQuTT3Praf??TlN=luR1Cpaznffglz7MY1yJw+%~)QPe6m#YeA6}&
zhu5B#9G=qdD0q3Xp6`w<SZz=0XTRJ2Uc>&B0O|x!C*k3Q;L-a9(+^6f#s!+JCrEvu
z$2Q-#?TGjB6r4U5ArZUN*AU5ER%<4>p(MAO+zRtjoR@vjey?X+&E<ZkmA@)mud!74
z`MS+)MsV_ZokYz0S*aQ{j1yt)gO2YcMD@I?za6;kgZOu=X!Fvv;LYPY$(a8_433C4
z@WOlc&P}iN!uCAD?d+mnLeCT2FI9yX`br-CsOG>`#E}Jy<we;t$WB!es`<kB6V%^s
z<DR+6_2NZkE~_E?ozOv&>tgb2brBg5{6DBL27mtRGX4b;&mcd6GW2Z#0000<MNUMn
GLSTZI4emJr

literal 0
HcmV?d00001

diff --git a/views/index.html b/views/index.html
index 0e09475..df4d341 100644
--- a/views/index.html
+++ b/views/index.html
@@ -241,6 +241,9 @@
         <a href="https://isabelroses.com/">
             <img src="/img/buttons/isabelroses.gif" alt="isabel roses web button" width="88" height="31">
         </a>
+        <a href="https://bubblegum.girlonthemoon.xyz/">
+            <img src="/img/buttons/girlonthemoon.png" alt="sweet like bubblegum web button" width="88" height="31">
+        </a>
 
         <hr>
 

From ab07554716a2ea0feba7fa4d09275549d1c32158 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Wed, 13 Aug 2025 23:26:23 +0100
Subject: [PATCH 53/88] update fediverse rel

---
 views/index.html | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/views/index.html b/views/index.html
index df4d341..05388f8 100644
--- a/views/index.html
+++ b/views/index.html
@@ -14,8 +14,7 @@
 <link rel="stylesheet" href="/style/main.css">
 <link rel="stylesheet" href="/style/index.css">
 
-<link rel="me" href="https://ice.arimelody.me/@ari">
-<link rel="me" href="https://wetdry.world/@ari">
+<link rel="me" href="https://fedi.arimelody.space/@ari">
 
 <script type="module" src="/script/index.js" defer></script>
 {{end}}

From c49084afb05abdccbbc25a2bf79412085bc7864d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Thu, 14 Aug 2025 01:07:53 +0100
Subject: [PATCH 54/88] replace straggler arimelody.me mentions with .space

email notwithstanding
---
 README.md                  |  4 +--
 admin/views/layout.html    |  2 +-
 controller/config.go       |  2 +-
 controller/totp.go         |  4 +--
 docker-compose.example.yml |  2 +-
 main.go                    |  2 +-
 public/img/prideflag.svg   | 64 +++++++++++++++++++-------------------
 public/script/config.js    |  2 +-
 public/script/prideflag.js |  6 ++--
 views/footer.html          |  2 +-
 views/index.html           | 14 ++++-----
 views/music-gateway.html   | 12 +++----
 views/music.html           |  6 ++--
 13 files changed, 61 insertions(+), 61 deletions(-)

diff --git a/README.md b/README.md
index 464379e..75b2095 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,10 @@
-# arimelody.me
+# ari melody website
 
 home to your local SPACEGIRL! 💫
 
 ---
 
-built up from the initial [static](https://git.arimelody.me/ari/arimelody.me-static)
+built up from the initial [static](https://forge.arimelody.space/ari/arimelody.me-static)
 branch, this powerful, server-side rendered version comes complete with live
 updates, powered by a new database and handy admin panel!
 
diff --git a/admin/views/layout.html b/admin/views/layout.html
index 52b0620..fdeda9b 100644
--- a/admin/views/layout.html
+++ b/admin/views/layout.html
@@ -18,7 +18,7 @@
             <nav>
                 <img src="/img/favicon.png" alt="" class="icon">
                 <div class="nav-item">
-                    <a href="/">arimelody.me</a>
+                    <a href="/">ari melody</a>
                 </div>
                 <div class="nav-item">
                     <a href="/admin">home</a>
diff --git a/controller/config.go b/controller/config.go
index fdfa756..77619d7 100644
--- a/controller/config.go
+++ b/controller/config.go
@@ -18,7 +18,7 @@ func GetConfig() model.Config {
     }
 
     config := model.Config{
-        BaseUrl: "https://arimelody.me",
+        BaseUrl: "https://arimelody.space",
         Host: "0.0.0.0",
         Port: 8080,
         TrustedProxies: []string{ "127.0.0.1" },
diff --git a/controller/totp.go b/controller/totp.go
index 076d3a1..3937459 100644
--- a/controller/totp.go
+++ b/controller/totp.go
@@ -58,12 +58,12 @@ func GenerateTOTPURI(username string, secret string) string {
     url := url.URL{
         Scheme: "otpauth",
         Host: "totp",
-        Path: url.QueryEscape("arimelody.me") + ":" + url.QueryEscape(username),
+        Path: url.QueryEscape("arimelody.space") + ":" + url.QueryEscape(username),
     }
 
     query := url.Query()
     query.Set("secret", secret)
-    query.Set("issuer", "arimelody.me")
+    query.Set("issuer", "arimelody.space")
     // query.Set("algorithm", "SHA1")
     // query.Set("digits", fmt.Sprintf("%d", TOTP_CODE_LENGTH))
     // query.Set("period", fmt.Sprintf("%d", TOTP_TIME_STEP))
diff --git a/docker-compose.example.yml b/docker-compose.example.yml
index 7833201..62843b9 100644
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -1,6 +1,6 @@
 services:
   web:
-    image: docker.arimelody.me/arimelody.me:latest
+    image: docker.arimelody.space/arimelody.me:latest
     build: .
     ports:
       - 8080:8080
diff --git a/main.go b/main.go
index 7bcd5ac..53f2883 100644
--- a/main.go
+++ b/main.go
@@ -564,7 +564,7 @@ var PoweredByStrings = []string{
 
 func DefaultHeaders(next http.Handler) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        w.Header().Add("Server", "arimelody.me")
+        w.Header().Add("Server", "ari melody webbed site")
         w.Header().Add("Do-Not-Stab", "1")
         w.Header().Add("X-Clacks-Overhead", "GNU Terry Pratchett")
         w.Header().Add("X-Hacker", "spare me please")
diff --git a/public/img/prideflag.svg b/public/img/prideflag.svg
index 86654df..343a54f 100644
--- a/public/img/prideflag.svg
+++ b/public/img/prideflag.svg
@@ -1,32 +1,32 @@
-<!--
-  pride flag - copyright (c) 2024 ari melody
-  
-  this code is provided AS-IS, WITHOUT ANY WARRANTY, to be
-  freely redistributed and/or modified as you please, however
-  retaining this license in any redistribution.
-  
-  please use this flag to link to an LGBTQI+-supporting page
-  of your choosing!
-  
-  web: https://arimelody.me
-  source: https://git.arimelody.me/ari/prideflag
--->
-
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120">
-  <path id="red" d="M120,80 L100,100 L120,120 Z" style="fill:#d20605"/>
-  <path id="orange" d="M120,80 V40 L80,80 L100,100 Z" style="fill:#ef9c00"/>
-  <path id="yellow" d="M120,40 V0 L60,60 L80,80 Z" style="fill:#e5fe02"/>
-  <path id="green" d="M120,0 H80 L40,40 L60,60 Z" style="fill:#09be01"/>
-  <path id="blue" d="M80,0 H40 L20,20 L40,40 Z" style="fill:#081a9a"/>
-  <path id="purple" d="M40,0 H0 L20,20 Z" style="fill:#76008a"/>
-
-  <rect id="black" x="60" width="60" height="60" style="fill:#010101"/>
-  <rect id="brown" x="70" width="50" height="50" style="fill:#603814"/>
-  <rect id="lightblue" x="80" width="40" height="40" style="fill:#73d6ed"/>
-  <rect id="pink" x="90" width="30" height="30" style="fill:#ffafc8"/>
-  <rect id="white" x="100" width="20" height="20" style="fill:#fff"/>
-  
-  <rect id="intyellow" x="110" width="10" height="10" style="fill:#fed800"/>
-  <circle id="intpurple" cx="120" cy="0" r="5" stroke="#7601ad" stroke-width="2" fill="none"/>
-</svg>
-
+<!--
+  pride flag - copyright (c) 2024 ari melody
+  
+  this code is provided AS-IS, WITHOUT ANY WARRANTY, to be
+  freely redistributed and/or modified as you please, however
+  retaining this license in any redistribution.
+  
+  please use this flag to link to an LGBTQI+-supporting page
+  of your choosing!
+  
+  web: https://arimelody.space
+  source: https://forge.arimelody.space/ari/prideflag
+-->
+
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120">
+  <path id="red" d="M120,80 L100,100 L120,120 Z" style="fill:#d20605"/>
+  <path id="orange" d="M120,80 V40 L80,80 L100,100 Z" style="fill:#ef9c00"/>
+  <path id="yellow" d="M120,40 V0 L60,60 L80,80 Z" style="fill:#e5fe02"/>
+  <path id="green" d="M120,0 H80 L40,40 L60,60 Z" style="fill:#09be01"/>
+  <path id="blue" d="M80,0 H40 L20,20 L40,40 Z" style="fill:#081a9a"/>
+  <path id="purple" d="M40,0 H0 L20,20 Z" style="fill:#76008a"/>
+
+  <rect id="black" x="60" width="60" height="60" style="fill:#010101"/>
+  <rect id="brown" x="70" width="50" height="50" style="fill:#603814"/>
+  <rect id="lightblue" x="80" width="40" height="40" style="fill:#73d6ed"/>
+  <rect id="pink" x="90" width="30" height="30" style="fill:#ffafc8"/>
+  <rect id="white" x="100" width="20" height="20" style="fill:#fff"/>
+  
+  <rect id="intyellow" x="110" width="10" height="10" style="fill:#fed800"/>
+  <circle id="intpurple" cx="120" cy="0" r="5" stroke="#7601ad" stroke-width="2" fill="none"/>
+</svg>
+
diff --git a/public/script/config.js b/public/script/config.js
index 402a74b..bfa4d03 100644
--- a/public/script/config.js
+++ b/public/script/config.js
@@ -1,4 +1,4 @@
-const ARIMELODY_CONFIG_NAME = "arimelody.me-config";
+const ARIMELODY_CONFIG_NAME = "arimelody-web-config";
 
 class Config {
     _crt = false;
diff --git a/public/script/prideflag.js b/public/script/prideflag.js
index 03aecf9..1b6d19a 100644
--- a/public/script/prideflag.js
+++ b/public/script/prideflag.js
@@ -8,11 +8,11 @@
 // please use this flag to link to an LGBTQI+-supporting page
 // of your choosing!
 // 
-// web: https://arimelody.me
-// source: https://git.arimelody.me/ari/prideflag
+// web: https://arimelody.space
+// source: https://forge.arimelody.space/ari/prideflag
 //
 
-const pride_url = "https://git.arimelody.me/ari/prideflag";
+const pride_url = "https://forge.arimelody.space/ari/prideflag";
 
 const pride_flag_svg =
     `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120">
diff --git a/views/footer.html b/views/footer.html
index eccf125..6d35ef5 100644
--- a/views/footer.html
+++ b/views/footer.html
@@ -5,7 +5,7 @@
       <small>
           <em>
               *made with <span aria-label="love">♥</span> by ari, 2025*
-              <a href="https://git.arimelody.me/ari/arimelody.me" target="_blank">source</a>
+              <a href="https://forge.arimelody.space/ari/arimelody-web" target="_blank">source</a>
           </em>
       </small>
   </div>
diff --git a/views/index.html b/views/index.html
index 05388f8..23f40ea 100644
--- a/views/index.html
+++ b/views/index.html
@@ -151,16 +151,16 @@
             </div>
         </li>
         <li class="project-item">
-            <img src="https://catdance.arimelody.me/img/favicon.png" alt="catdance icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <img src="https://catdance.arimelody.space/img/favicon.png" alt="catdance icon" aria-hidden=true class="project-icon" width="64" height="64">
             <div class="project-info">
-                <a href="https://catdance.arimelody.me">catdance</a>
+                <a href="https://catdance.arimelody.space">catdance</a>
                 <p>watch the cat dance 🐱</p>
             </div>
         </li>
         <li class="project-item">
-            <img src="https://git.arimelody.me/repo-avatars/6b0a1ffb78cbc6f906f83152ea42a710220174e8f48a3e44f159ae58dacd7a2f" alt="pride flag icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <img src="https://forge.arimelody.space/repo-avatars/6b0a1ffb78cbc6f906f83152ea42a710220174e8f48a3e44f159ae58dacd7a2f" alt="pride flag icon" aria-hidden=true class="project-icon" width="64" height="64">
             <div class="project-info">
-                <a href="https://git.arimelody.me/ari/prideflag">pride flag</a>
+                <a href="https://forge.arimelody.space/ari/prideflag">pride flag</a>
                 <p>progressive pride flag widget for websites</p>
             </div>
         </li>
@@ -172,16 +172,16 @@
             </div>
         </li>
         <li class="project-item">
-            <img src="https://impact.arimelody.me/favicon.png" alt="impact meme icon" aria-hidden=true class="project-icon" width="64" height="64">
+            <img src="https://impact.arimelody.space/favicon.png" alt="impact meme icon" aria-hidden=true class="project-icon" width="64" height="64">
             <div class="project-info">
-                <a href="https://impact.arimelody.me/">impact meme</a>
+                <a href="https://impact.arimelody.space/">impact meme</a>
                 <p>impact meme generator</p>
             </div>
         </li>
         <li class="project-item">
             <img src="https://codeberg.org/repo-avatars/e67303eeda4fa6d268948e71b7b0837357d8c519772701ffc36b84ae7975319f" alt="OpenTerminal icon" aria-hidden=true class="project-icon" width="64" height="64">
             <div class="project-info">
-                <a href="https://term.arimelody.me/">OpenTerminal</a>
+                <a href="https://term.arimelody.space/">OpenTerminal</a>
                 <p>communal online text buffer</p>
             </div>
         </li>
diff --git a/views/music-gateway.html b/views/music-gateway.html
index 0f4441c..9007c02 100644
--- a/views/music-gateway.html
+++ b/views/music-gateway.html
@@ -6,22 +6,22 @@
 <meta name="author" content="{{.PrintArtists true true}}">
 <meta name="keywords" content="{{.PrintArtists true false}}, music, {{.Title}}, {{.ID}}, {{.ReleaseDate.Year}}">
 
-<meta property="og:url" content="https://arimelody.me/music/{{.ID}}">
+<meta property="og:url" content="https://arimelody.space/music/{{.ID}}">
 <meta property="og:type" content="website">
 <meta property="og:locale" content="en_IE">
 <meta property="og:site_name" content="ari melody music">
 <meta property="og.Title" content="{{.Title}} - {{.PrintArtists true true}}">
 <meta property="og:description" content="Stream &quot;{{.Title}}&quot; by {{.PrintArtists true true}} on all platforms!">
-<meta property="og:image" content="https://arimelody.me{{.GetArtwork}}">
+<meta property="og:image" content="https://arimelody.space{{.GetArtwork}}">
 
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:site" content="@funniduck">
 <meta name="twitter:creator" content="@funniduck">
-<meta property="twitter:domain" content="arimelody.me">
-<meta property="twitter:url" content="https://arimelody.me/music/{{.ID}}">
+<meta property="twitter:domain" content="arimelody.space">
+<meta property="twitter:url" content="https://arimelody.space/music/{{.ID}}">
 <meta name="twitter.Title" content="{{.PrintArtists true true}} - {{.Title}}">
 <meta name="twitter:description" content="Stream &quot;{{.Title}}&quot; by {{.PrintArtists true true}} on all platforms!">
-<meta name="twitter:image" content="https://arimelody.me{{.GetArtwork}}">
+<meta name="twitter:image" content="https://arimelody.space{{.GetArtwork}}">
 <meta name="twitter:image:alt" content="Cover art for &quot;{{.Title}}&quot;">
 
 <link rel="stylesheet" href="/style/main.css">
@@ -34,7 +34,7 @@
 
     <div id="background" style="background-image: url({{.GetArtwork}})"></div>
 
-    <a href="/music" id="go-back" title="back to arimelody.me">&lt;</a>
+    <a href="/music" id="go-back" title="back to arimelody.space">&lt;</a>
     <br><br>
 
     <div id="music-container">
diff --git a/views/music.html b/views/music.html
index 6f84672..51f712d 100644
--- a/views/music.html
+++ b/views/music.html
@@ -6,8 +6,8 @@
 
 <meta property="og:title" content="ari melody music">
 <meta property="og:type" content="website">
-<meta property="og:url" content="www.arimelody.me/music">
-<meta property="og:image" content="https://www.arimelody.me/img/favicon.png">
+<meta property="og:url" content="www.arimelody.space/music">
+<meta property="og:image" content="https://www.arimelody.space/img/favicon.png">
 <meta property="og:site_name" content="ari melody">
 <meta property="og:description" content="music from your local SPACEGIRL 💫">
 
@@ -72,7 +72,7 @@
         </p>
         <blockquote>
             music used: ari melody - free2play<br>
-            <a href="/music/free2play">https://arimelody.me/music/free2play</a><br>
+            <a href="/music/free2play">https://arimelody.space/music/free2play</a><br>
             licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/" target="_blank">CC BY-SA 4.0</a>.
         </blockquote>
         <p>

From c63a090569d6ef8d12743f802b0361e22c4422cd Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sat, 16 Aug 2025 22:35:49 +0100
Subject: [PATCH 55/88] fix HTTPLog panic with no User-Agent

---
 main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 53f2883..edd4c87 100644
--- a/main.go
+++ b/main.go
@@ -626,6 +626,6 @@ func HTTPLog(next http.Handler) http.Handler {
         lrw.Status,
         colour.Reset,
         elapsed,
-        r.Header["User-Agent"][0])
+        r.Header.Get("User-Agent"))
     })
 }

From 5a330ad7fa631ea331dbf02846262acabbd9ab3e Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Tue, 19 Aug 2025 15:22:59 +0100
Subject: [PATCH 56/88] fix some opengraph

---
 views/index.html         | 2 +-
 views/music-gateway.html | 6 +++---
 views/music.html         | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/views/index.html b/views/index.html
index 23f40ea..23764e1 100644
--- a/views/index.html
+++ b/views/index.html
@@ -8,7 +8,7 @@
 <meta property="og:type" content="website">
 <meta property="og:url" content="www.arimelody.space">
 <meta property="og:image" content="https://www.arimelody.space/img/favicon.png">
-<meta property="og:site_name" content="ari melody">
+<meta property="og:site_name" content="ari melody 💫">
 <meta property="og:description" content="home to your local SPACEGIRL 💫">
 
 <link rel="stylesheet" href="/style/main.css">
diff --git a/views/music-gateway.html b/views/music-gateway.html
index 9007c02..febef4d 100644
--- a/views/music-gateway.html
+++ b/views/music-gateway.html
@@ -9,8 +9,8 @@
 <meta property="og:url" content="https://arimelody.space/music/{{.ID}}">
 <meta property="og:type" content="website">
 <meta property="og:locale" content="en_IE">
-<meta property="og:site_name" content="ari melody music">
-<meta property="og.Title" content="{{.Title}} - {{.PrintArtists true true}}">
+<meta property="og:site_name" content="ari melody 💫">
+<meta property="og:title" content="{{.PrintArtists true true}} - {{.Title}}">
 <meta property="og:description" content="Stream &quot;{{.Title}}&quot; by {{.PrintArtists true true}} on all platforms!">
 <meta property="og:image" content="https://arimelody.space{{.GetArtwork}}">
 
@@ -19,7 +19,7 @@
 <meta name="twitter:creator" content="@funniduck">
 <meta property="twitter:domain" content="arimelody.space">
 <meta property="twitter:url" content="https://arimelody.space/music/{{.ID}}">
-<meta name="twitter.Title" content="{{.PrintArtists true true}} - {{.Title}}">
+<meta name="twitter:title" content="{{.PrintArtists true true}} - {{.Title}}">
 <meta name="twitter:description" content="Stream &quot;{{.Title}}&quot; by {{.PrintArtists true true}} on all platforms!">
 <meta name="twitter:image" content="https://arimelody.space{{.GetArtwork}}">
 <meta name="twitter:image:alt" content="Cover art for &quot;{{.Title}}&quot;">
diff --git a/views/music.html b/views/music.html
index 51f712d..e0a5110 100644
--- a/views/music.html
+++ b/views/music.html
@@ -8,7 +8,7 @@
 <meta property="og:type" content="website">
 <meta property="og:url" content="www.arimelody.space/music">
 <meta property="og:image" content="https://www.arimelody.space/img/favicon.png">
-<meta property="og:site_name" content="ari melody">
+<meta property="og:site_name" content="ari melody 💫">
 <meta property="og:description" content="music from your local SPACEGIRL 💫">
 
 <link rel="stylesheet" href="/style/main.css">

From c82709084b32837956a86d2aa0ccdc4031f4dabf Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Wed, 20 Aug 2025 12:41:55 +0100
Subject: [PATCH 57/88] add quick security check to requests

---
 main.go | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index edd4c87..9133958 100644
--- a/main.go
+++ b/main.go
@@ -515,7 +515,7 @@ func main() {
     fmt.Printf("Now serving at http://%s:%d\n", app.Config.Host, app.Config.Port)
     stdLog.Fatal(
         http.ListenAndServe(fmt.Sprintf("%s:%d", app.Config.Host, app.Config.Port), 
-        HTTPLog(DefaultHeaders(mux)),
+        CheckRequest(&app, HTTPLog(DefaultHeaders(mux))),
     ))
 }
 
@@ -562,6 +562,37 @@ var PoweredByStrings = []string{
     "30 billion dollars in VC funding",
 }
 
+func CheckRequest(app *model.AppState, next http.Handler) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        // requests with empty user agents are considered suspicious.
+        // every browser supplies them; hell, even curl supplies them.
+        // i only ever see null user-agents paired with malicious requests,
+        // so i'm canning them altogether.
+        if len(r.Header.Get("User-Agent")) == 0 {
+            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+            return
+        }
+
+        // same with .php and awkward double-slash requests.
+        // obviously these don't affect me, but these tend to be lazy intrusion
+        // attempts. if that's what you're about, i don't want you on my site.
+        if strings.HasPrefix(r.URL.Path, "//") ||
+        strings.HasSuffix(r.URL.Path, ".php") ||
+        strings.HasSuffix(r.URL.Path, ".php7") {
+            http.NotFound(w, r)
+            fmt.Fprintf(
+                os.Stderr,
+                "WARN: Suspicious activity blocked: {\"path\":\"%s\",\"address\":\"%s\"}\n",
+                r.URL.Path,
+                r.RemoteAddr,
+            )
+            return
+        }
+
+        next.ServeHTTP(w, r)
+    })
+}
+
 func DefaultHeaders(next http.Handler) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         w.Header().Add("Server", "ari melody webbed site")

From d13cfc74ad7c1f8d68c11adeeaf633fae38f9f4e Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 22 Aug 2025 01:06:37 +0100
Subject: [PATCH 58/88] =?UTF-8?q?complete=20arimelody.space=20migration!?=
 =?UTF-8?q?=20=F0=9F=8E=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                    | 11 +---
 docker-compose.example.yml                   |  2 +-
 public/keys/ari melody_0x92678188_public.asc | 26 --------
 public/keys/ari@arimelody.space_public.asc   | 66 ++++++++++++++++++++
 views/index.html                             |  4 +-
 views/music.html                             |  2 +-
 6 files changed, 73 insertions(+), 38 deletions(-)
 delete mode 100644 public/keys/ari melody_0x92678188_public.asc
 create mode 100644 public/keys/ari@arimelody.space_public.asc

diff --git a/README.md b/README.md
index 75b2095..f1fd392 100644
--- a/README.md
+++ b/README.md
@@ -4,14 +4,9 @@ home to your local SPACEGIRL! 💫
 
 ---
 
-built up from the initial [static](https://forge.arimelody.space/ari/arimelody.me-static)
-branch, this powerful, server-side rendered version comes complete with live
-updates, powered by a new database and handy admin panel!
-
-the admin panel currently facilitates live updating of my music discography,
-though i plan to expand it towards art portfolio and blog posts in the future.
-if all goes well, i'd like to later separate these components into their own
-library for others to use in their own sites. exciting stuff!
+a slightly-overcomplicated webserver built to show off everything i've worked
+on, and then some! this server comes complete with twitch live status tracking,
+a portfolio database, and a full-fledged admin CMS panel to manage it all!
 
 ## build
 
diff --git a/docker-compose.example.yml b/docker-compose.example.yml
index 62843b9..5ba8cfa 100644
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -1,6 +1,6 @@
 services:
   web:
-    image: docker.arimelody.space/arimelody.me:latest
+    image: docker.arimelody.space/arimelody-web:latest
     build: .
     ports:
       - 8080:8080
diff --git a/public/keys/ari melody_0x92678188_public.asc b/public/keys/ari melody_0x92678188_public.asc
deleted file mode 100644
index 80a4676..0000000
--- a/public/keys/ari melody_0x92678188_public.asc	
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO
-JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJkEExYKAEECGwMF
-CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQTujeuNYocuegkeKt/PmYKckmeB
-iAUCZ7UqUAUJCIMP8wAKCRDPmYKckmeBiO/NAP0SoJL4aKZqCeYiSoDF/Uw6nMmZ
-+oR1Uig41wQ/IDbhCAEApP2vbjSIu6pcp0AQlL7qcoyPWv+XkqPSFqW9KEZZVwqI
-kwQTFgoAOxYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJk1bTdAhsDBQsJCAcCAiIC
-BhUKCQgLAgQWAgMBAh4HAheAAAoJEM+ZgpySZ4GIYJsA/jBNwsJTlmV9JMmsW0aF
-ApYDoPG1Q7sJ6CRW7xKCRjcqAQDX9iqNnW9Jqo8M3jXfu+aGSF926hg6M3SKm02P
-f27bAbgzBGe1JooWCSsGAQQB2kcPAQEHQJbfh5iLHEpZndMgekqYzqTrUoAJ8ZIL
-d4WH0dcw9tOaiPUEGBYKACYCGwIWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZ7Uq
-VgUJBaOeTACBdiAEGRYKAB0WIQQlu5dWmBR/P3ZxngxgtfA4bj3bfgUCZ7UmigAK
-CRBgtfA4bj3bfux+AP4y5ydrjnGBMX7GuB2nh55SRdscSiXsZ66ntnjXyQcbWgEA
-pDuu7FqXzXcnluuZxNFDT740Rnzs60tTeplDqGGWcAQJEM+ZgpySZ4GIc0kA/iSw
-Nw+r3FC75omwrPpJF13B5fq93FweFx+oSaES6qzkAQDvgCK77qKKbvCju0g8zSsK
-EZnv6xR4uvtGdVkvLpBdC7gzBGe1JpkWCSsGAQQB2kcPAQEHQGnU4lXFLchhKYkC
-PshP+jvuRsNoedaDOK2p4dkQC8JuiH4EGBYKACYCGyAWIQTujeuNYocuegkeKt/P
-mYKckmeBiAUCZ7UqXgUJBaOeRQAKCRDPmYKckmeBiL9KAQCJZIBhuSsoYa61I0XZ
-cKzGZbB0h9pD6eg1VRswNIgHtQEAwu9Hgs1rs9cySvKbO7WgK6Qh6EfrvGgGOXCO
-m3wVsg24OARntSo5EgorBgEEAZdVAQUBAQdA+/k586W1OHxndzDJNpbd+wqjyjr0
-D5IXxfDs00advB0DAQgHiH4EGBYKACYWIQTujeuNYocuegkeKt/PmYKckmeBiAUC
-Z7UqOQIbDAUJBaOagAAKCRDPmYKckmeBiEFxAQCgziQt2l3u7jnZVij4zop+K2Lv
-TVFtkbG61tf6brRzBgD/X6c6X5BRyQC51JV1I1RFRBdeMAIXzcLFg2v3WUMccQs=
-=YmHI
------END PGP PUBLIC KEY BLOCK-----
diff --git a/public/keys/ari@arimelody.space_public.asc b/public/keys/ari@arimelody.space_public.asc
new file mode 100644
index 0000000..4323eba
--- /dev/null
+++ b/public/keys/ari@arimelody.space_public.asc
@@ -0,0 +1,66 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO
+JriRCZy0IGFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkuc3BhY2U+iQJJBBMWCgHx
+AhsDBQkIgw/zBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAhkBFiEE7o3rjWKH
+LnoJHirfz5mCnJJngYgFAmino5w1FIAAAAAAEAAccHJvb2ZAYXJpYWRuZS5pZGRu
+czphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFQ6FIAAAAAAEAAhcHJvb2ZAYXJpYWRu
+ZS5pZGh0dHBzOi8vZmVkaS5hcmltZWxvZHkuc3BhY2UvQGFyaUQUgAAAAAAQACtw
+cm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3JnZS5ibGlzcy50b3duL2FyaS9rZXlv
+eGlkZS1wcm9vZkkUgAAAAAAQADBwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3Jn
+ZS5hcmltZWxvZHkuc3BhY2UvYXJpL2tleW94aWRlLXByb29mRhSAAAAAABAALXBy
+b29mQGFyaWFkbmUuaWRodHRwczovL2NvZGViZXJnLm9yZy9hcmltZWxvZHkva2V5
+b3hpZGUtcHJvb2ZlFIAAAAAAEABMcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vYnNr
+eS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBuZ2l6cnk1dW16a3hyMy9w
+b3N0LzNsaWlucW90cXRjMjIACgkQz5mCnJJngYjDpQEAgFn3bXcxw3xF0dwrSURh
+qpciMY31bkQy9eDMSKcbloIA/1hX1MnUKETdiAtrrK08z4udIXaJr52E5D7IAZk1
+pZwBtB1hcmkgbWVsb2R5IDxhcmlAYXJpbWVsb2R5Lm1lPoiTBBMWCgA7FiEE7o3r
+jWKHLnoJHirfz5mCnJJngYgFAmTVtN0CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
+HgcCF4AACgkQz5mCnJJngYhgmwD+ME3CwlOWZX0kyaxbRoUClgOg8bVDuwnoJFbv
+EoJGNyoBANf2Ko2db0mqjwzeNd+75oZIX3bqGDozdIqbTY9/btsBiQIKBBMWCgGy
+AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheABQkIgw/zFiEE7o3rjWKHLnoJ
+Hirfz5mCnJJngYgFAme1wUA2FIAAAAAAEAAdcHJvb2ZAYXJpYWRuZS5pZGh0dHBz
+Oi8vaWNlLmFyaW1lbG9keS5tZS9AYXJpWxSAAAAAABAAQnByb29mQGFyaWFkbmUu
+aWRodHRwczovL2dpc3QuZ2l0aHViLmNvbS9hcmltZWxvZHkvMzY2ZGMyYjZhYWVk
+ZWMxOWU2MTRiN2NlY2U5Yzg2OWQyFIAAAAAAEAAZcHJvb2ZAYXJpYWRuZS5pZGRu
+czphcmltZWxvZHkubWU/dHlwZT1UWFRlFIAAAAAAEABMcHJvb2ZAYXJpYWRuZS5p
+ZGh0dHBzOi8vYnNreS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBuZ2l6
+cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjJEFIAAAAAAEAArcHJvb2ZAYXJp
+YWRuZS5pZGh0dHBzOi8vZ2l0LmFyaW1lbG9keS5tZS9hcmkva2V5b3hpZGVfcHJv
+b2YACgkQz5mCnJJngYh3+QD+Pbo3bM4oWtUicGUGEp4jiFoBqSNlyl9rFPY0ODDS
+DxEBANaXz/No/Hn3mEwNdrFigj/YPm7TH/4UBbHAxN6hDggPiQJGBBMWCgHuAhsD
+BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheABQkIgw/zFiEE7o3rjWKHLnoJHirf
+z5mCnJJngYgFAmino5VJFIAAAAAAEAAwcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8v
+Zm9yZ2UuYXJpbWVsb2R5LnNwYWNlL2FyaS9rZXlveGlkZS1wcm9vZkYUgAAAAAAQ
+AC1wcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9jb2RlYmVyZy5vcmcvYXJpbWVsb2R5
+L2tleW94aWRlLXByb29mOhSAAAAAABAAIXByb29mQGFyaWFkbmUuaWRodHRwczov
+L2ZlZGkuYXJpbWVsb2R5LnNwYWNlL0BhcmllFIAAAAAAEABMcHJvb2ZAYXJpYWRu
+ZS5pZGh0dHBzOi8vYnNreS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBu
+Z2l6cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjI1FIAAAAAAEAAccHJvb2ZA
+YXJpYWRuZS5pZGRuczphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFREFIAAAAAAEAAr
+cHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vZm9yZ2UuYmxpc3MudG93bi9hcmkva2V5
+b3hpZGUtcHJvb2YACgkQz5mCnJJngYgKNQD/UA2THttICUvz2p5cbPlJIm/QStRE
+6crttsTeFSsyocgBAPDXpkdssPNNnxxVvCNATTTxiS08Cy+xxQVrjWztjlUCuDME
+Z7UmihYJKwYBBAHaRw8BAQdAlt+HmIscSlmd0yB6SpjOpOtSgAnxkgt3hYfR1zD2
+05qI9QQYFgoAJgIbAhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSpWBQkFo55M
+AIF2IAQZFgoAHRYhBCW7l1aYFH8/dnGeDGC18DhuPdt+BQJntSaKAAoJEGC18Dhu
+Pdt+7H4A/jLnJ2uOcYExfsa4HaeHnlJF2xxKJexnrqe2eNfJBxtaAQCkO67sWpfN
+dyeW65nE0UNPvjRGfOzrS1N6mUOoYZZwBAkQz5mCnJJngYhzSQD+JLA3D6vcULvm
+ibCs+kkXXcHl+r3cXB4XH6hJoRLqrOQBAO+AIrvuoopu8KO7SDzNKwoRme/rFHi6
++0Z1WS8ukF0LuDMEZ7UmmRYJKwYBBAHaRw8BAQdAadTiVcUtyGEpiQI+yE/6O+5G
+w2h51oM4ranh2RALwm6IfgQYFgoAJgIbIBYhBO6N641ihy56CR4q38+ZgpySZ4GI
+BQJntSpeBQkFo55FAAoJEM+ZgpySZ4GIv0oBAIlkgGG5KyhhrrUjRdlwrMZlsHSH
+2kPp6DVVGzA0iAe1AQDC70eCzWuz1zJK8ps7taArpCHoR+u8aAY5cI6bfBWyDbg4
+BGe1KjkSCisGAQQBl1UBBQEBB0D7+TnzpbU4fGd3MMk2lt37CqPKOvQPkhfF8OzT
+Rp28HQMBCAeIfgQYFgoAJhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSo5AhsM
+BQkFo5qAAAoJEM+ZgpySZ4GIQXEBAKDOJC3aXe7uOdlWKPjOin4rYu9NUW2RsbrW
+1/putHMGAP9fpzpfkFHJALnUlXUjVEVEF14wAhfNwsWDa/dZQxxxC7g4BGTVtN0S
+CisGAQQBl1UBBQEBB0CcDZ2s/NAGhc13AisWei+4XQKNf7z7xBK6AIXhrlkRcQMB
+CAeIeAQoFgoAIBYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntT6fAh0DAAoJEM+Z
+gpySZ4GIgX8A/1d8CZFSRB0TRU8h6ijTS1+O2bKJ0uwydfQHL5b3fA4OAQDOU6eG
+Ml82IKGhbFoJl7wm5X4+l5+lNqwZymNoZjVhBIh4BBgWCgAgFiEE7o3rjWKHLnoJ
+Hirfz5mCnJJngYgFAmTVtN0CGwwACgkQz5mCnJJngYgv8QEA9YbuFnLLUeNJZFMT
+KoWeOMJos6wwPnhgnYexntxsu/cBAMd/ORp2KDaZTEwOAUxrO6K1eFkn0pKAcdPq
+cdVDnsIL
+=Mzcq
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/views/index.html b/views/index.html
index 23764e1..6d0af2c 100644
--- a/views/index.html
+++ b/views/index.html
@@ -66,7 +66,7 @@
     </p>
     <p>
     for anything else, you can reach me for any and all communications through
-    <a href="mailto:ari@arimelody.me">ari@arimelody.me</a>. if your message
+    <a href="mailto:ari@arimelody.space">ari@arimelody.space</a>. if your message
     contains anything beyond a silly gag, i strongly recommend encrypting
     your message using my public pgp key, listed below!
     </p>
@@ -93,7 +93,7 @@
     <strong>my keys 🔑</strong>
     </p>
     <ul>
-        <li>pgp: <a href="/keys/ari melody_0x92678188_public.asc" target="_blank">[link]</a></li>
+        <li>pgp: <a href="/keys/ari@arimelody.space_public.asc" target="_blank">[link]</a></li>
         <li>ssh (ed25519): <a href="/keys/id_ari_ed25519.pub" target="_blank">[link]</a></li>
     </ul>
 
diff --git a/views/music.html b/views/music.html
index e0a5110..e7b4bd9 100644
--- a/views/music.html
+++ b/views/music.html
@@ -84,7 +84,7 @@
         if you do happen to use my work in something you're particularly proud of, feel free to send it my way!
         </p>
         <p>
-        &gt; <a href="mailto:ari@arimelody.me">ari@arimelody.me</a>
+        &gt; <a href="mailto:ari@arimelody.space">ari@arimelody.space</a>
         </p>
     </div>
 </main>

From 6bd0b5ec0e853d13af0f4b8ed7827d7944ee0efc Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Wed, 27 Aug 2025 18:42:30 +0100
Subject: [PATCH 59/88] update pgp key

---
 public/keys/ari@arimelody.space_public.asc | 77 ++++++++++------------
 1 file changed, 35 insertions(+), 42 deletions(-)

diff --git a/public/keys/ari@arimelody.space_public.asc b/public/keys/ari@arimelody.space_public.asc
index 4323eba..9e6fea2 100644
--- a/public/keys/ari@arimelody.space_public.asc
+++ b/public/keys/ari@arimelody.space_public.asc
@@ -2,19 +2,19 @@
 
 mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO
 JriRCZy0IGFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkuc3BhY2U+iQJJBBMWCgHx
-AhsDBQkIgw/zBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAhkBFiEE7o3rjWKH
-LnoJHirfz5mCnJJngYgFAmino5w1FIAAAAAAEAAccHJvb2ZAYXJpYWRuZS5pZGRu
-czphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFQ6FIAAAAAAEAAhcHJvb2ZAYXJpYWRu
-ZS5pZGh0dHBzOi8vZmVkaS5hcmltZWxvZHkuc3BhY2UvQGFyaUQUgAAAAAAQACtw
-cm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3JnZS5ibGlzcy50b3duL2FyaS9rZXlv
-eGlkZS1wcm9vZkkUgAAAAAAQADBwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9mb3Jn
-ZS5hcmltZWxvZHkuc3BhY2UvYXJpL2tleW94aWRlLXByb29mRhSAAAAAABAALXBy
-b29mQGFyaWFkbmUuaWRodHRwczovL2NvZGViZXJnLm9yZy9hcmltZWxvZHkva2V5
-b3hpZGUtcHJvb2ZlFIAAAAAAEABMcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vYnNr
-eS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBuZ2l6cnk1dW16a3hyMy9w
-b3N0LzNsaWlucW90cXRjMjIACgkQz5mCnJJngYjDpQEAgFn3bXcxw3xF0dwrSURh
-qpciMY31bkQy9eDMSKcbloIA/1hX1MnUKETdiAtrrK08z4udIXaJr52E5D7IAZk1
-pZwBtB1hcmkgbWVsb2R5IDxhcmlAYXJpbWVsb2R5Lm1lPoiTBBMWCgA7FiEE7o3r
+AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAhkBNRSAAAAAABAAHHByb29m
+QGFyaWFkbmUuaWRkbnM6YXJpbWVsb2R5LnNwYWNlP3R5cGU9VFhUOhSAAAAAABAA
+IXByb29mQGFyaWFkbmUuaWRodHRwczovL2ZlZGkuYXJpbWVsb2R5LnNwYWNlL0Bh
+cmlEFIAAAAAAEAArcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vZm9yZ2UuYmxpc3Mu
+dG93bi9hcmkva2V5b3hpZGUtcHJvb2ZJFIAAAAAAEAAwcHJvb2ZAYXJpYWRuZS5p
+ZGh0dHBzOi8vZm9yZ2UuYXJpbWVsb2R5LnNwYWNlL2FyaS9rZXlveGlkZS1wcm9v
+ZkYUgAAAAAAQAC1wcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9jb2RlYmVyZy5vcmcv
+YXJpbWVsb2R5L2tleW94aWRlLXByb29mZRSAAAAAABAATHByb29mQGFyaWFkbmUu
+aWRodHRwczovL2Jza3kuYXBwL3Byb2ZpbGUvZGlkOnBsYzp5Y3Q2Y3ZnZmlwbmdp
+enJ5NXVtemt4cjMvcG9zdC8zbGlpbnFvdHF0YzIyFiEE7o3rjWKHLnoJHirfz5mC
+nJJngYgFAmivQJsFCQ0/jT4ACgkQz5mCnJJngYgdtQD+K8AMkLvR1ZKxl0tw8/FO
+vwS9HknEW13GajSAY/W1/NoA/17mnVnlTFhepKo1ETnxe2BpdOaKR85K0n2qffzC
+8SAAtB1hcmkgbWVsb2R5IDxhcmlAYXJpbWVsb2R5Lm1lPoiTBBMWCgA7FiEE7o3r
 jWKHLnoJHirfz5mCnJJngYgFAmTVtN0CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AACgkQz5mCnJJngYhgmwD+ME3CwlOWZX0kyaxbRoUClgOg8bVDuwnoJFbv
 EoJGNyoBANf2Ko2db0mqjwzeNd+75oZIX3bqGDozdIqbTY9/btsBiQIKBBMWCgGy
@@ -29,38 +29,31 @@ cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjJEFIAAAAAAEAArcHJvb2ZAYXJp
 YWRuZS5pZGh0dHBzOi8vZ2l0LmFyaW1lbG9keS5tZS9hcmkva2V5b3hpZGVfcHJv
 b2YACgkQz5mCnJJngYh3+QD+Pbo3bM4oWtUicGUGEp4jiFoBqSNlyl9rFPY0ODDS
 DxEBANaXz/No/Hn3mEwNdrFigj/YPm7TH/4UBbHAxN6hDggPiQJGBBMWCgHuAhsD
-BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheABQkIgw/zFiEE7o3rjWKHLnoJHirf
-z5mCnJJngYgFAmino5VJFIAAAAAAEAAwcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8v
-Zm9yZ2UuYXJpbWVsb2R5LnNwYWNlL2FyaS9rZXlveGlkZS1wcm9vZkYUgAAAAAAQ
-AC1wcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9jb2RlYmVyZy5vcmcvYXJpbWVsb2R5
-L2tleW94aWRlLXByb29mOhSAAAAAABAAIXByb29mQGFyaWFkbmUuaWRodHRwczov
-L2ZlZGkuYXJpbWVsb2R5LnNwYWNlL0BhcmllFIAAAAAAEABMcHJvb2ZAYXJpYWRu
-ZS5pZGh0dHBzOi8vYnNreS5hcHAvcHJvZmlsZS9kaWQ6cGxjOnljdDZjdmdmaXBu
-Z2l6cnk1dW16a3hyMy9wb3N0LzNsaWlucW90cXRjMjI1FIAAAAAAEAAccHJvb2ZA
-YXJpYWRuZS5pZGRuczphcmltZWxvZHkuc3BhY2U/dHlwZT1UWFREFIAAAAAAEAAr
-cHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vZm9yZ2UuYmxpc3MudG93bi9hcmkva2V5
-b3hpZGUtcHJvb2YACgkQz5mCnJJngYgKNQD/UA2THttICUvz2p5cbPlJIm/QStRE
-6crttsTeFSsyocgBAPDXpkdssPNNnxxVvCNATTTxiS08Cy+xxQVrjWztjlUCuDME
+BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheASRSAAAAAABAAMHByb29mQGFyaWFk
+bmUuaWRodHRwczovL2ZvcmdlLmFyaW1lbG9keS5zcGFjZS9hcmkva2V5b3hpZGUt
+cHJvb2ZGFIAAAAAAEAAtcHJvb2ZAYXJpYWRuZS5pZGh0dHBzOi8vY29kZWJlcmcu
+b3JnL2FyaW1lbG9keS9rZXlveGlkZS1wcm9vZjoUgAAAAAAQACFwcm9vZkBhcmlh
+ZG5lLmlkaHR0cHM6Ly9mZWRpLmFyaW1lbG9keS5zcGFjZS9AYXJpZRSAAAAAABAA
+THByb29mQGFyaWFkbmUuaWRodHRwczovL2Jza3kuYXBwL3Byb2ZpbGUvZGlkOnBs
+Yzp5Y3Q2Y3ZnZmlwbmdpenJ5NXVtemt4cjMvcG9zdC8zbGlpbnFvdHF0YzIyNRSA
+AAAAABAAHHByb29mQGFyaWFkbmUuaWRkbnM6YXJpbWVsb2R5LnNwYWNlP3R5cGU9
+VFhURBSAAAAAABAAK3Byb29mQGFyaWFkbmUuaWRodHRwczovL2ZvcmdlLmJsaXNz
+LnRvd24vYXJpL2tleW94aWRlLXByb29mFiEE7o3rjWKHLnoJHirfz5mCnJJngYgF
+AmivQJsFCQ0/jT4ACgkQz5mCnJJngYhk/wEAuQMYpUgyLqcYvOh1A+7f/t+DUXjz
+YjQtLYw37oAESREA/074iJNi9GHGIjxYfp5lBkZxqGew1GAFIKx7Yzp64WQFuDME
 Z7UmihYJKwYBBAHaRw8BAQdAlt+HmIscSlmd0yB6SpjOpOtSgAnxkgt3hYfR1zD2
-05qI9QQYFgoAJgIbAhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSpWBQkFo55M
+05qI9QQYFgoAJgIbAhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJor0AjBQkKYBsZ
 AIF2IAQZFgoAHRYhBCW7l1aYFH8/dnGeDGC18DhuPdt+BQJntSaKAAoJEGC18Dhu
 Pdt+7H4A/jLnJ2uOcYExfsa4HaeHnlJF2xxKJexnrqe2eNfJBxtaAQCkO67sWpfN
-dyeW65nE0UNPvjRGfOzrS1N6mUOoYZZwBAkQz5mCnJJngYhzSQD+JLA3D6vcULvm
-ibCs+kkXXcHl+r3cXB4XH6hJoRLqrOQBAO+AIrvuoopu8KO7SDzNKwoRme/rFHi6
-+0Z1WS8ukF0LuDMEZ7UmmRYJKwYBBAHaRw8BAQdAadTiVcUtyGEpiQI+yE/6O+5G
+dyeW65nE0UNPvjRGfOzrS1N6mUOoYZZwBAkQz5mCnJJngYgc2gD/cFhjrwPdex9g
+ZYk7jH29wQ9RpR9dEhf0C20nFZJLawgBAOBbzw4/O7OslSoIjhGs4pw9hJIBK7ds
+PI6g3CeX0DUFuDMEZ7UmmRYJKwYBBAHaRw8BAQdAadTiVcUtyGEpiQI+yE/6O+5G
 w2h51oM4ranh2RALwm6IfgQYFgoAJgIbIBYhBO6N641ihy56CR4q38+ZgpySZ4GI
-BQJntSpeBQkFo55FAAoJEM+ZgpySZ4GIv0oBAIlkgGG5KyhhrrUjRdlwrMZlsHSH
-2kPp6DVVGzA0iAe1AQDC70eCzWuz1zJK8ps7taArpCHoR+u8aAY5cI6bfBWyDbg4
+BQJor0AjBQkKYBsKAAoJEM+ZgpySZ4GIoMAA/jB/exnjGvsMKuNW09bI29bsKHNW
+SQLjEnuuByN6Spq6AP9yPUumsSEHr0W71iefMuNFJZnF+8qSk+uywQ/5ET+PBbg4
 BGe1KjkSCisGAQQBl1UBBQEBB0D7+TnzpbU4fGd3MMk2lt37CqPKOvQPkhfF8OzT
-Rp28HQMBCAeIfgQYFgoAJhYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntSo5AhsM
-BQkFo5qAAAoJEM+ZgpySZ4GIQXEBAKDOJC3aXe7uOdlWKPjOin4rYu9NUW2RsbrW
-1/putHMGAP9fpzpfkFHJALnUlXUjVEVEF14wAhfNwsWDa/dZQxxxC7g4BGTVtN0S
-CisGAQQBl1UBBQEBB0CcDZ2s/NAGhc13AisWei+4XQKNf7z7xBK6AIXhrlkRcQMB
-CAeIeAQoFgoAIBYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJntT6fAh0DAAoJEM+Z
-gpySZ4GIgX8A/1d8CZFSRB0TRU8h6ijTS1+O2bKJ0uwydfQHL5b3fA4OAQDOU6eG
-Ml82IKGhbFoJl7wm5X4+l5+lNqwZymNoZjVhBIh4BBgWCgAgFiEE7o3rjWKHLnoJ
-Hirfz5mCnJJngYgFAmTVtN0CGwwACgkQz5mCnJJngYgv8QEA9YbuFnLLUeNJZFMT
-KoWeOMJos6wwPnhgnYexntxsu/cBAMd/ORp2KDaZTEwOAUxrO6K1eFkn0pKAcdPq
-cdVDnsIL
-=Mzcq
+Rp28HQMBCAeIfgQYFgoAJgIbDBYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJor0Ak
+BQkKYBdqAAoJEM+ZgpySZ4GIlIoA/0fv2UQyhixu7Vkq7IeQ+NxUuEVCIGmrAu6k
+ScT13ikjAQCPpIubU848yXcDUvxgcGAS7yNADU1dAWAZOi34WxajAQ==
+=caf3
 -----END PGP PUBLIC KEY BLOCK-----

From 89bb46c49e434bcb97d0d799252d30bec71bb034 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Fri, 29 Aug 2025 16:29:28 +0100
Subject: [PATCH 60/88] day 1 patch

---
 main.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/main.go b/main.go
index 9133958..f3c9f66 100644
--- a/main.go
+++ b/main.go
@@ -33,6 +33,7 @@ import (
 const DB_VERSION = 1
 
 const DEFAULT_PORT int64 = 8080
+const HRT_DATE int64 = 1756478697
 
 func main() {
     fmt.Printf("made with <3 by ari melody\n\n")
@@ -605,6 +606,10 @@ func DefaultHeaders(next http.Handler) http.Handler {
             "X-Powered-By",
             PoweredByStrings[rand.Intn(len(PoweredByStrings))],
         )
+        w.Header().Add(
+            "X-Days-Since-HRT",
+            fmt.Sprint(math.Round(time.Since(time.Unix(HRT_DATE, 0)).Hours() / 24)),
+        )
         next.ServeHTTP(w, r)
     })
 }

From fd4335ced470306fe7263e45ca5505a857680042 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.me>
Date: Sun, 7 Sep 2025 16:18:20 +0100
Subject: [PATCH 61/88] update security checks

---
 main.go | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/main.go b/main.go
index f3c9f66..eaed7c6 100644
--- a/main.go
+++ b/main.go
@@ -574,11 +574,10 @@ func CheckRequest(app *model.AppState, next http.Handler) http.Handler {
             return
         }
 
-        // same with .php and awkward double-slash requests.
-        // obviously these don't affect me, but these tend to be lazy intrusion
-        // attempts. if that's what you're about, i don't want you on my site.
-        if strings.HasPrefix(r.URL.Path, "//") ||
-        strings.HasSuffix(r.URL.Path, ".php") ||
+        // obviously .php requests these don't affect me, but these tend to be
+        // lazy wordpress intrusion attempts. if that's what you're about, i
+        // don't want you on my site.
+        if strings.HasSuffix(r.URL.Path, ".php") ||
         strings.HasSuffix(r.URL.Path, ".php7") {
             http.NotFound(w, r)
             fmt.Fprintf(

From b150fa491cf668174e6f41bc579b8e08a18cc786 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Wed, 10 Sep 2025 13:50:46 +0100
Subject: [PATCH 62/88] update web buttons

---
 public/img/buttons/wangleline.png | Bin 0 -> 6479 bytes
 views/index.html                  |   3 +++
 2 files changed, 3 insertions(+)
 create mode 100644 public/img/buttons/wangleline.png

diff --git a/public/img/buttons/wangleline.png b/public/img/buttons/wangleline.png
new file mode 100644
index 0000000000000000000000000000000000000000..b26ea3f59c6185ff6d8a1008316b4b03706c71db
GIT binary patch
literal 6479
zcmV-V8L;MwP)<h;3K|Lk000e1NJLTq003A30018d1^@s6W5^2N00009a7bBm000XU
z000XU0RWnu7ytkn0ZBwbRA_;%nt6Cs)%nLicbhet%w(NxBq1yU0cDrSR>7huTF@#|
z1zhUSTA|gtwOZ<iTCG;=@>r#c7F_FwfCvQvL6J=$7=%DF+4s!8&%NjO#~{^K3#~oR
zljlB}d+xpG{k-q_p7$(L``T<_w*Uf=06++kr1bUpFMx#fPxtxi{_)?Xl!QD~V&{q&
z)9;LM$AZONyZA~%i4^^Z4da=mk8;QF?_t@G7BPF=*|hd`V(0>4fNE1H8(a!P;rd6G
zv8MKYp1)h=+@GjmlUcIB%Nv_=S@!Z%R1PX9;P+#5yXjX^!OG`e;J({#;+1P3WI$0r
z{E-ksfDi&hH>eytn2$Dp%7xF}&nvenTzIt^+9kvZo4$UP5C{+;gn<y^8*n5kT?grF
zh93tdj)RdU2>}S%hMJdkg5pWazpp0*sKtWrFAZki5#qA5ujKAWZl|%a9anJ)7Mq=x
zdJpIZC9ZrlS-~usFeHP#eomYNOWD8kF!SzzoVa5*+h57xv^gsH1vme=n-@PSW6Q=j
z7&dkQM{5q@uB^o5a$&VtNyL*R;z=APJ0?j*LqQ-gQi1`epN6Nth4Y^NBR`)S;*v$#
zh{gnl^d07j6WG2HJpWSnyKsoFy~Bv0M&c4S^Ql7q?ji#e$lN{8OO`s0Wh)<~y|oj`
zZb!A4iR%fP8=G(g#o2iTLt#`^q3rbjU?h3y*_U~B+lySaD8w!IWkQC4BSEgZJi&(j
zV_3ibS={B>Y+1Jr)oLSX4x{u%NfyDoZ>$EuAu@>c#xY46CQT!^Fq18x@8Ob1AL1ud
zJ9uhk4s;tBaX|UrCZDtzk`?uT^)fjFq6Z@E*l*&Y2X00n2*(m+<`sahgCXc@X~%_y
z94&*~d>3+-i8Wh3;?_Sui$}Ec+lBCh;qdCxAU#1VM{4Z6yVu3S3y1LO`d4|q-h)X~
zG21MdEM`oaie@p<KL^IloW=IkK14#0q1wncx!Ah7hPziS=en8j^b>&I3z{9pWr9$;
zS>GC=|EnTNNP$h+;(JA~07V6cz?Un$-0|#mo_+f-__|s!<>a7cW>Q*IM8lyv`VSq%
zqQPhLr#pYo=IxtU`Pql8uGvOju7fLQjlx-whu@b?R(?KCXAXG<84MX<A{y}%i^Rxq
z*fCqosEUl7R!R(AC%dQ+RGGG}4s=5&5l@m#88o-_VuXU^XZ6w2+CVDcLB&IHPMl$b
z!CYpAm=*d2y21Y(wjo=Q0-IdIX8zBiN`UN=AX`AQkDYabCmsMTe*w$aKgY2HH53jV
zip^r>i!Y8at9lx)n8622pP+#rKJn}ze`p?OjvhvtJ0I1S31$meW$^jaAMks@nF$s<
zNnZ#(nZnR@^pt@xzFi0<NkW!oWLd&$GlM+?BdpQgo1~?+mzEX}L2n&V|30M1=L{|n
zGiinjnOV?iq@!B?{%`>d$?{(SPJxmqK^`34(#PxXLU*(uC8blzDk$ZxKd<8a`STew
zaXj8gn7yBT#)oge#t65Y$8NrfR3Wsc+88vf5)=!<7b2ESp-U2pXdEdN!In&M<1Zh_
zQqYfS6Niy$iZJrbDzZ!5#FG$9>YzwSk_-rhArOWELZnCXZ|RV-Bw?|bFlS|gWT&Mu
z%IBXSrFQ?vcxvC`oU?<>x!MJO3B5yr_Wc3t{}JHh0i#sPBpQ?a;_d*4J!PDA_QlMe
zJ(*Esi@|AP`zx#YbjM*ThYTXv+eI=NX42%*3>r5YJ<>}s62_!!#G^@&Krx%Z5QKZY
zn3GAe9U0tw$DjD)h8=AD`=>Y^8SHrbO|)<)8Co2-JA?iMOUNrOKr&f~>jE7KNs*B?
z1xZ$rWa%5-U6v$_<4zDF?GR0s$tZAv*~NzU4)dEuOX)ZG0B=3xf=tkx_}-9p%>Myk
z9h3@*quWzVo*SU5>U>^$^_LV@<zO^-;PVDC3_)&bJ}9930w{JHXeLsDFu_m+jISB3
zsYr@Uv@bx)8>A@9MsII`>u-OYcfP3S-B;gX*4!Tvh(=H}GYwxh;BRY31iB&AL#(fr
zRJaGL8Qg`rWank0S*=K_M$!-%l0;5k7D|R4bb*md(&q~y$uhF49M5Ib`ES;ca#Dxd
z$s4+u0mb#~Sf7Ke8yEq;moBF;Aq6+Ng!N>A1t|Ft?2;&**vA=zrm^|(AE2j~-j*I@
z^%Qd+A&^xSSyPFJA|(3!<XKE4V+mgT+lM^*?0dL}jN!Qz%cvSzMRRjALI|8L7rQ?G
zlvVG(L)aU@NJ_X1@)<FFFeWKMu(KI6am;cGO-hkrQOI&;(%|Xg@7worxV@8$&Kl44
z|2LCZJW0wh(trWo(9u;h`FTzbep<(fYaij^IdN`XX2GZh@jU?Rm{Cu~L$U-o;E#)<
z_%ZXs({mvfrMI>B)Zhw`6bad6A{9%Z2SVh?5`jdL<?n9fwY8s-uotrQl{dJ2?wqe4
zp|rI0#49FDn~cxb$ELOGIDF&_8e5LwE-qmHO^fk)eY7?-6882I^7Rr-McJ`uFK@iD
zo`j@gw>#*Gs(iAq9gq<MlDa`Sp1^FfFr>&z$S@c_bqMo@j^oL<*K_OdtjKnO9{I1>
z0_oYV6#U2~tfqfoQOSZ>FZ7?{Wk}%|Htv6rs5e9`kva)j0kVv2QjrXSRX5O*369p(
zv1ZF&_SE+fHy1E!Vl|h|y_l>l2fMdzq2t&gQi&wGt|JM7)!`(+{4}x)3vf8I$aCkT
zX&N1^Z6GVyGVG|Dil&*6Wd+>;Mb$_~L&!!7Uq?6lckkwl-MdLdLg<MEw(LT*j2wg{
z)3AFpGtYE$!Gep}wssFwe*Q3@JgzYQG7bGG|8-VjNaj<VXgFc-251L<bJ=Lfb`b6G
zp6F)ZRb-Qf)oQ||sl*%GS+`~j>o)J@P*;@Ru#77&mt4D_y{lHUarp}B>S_p)B1;{H
zq?nOp1;uP5;5$T=F3uS<m7IR*oOjYW)2N<)HWr(eL@Y)!1~ExO)ilgjD{EeTolP6o
z(OuU<TU!&!xJ+izNK(2=Dk*5If1ZA>OeUN+gO;8cKfikgFTS&b3(q-|V!4FnE1MaA
zm4+;TW9ayg%Si#t5+K30ok>7r<hV+R#J&@*08ADW8JRYS#Mrrh7n?TkrQH{yDWFqw
z+Enhk|565(m$G&J1~z=~0W;1!pB0Zhfrk`xuUg5#bLWu=>8P55q(U+-c;(uG9Ie~O
zgDajxGO4sTw~&a((M;)~Ue|SO8Fun>^UwiTPBzVr&8+);I|abVAKr_zax}$N)%2g>
zWXltOWz|dbxo_@8{9)GlJpbg2Ja^Y^oYud9sUr$_e%Dcc^{#~h7f5jMR7ib0jgvkm
zsX!QN4kpOLMNvsEgks-XSJhNx3Hn-l*i-AFX5Udlx?tCl2CO*)d1vce->5(Dr&lxY
zr&j}@S!DF*mg6W<=-vG?ac>{tV3@MO1JO~)$+u%s41^+4T2V%(!$Be*$1n^WPA6HJ
znH<`GkZWdM%+Qe|D9+Ahpgos1vx{SKFTT2sbnktUjxB>ZykQif<|7oAmS8Ap1V3GL
z6`3Z96)T^jy{j7?!37I^e0ewrr9_~&i2n+*6#B>|EdNG>6&sL*Nz?pv2g}*E??GIy
z3<80FRsUpCr>Cu(z78)j-N5Y3;LJ%Q(5xD>$KA-qx8FwPfC>&BI6zoWQCw7rNk~YB
z#KfsnXgbz_%LvgE4k2Y_u>Q4o=;`QU+|+6YO`OP(VWW^0iAXepW-^gVCh_+4a`e!b
z9Nc$+x0kOZ5)N_qpB|;yl1XRHVGcJp;@1o&PM?CisF<#%V{Ce76<uC0MY&~Uy9*Gy
zK{y`cz~24*b<_Kt=5TS{wU_g^H}|6lx3i-*8v>wriT`Mk$dF8@0N4SMZWwj8mn_Fn
zHtkx9s;WdH-;81*1o2n`-4Hl)9Ar3b7>N|2Kp4m1emt@G32u63B~L!^2l@@Hp!@Sf
zeDK^#CXYA+MHhHOA>yedCHVzh`QROxM-Rd4?c?LsA5u_UMA@JLbo=_~>*yjD3=;{5
zNhIRL<1r%9D9M!0*h$q?PpJM*TiUxiFli=oT-kU7ei~P-rg6^!x_bNY`TPtXF`U(V
zc5$q=hK-&NF}&RrWG`gmz@xmgBOBTUsXmZSH7k`&NTJP6VbQ*Ouu^iM^9WR3=w)>O
z(X82WKk;ascs%*9b(QpRtLxt!7VH^TBvq!ebSBr{cqdDqydNSd{{HIU@O!<C95{&0
zpYLJR8K-lwqlM9vtI01cz~AeozV<MIXo&3}Z$r~%EOsj(VaO6mJ&7g5hAS(JxIauR
z7{;t=<hk8s=jRge`ANj$ghBxh*BwERC%NvX#q=LKm}o49&2GagWK>B;u~|ToSvcup
zwrqQwog1DZZ~AzG^}Xa*Ud_DmE&S!f9Pk*V0;dL9$l58WiW$0lp%-xH+EHv~^vJhs
z@IQn7s)PbzvWJxM;F24;;@+i9JaZ%y=Uu?q1wX>1S_mYgTyfDf{IL*2EH?T&y9oLM
zxbkusHKm&Khfg58Gsvyi{)|W<g>2S{#N#x#b#dtEXRJSbh&sCICY@0!Koa=Hj~7x|
zbsB!3m!TtuGx?lp6qofQ6bu3o^at?Ckm1NASFy47oz=Xw?QMQNb2=Gj6OF4rrtHFM
zYCruW{U=;S$wDvpyy!wcVqhfUBuNwi>WMmP1(Ne3Ncj-H<;PtBxPD382?GbMq|BWG
zfe>nD5wb3k47MZm#L2%R$%Gp^_{ndt<gY7MbLACRQ!{=S(PWBnJb@`AgQUfRq-pf{
zLI}e^(Nt2&6i#OruWwz)n{#et>RFQ^nE+J<Nd`?zUqcc4TH4qtdD$87WaaCxbN=YF
zc<hxIPBg&)BH=J5O+%4oLg6q@my-;eop2<^19v~no%h_%>@mYx{EIpGBXJ^uFrjTV
zR7{-6+mGJHoL?<r{ICQw7psUPoYFK}3U77_vnCO9{1SWB62g5ASiT$$fL!_*Qt3hf
zmMr-l<IH}hRu4rPHy71prt9D;Y$~VZN<%luDbB^;6Qpp+kGOEs`MkF76~5e8gPzh+
ztyUC^1;uPeF`JPU1xZmUE_Bn{+RE0|>ybM8kRmZeFoH;=&{HWAsU!)>K$tb=+;b}h
z#YL=re+|<wIG2z=K)~xqIllJbY4ngxB=P(G%$Rurd-m*S?OUtZyk-@Vj(V=UawgZ!
zJ&#}_Mn{K_{Jad-udAiFtdhw$p3AwzuIJO*tu$<OkzEM7_utzrWc42s(a<iasseum
zEC2$0)+v}HVQe-#7D;8~8I?#yRaor~_Uzt?TTY=^>?qd4^b1oFlHr~cn}DXQeh58D
zGSrSatC(O|C2Mdd>t0yOl&kM#)UO}nwm;rWPis4oK!8{vfYoFo=Jk?FrLZ_0Q0S(&
zr-wQJH=mZyPP)3fuqqld5}{C-UcVR3Y{r%2qM*2lNF>7Pqs|}}jbXA{D08}yfS7LZ
z#i1i~w6(E!#~%K+>}4kX;4F&lNfyl>!R0qR111Z{wtYl0nWCu3MQdw><!`LxibV^k
z|E!gtEu74Uw{2z9I>9BkN^lau@U_e?;yd;=^dP$y;>xXH=Z;SpcV;zZxekg)52QO;
zh#gq{$_j2-I0H-BR1}l_#G}#91Ehi;6l)Q-;xTl$9>Y~J2-ThkKq}nL<g3o-shT=0
z!zw{m$vwX2(9znCySR{6PZOz7m~b=-Kqwd>aIBtevxV{@!%)<JtRo6TN9ZZyDII{G
zo*t616s-*hX=`q!wW*2vqsIt&dwJrof5Bq4((=*U%w2c^6E3+LZ<hy`JrnFX0F?c}
zP4wUzGM%}+dmzO7hxcQ$r0pvlUd`OS9$d~fX^}rkkpTHC9dRf%CvGU&;B)_&NF>ba
zwd(*FQ(eX9JN)F8R&e0J0S08mQTtCMk&?LLvWt1-_Yb52OL;`Py&P@s1wgaAShZ#y
zk3RBH+N1V7BK2+j{IR>Z=9+7$udnBtg$r2pv+HnXI|117@g{a{`G`O`4fw#mTDEN5
ziRQ>6o=9@tHP<q!x|;6pZhSsJPu+PR>)&4kz_GeI9$s`4%kKFdYoC7x&$bUSS`RX~
zC=-j-ipS$&@$FZTU09NKketDD%U7~w$&z&YT!qvek+|#0&scEd6*PE`v0(lWng5e{
zSZy|bbMp<HJsU*($pM2vRh;Quw<Q0o!wt|EsK8n_f{#DmMus^PfToT(NmNDxoBqC$
z@kIl;;ip$H^o$AIGXGMnIk^BdH@9H%v?EuP1F&hsdP2?n7*d#j;<MgBm}rMgjvIFE
z_=NXf`YV@BA5T|TC;iIG+4|u+0*7{T&s!S-IJEg4CeHc^84d@vU(|Bx>`Td-pGh<t
zrC+~(RG)h;VUb>V>S*>bZ$u+8Y}g#xpkxwCY9xxQ0622^FmL|;aW22*76t=r*SyD*
zcmIMjPCxHN``+95EZ6_`2>`mg>bR(SA_v;ivX@`tM)HzgWjlpbP2IB{I=jHr+Q1d}
zcTrSa!At8Fv0%KNw_baVspE$LAj@GUO`SqdPZvAhx`n#(>-qCbZy|(1Ur#qCiw%IF
zuaEx4dH4&8(*E*waAv6+Ejuj{jg20nO|8gz;{kB!ef<5U`*`f>_sGf3BODH6Z(hrd
zmsF6KpHCzb=C-qA^bJVsyu)FqVC--N647`9kH^EIeS4U8*(CskI$N1C)=hh7lvK(~
zEZ#*>Pa+C`2tdNuNu=!{`6cN9sNH{%%7QbQII;qOhK713jQSj_!wtZ|0V63d8_8s|
zL{n2e9c^_K<cjpRSp-BJjDNFXstN(ABv@66NF)U0Gh@aSYQLyq{)9J?To(dx#+Wf=
zI`i4|<_o;`u9KklJ5-a2%Vz(G-sUzQdgdv{<mBKvT!%l{#DrlN0Z?F#GoYe`TAvkw
z)<zFQ99g)E)4H4J>Od>Z;<0CzVz=9A^fWMY<}A9L6%4ec|3B6gXXvZ}0KBzgIV+xi
zkdzKKvx3E>aQ&ItIIq7JfZV_i4tZjLgb*6Ctl@A<P%;PrUq=gLhZf^5OapZFe8I0~
z33A4z0k=2R;}DnNF76M&qN^??;y*?_sS^t86z0O^GbHkIlT?&IS)~cZr9lYrf}Y?X
z%bSuw9Xkn3nScsy$I~r$Nd-0gU*MdxOw=7c1VBz+1(8UY$k9JRc{!P5(_Q`-SB@Yv
zdkzDt(p}K$kV*Q2Was44(9pnxe|V2Vw}aW&UPBeo+T6+u%T{n#*%ZnvDmZ<{kLhY|
zA>=407w|MRu<n3~0b_DG3piR=#|!VbaLu$MxJ%2auAazg+I5VWelZ0@#^T%X81cSF
zY_{}3G~uEfQI8ua$r2(FqI>JpWVzDqHFei8?}DM^=H=7mY2ccfDz=P5JkEXqh)5S>
zhb3w9G|;cSg1<bv1krr}%NbXZ(ghzse><I>t<*FJ*}C0NLiowd401-5!HmgPlyU`H
zzLF4uZ1_NLOK<Y^cBPfOr@M>R9gETZknj9Q?C;sRjq}Df;`7&Ys5U()R?oQ?o4bHD
zt6v3R`o#-qRtf;<>gXUReiVm)4|(}608)KT46=Lp!@W!B?&_kvY9#snD`{zI1fZ|I
zh2q2>Mh;I$l<x23=1a@j^x}Qg9;{*PlxfVk<xkj3hw|o|Z?NU#_X*`zooJ(b+)Q%E
zr2le8okuKpC_;8o)UTYL?k>u++R-Z~r=z*A3*D^YkLpO)w1fq^TZx5}y!^~kdb+#F
zthx}#5ALEnl;p98?`HI%AoFMCv*@xx+;HJ2&K^3Rq<17MUMu60>m(k&H$+Qs7^OIY
zQXr60+g&F%x$k;5N=;iOTIvXYdmsaVU_@}mL&fRn7+B98S6b4M`&a}u|6-0E+fQ{>
z14rw0_Ik=`sc&G`m|{F}2P1L=JbuFnP!#T8`6Zt;nprg6%z0x9XjaFwY;7I8cJHIq
z*28a~{(zFoVZ8mw4g4VY2+wY4VRMs}8T}K?9^)nuPVvZ^V;FhE$<E2+%N-vueONA+
zOe|)1bC8#J{_F0FAq4q!^Xtn7bMxzc$gvKV-!YD@`@328QItX1L4G~=GytA@{}}r_
zY-9y{>2EhPXO^2^ul$mMqi4|9*F&<WhQ+f7Qt7sVk)Gr#GGy8{tS%EG4DW90V^^(@
zekDQ7PA_@R5K`cyETJi1og9R4RFG+x(!veMGK3=OlO~zAZz}nbUL7MYbJv492W#zI
zJ-dXT{kRxMp@~pW4BZf<Qpf!#1i@&EOsj^LKN;7=+ldEzi8gH^EOIHXn#|@+8!#Wb
zpUOfzLO>{z#BNbfoOKWaI(lOSqbUXy*%5|;9ygE_iR4$4{;!{j5RjE+0!bnmN?@}n
zC+>%$DKf0;al0k-l#XT?Jn&Q<yK4iyzH|hkXo_P!F|x8ul(?-ZCKW}K(;EA=?+B6J
pn8<aRknJYC?Se0kgy{+S_<yXR`7c8{8NvVn002ovPDHLkV1n%?d$Rxl

literal 0
HcmV?d00001

diff --git a/views/index.html b/views/index.html
index 6d0af2c..5255196 100644
--- a/views/index.html
+++ b/views/index.html
@@ -213,6 +213,9 @@
         <a href="https://girlthi.ng/~thermia/">
             <img src="/img/buttons/thermia.gif" alt="thermia web button" width="88" height="31">
         </a>
+        <a href="https://wangleline.com">
+            <img src="/img/buttons/wangleline.png" alt="WangleLine button" width="88" height="31">
+        </a>
         <a href="https://elke.cafe">
             <img src="/img/buttons/elke.gif" alt="elke web button" width="88" height="31">
         </a>

From e5dcc4b8847b08f0fb6efb8587660a16da5955cd Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 30 Sep 2025 19:03:35 +0100
Subject: [PATCH 63/88] embed html template and static files

---
 Makefile                                      |   4 +-
 admin/accounthttp.go                          |  29 ++--
 admin/artisthttp.go                           |  13 +-
 admin/http.go                                 |  57 ++++----
 admin/logshttp.go                             |  15 +-
 admin/releasehttp.go                          |  29 ++--
 admin/templates.go                            | 125 -----------------
 .../html}/components/credits/addcredit.html   |   0
 .../html}/components/credits/editcredits.html |   0
 .../html}/components/credits/newcredit.html   |   0
 .../html}/components/links/editlinks.html     |   0
 .../components/release/release-list-item.html |   0
 .../html}/components/tracks/addtrack.html     |   0
 .../html}/components/tracks/edittracks.html   |   0
 .../html}/components/tracks/newtrack.html     |   0
 .../html}/edit-account.html                   |   0
 .../html}/edit-artist.html                    |   0
 .../html}/edit-release.html                   |   0
 .../{views => templates/html}/edit-track.html |   0
 admin/{views => templates/html}/index.html    |   0
 admin/{views => templates/html}/layout.html   |   0
 .../{views => templates/html}/login-totp.html |   0
 admin/{views => templates/html}/login.html    |   0
 admin/{views => templates/html}/logout.html   |   0
 admin/{views => templates/html}/logs.html     |   0
 .../templates/html}/prideflag.html            |   0
 admin/{views => templates/html}/register.html |   0
 .../html}/totp-confirm.html                   |   0
 .../{views => templates/html}/totp-setup.html |   0
 admin/templates/templates.go                  | 128 ++++++++++++++++++
 admin/trackhttp.go                            |  13 +-
 main.go                                       |  55 ++++----
 model/appstate.go                             |   7 +-
 {views => templates/html}/404.html            |   0
 {views => templates/html}/footer.html         |   0
 {views => templates/html}/header.html         |   0
 {views => templates/html}/index.html          |   0
 {views => templates/html}/layout.html         |   0
 {views => templates/html}/music-gateway.html  |   0
 {views => templates/html}/music.html          |   0
 templates/html/prideflag.html                 |  21 +++
 templates/templates.go                        |  52 ++++---
 view/{static.go => files.go}                  |  21 ++-
 view/index.go                                 |   2 +-
 44 files changed, 316 insertions(+), 255 deletions(-)
 delete mode 100644 admin/templates.go
 rename admin/{ => templates/html}/components/credits/addcredit.html (100%)
 rename admin/{ => templates/html}/components/credits/editcredits.html (100%)
 rename admin/{ => templates/html}/components/credits/newcredit.html (100%)
 rename admin/{ => templates/html}/components/links/editlinks.html (100%)
 rename admin/{ => templates/html}/components/release/release-list-item.html (100%)
 rename admin/{ => templates/html}/components/tracks/addtrack.html (100%)
 rename admin/{ => templates/html}/components/tracks/edittracks.html (100%)
 rename admin/{ => templates/html}/components/tracks/newtrack.html (100%)
 rename admin/{views => templates/html}/edit-account.html (100%)
 rename admin/{views => templates/html}/edit-artist.html (100%)
 rename admin/{views => templates/html}/edit-release.html (100%)
 rename admin/{views => templates/html}/edit-track.html (100%)
 rename admin/{views => templates/html}/index.html (100%)
 rename admin/{views => templates/html}/layout.html (100%)
 rename admin/{views => templates/html}/login-totp.html (100%)
 rename admin/{views => templates/html}/login.html (100%)
 rename admin/{views => templates/html}/logout.html (100%)
 rename admin/{views => templates/html}/logs.html (100%)
 rename {views => admin/templates/html}/prideflag.html (100%)
 rename admin/{views => templates/html}/register.html (100%)
 rename admin/{views => templates/html}/totp-confirm.html (100%)
 rename admin/{views => templates/html}/totp-setup.html (100%)
 create mode 100644 admin/templates/templates.go
 rename {views => templates/html}/404.html (100%)
 rename {views => templates/html}/footer.html (100%)
 rename {views => templates/html}/header.html (100%)
 rename {views => templates/html}/index.html (100%)
 rename {views => templates/html}/layout.html (100%)
 rename {views => templates/html}/music-gateway.html (100%)
 rename {views => templates/html}/music.html (100%)
 create mode 100644 templates/html/prideflag.html
 rename view/{static.go => files.go} (54%)

diff --git a/Makefile b/Makefile
index 11e565a..f96321c 100644
--- a/Makefile
+++ b/Makefile
@@ -2,10 +2,10 @@ EXEC = arimelody-web
 
 .PHONY: $(EXEC)
 
-$(EXEC):
+build:
 	GOOS=linux GOARCH=amd64 go build -o $(EXEC)
 
-bundle: $(EXEC)
+bundle: build
 	tar czf $(EXEC).tar.gz $(EXEC) admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
 
 clean:
diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 945a507..b2c3b0d 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -1,17 +1,18 @@
 package admin
 
 import (
-    "database/sql"
-    "fmt"
-    "net/http"
-    "net/url"
-    "os"
+	"database/sql"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
 
-    "arimelody-web/controller"
-    "arimelody-web/log"
-    "arimelody-web/model"
+	"arimelody-web/admin/templates"
+	"arimelody-web/controller"
+	"arimelody-web/log"
+	"arimelody-web/model"
 
-    "golang.org/x/crypto/bcrypt"
+	"golang.org/x/crypto/bcrypt"
 )
 
 func accountHandler(app *model.AppState) http.Handler {
@@ -64,7 +65,7 @@ func accountIndexHandler(app *model.AppState) http.Handler {
         session.Message = sessionMessage
         session.Error = sessionError
 
-        err = accountTemplate.Execute(w, accountResponse{
+        err = templates.AccountTemplate.Execute(w, accountResponse{
             Session: session,
             TOTPs: totps,
         })
@@ -184,7 +185,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
 
             session := r.Context().Value("session").(*model.Session)
 
-            err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session })
+            err := templates.TOTPSetupTemplate.Execute(w, totpSetupData{ Session: session })
             if err != nil {
                 fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -221,7 +222,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
         if err != nil {
             fmt.Printf("WARN: Failed to create TOTP method: %s\n", err)
             controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-            err := totpSetupTemplate.Execute(w, totpConfirmData{ Session: session })
+            err := templates.TOTPSetupTemplate.Execute(w, totpConfirmData{ Session: session })
             if err != nil {
                 fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -235,7 +236,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
             fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err)
         }
 
-        err = totpConfirmTemplate.Execute(w, totpConfirmData{
+        err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
             Session: session,
             TOTP: &totp,
             NameEscaped: url.PathEscape(totp.Name),
@@ -296,7 +297,7 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
             if code != confirmCodeOffset {
                 session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." }
-                err = totpConfirmTemplate.Execute(w, totpConfirmData{
+                err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
                     Session: session,
                     TOTP: totp,
                     NameEscaped: url.PathEscape(totp.Name),
diff --git a/admin/artisthttp.go b/admin/artisthttp.go
index 9fa6bb2..67ea7d2 100644
--- a/admin/artisthttp.go
+++ b/admin/artisthttp.go
@@ -1,12 +1,13 @@
 package admin
 
 import (
-    "fmt"
-    "net/http"
-    "strings"
+	"fmt"
+	"net/http"
+	"strings"
 
-    "arimelody-web/model"
-    "arimelody-web/controller"
+	"arimelody-web/admin/templates"
+	"arimelody-web/controller"
+	"arimelody-web/model"
 )
 
 func serveArtist(app *model.AppState) http.Handler {
@@ -39,7 +40,7 @@ func serveArtist(app *model.AppState) http.Handler {
 
         session := r.Context().Value("session").(*model.Session)
 
-        err = artistTemplate.Execute(w, ArtistResponse{
+        err = templates.EditArtistTemplate.Execute(w, ArtistResponse{
             Session: session,
             Artist: artist,
             Credits: credits,
diff --git a/admin/http.go b/admin/http.go
index 245a152..05e181d 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -1,20 +1,24 @@
 package admin
 
 import (
-    "context"
-    "database/sql"
-    "fmt"
-    "net/http"
-    "os"
-    "path/filepath"
-    "strings"
-    "time"
+	"context"
+	"database/sql"
+	"embed"
+	"fmt"
+	"mime"
+	"net/http"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"time"
 
-    "arimelody-web/controller"
-    "arimelody-web/log"
-    "arimelody-web/model"
+	"arimelody-web/admin/templates"
+	"arimelody-web/controller"
+	"arimelody-web/log"
+	"arimelody-web/model"
 
-    "golang.org/x/crypto/bcrypt"
+	"golang.org/x/crypto/bcrypt"
 )
 
 func Handler(app *model.AppState) http.Handler {
@@ -91,7 +95,7 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
             Tracks      []*model.Track
         }
 
-        err = indexTemplate.Execute(w, IndexData{
+        err = templates.IndexTemplate.Execute(w, IndexData{
             Session: session,
             Releases: releases,
             Artists: artists,
@@ -120,7 +124,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
         }
 
         render := func() {
-            err := registerTemplate.Execute(w, registerData{ Session: session })
+            err := templates.RegisterTemplate.Execute(w, registerData{ Session: session })
             if err != nil {
                 fmt.Printf("WARN: Error rendering create account page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -230,7 +234,7 @@ func loginHandler(app *model.AppState) http.Handler {
         }
 
         render := func() {
-            err := loginTemplate.Execute(w, loginData{ Session: session })
+            err := templates.LoginTemplate.Execute(w, loginData{ Session: session })
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -346,7 +350,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
         }
 
         render := func() {
-            err := loginTOTPTemplate.Execute(w, loginTOTPData{ Session: session })
+            err := templates.LoginTOTPTemplate.Execute(w, loginTOTPData{ Session: session })
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -440,7 +444,7 @@ func logoutHandler(app *model.AppState) http.Handler {
             Path: "/",
         })
 
-        err = logoutTemplate.Execute(w, nil)
+        err = templates.LogoutTemplate.Execute(w, nil)
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to render logout page: %v\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -460,24 +464,21 @@ func requireAccount(next http.Handler) http.HandlerFunc {
     })
 }
 
+//go:embed "static"
+var staticFS embed.FS
+
 func staticHandler() http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        info, err := os.Stat(filepath.Join("admin", "static", filepath.Clean(r.URL.Path)))
-        // does the file exist?
+        file, err := staticFS.ReadFile(filepath.Join("static", filepath.Clean(r.URL.Path)))
         if err != nil {
-            if os.IsNotExist(err) {
-                http.NotFound(w, r)
-                return
-            }
-        }
-
-        // is thjs a directory? (forbidden)
-        if info.IsDir() {
             http.NotFound(w, r)
             return
         }
 
-        http.FileServer(http.Dir(filepath.Join("admin", "static"))).ServeHTTP(w, r)
+        w.Header().Set("Content-Type", mime.TypeByExtension(path.Ext(r.URL.Path)))
+        w.WriteHeader(http.StatusOK)
+
+        w.Write(file)
     })
 }
 
diff --git a/admin/logshttp.go b/admin/logshttp.go
index 7249b16..99f0ef1 100644
--- a/admin/logshttp.go
+++ b/admin/logshttp.go
@@ -1,12 +1,13 @@
 package admin
 
 import (
-    "arimelody-web/log"
-    "arimelody-web/model"
-    "fmt"
-    "net/http"
-    "os"
-    "strings"
+	"arimelody-web/admin/templates"
+	"arimelody-web/log"
+	"arimelody-web/model"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
 )
 
 func logsHandler(app *model.AppState) http.Handler {
@@ -54,7 +55,7 @@ func logsHandler(app *model.AppState) http.Handler {
             Logs []*log.Log
         }
 
-        err = logsTemplate.Execute(w, LogsResponse{
+        err = templates.LogsTemplate.Execute(w, LogsResponse{
             Session: session,
             Logs: logs,
         })
diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index c6b68ab..30c967b 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -1,12 +1,13 @@
 package admin
 
 import (
-    "fmt"
-    "net/http"
-    "strings"
+	"fmt"
+	"net/http"
+	"strings"
 
-    "arimelody-web/controller"
-    "arimelody-web/model"
+	"arimelody-web/admin/templates"
+	"arimelody-web/controller"
+	"arimelody-web/model"
 )
 
 func serveRelease(app *model.AppState) http.Handler {
@@ -60,7 +61,7 @@ func serveRelease(app *model.AppState) http.Handler {
             Release *model.Release
         }
 
-        err = releaseTemplate.Execute(w, ReleaseResponse{
+        err = templates.EditReleaseTemplate.Execute(w, ReleaseResponse{
             Session: session,
             Release: release,
         })
@@ -74,7 +75,7 @@ func serveRelease(app *model.AppState) http.Handler {
 func serveEditCredits(release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         w.Header().Set("Content-Type", "text/html")
-        err := editCreditsTemplate.Execute(w, release)
+        err := templates.EditCreditsTemplate.Execute(w, release)
         if err != nil {
             fmt.Printf("Error rendering edit credits component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -97,7 +98,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = addCreditTemplate.Execute(w, response{
+        err = templates.AddCreditTemplate.Execute(w, response{
             ReleaseID: release.ID,
             Artists: artists,
         })
@@ -123,7 +124,7 @@ func serveNewCredit(app *model.AppState) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = newCreditTemplate.Execute(w, artist)
+        err = templates.NewCreditTemplate.Execute(w, artist)
         if err != nil {
             fmt.Printf("Error rendering new credit component for %s: %s\n", artist.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -134,7 +135,7 @@ func serveNewCredit(app *model.AppState) http.Handler {
 func serveEditLinks(release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         w.Header().Set("Content-Type", "text/html")
-        err := editLinksTemplate.Execute(w, release)
+        err := templates.EditCreditsTemplate.Execute(w, release)
         if err != nil {
             fmt.Printf("Error rendering edit links component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -151,7 +152,7 @@ func serveEditTracks(release *model.Release) http.Handler {
             Add func(a int, b int) int
         }
 
-        err := editTracksTemplate.Execute(w, editTracksData{
+        err := templates.EditTracksTemplate.Execute(w, editTracksData{
             Release: release,
             Add: func(a, b int) int { return a + b },
         })
@@ -177,7 +178,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = addTrackTemplate.Execute(w, response{
+        err = templates.AddTrackTemplate.Execute(w, response{
             ReleaseID: release.ID,
             Tracks: tracks,
         })
@@ -185,7 +186,6 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler {
             fmt.Printf("Error rendering add tracks component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
-        return
     })
 }
 
@@ -204,11 +204,10 @@ func serveNewTrack(app *model.AppState) http.Handler {
         }
 
         w.Header().Set("Content-Type", "text/html")
-        err = newTrackTemplate.Execute(w, track)
+        err = templates.NewTrackTemplate.Execute(w, track)
         if err != nil {
             fmt.Printf("Error rendering new track component for %s: %s\n", track.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
-        return
     })
 }
diff --git a/admin/templates.go b/admin/templates.go
deleted file mode 100644
index 606d569..0000000
--- a/admin/templates.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package admin
-
-import (
-    "arimelody-web/log"
-    "fmt"
-    "html/template"
-    "path/filepath"
-    "strings"
-    "time"
-)
-
-var indexTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "components", "release", "release-list-item.html"),
-    filepath.Join("admin", "views", "index.html"),
-))
-
-var loginTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "login.html"),
-))
-var loginTOTPTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "login-totp.html"),
-))
-var registerTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "register.html"),
-))
-var logoutTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "logout.html"),
-))
-var accountTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "edit-account.html"),
-))
-var totpSetupTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "totp-setup.html"),
-))
-var totpConfirmTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "totp-confirm.html"),
-))
-
-var logsTemplate = template.Must(template.New("layout.html").Funcs(template.FuncMap{
-    "parseLevel": func(level log.LogLevel) string {
-        switch level {
-        case log.LEVEL_INFO:
-            return "INFO"
-        case log.LEVEL_WARN:
-            return "WARN"
-        }
-        return fmt.Sprintf("%d?", level)
-    },
-    "titleCase": func(logType string) string {
-        runes := []rune(logType)
-        for i, r := range runes {
-            if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' {
-                runes[i] = r + ('A' - 'a')
-            }
-        }
-        return string(runes)
-    },
-    "lower": func(str string) string { return strings.ToLower(str) },
-    "prettyTime": func(t time.Time) string {
-        // return t.Format("2006-01-02 15:04:05")
-        // return t.Format("15:04:05, 2 Jan 2006")
-        return t.Format("02 Jan 2006, 15:04:05")
-    },
-}).ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "logs.html"),
-))
-
-var releaseTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "edit-release.html"),
-))
-var artistTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "views", "edit-artist.html"),
-))
-var trackTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "views", "layout.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("admin", "components", "release", "release-list-item.html"),
-    filepath.Join("admin", "views", "edit-track.html"),
-))
-
-var editCreditsTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "components", "credits", "editcredits.html"),
-))
-var addCreditTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "components", "credits", "addcredit.html"),
-))
-var newCreditTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "components", "credits", "newcredit.html"),
-))
-
-var editLinksTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "components", "links", "editlinks.html"),
-))
-
-var editTracksTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "components", "tracks", "edittracks.html"),
-))
-var addTrackTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "components", "tracks", "addtrack.html"),
-))
-var newTrackTemplate = template.Must(template.ParseFiles(
-    filepath.Join("admin", "components", "tracks", "newtrack.html"),
-))
diff --git a/admin/components/credits/addcredit.html b/admin/templates/html/components/credits/addcredit.html
similarity index 100%
rename from admin/components/credits/addcredit.html
rename to admin/templates/html/components/credits/addcredit.html
diff --git a/admin/components/credits/editcredits.html b/admin/templates/html/components/credits/editcredits.html
similarity index 100%
rename from admin/components/credits/editcredits.html
rename to admin/templates/html/components/credits/editcredits.html
diff --git a/admin/components/credits/newcredit.html b/admin/templates/html/components/credits/newcredit.html
similarity index 100%
rename from admin/components/credits/newcredit.html
rename to admin/templates/html/components/credits/newcredit.html
diff --git a/admin/components/links/editlinks.html b/admin/templates/html/components/links/editlinks.html
similarity index 100%
rename from admin/components/links/editlinks.html
rename to admin/templates/html/components/links/editlinks.html
diff --git a/admin/components/release/release-list-item.html b/admin/templates/html/components/release/release-list-item.html
similarity index 100%
rename from admin/components/release/release-list-item.html
rename to admin/templates/html/components/release/release-list-item.html
diff --git a/admin/components/tracks/addtrack.html b/admin/templates/html/components/tracks/addtrack.html
similarity index 100%
rename from admin/components/tracks/addtrack.html
rename to admin/templates/html/components/tracks/addtrack.html
diff --git a/admin/components/tracks/edittracks.html b/admin/templates/html/components/tracks/edittracks.html
similarity index 100%
rename from admin/components/tracks/edittracks.html
rename to admin/templates/html/components/tracks/edittracks.html
diff --git a/admin/components/tracks/newtrack.html b/admin/templates/html/components/tracks/newtrack.html
similarity index 100%
rename from admin/components/tracks/newtrack.html
rename to admin/templates/html/components/tracks/newtrack.html
diff --git a/admin/views/edit-account.html b/admin/templates/html/edit-account.html
similarity index 100%
rename from admin/views/edit-account.html
rename to admin/templates/html/edit-account.html
diff --git a/admin/views/edit-artist.html b/admin/templates/html/edit-artist.html
similarity index 100%
rename from admin/views/edit-artist.html
rename to admin/templates/html/edit-artist.html
diff --git a/admin/views/edit-release.html b/admin/templates/html/edit-release.html
similarity index 100%
rename from admin/views/edit-release.html
rename to admin/templates/html/edit-release.html
diff --git a/admin/views/edit-track.html b/admin/templates/html/edit-track.html
similarity index 100%
rename from admin/views/edit-track.html
rename to admin/templates/html/edit-track.html
diff --git a/admin/views/index.html b/admin/templates/html/index.html
similarity index 100%
rename from admin/views/index.html
rename to admin/templates/html/index.html
diff --git a/admin/views/layout.html b/admin/templates/html/layout.html
similarity index 100%
rename from admin/views/layout.html
rename to admin/templates/html/layout.html
diff --git a/admin/views/login-totp.html b/admin/templates/html/login-totp.html
similarity index 100%
rename from admin/views/login-totp.html
rename to admin/templates/html/login-totp.html
diff --git a/admin/views/login.html b/admin/templates/html/login.html
similarity index 100%
rename from admin/views/login.html
rename to admin/templates/html/login.html
diff --git a/admin/views/logout.html b/admin/templates/html/logout.html
similarity index 100%
rename from admin/views/logout.html
rename to admin/templates/html/logout.html
diff --git a/admin/views/logs.html b/admin/templates/html/logs.html
similarity index 100%
rename from admin/views/logs.html
rename to admin/templates/html/logs.html
diff --git a/views/prideflag.html b/admin/templates/html/prideflag.html
similarity index 100%
rename from views/prideflag.html
rename to admin/templates/html/prideflag.html
diff --git a/admin/views/register.html b/admin/templates/html/register.html
similarity index 100%
rename from admin/views/register.html
rename to admin/templates/html/register.html
diff --git a/admin/views/totp-confirm.html b/admin/templates/html/totp-confirm.html
similarity index 100%
rename from admin/views/totp-confirm.html
rename to admin/templates/html/totp-confirm.html
diff --git a/admin/views/totp-setup.html b/admin/templates/html/totp-setup.html
similarity index 100%
rename from admin/views/totp-setup.html
rename to admin/templates/html/totp-setup.html
diff --git a/admin/templates/templates.go b/admin/templates/templates.go
new file mode 100644
index 0000000..58cd1d0
--- /dev/null
+++ b/admin/templates/templates.go
@@ -0,0 +1,128 @@
+package templates
+
+import (
+    "arimelody-web/log"
+    "fmt"
+    "html/template"
+    "strings"
+    "time"
+    _ "embed"
+)
+
+//go:embed "html/layout.html"
+var layoutHTML string
+//go:embed "html/prideflag.html"
+var prideflagHTML string
+
+//go:embed "html/index.html"
+var indexHTML string
+
+//go:embed "html/register.html"
+var registerHTML string
+//go:embed "html/login.html"
+var loginHTML string
+//go:embed "html/login-totp.html"
+var loginTotpHTML string
+//go:embed "html/totp-confirm.html"
+var totpConfirmHTML string
+//go:embed "html/totp-setup.html"
+var totpSetupHTML string
+//go:embed "html/logout.html"
+var logoutHTML string
+
+//go:embed "html/logs.html"
+var logsHTML string
+
+//go:embed "html/edit-account.html"
+var editAccountHTML string
+//go:embed "html/edit-artist.html"
+var editArtistHTML string
+//go:embed "html/edit-release.html"
+var editReleaseHTML string
+//go:embed "html/edit-track.html"
+var editTrackHTML string
+
+//go:embed "html/components/credits/newcredit.html"
+var componentNewCreditHTML string
+//go:embed "html/components/credits/addcredit.html"
+var componentAddCreditHTML string
+//go:embed "html/components/credits/editcredits.html"
+var componentEditCreditsHTML string
+
+//go:embed "html/components/links/editlinks.html"
+var componentEditLinksHTML string
+
+//go:embed "html/components/release/release-list-item.html"
+var componentReleaseListItemHTML string
+
+//go:embed "html/components/tracks/newtrack.html"
+var componentNewTrackHTML string
+//go:embed "html/components/tracks/addtrack.html"
+var componentAddTrackHTML string
+//go:embed "html/components/tracks/edittracks.html"
+var componentEditTracksHTML string
+
+var BaseTemplate = template.Must(template.New("base").Parse(
+    strings.Join([]string{ layoutHTML, prideflagHTML }, "\n"),
+))
+
+var IndexTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
+    strings.Join([]string{
+        indexHTML,
+        componentReleaseListItemHTML,
+    }, "\n"),
+))
+
+var LoginTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(loginHTML))
+var LoginTOTPTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(loginTotpHTML))
+var RegisterTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(registerHTML))
+var LogoutTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(logoutHTML))
+var AccountTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editAccountHTML))
+var TOTPSetupTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(totpSetupHTML))
+var TOTPConfirmTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(totpConfirmHTML))
+
+var LogsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Funcs(template.FuncMap{
+    "parseLevel": func(level log.LogLevel) string {
+        switch level {
+        case log.LEVEL_INFO:
+            return "INFO"
+        case log.LEVEL_WARN:
+            return "WARN"
+        }
+        return fmt.Sprintf("%d?", level)
+    },
+    "titleCase": func(logType string) string {
+        runes := []rune(logType)
+        for i, r := range runes {
+            if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' {
+                runes[i] = r + ('A' - 'a')
+            }
+        }
+        return string(runes)
+    },
+    "lower": func(str string) string { return strings.ToLower(str) },
+    "prettyTime": func(t time.Time) string {
+        // return t.Format("2006-01-02 15:04:05")
+        // return t.Format("15:04:05, 2 Jan 2006")
+        return t.Format("02 Jan 2006, 15:04:05")
+    },
+}).Parse(logsHTML))
+
+var EditReleaseTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editReleaseHTML))
+var EditArtistTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editArtistHTML))
+var EditTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
+    strings.Join([]string{
+        editTrackHTML,
+        componentReleaseListItemHTML,
+    }, "\n"),
+))
+
+var EditCreditsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditCreditsHTML))
+var AddCreditTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentAddCreditHTML))
+var NewCreditTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentNewCreditHTML))
+
+var EditLinksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditLinksHTML))
+
+var EditTracksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditTracksHTML))
+var AddTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentAddTrackHTML))
+var NewTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentNewTrackHTML))
diff --git a/admin/trackhttp.go b/admin/trackhttp.go
index 93eacdb..e93d1bb 100644
--- a/admin/trackhttp.go
+++ b/admin/trackhttp.go
@@ -1,12 +1,13 @@
 package admin
 
 import (
-    "fmt"
-    "net/http"
-    "strings"
+	"fmt"
+	"net/http"
+	"strings"
 
-    "arimelody-web/model"
-    "arimelody-web/controller"
+	"arimelody-web/admin/templates"
+	"arimelody-web/controller"
+	"arimelody-web/model"
 )
 
 func serveTrack(app *model.AppState) http.Handler {
@@ -39,7 +40,7 @@ func serveTrack(app *model.AppState) http.Handler {
 
         session := r.Context().Value("session").(*model.Session)
 
-        err = trackTemplate.Execute(w, TrackResponse{
+        err = templates.EditTrackTemplate.Execute(w, TrackResponse{
             Session: session,
             Track: track,
             Releases: releases,
diff --git a/main.go b/main.go
index eaed7c6..553f109 100644
--- a/main.go
+++ b/main.go
@@ -1,32 +1,33 @@
 package main
 
 import (
-    "bufio"
-    "errors"
-    "fmt"
-    stdLog "log"
-    "math"
-    "math/rand"
-    "net"
-    "net/http"
-    "os"
-    "path/filepath"
-    "strconv"
-    "strings"
-    "time"
+	"bufio"
+	"embed"
+	"errors"
+	"fmt"
+	stdLog "log"
+	"math"
+	"math/rand"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
 
-    "arimelody-web/admin"
-    "arimelody-web/api"
-    "arimelody-web/colour"
-    "arimelody-web/controller"
-    "arimelody-web/cursor"
-    "arimelody-web/log"
-    "arimelody-web/model"
-    "arimelody-web/view"
+	"arimelody-web/admin"
+	"arimelody-web/api"
+	"arimelody-web/colour"
+	"arimelody-web/controller"
+	"arimelody-web/cursor"
+	"arimelody-web/log"
+	"arimelody-web/model"
+	"arimelody-web/view"
 
-    "github.com/jmoiron/sqlx"
-    _ "github.com/lib/pq"
-    "golang.org/x/crypto/bcrypt"
+	"github.com/jmoiron/sqlx"
+	_ "github.com/lib/pq"
+	"golang.org/x/crypto/bcrypt"
 )
 
 // used for database migrations
@@ -35,12 +36,16 @@ const DB_VERSION = 1
 const DEFAULT_PORT int64 = 8080
 const HRT_DATE int64 = 1756478697
 
+//go:embed "public"
+var publicFS embed.FS
+
 func main() {
     fmt.Printf("made with <3 by ari melody\n\n")
 
     app := model.AppState{
         Config: controller.GetConfig(),
         Twitch: nil,
+        PublicFS: publicFS,
     }
 
     // initialise database connection
@@ -526,7 +531,7 @@ func createServeMux(app *model.AppState) *http.ServeMux {
     mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(app)))
     mux.Handle("/api/", http.StripPrefix("/api", api.Handler(app)))
     mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(app)))
-    mux.Handle("/uploads/", http.StripPrefix("/uploads", view.StaticHandler(filepath.Join(app.Config.DataDirectory, "uploads"))))
+    mux.Handle("/uploads/", http.StripPrefix("/uploads", view.ServeFiles(filepath.Join(app.Config.DataDirectory, "uploads"))))
     mux.Handle("/cursor-ws", cursor.Handler(app))
     mux.Handle("/", view.IndexHandler(app))
 
diff --git a/model/appstate.go b/model/appstate.go
index 3a1c230..1a13be9 100644
--- a/model/appstate.go
+++ b/model/appstate.go
@@ -1,9 +1,11 @@
 package model
 
 import (
-    "github.com/jmoiron/sqlx"
+	"embed"
 
-    "arimelody-web/log"
+	"github.com/jmoiron/sqlx"
+
+	"arimelody-web/log"
 )
 
 type (
@@ -43,5 +45,6 @@ type (
         Config Config
         Log log.Logger
         Twitch *TwitchState
+        PublicFS embed.FS
     }
 )
diff --git a/views/404.html b/templates/html/404.html
similarity index 100%
rename from views/404.html
rename to templates/html/404.html
diff --git a/views/footer.html b/templates/html/footer.html
similarity index 100%
rename from views/footer.html
rename to templates/html/footer.html
diff --git a/views/header.html b/templates/html/header.html
similarity index 100%
rename from views/header.html
rename to templates/html/header.html
diff --git a/views/index.html b/templates/html/index.html
similarity index 100%
rename from views/index.html
rename to templates/html/index.html
diff --git a/views/layout.html b/templates/html/layout.html
similarity index 100%
rename from views/layout.html
rename to templates/html/layout.html
diff --git a/views/music-gateway.html b/templates/html/music-gateway.html
similarity index 100%
rename from views/music-gateway.html
rename to templates/html/music-gateway.html
diff --git a/views/music.html b/templates/html/music.html
similarity index 100%
rename from views/music.html
rename to templates/html/music.html
diff --git a/templates/html/prideflag.html b/templates/html/prideflag.html
new file mode 100644
index 0000000..47ce4c7
--- /dev/null
+++ b/templates/html/prideflag.html
@@ -0,0 +1,21 @@
+{{define "prideflag"}}
+<a href="https://github.com/arimelody/prideflag" target="_blank" id="prideflag">
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 120" width="120" height="120" hx-preserve="true">
+        <path id="red" d="M120,80 L100,100 L120,120 Z" style="fill:#d20605"/>
+        <path id="orange" d="M120,80 V40 L80,80 L100,100 Z" style="fill:#ef9c00"/>
+        <path id="yellow" d="M120,40 V0 L60,60 L80,80 Z" style="fill:#e5fe02"/>
+        <path id="green" d="M120,0 H80 L40,40 L60,60 Z" style="fill:#09be01"/>
+        <path id="blue" d="M80,0 H40 L20,20 L40,40 Z" style="fill:#081a9a"/>
+        <path id="purple" d="M40,0 H0 L20,20 Z" style="fill:#76008a"/>
+
+        <rect id="black" x="60" width="60" height="60" style="fill:#010101"/>
+        <rect id="brown" x="70" width="50" height="50" style="fill:#603814"/>
+        <rect id="lightblue" x="80" width="40" height="40" style="fill:#73d6ed"/>
+        <rect id="pink" x="90" width="30" height="30" style="fill:#ffafc8"/>
+        <rect id="white" x="100" width="20" height="20" style="fill:#fff"/>
+
+        <rect id="intyellow" x="110" width="10" height="10" style="fill:#fed800"/>
+        <circle id="intpurple" cx="120" cy="0" r="5" stroke="#7601ad" stroke-width="2" fill="none"/>
+    </svg>
+</a>
+{{end}}
diff --git a/templates/templates.go b/templates/templates.go
index 752c78d..c6ab41e 100644
--- a/templates/templates.go
+++ b/templates/templates.go
@@ -1,28 +1,36 @@
 package templates
 
 import (
-    "html/template"
-    "path/filepath"
+	_ "embed"
+	"html/template"
+	"strings"
 )
 
-var IndexTemplate = template.Must(template.ParseFiles(
-    filepath.Join("views", "layout.html"),
-    filepath.Join("views", "header.html"),
-    filepath.Join("views", "footer.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("views", "index.html"),
-))
-var MusicTemplate = template.Must(template.ParseFiles(
-    filepath.Join("views", "layout.html"),
-    filepath.Join("views", "header.html"),
-    filepath.Join("views", "footer.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("views", "music.html"),
-))
-var MusicGatewayTemplate = template.Must(template.ParseFiles(
-    filepath.Join("views", "layout.html"),
-    filepath.Join("views", "header.html"),
-    filepath.Join("views", "footer.html"),
-    filepath.Join("views", "prideflag.html"),
-    filepath.Join("views", "music-gateway.html"),
+//go:embed "html/layout.html"
+var layoutHTML string
+//go:embed "html/header.html"
+var headerHTML string
+//go:embed "html/footer.html"
+var footerHTML string
+//go:embed "html/prideflag.html"
+var prideflagHTML string
+//go:embed "html/index.html"
+var indexHTML string
+//go:embed "html/music.html"
+var musicHTML string
+//go:embed "html/music-gateway.html"
+var musicGatewayHTML string
+// //go:embed "html/404.html"
+// var error404HTML string
+
+var BaseTemplate = template.Must(template.New("base").Parse(
+    strings.Join([]string{
+        layoutHTML,
+        headerHTML,
+        footerHTML,
+        prideflagHTML,
+    }, "\n"),
 ))
+var IndexTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(indexHTML))
+var MusicTemplate  = template.Must(template.Must(BaseTemplate.Clone()).Parse(musicHTML))
+var MusicGatewayTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(musicGatewayHTML))
diff --git a/view/static.go b/view/files.go
similarity index 54%
rename from view/static.go
rename to view/files.go
index 52263a2..c1b0e29 100644
--- a/view/static.go
+++ b/view/files.go
@@ -1,13 +1,31 @@
 package view
 
 import (
+	"embed"
 	"errors"
+	"mime"
 	"net/http"
 	"os"
+	"path"
 	"path/filepath"
 )
 
-func StaticHandler(directory string) http.Handler {
+func ServeEmbedFS(fs embed.FS, dir string) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        file, err := fs.ReadFile(filepath.Join(dir, filepath.Clean(r.URL.Path)))
+        if err != nil {
+            http.NotFound(w, r)
+            return
+        }
+
+        w.Header().Set("Content-Type", mime.TypeByExtension(path.Ext(r.URL.Path)))
+        w.WriteHeader(http.StatusOK)
+
+        w.Write(file)
+    })
+}
+
+func ServeFiles(directory string) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path)))
 
@@ -28,4 +46,3 @@ func StaticHandler(directory string) http.Handler {
         http.FileServer(http.Dir(directory)).ServeHTTP(w, r)
     })
 }
-
diff --git a/view/index.go b/view/index.go
index b6e3891..bcd0d06 100644
--- a/view/index.go
+++ b/view/index.go
@@ -40,6 +40,6 @@ func IndexHandler(app *model.AppState) http.Handler {
             return
         }
 
-        StaticHandler("public").ServeHTTP(w, r)
+        ServeEmbedFS(app.PublicFS, "public").ServeHTTP(w, r)
     })
 }

From 1999ab7d2c493f9440f5b50950e665059d33f6a2 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 30 Sep 2025 22:29:37 +0100
Subject: [PATCH 64/88] embed schema migration scripts

---
 controller/migrator.go                        | 20 +++++++++++++------
 .../schema-migration}/000-init.sql            |  0
 .../schema-migration}/001-pre-versioning.sql  |  0
 .../schema-migration}/002-audit-logs.sql      |  0
 .../schema-migration}/003-fail-lock.sql       |  0
 controller/schema-migration/004-test.sql      |  1 +
 6 files changed, 15 insertions(+), 6 deletions(-)
 rename {schema-migration => controller/schema-migration}/000-init.sql (100%)
 rename {schema-migration => controller/schema-migration}/001-pre-versioning.sql (100%)
 rename {schema-migration => controller/schema-migration}/002-audit-logs.sql (100%)
 rename {schema-migration => controller/schema-migration}/003-fail-lock.sql (100%)
 create mode 100644 controller/schema-migration/004-test.sql

diff --git a/controller/migrator.go b/controller/migrator.go
index 4b99b9c..1a70e62 100644
--- a/controller/migrator.go
+++ b/controller/migrator.go
@@ -1,14 +1,15 @@
 package controller
 
 import (
-    "fmt"
-    "os"
-    "time"
+	"embed"
+	"fmt"
+	"os"
+	"time"
 
-    "github.com/jmoiron/sqlx"
+	"github.com/jmoiron/sqlx"
 )
 
-const DB_VERSION int = 4
+const DB_VERSION int = 5
 
 func CheckDBVersionAndMigrate(db *sqlx.DB) {
     db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody")
@@ -49,16 +50,23 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) {
             ApplyMigration(db, "003-fail-lock")
             oldDBVersion = 4
 
+        case 4:
+            ApplyMigration(db, "004-test")
+            oldDBVersion = 5
+
         }
     }
 
     fmt.Printf("Database schema up to date.\n")
 }
 
+//go:embed "schema-migration"
+var schemaFS embed.FS
+
 func ApplyMigration(db *sqlx.DB, scriptFile string) {
     fmt.Printf("Applying schema migration %s...\n", scriptFile)
 
-    bytes, err := os.ReadFile("schema-migration/" + scriptFile + ".sql")
+    bytes, err := schemaFS.ReadFile("schema-migration/" + scriptFile + ".sql")
     if err != nil {
         fmt.Fprintf(os.Stderr, "FATAL: Failed to open schema file \"%s\": %v\n", scriptFile, err)
         os.Exit(1)
diff --git a/schema-migration/000-init.sql b/controller/schema-migration/000-init.sql
similarity index 100%
rename from schema-migration/000-init.sql
rename to controller/schema-migration/000-init.sql
diff --git a/schema-migration/001-pre-versioning.sql b/controller/schema-migration/001-pre-versioning.sql
similarity index 100%
rename from schema-migration/001-pre-versioning.sql
rename to controller/schema-migration/001-pre-versioning.sql
diff --git a/schema-migration/002-audit-logs.sql b/controller/schema-migration/002-audit-logs.sql
similarity index 100%
rename from schema-migration/002-audit-logs.sql
rename to controller/schema-migration/002-audit-logs.sql
diff --git a/schema-migration/003-fail-lock.sql b/controller/schema-migration/003-fail-lock.sql
similarity index 100%
rename from schema-migration/003-fail-lock.sql
rename to controller/schema-migration/003-fail-lock.sql
diff --git a/controller/schema-migration/004-test.sql b/controller/schema-migration/004-test.sql
new file mode 100644
index 0000000..3733de2
--- /dev/null
+++ b/controller/schema-migration/004-test.sql
@@ -0,0 +1 @@
+INSERT INTO arimelody.auditlog (level, type, content) VALUES (0, "test", "this is a db schema migration test!");

From 42c6540ac3adbed4ab889d60bedf5805fd22ab7d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 30 Sep 2025 22:30:06 +0100
Subject: [PATCH 65/88] fix upload info log line

---
 api/uploads.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/uploads.go b/api/uploads.go
index 4678f22..3c3c58a 100644
--- a/api/uploads.go
+++ b/api/uploads.go
@@ -50,7 +50,7 @@ func HandleImageUpload(app *model.AppState, data *string, directory string, file
         return "", nil
     }
 
-    app.Log.Info(log.TYPE_FILES, "\"%s/%s.%s\" created.", directory, filename, ext)
+    app.Log.Info(log.TYPE_FILES, "\"%s\" created.", imagePath)
 
     return filename, nil
 }

From ef655744bb36e2b93c315accdf7e8b15824b06ea Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 30 Sep 2025 22:30:31 +0100
Subject: [PATCH 66/88] comment out deprecated QR code. uh. code

---
 controller/qr.go | 69 ++++++++++++++++++++++++------------------------
 1 file changed, 34 insertions(+), 35 deletions(-)

diff --git a/controller/qr.go b/controller/qr.go
index dd08637..21ed3e6 100644
--- a/controller/qr.go
+++ b/controller/qr.go
@@ -2,8 +2,8 @@ package controller
 
 import (
     "encoding/base64"
-    "image"
-    "image/color"
+    // "image"
+    // "image/color"
 
     "github.com/skip2/go-qrcode"
 )
@@ -18,36 +18,35 @@ func GenerateQRCode(data string) (string, error) {
 }
 
 // vvv DEPRECATED vvv
-
-const margin = 4
-
-type QRCodeECCLevel int64
-const (
-    LOW QRCodeECCLevel = iota
-    MEDIUM
-    QUARTILE
-    HIGH
-)
-
-func drawLargeAlignmentSquare(x int, y int, img *image.Gray) {
-    for yi := range 7 {
-        for xi := range 7 {
-            if (xi == 0 || xi == 6) || (yi == 0 || yi == 6) {
-                img.Set(x + xi, y + yi, color.Black)
-            } else if (xi > 1 && xi < 5) && (yi > 1 && yi < 5) {
-                img.Set(x + xi, y + yi, color.Black)
-            }
-        }
-    }
-}
-
-func drawSmallAlignmentSquare(x int, y int, img *image.Gray) {
-    for yi := range 5 {
-        for xi := range 5 {
-            if (xi == 0 || xi == 4) || (yi == 0 || yi == 4) {
-                img.Set(x + xi, y + yi, color.Black)
-            }
-        }
-    }
-    img.Set(x + 2, y + 2, color.Black)
-}
+// const margin = 4
+//
+// type QRCodeECCLevel int64
+// const (
+//     LOW QRCodeECCLevel = iota
+//     MEDIUM
+//     QUARTILE
+//     HIGH
+// )
+//
+// func drawLargeAlignmentSquare(x int, y int, img *image.Gray) {
+//     for yi := range 7 {
+//         for xi := range 7 {
+//             if (xi == 0 || xi == 6) || (yi == 0 || yi == 6) {
+//                 img.Set(x + xi, y + yi, color.Black)
+//             } else if (xi > 1 && xi < 5) && (yi > 1 && yi < 5) {
+//                 img.Set(x + xi, y + yi, color.Black)
+//             }
+//         }
+//     }
+// }
+//
+// func drawSmallAlignmentSquare(x int, y int, img *image.Gray) {
+//     for yi := range 5 {
+//         for xi := range 5 {
+//             if (xi == 0 || xi == 4) || (yi == 0 || yi == 4) {
+//                 img.Set(x + xi, y + yi, color.Black)
+//             }
+//         }
+//     }
+//     img.Set(x + 2, y + 2, color.Black)
+// }

From 419781988aede87258eb06cb702db88c7c591dec Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 30 Sep 2025 22:30:52 +0100
Subject: [PATCH 67/88] refactor errors.New to fmt.Errorf

---
 api/api.go            |  5 ++---
 controller/release.go | 13 ++++++-------
 controller/session.go |  5 ++---
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/api/api.go b/api/api.go
index 398db4b..c5156c2 100644
--- a/api/api.go
+++ b/api/api.go
@@ -2,7 +2,6 @@ package api
 
 import (
     "context"
-    "errors"
     "fmt"
     "net/http"
     "os"
@@ -173,7 +172,7 @@ func getSession(app *model.AppState, r *http.Request) (*model.Session, error) {
     // check cookies first
     sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
     if err != nil && err != http.ErrNoCookie {
-        return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v\n", err))
+        return nil, fmt.Errorf("Failed to retrieve session cookie: %v\n", err)
     }
     if sessionCookie != nil {
         token = sessionCookie.Value
@@ -188,7 +187,7 @@ func getSession(app *model.AppState, r *http.Request) (*model.Session, error) {
     session, err := controller.GetSession(app.DB, token)
 
     if err != nil && !strings.Contains(err.Error(), "no rows") {
-        return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v\n", err))
+        return nil, fmt.Errorf("Failed to retrieve session: %v\n", err)
     }
 
     if session != nil {
diff --git a/controller/release.go b/controller/release.go
index 3dcad26..afd09fb 100644
--- a/controller/release.go
+++ b/controller/release.go
@@ -1,7 +1,6 @@
 package controller
 
 import (
-    "errors"
     "fmt"
 
     "arimelody-web/model"
@@ -21,7 +20,7 @@ func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) {
         // get credits
         credits, err := GetReleaseCredits(db, id)
         if err != nil {
-            return nil, errors.New(fmt.Sprintf("Credits: %s", err))
+            return nil, fmt.Errorf("Credits: %s", err)
         }
         for _, credit := range credits {
             release.Credits = append(release.Credits, credit)
@@ -30,7 +29,7 @@ func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) {
         // get tracks
         tracks, err := GetReleaseTracks(db, id)
         if err != nil {
-            return nil, errors.New(fmt.Sprintf("Tracks: %s", err))
+            return nil, fmt.Errorf("Tracks: %s", err)
         }
         for _, track := range tracks {
             release.Tracks = append(release.Tracks, track)
@@ -39,7 +38,7 @@ func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) {
         // get links
         links, err := GetReleaseLinks(db, id)
         if err != nil {
-            return nil, errors.New(fmt.Sprintf("Links: %s", err))
+            return nil, fmt.Errorf("Links: %s", err)
         }
         for _, link := range links {
             release.Links = append(release.Links, link)
@@ -71,7 +70,7 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod
         // get credits
         credits, err := GetReleaseCredits(db, release.ID)
         if err != nil {
-            return nil, errors.New(fmt.Sprintf("Credits: %s", err))
+            return nil, fmt.Errorf("Credits: %s", err)
         }
         for _, credit := range credits {
             release.Credits = append(release.Credits, credit)
@@ -81,7 +80,7 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod
             // get tracks
             tracks, err := GetReleaseTracks(db, release.ID)
             if err != nil {
-                return nil, errors.New(fmt.Sprintf("Tracks: %s", err))
+                return nil, fmt.Errorf("Tracks: %s", err)
             }
             for _, track := range tracks {
                 release.Tracks = append(release.Tracks, track)
@@ -90,7 +89,7 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod
             // get links
             links, err := GetReleaseLinks(db, release.ID)
             if err != nil {
-                return nil, errors.New(fmt.Sprintf("Links: %s", err))
+                return nil, fmt.Errorf("Links: %s", err)
             }
             for _, link := range links {
                 release.Links = append(release.Links, link)
diff --git a/controller/session.go b/controller/session.go
index 5028789..dfae551 100644
--- a/controller/session.go
+++ b/controller/session.go
@@ -2,7 +2,6 @@ package controller
 
 import (
     "database/sql"
-    "errors"
     "fmt"
     "net/http"
     "strings"
@@ -19,7 +18,7 @@ const TOKEN_LEN = 64
 func GetSessionFromRequest(app *model.AppState, r *http.Request) (*model.Session, error) {
     sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
     if err != nil && err != http.ErrNoCookie {
-        return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v", err))
+        return nil, fmt.Errorf("Failed to retrieve session cookie: %v", err)
     }
 
     var session *model.Session
@@ -29,7 +28,7 @@ func GetSessionFromRequest(app *model.AppState, r *http.Request) (*model.Session
         session, err = GetSession(app.DB, sessionCookie.Value)
 
         if err != nil && !strings.Contains(err.Error(), "no rows") {
-            return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v", err))
+            return nil, fmt.Errorf("Failed to retrieve session: %v", err)
         }
 
         if session != nil {

From 028ed6029354a394e68b602aac8635dd3f24702c Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 30 Sep 2025 22:34:46 +0100
Subject: [PATCH 68/88] oops

---
 controller/controller.go                 | 2 +-
 controller/migrator.go                   | 6 +-----
 controller/schema-migration/004-test.sql | 1 -
 3 files changed, 2 insertions(+), 7 deletions(-)
 delete mode 100644 controller/schema-migration/004-test.sql

diff --git a/controller/controller.go b/controller/controller.go
index 44194e4..95615fb 100644
--- a/controller/controller.go
+++ b/controller/controller.go
@@ -5,7 +5,7 @@ import "math/rand"
 func GenerateAlnumString(length int) []byte {
     const CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
     res := []byte{}
-    for i := 0; i < length; i++ {
+    for range length {
         res = append(res, CHARS[rand.Intn(len(CHARS))])
     }
     return res
diff --git a/controller/migrator.go b/controller/migrator.go
index 1a70e62..3be8c21 100644
--- a/controller/migrator.go
+++ b/controller/migrator.go
@@ -9,7 +9,7 @@ import (
 	"github.com/jmoiron/sqlx"
 )
 
-const DB_VERSION int = 5
+const DB_VERSION int = 4
 
 func CheckDBVersionAndMigrate(db *sqlx.DB) {
     db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody")
@@ -50,10 +50,6 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) {
             ApplyMigration(db, "003-fail-lock")
             oldDBVersion = 4
 
-        case 4:
-            ApplyMigration(db, "004-test")
-            oldDBVersion = 5
-
         }
     }
 
diff --git a/controller/schema-migration/004-test.sql b/controller/schema-migration/004-test.sql
deleted file mode 100644
index 3733de2..0000000
--- a/controller/schema-migration/004-test.sql
+++ /dev/null
@@ -1 +0,0 @@
-INSERT INTO arimelody.auditlog (level, type, content) VALUES (0, "test", "this is a db schema migration test!");

From 13a84f7f25b8208bcccf40faf1208e27a964c5cd Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Sun, 19 Oct 2025 05:01:55 +0100
Subject: [PATCH 69/88] admin dashboard early UI refresh

---
 .air.toml                          |   4 +-
 admin/static/admin.css             | 160 ++++++++++++++++++++---------
 admin/static/admin.js              |  17 +++
 admin/static/edit-artist.css       |  18 ++--
 admin/static/edit-release.css      |  67 +++++++-----
 admin/static/edit-track.css        |   9 +-
 admin/static/index.css             |  11 +-
 admin/static/index.js              |   8 ++
 admin/static/logs.css              |  42 +++++---
 admin/static/release-list-item.css |  43 +++-----
 admin/templates/html/layout.html   |   7 +-
 admin/templates/html/logs.html     |   2 +-
 12 files changed, 249 insertions(+), 139 deletions(-)

diff --git a/.air.toml b/.air.toml
index 070166a..c6d499b 100644
--- a/.air.toml
+++ b/.air.toml
@@ -7,14 +7,14 @@ tmp_dir = "tmp"
   bin = "./tmp/main"
   cmd = "go build -o ./tmp/main ."
   delay = 1000
-  exclude_dir = ["admin/static", "admin\\static", "public", "uploads", "test", "db", "res"]
+  exclude_dir = ["uploads", "test", "db", "res"]
   exclude_file = []
   exclude_regex = ["_test.go"]
   exclude_unchanged = false
   follow_symlink = false
   full_bin = ""
   include_dir = []
-  include_ext = ["go", "tpl", "tmpl", "html"]
+  include_ext = ["go", "tpl", "tmpl", "html", "css"]
   include_file = []
   kill_delay = "0s"
   log = "build-errors.log"
diff --git a/admin/static/admin.css b/admin/static/admin.css
index 877b5da..1f5a1fb 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -1,6 +1,71 @@
 @import url("/style/prideflag.css");
 @import url("/font/inter/inter.css");
 
+:root {
+    --bg-0: #101010;
+    --bg-1: #141414;
+    --bg-2: #181818;
+    --bg-3: #202020;
+
+    --fg-0: #b0b0b0;
+    --fg-1: #c0c0c0;
+    --fg-2: #d0d0d0;
+    --fg-3: #e0e0e0;
+
+    --col-shadow-0: #0002;
+    --col-shadow-1: #0004;
+    --col-shadow-2: #0006;
+    --col-highlight-0: #ffffff08;
+    --col-highlight-1: #fff1;
+    --col-highlight-2: #fff2;
+
+    --col-new: #b3ee5b;
+    --col-on-new: #1b2013;
+    --col-save: #6fd7ff;
+    --col-on-save: #283f48;
+    --col-delete: #ff7171;
+    --col-on-delete: #371919;
+
+    --col-warn: #ffe86a;
+    --col-on-warn: var(--bg-0);
+    --col-warn-hover: #ffec81;
+
+    --shadow-sm:
+    0 1px 2px var(--col-shadow-2),
+    inset 0 1px 1px var(--col-highlight-2);
+    --shadow-md:
+    0 2px 4px var(--col-shadow-1),
+    inset 0 2px 2px var(--col-highlight-1);
+    --shadow-lg:
+    0 4px 8px var(--col-shadow-0),
+    inset 0 4px 4px var(--col-highlight-0);
+}
+
+@media (prefers-color-scheme: light) {
+    :root {
+        --bg-0: #e8e8e8;
+        --bg-1: #f0f0f0;
+        --bg-2: #f8f8f8;
+        --bg-3: #ffffff;
+
+        --fg-0: #606060;
+        --fg-1: #404040;
+        --fg-2: #303030;
+        --fg-3: #202020;
+
+        --col-shadow-0: #0002;
+        --col-shadow-1: #0004;
+        --col-shadow-2: #0008;
+        --col-highlight-0: #fff2;
+        --col-highlight-1: #fff4;
+        --col-highlight-2: #fff8;
+
+        --col-warn: #ffe86a;
+        --col-on-warn: var(--fg-3);
+        --col-warn-hover: #ffec81;
+    }
+}
+
 body {
     width: 100%;
     height: calc(100vh - 1em);
@@ -11,8 +76,12 @@ body {
     font-family: "Inter", sans-serif;
     font-size: 16px;
 
-    color: #303030;
-    background: #f0f0f0;
+    color: var(--fg-0);
+    background: var(--bg-0);
+}
+
+h1, h2, h3, h4, h5, h6 {
+    color: var(--fg-3);
 }
 
 nav {
@@ -22,40 +91,35 @@ nav {
     display: flex;
     flex-direction: row;
     justify-content: left;
-
-    background: #f8f8f8;
-    border-radius: 4px;
-    border: 1px solid #808080;
+    gap: .5em;
+    user-select: none;
 }
 nav .icon {
     height: 100%;
+    border-radius: 100%;
+    box-shadow: var(--shadow-sm);
+    overflow: hidden;
 }
-nav .title {
-    width: auto;
+nav .icon img {
+    width: 100%;
     height: 100%;
-
-    margin: 0 1em 0 0;
-
-    display: flex;
-
-    line-height: 2em;
-    text-decoration: none;
-
-    color: inherit;
 }
 .nav-item {
     width: auto;
     height: 100%;
-
-    margin: 0px;
     padding: 0 1em;
-
     display: flex;
 
+    color: var(--fg-2);
+    background: var(--bg-2);
+    border-radius: 10em;
+    box-shadow: var(--shadow-sm);
+
     line-height: 2em;
+    font-weight: 500;
 }
 .nav-item:hover {
-    background: #00000010;
+    background: var(--bg-1);
     text-decoration: none;
 }
 nav a {
@@ -77,9 +141,11 @@ a {
     text-decoration: none;
 }
 
+/*
 a:hover {
     text-decoration: underline;
 }
+*/
 
 a img.icon {
     height: .8em;
@@ -133,17 +199,14 @@ code {
 #error {
     margin: 0 0 1em 0;
     padding: 1em;
-    border-radius: 4px;
+    border-radius: 8px;
     background: #ffffff;
-    border: 1px solid #888;
 }
 #message {
     background: #a9dfff;
-    border-color: #599fdc;
 }
 #error {
     background: #ffa9b8;
-    border-color: #dc5959;
 }
 
 
@@ -152,52 +215,54 @@ a.delete:not(.button) {
     color: #d22828;
 }
 
-button, .button {
+.button, button {
     padding: .5em .8em;
     font-family: inherit;
     font-size: inherit;
-    border-radius: 4px;
-    border: 1px solid #a0a0a0;
-    background: #f0f0f0;
+
     color: inherit;
+    background: var(--bg-2);
+    border: none;
+    border-radius: 10em;
+    box-shadow: var(--shadow-sm);
+    font-weight: 500;
+    transition: background .1s ease-out, color .1s ease-out;
+
+    cursor: pointer;
+    user-select: none;
 }
 button:hover, .button:hover {
     background: #fff;
-    border-color: #d0d0d0;
 }
 button:active, .button:active {
     background: #d0d0d0;
-    border-color: #808080;
 }
 
-.button, button {
-    color: inherit;
-}
 .button.new, button.new {
-    background: #c4ff6a;
-    border-color: #84b141;
+    color: var(--col-on-new);
+    background: var(--col-new);
 }
 .button.save, button.save {
-    background: #6fd7ff;
-    border-color: #6f9eb0;
+    color: var(--col-on-save);
+    background: var(--col-save);
 }
 .button.delete, button.delete {
-    background: #ff7171;
-    border-color: #7d3535;
+    color: var(--col-on-delete);
+    background: var(--col-delete);
 }
 .button:hover, button:hover {
-    background: #fff;
-    border-color: #d0d0d0;
+    color: var(--bg-3);
+    background: var(--fg-3);
 }
 .button:active, button:active {
-    background: #d0d0d0;
-    border-color: #808080;
+    color: var(--bg-2);
+    background: var(--fg-0);
 }
 .button[disabled], button[disabled] {
-    background: #d0d0d0 !important;
-    border-color: #808080 !important;
+    color: var(--fg-0) !important;
+    background: var(--bg-3) !important;
     opacity: .5;
-    cursor: not-allowed !important;
+    cursor: default !important;
 }
 
 
@@ -217,7 +282,6 @@ form input {
     padding: .3rem .5rem;
     display: block;
     border-radius: 4px;
-    border: 1px solid #808080;
     font-size: inherit;
     font-family: inherit;
     color: inherit;
diff --git a/admin/static/admin.js b/admin/static/admin.js
index 0763ab7..140efe0 100644
--- a/admin/static/admin.js
+++ b/admin/static/admin.js
@@ -69,3 +69,20 @@ export function makeMagicList(container, itemSelector, callback) {
         if (callback) callback();
     });
 }
+
+export function hijackClickEvent(container, link) {
+    container.addEventListener('click', event => {
+        if (event.target.tagName.toLowerCase() === 'a') return;
+        event.preventDefault();
+        link.dispatchEvent(new MouseEvent('click', {
+            bubbles: true,
+            cancelable: true,
+            view: window,
+            ctrlKey: event.ctrlKey,
+            metaKey: event.metaKey,
+            shiftKey: event.shiftKey,
+            altKey: event.altKey,
+            button: event.button,
+        }));
+    });
+}
diff --git a/admin/static/edit-artist.css b/admin/static/edit-artist.css
index 5627e64..1bab082 100644
--- a/admin/static/edit-artist.css
+++ b/admin/static/edit-artist.css
@@ -9,9 +9,9 @@ h1 {
     flex-direction: row;
     gap: 1.2em;
 
-    border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 .artist-avatar {
@@ -27,6 +27,7 @@ h1 {
     cursor: pointer;
 }
 .artist-avatar #remove-avatar {
+    margin-top: .5em;
     padding: .3em .4em;
 }
 
@@ -53,8 +54,8 @@ input[type="text"] {
     font-family: inherit;
     font-weight: inherit;
     color: inherit;
-    background: #ffffff;
-    border: 1px solid transparent;
+    background: var(--bg-0);
+    border: none;
     border-radius: 4px;
     outline: none;
 }
@@ -85,9 +86,10 @@ input[type="text"]:focus {
     flex-direction: row;
     gap: 1em;
     align-items: center;
-    background: #f8f8f8;
-    border-radius: 8px;
-    border: 1px solid #808080;
+
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 .release-artwork {
diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css
index aa70e34..d30db84 100644
--- a/admin/static/edit-release.css
+++ b/admin/static/edit-release.css
@@ -12,8 +12,8 @@ input[type="text"] {
     gap: 1.2em;
 
     border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 .release-artwork {
@@ -29,7 +29,8 @@ input[type="text"] {
     cursor: pointer;
 }
 .release-artwork #remove-artwork {
-    padding: .3em .4em;
+    margin-top: .5em;
+    padding: .3em .6em;
 }
 
 .release-info {
@@ -54,17 +55,17 @@ input[type="text"] {
     background: transparent;
     outline: none;
     cursor: pointer;
+    transition: background .1s ease-out, border-color .1s ease-out;
 }
 
 #title:hover {
-    background: #ffffff;
-    border-color: #80808080;
+    background: var(--bg-3);
+    border-color: var(--fg-0);
 }
 
 #title:active,
 #title:focus {
-    background: #ffffff;
-    border-color: #808080;
+    background: var(--bg-3);
 }
 
 .release-title small {
@@ -75,19 +76,21 @@ input[type="text"] {
     width: 100%;
     margin: .5em 0;
     border-collapse: collapse;
+    color: var(--fg-2);
 }
 .release-info table td {
     padding: .2em;
-    border-bottom: 1px solid #d0d0d0;
+    border-bottom: 1px solid color-mix(in srgb, var(--fg-0) 25%, transparent);
+    transition: background .1s ease-out, border-color .1s ease-out;
 }
 .release-info table tr td:first-child {
     vertical-align: top;
-    opacity: .66;
+    opacity: .5;
 }
 .release-info table tr td:not(:first-child) select:hover,
 .release-info table tr td:not(:first-child) input:hover,
 .release-info table tr td:not(:first-child) textarea:hover {
-    background: #e8e8e8;
+    background: var(--bg-3);
     cursor: pointer;
 }
 .release-info table td select,
@@ -117,11 +120,19 @@ input[type="text"] {
     justify-content: right;
 }
 
+.release-actions button,
+.release-actions .button {
+    color: var(--fg-2);
+    background: var(--bg-3);
+}
+
 dialog {
     width: min(720px, calc(100% - 2em));
     padding: 2em;
     border: 1px solid #101010;
-    border-radius: 8px;
+    border-radius: 16px;
+    color: var(--fg-0);
+    background: var(--bg-0);
 }
 
 dialog header {
@@ -160,9 +171,9 @@ dialog div.dialog-actions {
     align-items: center;
     gap: 1em;
 
-    border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 .card.credits .credit p {
@@ -170,10 +181,11 @@ dialog div.dialog-actions {
 }
 
 .card.credits .credit .artist-avatar {
-    border-radius: 8px;
+    border-radius: 12px;
 }
 
 .card.credits .credit .artist-name {
+    color: var(--fg-3);
     font-weight: bold;
 }
 
@@ -197,8 +209,8 @@ dialog div.dialog-actions {
     gap: 1em;
 
     border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 #editcredits .credit {
@@ -232,6 +244,7 @@ dialog div.dialog-actions {
     margin: 0;
     display: flex;
     align-items: center;
+    color: inherit;
 }
 
 #editcredits .credit .credit-info .credit-attribute input[type="text"] {
@@ -239,15 +252,17 @@ dialog div.dialog-actions {
     padding: .2em .4em;
     flex-grow: 1;
     font-family: inherit;
-    border: 1px solid #8888;
+    border: none;
     border-radius: 4px;
-    color: inherit;
+    color: var(--fg-2);
+    background: var(--bg-0);
 }
 #editcredits .credit .credit-info .credit-attribute input[type="checkbox"] {
     margin: 0 .3em;
 }
 
 #editcredits .credit .artist-name {
+    color: var(--fg-2);
     font-weight: bold;
 }
 
@@ -256,8 +271,12 @@ dialog div.dialog-actions {
     opacity: .66;
 }
 
-#editcredits .credit button.delete {
-    margin-left: auto;
+#editcredits .credit .delete {
+    margin-right: .5em;
+    cursor: pointer;
+}
+#editcredits .credit .delete:hover {
+    text-decoration: underline;
 }
 
 #addcredit ul {
@@ -400,9 +419,9 @@ dialog div.dialog-actions {
     flex-direction: column;
     gap: .5em;
 
-    border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 .card.tracks .track h3,
diff --git a/admin/static/edit-track.css b/admin/static/edit-track.css
index 600b680..1a9323f 100644
--- a/admin/static/edit-track.css
+++ b/admin/static/edit-track.css
@@ -11,9 +11,9 @@ h1 {
     flex-direction: row;
     gap: 1.2em;
 
-    border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 .track-info {
@@ -49,7 +49,8 @@ h1 {
     font-weight: inherit;
     font-family: inherit;
     font-size: inherit;
-    border: 1px solid transparent;
+    background: var(--bg-0);
+    border: none;
     border-radius: 4px;
     outline: none;
     color: inherit;
diff --git a/admin/static/index.css b/admin/static/index.css
index 9fcd731..278224e 100644
--- a/admin/static/index.css
+++ b/admin/static/index.css
@@ -7,13 +7,18 @@
     flex-direction: row;
     align-items: center;
     gap: .5em;
+    color: var(--fg-3);
 
-    border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
+
+    transition: background .1s ease-out;
+    cursor: pointer;
 }
 
 .artist:hover {
+    background: var(--bg-1);
     text-decoration: hover;
 }
 
diff --git a/admin/static/index.js b/admin/static/index.js
index e251802..0091fa4 100644
--- a/admin/static/index.js
+++ b/admin/static/index.js
@@ -1,3 +1,5 @@
+import { hijackClickEvent } from "./admin.js";
+
 const newReleaseBtn = document.getElementById("create-release");
 const newArtistBtn = document.getElementById("create-artist");
 const newTrackBtn = document.getElementById("create-track");
@@ -72,3 +74,9 @@ newTrackBtn.addEventListener("click", event => {
         console.error(err);
     });
 });
+
+document.addEventListener("readystatechange", () => {
+    document.querySelectorAll(".card.artists .artist").forEach(el => {
+        hijackClickEvent(el, el.querySelector("a.artist-name"))
+    });
+});
diff --git a/admin/static/logs.css b/admin/static/logs.css
index f0df299..4a66038 100644
--- a/admin/static/logs.css
+++ b/admin/static/logs.css
@@ -2,8 +2,14 @@ main {
     width: min(1080px, calc(100% - 2em))!important
 }
 
-form {
+form#search-form {
+    width: calc(100% - 2em);
     margin: 1em 0;
+    padding: 1em;
+    border-radius: 16px;
+    color: var(--fg-0);
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 div#search {
@@ -12,24 +18,25 @@ div#search {
 
 #search input {
     margin: 0;
+    padding: .3em .8em;
     flex-grow: 1;
-
-    border-right: none;
-    border-top-right-radius: 0;
-    border-bottom-right-radius: 0;
+    border: none;
+    border-radius: 16px;
+    color: var(--fg-1);
+    background: var(--bg-0);
+    box-shadow: var(--shadow-sm);
 }
 
 #search button {
-    padding: 0 .5em;
-
-    border-top-left-radius: 0;
-    border-bottom-left-radius: 0;
+    margin-left: .5em;
+    padding: 0 .8em;
 }
 
 form #filters p {
     margin: .5em 0 0 0;
 }
 form #filters label {
+    color: inherit;
     display: inline;
 }
 form #filters input {
@@ -57,6 +64,10 @@ form #filters input {
     padding: .4em .8em;
 }
 
+#logs .log {
+    color: var(--fg-2);
+}
+
 td, th {
     width: 1%;
     text-align: left;
@@ -74,13 +85,14 @@ td.log-content {
     white-space: collapse;
 }
 
-.log:hover {
-    background: #fff8;
+#logs .log:hover {
+    background: color-mix(in srgb, var(--fg-3) 10%, transparent);
 }
 
-.log.warn {
-    background: #ffe86a;
+#logs .log.warn {
+    color: var(--col-on-warn);
+    background: var(--col-warn);
 }
-.log.warn:hover {
-    background: #ffec81;
+#logs .log.warn:hover {
+    background: var(--col-warn-hover);
 }
diff --git a/admin/static/release-list-item.css b/admin/static/release-list-item.css
index 638eac0..fb5d2d4 100644
--- a/admin/static/release-list-item.css
+++ b/admin/static/release-list-item.css
@@ -5,9 +5,9 @@
     flex-direction: row;
     gap: 1em;
 
-    border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
 }
 
 .release h3,
@@ -16,11 +16,15 @@
 }
 
 .release-artwork {
+    margin: auto 0;
     width: 96px;
 
     display: flex;
     justify-content: center;
     align-items: center;
+    border-radius: 4px;
+    overflow: hidden;
+    box-shadow: var(--shadow-sm);
 }
 
 .release-artwork img {
@@ -42,30 +46,9 @@
     gap: .5em;
 }
 
-.release-links li {
-    flex-grow: 1;
-}
-
-.release-links a {
-    padding: .5em;
-    display: block;
-
-    border-radius: 8px;
-    text-decoration: none;
-    color: #f0f0f0;
-    background: #303030;
-    text-align: center;
-
-    transition: color .1s, background .1s;
-}
-
-.release-links a:hover {
-    color: #303030;
-    background: #f0f0f0;
-}
-
 .release-actions {
     margin-top: .5em;
+    user-select: none;
 }
 
 .release-actions a {
@@ -74,14 +57,14 @@
     display: inline-block;
 
     border-radius: 4px;
-    background: #e0e0e0;
+    background: var(--bg-3);
+    box-shadow: var(--shadow-sm);
 
-    transition: color .1s, background .1s;
+    transition: color .1s ease-out, background .1s ease-out;
 }
 
 .release-actions a:hover {
-    color: #303030;
-    background: #f0f0f0;
-
+    background: var(--bg-0);
+    color: var(--fg-3);
     text-decoration: none;
 }
diff --git a/admin/templates/html/layout.html b/admin/templates/html/layout.html
index fdeda9b..4925ce9 100644
--- a/admin/templates/html/layout.html
+++ b/admin/templates/html/layout.html
@@ -16,10 +16,9 @@
     <body>
         <header>
             <nav>
-                <img src="/img/favicon.png" alt="" class="icon">
-                <div class="nav-item">
-                    <a href="/">ari melody</a>
-                </div>
+                <a href="/" class="nav icon" aria-label="ari melody" title="Return to Home">
+                    <img src="/img/favicon.png" alt="">
+                </a>
                 <div class="nav-item">
                     <a href="/admin">home</a>
                 </div>
diff --git a/admin/templates/html/logs.html b/admin/templates/html/logs.html
index e3a3ccb..94146a7 100644
--- a/admin/templates/html/logs.html
+++ b/admin/templates/html/logs.html
@@ -9,7 +9,7 @@
 <main>
     <h1>Audit Logs</h1>
 
-    <form action="/admin/logs" method="GET">
+    <form action="/admin/logs" method="GET" id="search-form">
         <div id="search">
             <input type="text" name="q" value="" placeholder="Filter by message...">
             <button type="submit" class="save">Search</button>

From 14feb47640540a0b26b1afe781423104a3b22ac1 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Mon, 20 Oct 2025 08:31:36 +0100
Subject: [PATCH 70/88] tidy up unfinished admin css

---
 admin/static/admin.css        | 5 ++++-
 admin/static/edit-account.css | 8 +++++---
 admin/static/edit-release.css | 9 +++++++++
 admin/static/index.css        | 4 ++--
 4 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/admin/static/admin.css b/admin/static/admin.css
index 1f5a1fb..3b490b6 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -107,7 +107,6 @@ nav .icon img {
 .nav-item {
     width: auto;
     height: 100%;
-    padding: 0 1em;
     display: flex;
 
     color: var(--fg-2);
@@ -123,9 +122,13 @@ nav .icon img {
     text-decoration: none;
 }
 nav a {
+    padding: 0 1em;
     text-decoration: none;
     color: inherit;
 }
+nav a.icon {
+    padding: 0;
+}
 nav #logout {
     /* margin-left: auto; */
 }
diff --git a/admin/static/edit-account.css b/admin/static/edit-account.css
index 7a4d34a..9db3773 100644
--- a/admin/static/edit-account.css
+++ b/admin/static/edit-account.css
@@ -25,12 +25,14 @@ input {
 
 .mfa-device {
     padding: .75em;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
-    border-radius: 8px;
     margin-bottom: .5em;
     display: flex;
     justify-content: space-between;
+
+    color: var(--fg-3);
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
+    border-radius: 16px;
 }
 
 .mfa-device div {
diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css
index d30db84..c8e6153 100644
--- a/admin/static/edit-release.css
+++ b/admin/static/edit-release.css
@@ -313,19 +313,28 @@ dialog div.dialog-actions {
     gap: .2em;
 }
 
+.card.links a.button:hover {
+    color: var(--bg-3) !important;
+    background-color: var(--fg-3) !important;
+}
+
 .card.links a.button[data-name="spotify"] {
+    color: #101010;
     background-color: #8cff83
 }
 
 .card.links a.button[data-name="apple music"] {
+    color: #101010;
     background-color: #8cd9ff
 }
 
 .card.links a.button[data-name="soundcloud"] {
+    color: #101010;
     background-color: #fdaa6d
 }
 
 .card.links a.button[data-name="youtube"] {
+    color: #101010;
     background-color: #ff6e6e
 }
 
diff --git a/admin/static/index.css b/admin/static/index.css
index 278224e..5516656 100644
--- a/admin/static/index.css
+++ b/admin/static/index.css
@@ -7,11 +7,11 @@
     flex-direction: row;
     align-items: center;
     gap: .5em;
-    color: var(--fg-3);
 
-    border-radius: 16px;
+    color: var(--fg-3);
     background: var(--bg-2);
     box-shadow: var(--shadow-md);
+    border-radius: 16px;
 
     transition: background .1s ease-out;
     cursor: pointer;

From f324c249f6bd391b6f840506a6117f250402fba3 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 15:37:40 +0100
Subject: [PATCH 71/88] start huge dashboard rework; improve dark theme

---
 admin/accounthttp.go                   |  20 ++--
 admin/artisthttp.go                    |   4 +-
 admin/http.go                          |  43 ++++----
 admin/logshttp.go                      |   4 +-
 admin/releasehttp.go                   |   4 +-
 admin/static/admin.css                 | 145 ++++++++++++++++++-------
 admin/static/edit-artist.css           |  11 +-
 admin/static/edit-artist.js            |   8 ++
 admin/static/edit-release.css          |  57 ++++++----
 admin/static/edit-release.js           |   8 ++
 admin/static/index.css                 |  15 +--
 admin/static/index.js                  |   2 +-
 admin/static/release-list-item.css     |   2 +
 admin/templates/html/edit-account.html |  18 +--
 admin/templates/html/edit-artist.html  |  16 +--
 admin/templates/html/edit-release.html |  76 ++++++-------
 admin/templates/html/edit-track.html   |  12 +-
 admin/templates/html/index.html        | 116 ++++++++++----------
 admin/templates/html/layout.html       |  24 +++-
 admin/trackhttp.go                     |   4 +-
 controller/release.go                  |  11 ++
 21 files changed, 365 insertions(+), 235 deletions(-)

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index b2c3b0d..1e4742b 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -45,7 +45,7 @@ func accountIndexHandler(app *model.AppState) http.Handler {
             }
 
             accountResponse struct {
-                Session *model.Session
+                adminPageData
                 TOTPs []TOTP
             }
         )
@@ -66,7 +66,7 @@ func accountIndexHandler(app *model.AppState) http.Handler {
         session.Error = sessionError
 
         err = templates.AccountTemplate.Execute(w, accountResponse{
-            Session: session,
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             TOTPs: totps,
         })
         if err != nil {
@@ -170,7 +170,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
 }
 
 type totpConfirmData struct {
-    Session *model.Session
+    adminPageData
     TOTP *model.TOTP
     NameEscaped string
     QRBase64Image string
@@ -179,13 +179,9 @@ type totpConfirmData struct {
 func totpSetupHandler(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         if r.Method == http.MethodGet {
-            type totpSetupData struct {
-                Session *model.Session
-            }
-
             session := r.Context().Value("session").(*model.Session)
 
-            err := templates.TOTPSetupTemplate.Execute(w, totpSetupData{ Session: session })
+            err := templates.TOTPSetupTemplate.Execute(w, adminPageData{ Path: "/account", Session: session })
             if err != nil {
                 fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -222,7 +218,9 @@ func totpSetupHandler(app *model.AppState) http.Handler {
         if err != nil {
             fmt.Printf("WARN: Failed to create TOTP method: %s\n", err)
             controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.")
-            err := templates.TOTPSetupTemplate.Execute(w, totpConfirmData{ Session: session })
+            err := templates.TOTPSetupTemplate.Execute(w, totpConfirmData{
+                adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
+            })
             if err != nil {
                 fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -237,7 +235,7 @@ func totpSetupHandler(app *model.AppState) http.Handler {
         }
 
         err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
-            Session: session,
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             TOTP: &totp,
             NameEscaped: url.PathEscape(totp.Name),
             QRBase64Image: qrBase64Image,
@@ -298,7 +296,7 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             if code != confirmCodeOffset {
                 session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." }
                 err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
-                    Session: session,
+                    adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
                     TOTP: totp,
                     NameEscaped: url.PathEscape(totp.Name),
                     QRBase64Image: qrBase64Image,
diff --git a/admin/artisthttp.go b/admin/artisthttp.go
index 67ea7d2..8c33050 100644
--- a/admin/artisthttp.go
+++ b/admin/artisthttp.go
@@ -33,7 +33,7 @@ func serveArtist(app *model.AppState) http.Handler {
         }
 
         type ArtistResponse struct {
-            Session *model.Session
+            adminPageData
             Artist *model.Artist
             Credits []*model.Credit
         }
@@ -41,7 +41,7 @@ func serveArtist(app *model.AppState) http.Handler {
         session := r.Context().Value("session").(*model.Session)
 
         err = templates.EditArtistTemplate.Execute(w, ArtistResponse{
-            Session: session,
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Artist: artist,
             Credits: credits,
         })
diff --git a/admin/http.go b/admin/http.go
index 05e181d..136309e 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -21,6 +21,11 @@ import (
 	"golang.org/x/crypto/bcrypt"
 )
 
+type adminPageData struct {
+    Path    string
+    Session *model.Session
+}
+
 func Handler(app *model.AppState) http.Handler {
     mux := http.NewServeMux()
 
@@ -67,12 +72,18 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
 
         session := r.Context().Value("session").(*model.Session)
 
-        releases, err := controller.GetAllReleases(app.DB, false, 0, true)
+        releases, err := controller.GetAllReleases(app.DB, false, 3, true)
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to pull releases: %s\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
+        releaseCount, err := controller.GetReleasesCount(app.DB, false)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to pull releases count: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
 
         artists, err := controller.GetAllArtists(app.DB)
         if err != nil {
@@ -89,15 +100,17 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
         }
 
         type IndexData struct {
-            Session     *model.Session
-            Releases    []*model.Release
-            Artists     []*model.Artist
-            Tracks      []*model.Track
+            adminPageData
+            Releases        []*model.Release
+            ReleaseCount    int
+            Artists         []*model.Artist
+            Tracks          []*model.Track
         }
 
         err = templates.IndexTemplate.Execute(w, IndexData{
-            Session: session,
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Releases: releases,
+            ReleaseCount: releaseCount,
             Artists: artists,
             Tracks: tracks,
         })
@@ -119,12 +132,8 @@ func registerAccountHandler(app *model.AppState) http.Handler {
             return
         }
 
-        type registerData struct {
-            Session *model.Session
-        }
-
         render := func() {
-            err := templates.RegisterTemplate.Execute(w, registerData{ Session: session })
+            err := templates.RegisterTemplate.Execute(w, adminPageData{ Path: r.URL.Path, Session: session })
             if err != nil {
                 fmt.Printf("WARN: Error rendering create account page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -229,12 +238,8 @@ func loginHandler(app *model.AppState) http.Handler {
 
         session := r.Context().Value("session").(*model.Session)
 
-        type loginData struct {
-            Session *model.Session
-        }
-
         render := func() {
-            err := templates.LoginTemplate.Execute(w, loginData{ Session: session })
+            err := templates.LoginTemplate.Execute(w, adminPageData{ Path: r.URL.Path, Session: session })
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -345,12 +350,8 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
             return
         }
 
-        type loginTOTPData struct {
-            Session *model.Session
-        }
-
         render := func() {
-            err := templates.LoginTOTPTemplate.Execute(w, loginTOTPData{ Session: session })
+            err := templates.LoginTOTPTemplate.Execute(w, adminPageData{ Path: r.URL.Path, Session: session })
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
diff --git a/admin/logshttp.go b/admin/logshttp.go
index 99f0ef1..a6d8e40 100644
--- a/admin/logshttp.go
+++ b/admin/logshttp.go
@@ -51,12 +51,12 @@ func logsHandler(app *model.AppState) http.Handler {
         }
 
         type LogsResponse struct {
-            Session *model.Session
+            adminPageData
             Logs []*log.Log
         }
 
         err = templates.LogsTemplate.Execute(w, LogsResponse{
-            Session: session,
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Logs: logs,
         })
         if err != nil {
diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index 30c967b..991845f 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -57,12 +57,12 @@ func serveRelease(app *model.AppState) http.Handler {
         }
 
         type ReleaseResponse struct {
-            Session *model.Session
+            adminPageData
             Release *model.Release
         }
 
         err = templates.EditReleaseTemplate.Execute(w, ReleaseResponse{
-            Session: session,
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Release: release,
         })
         if err != nil {
diff --git a/admin/static/admin.css b/admin/static/admin.css
index 3b490b6..7dad27f 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -3,9 +3,9 @@
 
 :root {
     --bg-0: #101010;
-    --bg-1: #141414;
-    --bg-2: #181818;
-    --bg-3: #202020;
+    --bg-1: #181818;
+    --bg-2: #282828;
+    --bg-3: #404040;
 
     --fg-0: #b0b0b0;
     --fg-1: #c0c0c0;
@@ -67,77 +67,111 @@
 }
 
 body {
-    width: 100%;
+    width: calc(100% - 180px);
     height: calc(100vh - 1em);
 
-    margin: 0;
+    margin: 0 0 0 180px;
     padding: 0;
+    display: flex;
+    flex-direction: row;
 
     font-family: "Inter", sans-serif;
     font-size: 16px;
-
     color: var(--fg-0);
     background: var(--bg-0);
+
+    transition: background .1s ease-out, color .1s ease-out;
 }
 
 h1, h2, h3, h4, h5, h6 {
     color: var(--fg-3);
 }
 
-nav {
-    width: min(720px, calc(100% - 2em));
-    height: 2em;
-    margin: 1em auto;
+header {
+    position: fixed;
+    left: 0;
+    height: 100vh;
     display: flex;
-    flex-direction: row;
+    flex-direction: column;
+    width: 180px;
+    background-color: var(--bg-1);
+    box-shadow: var(--shadow-md);
+
+    transition: background .1s ease-out, color .1s ease-out;
+}
+nav {
+    height: 100%;
+    margin: 1em 0;
+    display: flex;
+    flex-direction: column;
     justify-content: left;
-    gap: .5em;
     user-select: none;
 }
 nav .icon {
-    height: 100%;
-    border-radius: 100%;
-    box-shadow: var(--shadow-sm);
-    overflow: hidden;
-}
-nav .icon img {
-    width: 100%;
-    height: 100%;
-}
-.nav-item {
-    width: auto;
-    height: 100%;
+    width: fit-content;
+    height: fit-content;
+    padding: 0;
+    margin: 0 auto 1em auto;
     display: flex;
 
-    color: var(--fg-2);
-    background: var(--bg-2);
-    border-radius: 10em;
+    border-radius: 100%;
     box-shadow: var(--shadow-sm);
-
+    overflow: clip;
+}
+nav .icon img {
+    width: 3em;
+    height: 3em;
+}
+.nav-item {
+    display: flex;
+    color: var(--fg-2);
     line-height: 2em;
     font-weight: 500;
+    transition: color .1s, background-color .1s;
 }
 .nav-item:hover {
-    background: var(--bg-1);
+    background: var(--bg-2);
     text-decoration: none;
 }
+.nav-item.active {
+    border-left: 4px solid var(--fg-2);
+}
+.nav-item.active a {
+    padding-left: calc(1em - 4px);
+}
 nav a {
-    padding: 0 1em;
+    padding: .2em 1em;
     text-decoration: none;
     color: inherit;
+    width: 100%;
 }
-nav a.icon {
-    padding: 0;
+nav a.active {
+    border-left: 5px solid var(--fg-0);
+    padding-left: calc(1em - 5px);
 }
-nav #logout {
-    /* margin-left: auto; */
+nav hr {
+    width: calc(100% - 2em);
+    margin: .5em auto;
+    border: none;
+    border-bottom: 1px solid var(--fg-0);
+}
+nav .section-label {
+    margin: 8px 0 2px 15px;
+    font-size: 10px;
+    text-transform: uppercase;
+    font-weight: 600;
 }
 
 main {
-    width: min(720px, calc(100% - 2em));
+    width: min(calc(100% - 16px), 720px);
+    height: fit-content;
+    min-height: calc(100vh - 2em);
     margin: 0 auto;
     padding: 1em;
 }
+main.dashboard {
+    width: 100%;
+}
 
 a {
     color: inherit;
@@ -163,7 +197,24 @@ code {
 
 
 
+.cards {
+    width: 100%;
+    height: fit-content;
+    display: flex;
+    gap: 2em;
+    flex-wrap: wrap;
+}
+
 .card {
+    flex-basis: 40em;
+    padding: 1em;
+    background: var(--bg-1);
+    border-radius: 16px;
+    box-shadow: var(--shadow-lg);
+
+    transition: background .1s ease-out, color .1s ease-out;
+}
+main:not(.dashboard) .card {
     margin-bottom: 1em;
 }
 
@@ -171,7 +222,7 @@ code {
     margin: 0 0 .5em 0;
 }
 
-.card-title {
+.card-header {
     margin-bottom: 1em;
     display: flex;
     gap: 1em;
@@ -179,17 +230,31 @@ code {
     align-items: center;
     justify-content: space-between;
 }
-
-.card-title h1,
-.card-title h2,
-.card-title h3 {
+.card-header h1,
+.card-header h2,
+.card-header h3 {
     margin: 0;
 }
+.card-header a:hover {
+    text-decoration: underline;
+}
+.card-header small {
+    display: inline-block;
+    font-size: 15px;
+    transform: translateY(-2px);
+    color: var(--fg-0);
+}
 
 .flex-fill {
     flex-grow: 1;
 }
 
+.artists-group {
+    display: grid;
+    grid-template-columns: repeat(5, 1fr);
+    gap: 1em;
+}
+
 @media screen and (max-width: 520px) {
     body {
         font-size: 12px;
diff --git a/admin/static/edit-artist.css b/admin/static/edit-artist.css
index 1bab082..b171a6e 100644
--- a/admin/static/edit-artist.css
+++ b/admin/static/edit-artist.css
@@ -28,7 +28,7 @@ h1 {
 }
 .artist-avatar #remove-avatar {
     margin-top: .5em;
-    padding: .3em .4em;
+    padding: .3em .6em;
 }
 
 .artist-info {
@@ -75,7 +75,7 @@ input[type="text"]:focus {
     justify-content: right;
 }
 
-.card-title a.button {
+.card-header a.button {
     text-decoration: none;
 }
 
@@ -90,6 +90,13 @@ input[type="text"]:focus {
     border-radius: 16px;
     background: var(--bg-2);
     box-shadow: var(--shadow-md);
+
+    cursor: pointer;
+    transition: background .1s;
+}
+
+.credit:hover {
+    background: var(--bg-1);
 }
 
 .release-artwork {
diff --git a/admin/static/edit-artist.js b/admin/static/edit-artist.js
index 8f1bb2b..2ca4c0d 100644
--- a/admin/static/edit-artist.js
+++ b/admin/static/edit-artist.js
@@ -1,3 +1,5 @@
+import { hijackClickEvent } from "./admin.js";
+
 const artistID = document.getElementById("artist").dataset.id;
 const nameInput = document.getElementById("name");
 const avatarImg = document.getElementById("avatar");
@@ -77,3 +79,9 @@ removeAvatarBtn.addEventListener("click", () => {
     avatarImg.src = "/img/default-avatar.png"
     saveBtn.disabled = false;
 });
+
+document.addEventListener('readystatechange', () => {
+    document.querySelectorAll('.card#releases .credit').forEach(el => {
+        hijackClickEvent(el, el.querySelector('.credit-name a'));
+    });
+});
diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css
index c8e6153..b4fe17b 100644
--- a/admin/static/edit-release.css
+++ b/admin/static/edit-release.css
@@ -155,7 +155,7 @@ dialog div.dialog-actions {
     gap: .5em;
 }
 
-.card-title a.button {
+.card-header a.button {
     text-decoration: none;
 }
 
@@ -163,7 +163,7 @@ dialog div.dialog-actions {
  * RELEASE CREDITS
  */
 
-.card.credits .credit {
+.card#credits .credit {
     margin-bottom: .5em;
     padding: .5em;
     display: flex;
@@ -172,24 +172,30 @@ dialog div.dialog-actions {
     gap: 1em;
 
     border-radius: 16px;
-    background: var(--bg-2);
+    background-color: var(--bg-2);
     box-shadow: var(--shadow-md);
+
+    cursor: pointer;
+    transition: background .1s ease-out;
+}
+.card#credits .credit:hover {
+    background-color: var(--bg-1);
 }
 
-.card.credits .credit p {
+.card#credits .credit p {
     margin: 0;
 }
 
-.card.credits .credit .artist-avatar {
+.card#credits .credit .artist-avatar {
     border-radius: 12px;
 }
 
-.card.credits .credit .artist-name {
+.card#credits .credit .artist-name {
     color: var(--fg-3);
     font-weight: bold;
 }
 
-.card.credits .credit .artist-role small {
+.card#credits .credit .artist-role small {
     font-size: inherit;
     opacity: .66;
 }
@@ -308,32 +314,33 @@ dialog div.dialog-actions {
  * RELEASE LINKS
  */
 
-.card.links {
+.card#links ul {
+    padding: 0;
     display: flex;
     gap: .2em;
 }
 
-.card.links a.button:hover {
+.card#links a.button:hover {
     color: var(--bg-3) !important;
     background-color: var(--fg-3) !important;
 }
 
-.card.links a.button[data-name="spotify"] {
+.card#links a.button[data-name="spotify"] {
     color: #101010;
     background-color: #8cff83
 }
 
-.card.links a.button[data-name="apple music"] {
+.card#links a.button[data-name="apple music"] {
     color: #101010;
     background-color: #8cd9ff
 }
 
-.card.links a.button[data-name="soundcloud"] {
+.card#links a.button[data-name="soundcloud"] {
     color: #101010;
     background-color: #fdaa6d
 }
 
-.card.links a.button[data-name="youtube"] {
+.card#links a.button[data-name="youtube"] {
     color: #101010;
     background-color: #ff6e6e
 }
@@ -421,7 +428,7 @@ dialog div.dialog-actions {
  * RELEASE TRACKS
  */
 
-.card.tracks .track {
+.card#tracks .track {
     margin-bottom: 1em;
     padding: 1em;
     display: flex;
@@ -433,43 +440,47 @@ dialog div.dialog-actions {
     box-shadow: var(--shadow-md);
 }
 
-.card.tracks .track h3,
-.card.tracks .track p {
+.card#tracks .track h3,
+.card#tracks .track p {
     margin: 0;
 }
 
-.card.tracks h2.track-title {
+.card#tracks h2.track-title {
     margin: 0;
     display: flex;
     gap: .5em;
 }
 
-.card.tracks h2.track-title .track-number {
+.card#tracks h2.track-title .track-number {
     opacity: .5;
 }
 
-.card.tracks .track-album {
+.card#tracks a:hover {
+    text-decoration: underline;
+}
+
+.card#tracks .track-album {
     margin-left: auto;
     font-style: italic;
     font-size: .75em;
     opacity: .5;
 }
 
-.card.tracks .track-album.empty {
+.card#tracks .track-album.empty {
     color: #ff2020;
     opacity: 1;
 }
 
-.card.tracks .track-description {
+.card#tracks .track-description {
     font-style: italic;
 }
 
-.card.tracks .track-lyrics {
+.card#tracks .track-lyrics {
     max-height: 10em;
     overflow-y: scroll;
 }
 
-.card.tracks .track .empty {
+.card#tracks .track .empty {
     opacity: 0.75;
 }
 
diff --git a/admin/static/edit-release.js b/admin/static/edit-release.js
index 11d21f0..5db4bbf 100644
--- a/admin/static/edit-release.js
+++ b/admin/static/edit-release.js
@@ -1,3 +1,5 @@
+import { hijackClickEvent } from "./admin.js";
+
 const releaseID = document.getElementById("release").dataset.id;
 const titleInput = document.getElementById("title");
 const artworkImg = document.getElementById("artwork");
@@ -96,3 +98,9 @@ removeArtworkBtn.addEventListener("click", () => {
     artworkData = "";
     saveBtn.disabled = false;
 });
+
+document.addEventListener("readystatechange", () => {
+    document.querySelectorAll(".card#credits .credit").forEach(el => {
+        hijackClickEvent(el, el.querySelector(".artist-name a"));
+    });
+});
diff --git a/admin/static/index.css b/admin/static/index.css
index 5516656..5f64a2f 100644
--- a/admin/static/index.css
+++ b/admin/static/index.css
@@ -1,20 +1,16 @@
 @import url("/admin/static/release-list-item.css");
 
 .artist {
-    margin-bottom: .5em;
     padding: .5em;
-    display: flex;
-    flex-direction: row;
-    align-items: center;
-    gap: .5em;
 
     color: var(--fg-3);
     background: var(--bg-2);
     box-shadow: var(--shadow-md);
     border-radius: 16px;
+    text-align: center;
 
-    transition: background .1s ease-out;
     cursor: pointer;
+    transition: background .1s ease-out, color .1s ease-out;
 }
 
 .artist:hover {
@@ -23,10 +19,9 @@
 }
 
 .artist-avatar {
-    width: 32px;
-    height: 32px;
+    width: 100%;
     object-fit: cover;
-    border-radius: 100%;
+    border-radius: 8px;
 }
 
 .track {
@@ -39,6 +34,8 @@
     border-radius: 8px;
     background: #f8f8f8f8;
     border: 1px solid #808080;
+
+    transition: background .1s ease-out, color .1s ease-out;
 }
 
 .track p {
diff --git a/admin/static/index.js b/admin/static/index.js
index 0091fa4..c35b596 100644
--- a/admin/static/index.js
+++ b/admin/static/index.js
@@ -76,7 +76,7 @@ newTrackBtn.addEventListener("click", event => {
 });
 
 document.addEventListener("readystatechange", () => {
-    document.querySelectorAll(".card.artists .artist").forEach(el => {
+    document.querySelectorAll("#artists .artist").forEach(el => {
         hijackClickEvent(el, el.querySelector("a.artist-name"))
     });
 });
diff --git a/admin/static/release-list-item.css b/admin/static/release-list-item.css
index fb5d2d4..3481257 100644
--- a/admin/static/release-list-item.css
+++ b/admin/static/release-list-item.css
@@ -8,6 +8,8 @@
     border-radius: 16px;
     background: var(--bg-2);
     box-shadow: var(--shadow-md);
+
+    transition: background .1s ease-out, color .1s ease-out;
 }
 
 .release h3,
diff --git a/admin/templates/html/edit-account.html b/admin/templates/html/edit-account.html
index 6c17088..a081995 100644
--- a/admin/templates/html/edit-account.html
+++ b/admin/templates/html/edit-account.html
@@ -14,10 +14,10 @@
     {{end}}
     <h1>Account Settings ({{.Session.Account.Username}})</h1>
 
-    <div class="card-title">
-        <h2>Change Password</h2>
-    </div>
     <div class="card">
+        <div class="card-header">
+            <h2>Change Password</h2>
+        </div>
         <form action="/admin/account/password" method="POST" id="change-password">
             <label for="current-password">Current Password</label>
             <input type="password" id="current-password" name="current-password" value="" autocomplete="current-password" required>
@@ -32,10 +32,10 @@
         </form>
     </div>
         
-    <div class="card-title">
-        <h2>MFA Devices</h2>
-    </div>
     <div class="card mfa-devices">
+        <div class="card-header">
+            <h2>MFA Devices</h2>
+        </div>
         {{if .TOTPs}}
         {{range .TOTPs}}
         <div class="mfa-device">
@@ -58,10 +58,10 @@
         </div>
     </div>
 
-    <div class="card-title">
-        <h2>Danger Zone</h2>
-    </div>
     <div class="card danger">
+        <div class="card-header">
+            <h2>Danger Zone</h2>
+        </div>
         <p>
         Clicking the button below will delete your account.
         This action is <strong>irreversible</strong>.
diff --git a/admin/templates/html/edit-artist.html b/admin/templates/html/edit-artist.html
index b0cfb41..6b95de8 100644
--- a/admin/templates/html/edit-artist.html
+++ b/admin/templates/html/edit-artist.html
@@ -29,10 +29,10 @@
         </div>
     </div>
 
-    <div class="card-title">
-        <h2>Featured in</h2>
-    </div>
-    <div class="card releases">
+    <div class="card" id="releases">
+        <div class="card-header">
+            <h2>Featured in</h2>
+        </div>
         {{if .Credits}}
         {{range .Credits}}
         <div class="credit">
@@ -54,10 +54,10 @@
         {{end}}
     </div>
 
-    <div class="card-title">
-        <h2>Danger Zone</h2>
-    </div>
-    <div class="card danger">
+    <div class="card" id="danger">
+        <div class="card-header">
+            <h2>Danger Zone</h2>
+        </div>
         <p>
         Clicking the button below will delete this artist.
         This action is <strong>irreversible</strong>.
diff --git a/admin/templates/html/edit-release.html b/admin/templates/html/edit-release.html
index 02447e1..309decf 100644
--- a/admin/templates/html/edit-release.html
+++ b/admin/templates/html/edit-release.html
@@ -97,16 +97,16 @@
         </div>
     </div>
 
-    <div class="card-title">
-        <h2>Credits ({{len .Release.Credits}})</h2>
-        <a class="button edit"
-           href="/admin/release/{{.Release.ID}}/editcredits"
-           hx-get="/admin/release/{{.Release.ID}}/editcredits"
-           hx-target="body"
-           hx-swap="beforeend"
-           >Edit</a>
-    </div>
-    <div class="card credits">
+    <div class="card" id="credits">
+        <div class="card-header">
+            <h2>Credits ({{len .Release.Credits}})</h2>
+            <a class="button edit"
+               href="/admin/release/{{.Release.ID}}/editcredits"
+               hx-get="/admin/release/{{.Release.ID}}/editcredits"
+               hx-target="body"
+               hx-swap="beforeend"
+               >Edit</a>
+        </div>
         {{range .Release.Credits}}
         <div class="credit">
             <img src="{{.Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
@@ -126,31 +126,33 @@
         {{end}}
     </div>
 
-    <div class="card-title">
-        <h2>Links ({{len .Release.Links}})</h2>
-        <a class="button edit"
-           href="/admin/release/{{.Release.ID}}/editlinks"
-           hx-get="/admin/release/{{.Release.ID}}/editlinks"
-           hx-target="body"
-           hx-swap="beforeend"
-           >Edit</a>
-    </div>
-    <div class="card links">
-        {{range .Release.Links}}
-        <a href="{{.URL}}" target="_blank" class="button" data-name="{{.Name}}">{{.Name}} <img class="icon" src="/img/external-link.svg"/></a>
-        {{end}}
+    <div class="card" id="links">
+        <div class="card-header">
+            <h2>Links ({{len .Release.Links}})</h2>
+            <a class="button edit"
+               href="/admin/release/{{.Release.ID}}/editlinks"
+               hx-get="/admin/release/{{.Release.ID}}/editlinks"
+               hx-target="body"
+               hx-swap="beforeend"
+               >Edit</a>
+        </div>
+        <ul>
+            {{range .Release.Links}}
+            <a href="{{.URL}}" target="_blank" class="button" data-name="{{.Name}}">{{.Name}} <img class="icon" src="/img/external-link.svg"/></a>
+            {{end}}
+        </ul>
     </div>
 
-    <div class="card-title" id="tracks">
-        <h2>Tracklist ({{len .Release.Tracks}})</h2>
-        <a class="button edit"
-           href="/admin/release/{{.Release.ID}}/edittracks"
-           hx-get="/admin/release/{{.Release.ID}}/edittracks"
-           hx-target="body"
-           hx-swap="beforeend"
-           >Edit</a>
-    </div>
-    <div class="card tracks">
+    <div class="card" id="tracks">
+        <div class="card-header" id="tracks">
+            <h2>Tracklist ({{len .Release.Tracks}})</h2>
+            <a class="button edit"
+               href="/admin/release/{{.Release.ID}}/edittracks"
+               hx-get="/admin/release/{{.Release.ID}}/edittracks"
+               hx-target="body"
+               hx-swap="beforeend"
+               >Edit</a>
+        </div>
         {{range $i, $track := .Release.Tracks}}
         <div class="track" data-id="{{$track.ID}}">
             <h2 class="track-title">
@@ -175,10 +177,10 @@
         {{end}}
     </div>
 
-    <div class="card-title">
-        <h2>Danger Zone</h2>
-    </div>
-    <div class="card danger">
+    <div class="card" id="danger">
+        <div class="card-header">
+            <h2>Danger Zone</h2>
+        </div>
         <p>
         Clicking the button below will delete this release.
         This action is <strong>irreversible</strong>.
diff --git a/admin/templates/html/edit-track.html b/admin/templates/html/edit-track.html
index 56e0ae4..871db6f 100644
--- a/admin/templates/html/edit-track.html
+++ b/admin/templates/html/edit-track.html
@@ -39,10 +39,10 @@
         </div>
     </div>
 
-    <div class="card-title">
-        <h2>Featured in</h2>
-    </div>
     <div class="card releases">
+        <div class="card-header">
+            <h2>Featured in</h2>
+        </div>
         {{if .Releases}}
         {{range .Releases}}
         {{block "release" .}}{{end}}
@@ -52,10 +52,10 @@
         {{end}}
     </div>
 
-    <div class="card-title">
-        <h2>Danger Zone</h2>
-    </div>
     <div class="card danger">
+        <div class="card-header">
+            <h2>Danger Zone</h2>
+        </div>
         <p>
         Clicking the button below will delete this track.
         This action is <strong>irreversible</strong>.
diff --git a/admin/templates/html/index.html b/admin/templates/html/index.html
index 2b9c897..dc97a3e 100644
--- a/admin/templates/html/index.html
+++ b/admin/templates/html/index.html
@@ -5,64 +5,70 @@
 {{end}}
 
 {{define "content"}}
-<main>
+<main class="dashboard">
+    <h1>Dashboard</h1>
 
-    <div class="card-title">
-        <h1>Releases</h1>
-        <a class="button new" id="create-release">Create New</a>
-    </div>
-    <div class="card releases">
-        {{range .Releases}}
-        {{block "release" .}}{{end}}
-        {{end}}
-        {{if not .Releases}}
-        <p>There are no releases.</p>
-        {{end}}
-    </div>
-
-    <div class="card-title">
-        <h1>Artists</h1>
-        <a class="button new" id="create-artist">Create New</a>
-    </div>
-    <div class="card artists">
-        {{range $Artist := .Artists}}
-        <div class="artist">
-            <img src="{{$Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
-            <a href="/admin/artist/{{$Artist.ID}}" class="artist-name">{{$Artist.Name}}</a>
-        </div>       
-        {{end}}
-        {{if not .Artists}}
-        <p>There are no artists.</p>
-        {{end}}
-    </div>
-
-    <div class="card-title">
-        <h1>Tracks</h1>
-        <a class="button new" id="create-track">Create New</a>
-    </div>
-    <div class="card tracks">
-        <p><em>"Orphaned" tracks that have not yet been bound to a release.</em></p>
-        <br>
-        {{range $Track := .Tracks}}
-        <div class="track">
-            <h2 class="track-title">
-                <a href="/admin/track/{{$Track.ID}}">{{$Track.Title}}</a>
-            </h2>
-            {{if $Track.Description}}
-            <p class="track-description">{{$Track.GetDescriptionHTML}}</p>
-            {{else}}
-            <p class="track-description empty">No description provided.</p>
+    <div class="cards">
+        <div class="card" id="releases">
+            <div class="card-header">
+                <h2><a href="/admin/releases/">Releases</a> <small>({{.ReleaseCount}} total)</small></h2>
+                <a class="button new" id="create-release">Create New</a>
+            </div>
+            {{range .Releases}}
+            {{block "release" .}}{{end}}
             {{end}}
-            {{if $Track.Lyrics}}
-            <p class="track-lyrics">{{$Track.GetLyricsHTML}}</p>
-            {{else}}
-            <p class="track-lyrics empty">There are no lyrics.</p>
+            {{if not .Releases}}
+            <p>There are no releases.</p>
             {{end}}
-        </div>       
-        {{end}}
-        {{if not .Artists}}
-        <p>There are no artists.</p>
-        {{end}}
+        </div>
+
+        <div class="card" id="artists">
+            <div class="card-header">
+                <h2><a href="/admin/artists/">Artists</a></h2>
+                <a class="button new" id="create-artist">Create New</a>
+            </div>
+            {{if .Artists}}
+            <div class="artists-group">
+                {{range $Artist := .Artists}}
+                <div class="artist">
+                    <img src="{{$Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
+                    <a href="/admin/artist/{{$Artist.ID}}" class="artist-name">{{$Artist.Name}}</a>
+                </div>       
+                {{end}}
+            </div>
+            {{else}}
+            <p>There are no artists.</p>
+            {{end}}
+        </div>
+
+        <div class="card" id="tracks">
+            <div class="card-header">
+                <h2><a href="/admin/tracks/">Tracks</a></h2>
+                <a class="button new" id="create-track">Create New</a>
+            </div>
+            <p><em>"Orphaned" tracks that have not yet been bound to a release.</em></p>
+            <br>
+            {{range $Track := .Tracks}}
+            <div class="track">
+                <h2 class="track-title">
+                    <a href="/admin/track/{{$Track.ID}}">{{$Track.Title}}</a>
+                </h2>
+                {{if $Track.Description}}
+                <p class="track-description">{{$Track.GetDescriptionHTML}}</p>
+                {{else}}
+                <p class="track-description empty">No description provided.</p>
+                {{end}}
+                {{if $Track.Lyrics}}
+                <p class="track-lyrics">{{$Track.GetLyricsHTML}}</p>
+                {{else}}
+                <p class="track-lyrics empty">There are no lyrics.</p>
+                {{end}}
+            </div>       
+            {{end}}
+            {{if not .Artists}}
+            <p>There are no artists.</p>
+            {{end}}
+        </div>
     </div>
 
 </main>
diff --git a/admin/templates/html/layout.html b/admin/templates/html/layout.html
index 4925ce9..55f2359 100644
--- a/admin/templates/html/layout.html
+++ b/admin/templates/html/layout.html
@@ -17,28 +17,42 @@
         <header>
             <nav>
                 <a href="/" class="nav icon" aria-label="ari melody" title="Return to Home">
-                    <img src="/img/favicon.png" alt="">
+                    <img src="/img/favicon.png" alt="" width="64" height="64">
                 </a>
-                <div class="nav-item">
+                <div class="nav-item{{if eq .Path "/"}} active{{end}}">
                     <a href="/admin">home</a>
                 </div>
                 {{if .Session.Account}}
-                <div class="nav-item">
+                <div class="nav-item{{if eq .Path "/logs"}} active{{end}}">
                     <a href="/admin/logs">logs</a>
                 </div>
+                <hr>
+                <p class="section-label">music</p>
+                <div class="nav-item{{if eq .Path "/releases"}} active{{end}}">
+                    <a href="/admin/releases">releases</a>
+                </div>
+                <div class="nav-item{{if eq .Path "/artists"}} active{{end}}">
+                    <a href="/admin/artists">artists</a>
+                </div>
+                <div class="nav-item{{if eq .Path "/tracks"}} active{{end}}">
+                    <a href="/admin/tracks">tracks</a>
+                </div>
                 {{end}}
 
                 <div class="flex-fill"></div>
 
                 {{if .Session.Account}}
-                <div class="nav-item">
+                <div class="nav-item{{if eq .Path "/account"}} active{{end}}">
                     <a href="/admin/account">account ({{.Session.Account.Username}})</a>
                 </div>
                 <div class="nav-item">
                     <a href="/admin/logout" id="logout">log out</a>
                 </div>
                 {{else}}
-                <div class="nav-item">
+                <div class="nav-item{{if eq .Path "/login"}} active{{end}}">
+                    <a href="/admin/login" id="login">log in</a>
+                </div>
+                <div class="nav-item{{if eq .Path "/register"}} active{{end}}">
                     <a href="/admin/register" id="register">create account</a>
                 </div>
                 {{end}}
diff --git a/admin/trackhttp.go b/admin/trackhttp.go
index e93d1bb..e4187b4 100644
--- a/admin/trackhttp.go
+++ b/admin/trackhttp.go
@@ -33,7 +33,7 @@ func serveTrack(app *model.AppState) http.Handler {
         }
 
         type TrackResponse struct {
-            Session     *model.Session
+            adminPageData
             Track       *model.Track
             Releases    []*model.Release
         }
@@ -41,7 +41,7 @@ func serveTrack(app *model.AppState) http.Handler {
         session := r.Context().Value("session").(*model.Session)
 
         err = templates.EditTrackTemplate.Execute(w, TrackResponse{
-            Session: session,
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Track: track,
             Releases: releases,
         })
diff --git a/controller/release.go b/controller/release.go
index afd09fb..c729c4f 100644
--- a/controller/release.go
+++ b/controller/release.go
@@ -99,6 +99,17 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod
 
     return releases, nil
 }
+func GetReleasesCount(db *sqlx.DB, onlyVisible bool) (int, error) {
+    query := "SELECT count(*) FROM musicrelease"
+    if onlyVisible {
+        query += " WHERE visible=true"
+    }
+
+    var count int
+    err := db.Get(&count, query)
+
+    return count, err
+}
 
 func CreateRelease(db *sqlx.DB, release *model.Release) error {
     _, err := db.Exec(

From 31fd5da44b9c0725a12078779510478883b4a36b Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 15:57:12 +0100
Subject: [PATCH 72/88] more dashboard css fixes

---
 admin/static/admin.css                 | 10 ++++-
 admin/static/edit-artist.js            |  2 +-
 admin/static/edit-release.css          | 57 +++++++++++++++-----------
 admin/static/edit-release.js           |  2 +-
 admin/static/release-list-item.css     |  1 +
 admin/templates/html/edit-release.html |  2 +-
 6 files changed, 47 insertions(+), 27 deletions(-)

diff --git a/admin/static/admin.css b/admin/static/admin.css
index 7dad27f..ab736f2 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -66,6 +66,13 @@
     }
 }
 
+@media (prefers-color-scheme: dark) {
+    img.icon {
+        -webkit-filter: invert(1);
+        filter: invert(1);
+    }
+}
+
 body {
     width: calc(100% - 180px);
     height: calc(100vh - 1em);
@@ -184,8 +191,9 @@ a:hover {
 }
 */
 
-a img.icon {
+img.icon {
     height: .8em;
+    transition: filter .1s ease-out;
 }
 
 code {
diff --git a/admin/static/edit-artist.js b/admin/static/edit-artist.js
index 2ca4c0d..069c25d 100644
--- a/admin/static/edit-artist.js
+++ b/admin/static/edit-artist.js
@@ -81,7 +81,7 @@ removeAvatarBtn.addEventListener("click", () => {
 });
 
 document.addEventListener('readystatechange', () => {
-    document.querySelectorAll('.card#releases .credit').forEach(el => {
+    document.querySelectorAll('#releases .credit').forEach(el => {
         hijackClickEvent(el, el.querySelector('.credit-name a'));
     });
 });
diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css
index b4fe17b..b8817e0 100644
--- a/admin/static/edit-release.css
+++ b/admin/static/edit-release.css
@@ -14,6 +14,8 @@ input[type="text"] {
     border-radius: 8px;
     background: var(--bg-2);
     box-shadow: var(--shadow-md);
+
+    transition: background .1s ease-out, color .1s ease-out;
 }
 
 .release-artwork {
@@ -31,6 +33,7 @@ input[type="text"] {
 .release-artwork #remove-artwork {
     margin-top: .5em;
     padding: .3em .6em;
+    background: var(--bg-3);
 }
 
 .release-info {
@@ -118,6 +121,7 @@ input[type="text"] {
     gap: .5em;
     flex-direction: row;
     justify-content: right;
+    color: var(--fg-3);
 }
 
 .release-actions button,
@@ -163,7 +167,7 @@ dialog div.dialog-actions {
  * RELEASE CREDITS
  */
 
-.card#credits .credit {
+#credits .credit {
     margin-bottom: .5em;
     padding: .5em;
     display: flex;
@@ -178,24 +182,24 @@ dialog div.dialog-actions {
     cursor: pointer;
     transition: background .1s ease-out;
 }
-.card#credits .credit:hover {
+#credits .credit:hover {
     background-color: var(--bg-1);
 }
 
-.card#credits .credit p {
+#credits .credit p {
     margin: 0;
 }
 
-.card#credits .credit .artist-avatar {
+#credits .credit .artist-avatar {
     border-radius: 12px;
 }
 
-.card#credits .credit .artist-name {
+#credits .credit .artist-name {
     color: var(--fg-3);
     font-weight: bold;
 }
 
-.card#credits .credit .artist-role small {
+#credits .credit .artist-role small {
     font-size: inherit;
     opacity: .66;
 }
@@ -314,33 +318,38 @@ dialog div.dialog-actions {
  * RELEASE LINKS
  */
 
-.card#links ul {
+#links ul {
     padding: 0;
     display: flex;
     gap: .2em;
 }
 
-.card#links a.button:hover {
+#links a img.icon {
+    -webkit-filter: none;
+    filter: none;
+}
+
+#links a.button:hover {
     color: var(--bg-3) !important;
     background-color: var(--fg-3) !important;
 }
 
-.card#links a.button[data-name="spotify"] {
+#links a.button[data-name="spotify"] {
     color: #101010;
     background-color: #8cff83
 }
 
-.card#links a.button[data-name="apple music"] {
+#links a.button[data-name="apple music"] {
     color: #101010;
     background-color: #8cd9ff
 }
 
-.card#links a.button[data-name="soundcloud"] {
+#links a.button[data-name="soundcloud"] {
     color: #101010;
     background-color: #fdaa6d
 }
 
-.card#links a.button[data-name="youtube"] {
+#links a.button[data-name="youtube"] {
     color: #101010;
     background-color: #ff6e6e
 }
@@ -428,7 +437,7 @@ dialog div.dialog-actions {
  * RELEASE TRACKS
  */
 
-.card#tracks .track {
+#tracks .track {
     margin-bottom: 1em;
     padding: 1em;
     display: flex;
@@ -438,49 +447,51 @@ dialog div.dialog-actions {
     border-radius: 16px;
     background: var(--bg-2);
     box-shadow: var(--shadow-md);
+
+    transition: background .1s ease-out, color .1s ease-out;
 }
 
-.card#tracks .track h3,
-.card#tracks .track p {
+#tracks .track h3,
+#tracks .track p {
     margin: 0;
 }
 
-.card#tracks h2.track-title {
+#tracks h2.track-title {
     margin: 0;
     display: flex;
     gap: .5em;
 }
 
-.card#tracks h2.track-title .track-number {
+#tracks h2.track-title .track-number {
     opacity: .5;
 }
 
-.card#tracks a:hover {
+#tracks a:hover {
     text-decoration: underline;
 }
 
-.card#tracks .track-album {
+#tracks .track-album {
     margin-left: auto;
     font-style: italic;
     font-size: .75em;
     opacity: .5;
 }
 
-.card#tracks .track-album.empty {
+#tracks .track-album.empty {
     color: #ff2020;
     opacity: 1;
 }
 
-.card#tracks .track-description {
+#tracks .track-description {
     font-style: italic;
 }
 
-.card#tracks .track-lyrics {
+#tracks .track-lyrics {
     max-height: 10em;
     overflow-y: scroll;
 }
 
-.card#tracks .track .empty {
+#tracks .track .empty {
     opacity: 0.75;
 }
 
diff --git a/admin/static/edit-release.js b/admin/static/edit-release.js
index 5db4bbf..ca2754f 100644
--- a/admin/static/edit-release.js
+++ b/admin/static/edit-release.js
@@ -100,7 +100,7 @@ removeArtworkBtn.addEventListener("click", () => {
 });
 
 document.addEventListener("readystatechange", () => {
-    document.querySelectorAll(".card#credits .credit").forEach(el => {
+    document.querySelectorAll("#credits .credit").forEach(el => {
         hijackClickEvent(el, el.querySelector(".artist-name a"));
     });
 });
diff --git a/admin/static/release-list-item.css b/admin/static/release-list-item.css
index 3481257..aedd121 100644
--- a/admin/static/release-list-item.css
+++ b/admin/static/release-list-item.css
@@ -51,6 +51,7 @@
 .release-actions {
     margin-top: .5em;
     user-select: none;
+    color: var(--fg-3);
 }
 
 .release-actions a {
diff --git a/admin/templates/html/edit-release.html b/admin/templates/html/edit-release.html
index 309decf..4484c35 100644
--- a/admin/templates/html/edit-release.html
+++ b/admin/templates/html/edit-release.html
@@ -99,7 +99,7 @@
 
     <div class="card" id="credits">
         <div class="card-header">
-            <h2>Credits ({{len .Release.Credits}})</h2>
+            <h2>Credits <small>({{len .Release.Credits}} total)</small></h2>
             <a class="button edit"
                href="/admin/release/{{.Release.ID}}/editcredits"
                hx-get="/admin/release/{{.Release.ID}}/editcredits"

From 065a34a744a90d7f9ad5749108a2a452f8934943 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 17:15:26 +0100
Subject: [PATCH 73/88] add releases page; fix HUGE static file perf regression

---
 admin/accounthttp.go                          | 10 ++--
 admin/artisthttp.go                           |  4 +-
 admin/http.go                                 | 14 +++---
 admin/releasehttp.go                          | 50 +++++++++++++++++--
 admin/static/index.js                         |  6 +--
 admin/templates/html/artists.html             | 30 +++++++++++
 .../html/components/credits/addcredit.html    |  2 +-
 .../html/components/credits/editcredits.html  |  4 +-
 .../components/release/release-list-item.html |  6 +--
 .../html/components/tracks/addtrack.html      |  2 +-
 .../html/components/tracks/edittracks.html    |  4 +-
 admin/templates/html/edit-artist.html         |  2 +-
 admin/templates/html/edit-release.html        | 16 +++---
 admin/templates/html/index.html               |  4 +-
 admin/templates/html/layout.html              | 12 ++---
 admin/templates/html/releases.html            | 22 ++++++++
 admin/templates/html/tracks.html              | 40 +++++++++++++++
 admin/templates/templates.go                  | 48 ++++++++++++++----
 admin/trackhttp.go                            |  4 +-
 view/index.go                                 | 26 +++++-----
 20 files changed, 233 insertions(+), 73 deletions(-)
 create mode 100644 admin/templates/html/artists.html
 create mode 100644 admin/templates/html/releases.html
 create mode 100644 admin/templates/html/tracks.html

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 1e4742b..634bae6 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -18,12 +18,12 @@ import (
 func accountHandler(app *model.AppState) http.Handler {
     mux := http.NewServeMux()
 
-    mux.Handle("/totp-setup", totpSetupHandler(app))
-    mux.Handle("/totp-confirm", totpConfirmHandler(app))
-    mux.Handle("/totp-delete/", http.StripPrefix("/totp-delete", totpDeleteHandler(app)))
+    mux.Handle("/account/totp-setup", totpSetupHandler(app))
+    mux.Handle("/account/totp-confirm", totpConfirmHandler(app))
+    mux.Handle("/account/totp-delete/", http.StripPrefix("/totp-delete", totpDeleteHandler(app)))
 
-    mux.Handle("/password", changePasswordHandler(app))
-    mux.Handle("/delete", deleteAccountHandler(app))
+    mux.Handle("/account/password", changePasswordHandler(app))
+    mux.Handle("/account/delete", deleteAccountHandler(app))
 
     return mux
 }
diff --git a/admin/artisthttp.go b/admin/artisthttp.go
index 8c33050..9d99fd4 100644
--- a/admin/artisthttp.go
+++ b/admin/artisthttp.go
@@ -10,9 +10,9 @@ import (
 	"arimelody-web/model"
 )
 
-func serveArtist(app *model.AppState) http.Handler {
+func serveArtists(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        slices := strings.Split(r.URL.Path[1:], "/")
+        slices := strings.Split(strings.TrimPrefix(r.URL.Path, "/artists")[1:], "/")
         id := slices[0]
         artist, err := controller.GetArtist(app.DB, id)
         if err != nil {
diff --git a/admin/http.go b/admin/http.go
index 136309e..1094095 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -47,15 +47,16 @@ func Handler(app *model.AppState) http.Handler {
     mux.Handle("/register", registerAccountHandler(app))
 
     mux.Handle("/account", requireAccount(accountIndexHandler(app)))
-    mux.Handle("/account/", requireAccount(http.StripPrefix("/account", accountHandler(app))))
+    mux.Handle("/account/", requireAccount(accountHandler(app)))
 
     mux.Handle("/logs", requireAccount(logsHandler(app)))
 
-    mux.Handle("/release/", requireAccount(http.StripPrefix("/release", serveRelease(app))))
-    mux.Handle("/artist/", requireAccount(http.StripPrefix("/artist", serveArtist(app))))
-    mux.Handle("/track/", requireAccount(http.StripPrefix("/track", serveTrack(app))))
+    mux.Handle("/releases", requireAccount(serveReleases(app)))
+    mux.Handle("/releases/", requireAccount(serveReleases(app)))
+    mux.Handle("/artists/", requireAccount(serveArtists(app)))
+    mux.Handle("/tracks/", requireAccount(serveTracks(app)))
 
-    mux.Handle("/static/", http.StripPrefix("/static", staticHandler()))
+    mux.Handle("/static/", staticHandler())
 
     mux.Handle("/", requireAccount(AdminIndexHandler(app)))
 
@@ -470,7 +471,8 @@ var staticFS embed.FS
 
 func staticHandler() http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        file, err := staticFS.ReadFile(filepath.Join("static", filepath.Clean(r.URL.Path)))
+        uri := strings.TrimPrefix(r.URL.Path, "/static")
+        file, err := staticFS.ReadFile(filepath.Join("static", filepath.Clean(uri)))
         if err != nil {
             http.NotFound(w, r)
             return
diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index 991845f..5484609 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -3,6 +3,7 @@ package admin
 import (
 	"fmt"
 	"net/http"
+	"os"
 	"strings"
 
 	"arimelody-web/admin/templates"
@@ -10,11 +11,52 @@ import (
 	"arimelody-web/model"
 )
 
-func serveRelease(app *model.AppState) http.Handler {
+func serveReleases(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        slices := strings.Split(r.URL.Path[1:], "/")
+        slices := strings.Split(strings.TrimPrefix(r.URL.Path, "/releases")[1:], "/")
         releaseID := slices[0]
 
+        var action string = ""
+        if len(slices) > 1 {
+            action = slices[1]
+        }
+
+        if len(releaseID) > 0 {
+            serveRelease(app, releaseID, action).ServeHTTP(w, r)
+            return
+        }
+
+        session := r.Context().Value("session").(*model.Session)
+
+        type ReleasesData struct {
+            adminPageData
+            Releases    []*model.Release
+        }
+
+        releases, err := controller.GetAllReleases(app.DB, false, 0, true)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to pull releases: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+
+        err = templates.ReleasesTemplate.Execute(w, ReleasesData{
+            adminPageData: adminPageData{
+                Path: r.URL.Path,
+                Session: session,
+            },
+            Releases: releases,
+        })
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to render releases page: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+    })
+}
+
+func serveRelease(app *model.AppState, releaseID string, action string) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         session := r.Context().Value("session").(*model.Session)
 
         release, err := controller.GetRelease(app.DB, releaseID, true)
@@ -28,8 +70,8 @@ func serveRelease(app *model.AppState) http.Handler {
             return
         }
 
-        if len(slices) > 1 {
-            switch slices[1] {
+        if len(action) > 0 {
+            switch action {
             case "editcredits":
                 serveEditCredits(release).ServeHTTP(w, r)
                 return
diff --git a/admin/static/index.js b/admin/static/index.js
index c35b596..c6f6b58 100644
--- a/admin/static/index.js
+++ b/admin/static/index.js
@@ -14,7 +14,7 @@ newReleaseBtn.addEventListener("click", event => {
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({id})
     }).then(res => {
-        if (res.ok) location = "/admin/release/" + id;
+        if (res.ok) location = "/admin/releases/" + id;
         else {
             res.text().then(err => {
                 alert("Request failed: " + err);
@@ -39,7 +39,7 @@ newArtistBtn.addEventListener("click", event => {
     }).then(res => {
         res.text().then(text => {
             if (res.ok) {
-                location = "/admin/artist/" + id;
+                location = "/admin/artists/" + id;
             } else {
                 alert("Request failed: " + text);
                 console.error(text);
@@ -63,7 +63,7 @@ newTrackBtn.addEventListener("click", event => {
     }).then(res => {
         res.text().then(text => {
             if (res.ok) {
-                location = "/admin/track/" + text;
+                location = "/admin/tracks/" + text;
             } else {
                 alert("Request failed: " + text);
                 console.error(text);
diff --git a/admin/templates/html/artists.html b/admin/templates/html/artists.html
new file mode 100644
index 0000000..7b2a464
--- /dev/null
+++ b/admin/templates/html/artists.html
@@ -0,0 +1,30 @@
+{{define "head"}}
+<title>Artists - ari melody 💫</title>
+<link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
+<link rel="stylesheet" href="/admin/static/index.css">
+{{end}}
+
+{{define "content"}}
+<main>
+    <h1>Artists</h1>
+
+    <div class="card-header">
+        <h2><a href="/admin/artists/">Artists</a></h2>
+        <a class="button new" id="create-artist">Create New</a>
+    </div>
+    {{if .Artists}}
+    <div class="artists-group">
+        {{range $Artist := .Artists}}
+        <div class="artist">
+            <img src="{{$Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
+            <a href="/admin/artists/{{$Artist.ID}}" class="artist-name">{{$Artist.Name}}</a>
+        </div>       
+        {{end}}
+    </div>
+    {{else}}
+    <p>There are no artists.</p>
+    {{end}}
+</main>
+
+<script type="module" src="/admin/static/admin.js"></script>
+{{end}}
diff --git a/admin/templates/html/components/credits/addcredit.html b/admin/templates/html/components/credits/addcredit.html
index c09a550..082ba17 100644
--- a/admin/templates/html/components/credits/addcredit.html
+++ b/admin/templates/html/components/credits/addcredit.html
@@ -7,7 +7,7 @@
         {{range $Artist := .Artists}}
         <li class="new-artist"
             data-id="{{$Artist.ID}}"
-            hx-get="/admin/release/{{$.ReleaseID}}/newcredit/{{$Artist.ID}}"
+            hx-get="/admin/releases/{{$.ReleaseID}}/newcredit/{{$Artist.ID}}"
             hx-target="#editcredits ul"
             hx-swap="beforeend"
         >
diff --git a/admin/templates/html/components/credits/editcredits.html b/admin/templates/html/components/credits/editcredits.html
index 94dc268..38132e2 100644
--- a/admin/templates/html/components/credits/editcredits.html
+++ b/admin/templates/html/components/credits/editcredits.html
@@ -3,8 +3,8 @@
         <h2>Editing: Credits</h2>
         <a id="add-credit"
            class="button new"
-           href="/admin/release/{{.ID}}/addcredit"
-           hx-get="/admin/release/{{.ID}}/addcredit"
+           href="/admin/releases/{{.ID}}/addcredit"
+           hx-get="/admin/releases/{{.ID}}/addcredit"
            hx-target="body"
            hx-swap="beforeend"
         >Add</a>
diff --git a/admin/templates/html/components/release/release-list-item.html b/admin/templates/html/components/release/release-list-item.html
index 4b8f41e..7a5059d 100644
--- a/admin/templates/html/components/release/release-list-item.html
+++ b/admin/templates/html/components/release/release-list-item.html
@@ -5,7 +5,7 @@
     </div>
     <div class="release-info">
         <h3 class="release-title">
-            <a href="/admin/release/{{.ID}}">{{.Title}}</a>
+            <a href="/admin/releases/{{.ID}}">{{.Title}}</a>
             <small>
                 <span title="{{.PrintReleaseDate}}">{{.ReleaseDate.Year}}</span>
                 {{if not .Visible}}(hidden){{end}}
@@ -13,9 +13,9 @@
         </h3>
         <p class="release-artists">{{.PrintArtists true true}}</p>
         <p class="release-type-single">{{.ReleaseType}}
-        (<a href="/admin/release/{{.ID}}#tracks">{{len .Tracks}} track{{if not (eq (len .Tracks) 1)}}s{{end}}</a>)</p>
+        (<a href="/admin/releases/{{.ID}}#tracks">{{len .Tracks}} track{{if not (eq (len .Tracks) 1)}}s{{end}}</a>)</p>
         <div class="release-actions">
-            <a href="/admin/release/{{.ID}}">Edit</a>
+            <a href="/admin/releases/{{.ID}}">Edit</a>
             <a href="/music/{{.ID}}" target="_blank">Gateway <img class="icon" src="/img/external-link.svg"/></a>
         </div>
     </div>
diff --git a/admin/templates/html/components/tracks/addtrack.html b/admin/templates/html/components/tracks/addtrack.html
index a6dd433..6a2360b 100644
--- a/admin/templates/html/components/tracks/addtrack.html
+++ b/admin/templates/html/components/tracks/addtrack.html
@@ -8,7 +8,7 @@
         </li>
         <li class="new-track"
             data-id="{{$Track.ID}}"
-            hx-get="/admin/release/{{$.ReleaseID}}/newtrack/{{$Track.ID}}"
+            hx-get="/admin/releases/{{$.ReleaseID}}/newtrack/{{$Track.ID}}"
             hx-target="#edittracks ul"
             hx-swap="beforeend"
         >
diff --git a/admin/templates/html/components/tracks/edittracks.html b/admin/templates/html/components/tracks/edittracks.html
index d03f80a..c06f0c3 100644
--- a/admin/templates/html/components/tracks/edittracks.html
+++ b/admin/templates/html/components/tracks/edittracks.html
@@ -3,8 +3,8 @@
         <h2>Editing: Tracks</h2>
         <a id="add-track"
            class="button new"
-           href="/admin/release/{{.Release.ID}}/addtrack"
-           hx-get="/admin/release/{{.Release.ID}}/addtrack"
+           href="/admin/releases/{{.Release.ID}}/addtrack"
+           hx-get="/admin/releases/{{.Release.ID}}/addtrack"
            hx-target="body"
            hx-swap="beforeend"
         >Add</a>
diff --git a/admin/templates/html/edit-artist.html b/admin/templates/html/edit-artist.html
index 6b95de8..9bb5a83 100644
--- a/admin/templates/html/edit-artist.html
+++ b/admin/templates/html/edit-artist.html
@@ -38,7 +38,7 @@
         <div class="credit">
             <img src="{{.Release.Artwork}}" alt="" width="64" loading="lazy" class="release-artwork">
             <div class="credit-info">
-                <h3 class="credit-name"><a href="/admin/release/{{.Release.ID}}">{{.Release.Title}}</a></h3>
+                <h3 class="credit-name"><a href="/admin/releases/{{.Release.ID}}">{{.Release.Title}}</a></h3>
                 <p class="credit-artists">{{.Release.PrintArtists true true}}</p>
                 <p class="artist-role">
                 Role: {{.Role}}
diff --git a/admin/templates/html/edit-release.html b/admin/templates/html/edit-release.html
index 4484c35..9a16f65 100644
--- a/admin/templates/html/edit-release.html
+++ b/admin/templates/html/edit-release.html
@@ -101,8 +101,8 @@
         <div class="card-header">
             <h2>Credits <small>({{len .Release.Credits}} total)</small></h2>
             <a class="button edit"
-               href="/admin/release/{{.Release.ID}}/editcredits"
-               hx-get="/admin/release/{{.Release.ID}}/editcredits"
+               href="/admin/releases/{{.Release.ID}}/editcredits"
+               hx-get="/admin/releases/{{.Release.ID}}/editcredits"
                hx-target="body"
                hx-swap="beforeend"
                >Edit</a>
@@ -111,7 +111,7 @@
         <div class="credit">
             <img src="{{.Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
             <div class="credit-info">
-                <p class="artist-name"><a href="/admin/artist/{{.Artist.ID}}">{{.Artist.Name}}</a></p>
+                <p class="artist-name"><a href="/admin/artists/{{.Artist.ID}}">{{.Artist.Name}}</a></p>
                 <p class="artist-role">
                 {{.Role}}
                 {{if .Primary}}
@@ -130,8 +130,8 @@
         <div class="card-header">
             <h2>Links ({{len .Release.Links}})</h2>
             <a class="button edit"
-               href="/admin/release/{{.Release.ID}}/editlinks"
-               hx-get="/admin/release/{{.Release.ID}}/editlinks"
+               href="/admin/releases/{{.Release.ID}}/editlinks"
+               hx-get="/admin/releases/{{.Release.ID}}/editlinks"
                hx-target="body"
                hx-swap="beforeend"
                >Edit</a>
@@ -147,8 +147,8 @@
         <div class="card-header" id="tracks">
             <h2>Tracklist ({{len .Release.Tracks}})</h2>
             <a class="button edit"
-               href="/admin/release/{{.Release.ID}}/edittracks"
-               hx-get="/admin/release/{{.Release.ID}}/edittracks"
+               href="/admin/releases/{{.Release.ID}}/edittracks"
+               hx-get="/admin/releases/{{.Release.ID}}/edittracks"
                hx-target="body"
                hx-swap="beforeend"
                >Edit</a>
@@ -157,7 +157,7 @@
         <div class="track" data-id="{{$track.ID}}">
             <h2 class="track-title">
                 <span class="track-number">{{.Add $i 1}}</span>
-                <a href="/admin/track/{{$track.ID}}">{{$track.Title}}</a>
+                <a href="/admin/tracks/{{$track.ID}}">{{$track.Title}}</a>
             </h2>
 
             <h3>Description</h3>
diff --git a/admin/templates/html/index.html b/admin/templates/html/index.html
index dc97a3e..581c691 100644
--- a/admin/templates/html/index.html
+++ b/admin/templates/html/index.html
@@ -32,7 +32,7 @@
                 {{range $Artist := .Artists}}
                 <div class="artist">
                     <img src="{{$Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
-                    <a href="/admin/artist/{{$Artist.ID}}" class="artist-name">{{$Artist.Name}}</a>
+                    <a href="/admin/artists/{{$Artist.ID}}" class="artist-name">{{$Artist.Name}}</a>
                 </div>       
                 {{end}}
             </div>
@@ -51,7 +51,7 @@
             {{range $Track := .Tracks}}
             <div class="track">
                 <h2 class="track-title">
-                    <a href="/admin/track/{{$Track.ID}}">{{$Track.Title}}</a>
+                    <a href="/admin/tracks/{{$Track.ID}}">{{$Track.Title}}</a>
                 </h2>
                 {{if $Track.Description}}
                 <p class="track-description">{{$Track.GetDescriptionHTML}}</p>
diff --git a/admin/templates/html/layout.html b/admin/templates/html/layout.html
index 55f2359..0aaf9ca 100644
--- a/admin/templates/html/layout.html
+++ b/admin/templates/html/layout.html
@@ -28,14 +28,14 @@
                 </div>
                 <hr>
                 <p class="section-label">music</p>
-                <div class="nav-item{{if eq .Path "/releases"}} active{{end}}">
-                    <a href="/admin/releases">releases</a>
+                <div class="nav-item{{if hasPrefix .Path "/releases"}} active{{end}}">
+                    <a href="/admin/releases/">releases</a>
                 </div>
-                <div class="nav-item{{if eq .Path "/artists"}} active{{end}}">
-                    <a href="/admin/artists">artists</a>
+                <div class="nav-item{{if hasPrefix .Path "/artists"}} active{{end}}">
+                    <a href="/admin/artists/">artists</a>
                 </div>
-                <div class="nav-item{{if eq .Path "/tracks"}} active{{end}}">
-                    <a href="/admin/tracks">tracks</a>
+                <div class="nav-item{{if hasPrefix .Path "/tracks"}} active{{end}}">
+                    <a href="/admin/tracks/">tracks</a>
                 </div>
                 {{end}}
 
diff --git a/admin/templates/html/releases.html b/admin/templates/html/releases.html
new file mode 100644
index 0000000..ec4443f
--- /dev/null
+++ b/admin/templates/html/releases.html
@@ -0,0 +1,22 @@
+{{define "head"}}
+<title>Releases - ari melody 💫</title>
+<link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
+<link rel="stylesheet" href="/admin/static/index.css">
+{{end}}
+
+{{define "content"}}
+<main>
+    <div class="card-header">
+        <h1><a href="/admin/releases/">Releases</a></h1>
+        <a class="button new" id="create-release">Create New</a>
+    </div>
+    {{range .Releases}}
+    {{block "release" .}}{{end}}
+    {{end}}
+    {{if not .Releases}}
+    <p>There are no releases.</p>
+    {{end}}
+</main>
+
+<script type="module" src="/admin/static/admin.js"></script>
+{{end}}
diff --git a/admin/templates/html/tracks.html b/admin/templates/html/tracks.html
new file mode 100644
index 0000000..196b41c
--- /dev/null
+++ b/admin/templates/html/tracks.html
@@ -0,0 +1,40 @@
+{{define "head"}}
+<title>Releases - ari melody 💫</title>
+<link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
+<link rel="stylesheet" href="/admin/static/index.css">
+{{end}}
+
+{{define "content"}}
+<main>
+    <h1>Releases</h1>
+
+    <div class="card-header">
+        <h2><a href="/admin/tracks/">Tracks</a></h2>
+        <a class="button new" id="create-track">Create New</a>
+    </div>
+    <p><em>"Orphaned" tracks that have not yet been bound to a release.</em></p>
+    <br>
+    {{range $Track := .Tracks}}
+    <div class="track">
+        <h2 class="track-title">
+            <a href="/admin/tracks/{{$Track.ID}}">{{$Track.Title}}</a>
+        </h2>
+        {{if $Track.Description}}
+        <p class="track-description">{{$Track.GetDescriptionHTML}}</p>
+        {{else}}
+        <p class="track-description empty">No description provided.</p>
+        {{end}}
+        {{if $Track.Lyrics}}
+        <p class="track-lyrics">{{$Track.GetLyricsHTML}}</p>
+        {{else}}
+        <p class="track-lyrics empty">There are no lyrics.</p>
+        {{end}}
+    </div>       
+    {{end}}
+    {{if not .Artists}}
+    <p>There are no artists.</p>
+    {{end}}
+</main>
+
+<script type="module" src="/admin/static/admin.js"></script>
+{{end}}
diff --git a/admin/templates/templates.go b/admin/templates/templates.go
index 58cd1d0..10005ca 100644
--- a/admin/templates/templates.go
+++ b/admin/templates/templates.go
@@ -1,12 +1,12 @@
 package templates
 
 import (
-    "arimelody-web/log"
-    "fmt"
-    "html/template"
-    "strings"
-    "time"
-    _ "embed"
+	"arimelody-web/log"
+	_ "embed"
+	"fmt"
+	"html/template"
+	"strings"
+	"time"
 )
 
 //go:embed "html/layout.html"
@@ -35,10 +35,18 @@ var logsHTML string
 
 //go:embed "html/edit-account.html"
 var editAccountHTML string
-//go:embed "html/edit-artist.html"
-var editArtistHTML string
+
+//go:embed "html/releases.html"
+var releasesHTML string
+//go:embed "html/artists.html"
+var artistsHTML string
+//go:embed "html/tracks.html"
+var tracksHTML string
+
 //go:embed "html/edit-release.html"
 var editReleaseHTML string
+//go:embed "html/edit-artist.html"
+var editArtistHTML string
 //go:embed "html/edit-track.html"
 var editTrackHTML string
 
@@ -62,9 +70,18 @@ var componentAddTrackHTML string
 //go:embed "html/components/tracks/edittracks.html"
 var componentEditTracksHTML string
 
-var BaseTemplate = template.Must(template.New("base").Parse(
-    strings.Join([]string{ layoutHTML, prideflagHTML }, "\n"),
-))
+var BaseTemplate = template.Must(
+    template.New("base").Funcs(
+        template.FuncMap{
+            "hasPrefix": func(s string, prefix string) bool {
+                fmt.Printf("does \"%s\" start with \"%s\"?\n", s, prefix)
+                return strings.HasPrefix(s, prefix)
+            },
+        },
+    ).Parse(strings.Join([]string{
+        layoutHTML,
+        prideflagHTML,
+    }, "\n")))
 
 var IndexTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
     strings.Join([]string{
@@ -108,6 +125,15 @@ var LogsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Funcs(templ
     },
 }).Parse(logsHTML))
 
+var ReleasesTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
+    strings.Join([]string{
+        releasesHTML,
+        componentReleaseListItemHTML,
+    }, "\n"),
+))
+var ArtistsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(artistsHTML))
+var TracksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(tracksHTML))
+
 var EditReleaseTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editReleaseHTML))
 var EditArtistTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editArtistHTML))
 var EditTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
diff --git a/admin/trackhttp.go b/admin/trackhttp.go
index e4187b4..9dfd119 100644
--- a/admin/trackhttp.go
+++ b/admin/trackhttp.go
@@ -10,9 +10,9 @@ import (
 	"arimelody-web/model"
 )
 
-func serveTrack(app *model.AppState) http.Handler {
+func serveTracks(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        slices := strings.Split(r.URL.Path[1:], "/")
+        slices := strings.Split(strings.TrimPrefix(r.URL.Path, "/tracks")[1:], "/")
         id := slices[0]
         track, err := controller.GetTrack(app.DB, id)
         if err != nil {
diff --git a/view/index.go b/view/index.go
index bcd0d06..fabbba4 100644
--- a/view/index.go
+++ b/view/index.go
@@ -16,21 +16,19 @@ func IndexHandler(app *model.AppState) http.Handler {
             return
         }
 
-        type IndexData struct {
-            TwitchStatus *model.TwitchStreamInfo
-        }
-
-        var err error
-        var twitchStatus *model.TwitchStreamInfo = nil
-        if app.Twitch != nil && len(app.Config.Twitch.Broadcaster) > 0 {
-            twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster)
-            if err != nil {
-                fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err)
-            }
-        }
-
         if r.URL.Path == "/" || r.URL.Path == "/index.html" {
-            err := templates.IndexTemplate.Execute(w, IndexData{
+            type IndexData struct {
+                TwitchStatus *model.TwitchStreamInfo
+            }
+            var err error
+            var twitchStatus *model.TwitchStreamInfo = nil
+            if app.Twitch != nil && len(app.Config.Twitch.Broadcaster) > 0 {
+                twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster)
+                if err != nil {
+                    fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err)
+                }
+            }
+            err = templates.IndexTemplate.Execute(w, IndexData{
                 TwitchStatus: twitchStatus,
             })
             if err != nil {

From b0dd87cad383c820863eb51b9901971481898985 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 18:39:38 +0100
Subject: [PATCH 74/88] add artists/tracks pages; more components; css cleanup

---
 admin/artisthttp.go                           |  48 +++++--
 admin/http.go                                 |  20 ++-
 admin/releasehttp.go                          |  40 +++---
 admin/static/admin.css                        |  32 +++--
 admin/static/artists.css                      |  23 ++++
 admin/static/artists.js                       |   7 +
 admin/static/edit-release.css                 |  69 +---------
 admin/static/index.css                        |  84 ------------
 admin/static/index.js                         |   8 --
 .../{release-list-item.css => releases.css}   |  14 +-
 admin/static/tracks.css                       | 127 ++++++++++++++++++
 admin/templates/html/artists.html             |  20 ++-
 .../html/components/artist/artist.html        |   6 +
 .../{credits => credit}/addcredit.html        |   0
 .../{credits => credit}/editcredits.html      |   0
 .../{credits => credit}/newcredit.html        |   0
 .../components/{links => link}/editlinks.html |   0
 .../{release-list-item.html => release.html}  |   0
 .../{tracks => track}/addtrack.html           |   0
 .../{tracks => track}/edittracks.html         |   0
 .../{tracks => track}/newtrack.html           |   0
 .../html/components/track/track.html          |  24 ++++
 admin/templates/html/edit-artist.html         |   1 +
 admin/templates/html/edit-release.html        |  23 +---
 admin/templates/html/edit-track.html          |   2 +
 admin/templates/html/index.html               |  41 ++----
 admin/templates/html/logs.html                |   2 +-
 admin/templates/html/releases.html            |  17 ++-
 admin/templates/html/tracks.html              |  51 ++++---
 admin/templates/templates.go                  | 123 +++++++++++------
 admin/trackhttp.go                            |  48 +++++--
 controller/artist.go                          |   5 +
 controller/release.go                         |   2 +-
 controller/track.go                           |   5 +
 model/release.go                              |   2 +-
 model/track.go                                |   6 +-
 public/style/music-gateway.css                |   2 +-
 37 files changed, 498 insertions(+), 354 deletions(-)
 create mode 100644 admin/static/artists.css
 create mode 100644 admin/static/artists.js
 delete mode 100644 admin/static/index.css
 rename admin/static/{release-list-item.css => releases.css} (83%)
 create mode 100644 admin/static/tracks.css
 create mode 100644 admin/templates/html/components/artist/artist.html
 rename admin/templates/html/components/{credits => credit}/addcredit.html (100%)
 rename admin/templates/html/components/{credits => credit}/editcredits.html (100%)
 rename admin/templates/html/components/{credits => credit}/newcredit.html (100%)
 rename admin/templates/html/components/{links => link}/editlinks.html (100%)
 rename admin/templates/html/components/release/{release-list-item.html => release.html} (100%)
 rename admin/templates/html/components/{tracks => track}/addtrack.html (100%)
 rename admin/templates/html/components/{tracks => track}/edittracks.html (100%)
 rename admin/templates/html/components/{tracks => track}/newtrack.html (100%)
 create mode 100644 admin/templates/html/components/track/track.html

diff --git a/admin/artisthttp.go b/admin/artisthttp.go
index 9d99fd4..f151ddd 100644
--- a/admin/artisthttp.go
+++ b/admin/artisthttp.go
@@ -12,22 +12,57 @@ import (
 
 func serveArtists(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         slices := strings.Split(strings.TrimPrefix(r.URL.Path, "/artists")[1:], "/")
-        id := slices[0]
-        artist, err := controller.GetArtist(app.DB, id)
+        artistID := slices[0]
+
+        if len(artistID) > 0 {
+            serveArtist(app, artistID).ServeHTTP(w, r)
+            return
+        }
+
+        artists, err := controller.GetAllArtists(app.DB)
+        if err != nil {
+            fmt.Printf("WARN: Failed to fetch artists: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+
+        type ArtistsResponse struct {
+            adminPageData
+            Artists []*model.Artist
+        }
+
+        err = templates.ArtistsTemplate.Execute(w, ArtistsResponse{
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
+            Artists: artists,
+        })
+        if err != nil {
+            fmt.Printf("WARN: Failed to serve admin artists page: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+        }
+    })
+}
+
+func serveArtist(app *model.AppState, artistID string) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
+        artist, err := controller.GetArtist(app.DB, artistID)
         if err != nil {
             if artist == nil {
                 http.NotFound(w, r)
                 return
             }
-            fmt.Printf("Error rendering admin artist page for %s: %s\n", id, err)
+            fmt.Printf("WARN: Failed to fetch artist %s: %s\n", artistID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
 
         credits, err := controller.GetArtistCredits(app.DB, artist.ID, true)
         if err != nil {
-            fmt.Printf("Error rendering admin track page for %s: %s\n", id, err)
+            fmt.Printf("WARN: Failed to serve admin artist page for %s: %s\n", artistID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -38,17 +73,14 @@ func serveArtists(app *model.AppState) http.Handler {
             Credits []*model.Credit
         }
 
-        session := r.Context().Value("session").(*model.Session)
-
         err = templates.EditArtistTemplate.Execute(w, ArtistResponse{
             adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Artist: artist,
             Credits: credits,
         })
         if err != nil {
-            fmt.Printf("Error rendering admin track page for %s: %s\n", id, err)
+            fmt.Printf("WARN: Failed to serve admin artist page for %s: %s\n", artistID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
 }
-
diff --git a/admin/http.go b/admin/http.go
index 1094095..f65d8b9 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -53,7 +53,9 @@ func Handler(app *model.AppState) http.Handler {
 
     mux.Handle("/releases", requireAccount(serveReleases(app)))
     mux.Handle("/releases/", requireAccount(serveReleases(app)))
+    mux.Handle("/artists", requireAccount(serveArtists(app)))
     mux.Handle("/artists/", requireAccount(serveArtists(app)))
+    mux.Handle("/tracks", requireAccount(serveTracks(app)))
     mux.Handle("/tracks/", requireAccount(serveTracks(app)))
 
     mux.Handle("/static/", staticHandler())
@@ -79,7 +81,7 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
-        releaseCount, err := controller.GetReleasesCount(app.DB, false)
+        releaseCount, err := controller.GetReleaseCount(app.DB, false)
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to pull releases count: %s\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -92,6 +94,12 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
+        artistCount, err := controller.GetArtistCount(app.DB)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to pull artist count: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
 
         tracks, err := controller.GetOrphanTracks(app.DB)
         if err != nil {
@@ -99,13 +107,21 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
+        trackCount, err := controller.GetTrackCount(app.DB)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "WARN: Failed to pull track count: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
 
         type IndexData struct {
             adminPageData
             Releases        []*model.Release
             ReleaseCount    int
             Artists         []*model.Artist
+            ArtistCount     int
             Tracks          []*model.Track
+            TrackCount      int
         }
 
         err = templates.IndexTemplate.Execute(w, IndexData{
@@ -113,7 +129,9 @@ func AdminIndexHandler(app *model.AppState) http.Handler {
             Releases: releases,
             ReleaseCount: releaseCount,
             Artists: artists,
+            ArtistCount: artistCount,
             Tracks: tracks,
+            TrackCount: trackCount,
         })
         if err != nil {
             fmt.Fprintf(os.Stderr, "WARN: Failed to render admin index: %s\n", err)
diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index 5484609..028ad2f 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -13,6 +13,8 @@ import (
 
 func serveReleases(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         slices := strings.Split(strings.TrimPrefix(r.URL.Path, "/releases")[1:], "/")
         releaseID := slices[0]
 
@@ -26,8 +28,6 @@ func serveReleases(app *model.AppState) http.Handler {
             return
         }
 
-        session := r.Context().Value("session").(*model.Session)
-
         type ReleasesData struct {
             adminPageData
             Releases    []*model.Release
@@ -35,7 +35,7 @@ func serveReleases(app *model.AppState) http.Handler {
 
         releases, err := controller.GetAllReleases(app.DB, false, 0, true)
         if err != nil {
-            fmt.Fprintf(os.Stderr, "WARN: Failed to pull releases: %s\n", err)
+            fmt.Fprintf(os.Stderr, "WARN: Failed to fetch releases: %s\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -48,7 +48,7 @@ func serveReleases(app *model.AppState) http.Handler {
             Releases: releases,
         })
         if err != nil {
-            fmt.Fprintf(os.Stderr, "WARN: Failed to render releases page: %s\n", err)
+            fmt.Fprintf(os.Stderr, "WARN: Failed to serve releases page: %s\n", err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -65,7 +65,7 @@ func serveRelease(app *model.AppState, releaseID string, action string) http.Han
                 http.NotFound(w, r)
                 return
             }
-            fmt.Printf("WARN: Failed to pull full release data for %s: %s\n", releaseID, err)
+            fmt.Printf("WARN: Failed to fetch full release data for %s: %s\n", releaseID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -103,12 +103,16 @@ func serveRelease(app *model.AppState, releaseID string, action string) http.Han
             Release *model.Release
         }
 
+        for i, track := range release.Tracks {
+            track.Number = i + 1
+        }
+
         err = templates.EditReleaseTemplate.Execute(w, ReleaseResponse{
             adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Release: release,
         })
         if err != nil {
-            fmt.Printf("Error rendering admin release page for %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to serve admin release page for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
@@ -119,7 +123,7 @@ func serveEditCredits(release *model.Release) http.Handler {
         w.Header().Set("Content-Type", "text/html")
         err := templates.EditCreditsTemplate.Execute(w, release)
         if err != nil {
-            fmt.Printf("Error rendering edit credits component for %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to serve edit credits component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
@@ -129,7 +133,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         artists, err := controller.GetArtistsNotOnRelease(app.DB, release.ID)
         if err != nil {
-            fmt.Printf("WARN: Failed to pull artists not on %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to fetch artists not on %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -145,7 +149,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler {
             Artists: artists,
         })
         if err != nil {
-            fmt.Printf("Error rendering add credits component for %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to serve add credits component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
@@ -156,7 +160,7 @@ func serveNewCredit(app *model.AppState) http.Handler {
         artistID := strings.Split(r.URL.Path, "/")[3]
         artist, err := controller.GetArtist(app.DB, artistID)
         if err != nil {
-            fmt.Printf("WARN: Failed to pull artists %s: %s\n", artistID, err)
+            fmt.Printf("WARN: Failed to fetch artist %s: %s\n", artistID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -168,7 +172,7 @@ func serveNewCredit(app *model.AppState) http.Handler {
         w.Header().Set("Content-Type", "text/html")
         err = templates.NewCreditTemplate.Execute(w, artist)
         if err != nil {
-            fmt.Printf("Error rendering new credit component for %s: %s\n", artist.ID, err)
+            fmt.Printf("WARN: Failed to serve new credit component for %s: %s\n", artist.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
@@ -177,9 +181,9 @@ func serveNewCredit(app *model.AppState) http.Handler {
 func serveEditLinks(release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         w.Header().Set("Content-Type", "text/html")
-        err := templates.EditCreditsTemplate.Execute(w, release)
+        err := templates.EditLinksTemplate.Execute(w, release)
         if err != nil {
-            fmt.Printf("Error rendering edit links component for %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to serve edit links component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
@@ -199,7 +203,7 @@ func serveEditTracks(release *model.Release) http.Handler {
             Add: func(a, b int) int { return a + b },
         })
         if err != nil {
-            fmt.Printf("Error rendering edit tracks component for %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to serve edit tracks component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
@@ -209,7 +213,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         tracks, err := controller.GetTracksNotOnRelease(app.DB, release.ID)
         if err != nil {
-            fmt.Printf("WARN: Failed to pull tracks not on %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to fetch tracks not on %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -225,7 +229,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler {
             Tracks: tracks,
         })
         if err != nil {
-            fmt.Printf("Error rendering add tracks component for %s: %s\n", release.ID, err)
+            fmt.Printf("WARN: Failed to add tracks component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
@@ -236,7 +240,7 @@ func serveNewTrack(app *model.AppState) http.Handler {
         trackID := strings.Split(r.URL.Path, "/")[3]
         track, err := controller.GetTrack(app.DB, trackID)
         if err != nil {
-            fmt.Printf("Error rendering new track component for %s: %s\n", trackID, err)
+            fmt.Printf("WARN: Failed to fetch track %s: %s\n", trackID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -248,7 +252,7 @@ func serveNewTrack(app *model.AppState) http.Handler {
         w.Header().Set("Content-Type", "text/html")
         err = templates.NewTrackTemplate.Execute(w, track)
         if err != nil {
-            fmt.Printf("Error rendering new track component for %s: %s\n", track.ID, err)
+            fmt.Printf("WARN: Failed to serve new track component for %s: %s\n", track.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
diff --git a/admin/static/admin.css b/admin/static/admin.css
index ab736f2..7e94798 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -95,23 +95,26 @@ h1, h2, h3, h4, h5, h6 {
 }
 
 header {
-    position: fixed;
-    left: 0;
-    height: 100vh;
     display: flex;
-    flex-direction: column;
-    width: 180px;
-    background-color: var(--bg-1);
-    box-shadow: var(--shadow-md);
-
-    transition: background .1s ease-out, color .1s ease-out;
+    justify-content: space-between;
+    align-items: center;
 }
 nav {
-    height: 100%;
-    margin: 1em 0;
+    position: fixed;
+    top: 0;
+    left: 0;
+    width: 180px;
+    height: calc(100vh - 2em);
+    margin: 0;
+    padding: 1em 0;
     display: flex;
     flex-direction: column;
     justify-content: left;
+
+    background-color: var(--bg-1);
+    box-shadow: var(--shadow-md);
+    transition: background .1s ease-out, color .1s ease-out;
+
     user-select: none;
 }
 nav .icon {
@@ -134,17 +137,18 @@ nav .icon img {
     color: var(--fg-2);
     line-height: 2em;
     font-weight: 500;
-    transition: color .1s, background-color .1s;
+    transition: color .1s ease-out, background-color .1s ease-out;
 }
 .nav-item:hover {
-    background: var(--bg-2);
+    color: var(--bg-2);
+    background-color: var(--fg-2);
     text-decoration: none;
 }
 .nav-item.active {
     border-left: 4px solid var(--fg-2);
 }
 .nav-item.active a {
-    padding-left: calc(1em - 4px);
+    padding-left: calc(1em - 3.5px);
 }
 nav a {
     padding: .2em 1em;
diff --git a/admin/static/artists.css b/admin/static/artists.css
new file mode 100644
index 0000000..3074874
--- /dev/null
+++ b/admin/static/artists.css
@@ -0,0 +1,23 @@
+.artist {
+    padding: .5em;
+
+    color: var(--fg-3);
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
+    border-radius: 16px;
+    text-align: center;
+
+    cursor: pointer;
+    transition: background .1s ease-out, color .1s ease-out;
+}
+
+.artist:hover {
+    background: var(--bg-1);
+    text-decoration: hover;
+}
+
+.artist .artist-avatar {
+    width: 100%;
+    object-fit: cover;
+    border-radius: 8px;
+}
diff --git a/admin/static/artists.js b/admin/static/artists.js
new file mode 100644
index 0000000..29eab22
--- /dev/null
+++ b/admin/static/artists.js
@@ -0,0 +1,7 @@
+import { hijackClickEvent } from "./admin.js";
+
+document.addEventListener("readystatechange", () => {
+    document.querySelectorAll(".artists-group .artist").forEach(el => {
+        hijackClickEvent(el, el.querySelector("a.artist-name"))
+    });
+});
diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css
index b8817e0..62dbda1 100644
--- a/admin/static/edit-release.css
+++ b/admin/static/edit-release.css
@@ -133,10 +133,13 @@ input[type="text"] {
 dialog {
     width: min(720px, calc(100% - 2em));
     padding: 2em;
-    border: 1px solid #101010;
+    border: none;
     border-radius: 16px;
     color: var(--fg-0);
-    background: var(--bg-0);
+    background-color: var(--bg-0);
+    box-shadow: var(--shadow-lg);
+
+    transition: color .1s ease-out, background-color .1s ease-out;
 }
 
 dialog header {
@@ -433,68 +436,6 @@ dialog div.dialog-actions {
     outline: 1px solid #808080;
 }
 
-/*
- * RELEASE TRACKS
- */
-
-#tracks .track {
-    margin-bottom: 1em;
-    padding: 1em;
-    display: flex;
-    flex-direction: column;
-    gap: .5em;
-
-    border-radius: 16px;
-    background: var(--bg-2);
-    box-shadow: var(--shadow-md);
-
-    transition: background .1s ease-out, color .1s ease-out;
-}
-
-#tracks .track h3,
-#tracks .track p {
-    margin: 0;
-}
-
-#tracks h2.track-title {
-    margin: 0;
-    display: flex;
-    gap: .5em;
-}
-
-#tracks h2.track-title .track-number {
-    opacity: .5;
-}
-
-#tracks a:hover {
-    text-decoration: underline;
-}
-
-#tracks .track-album {
-    margin-left: auto;
-    font-style: italic;
-    font-size: .75em;
-    opacity: .5;
-}
-
-#tracks .track-album.empty {
-    color: #ff2020;
-    opacity: 1;
-}
-
-#tracks .track-description {
-    font-style: italic;
-}
-
-#tracks .track-lyrics {
-    max-height: 10em;
-    overflow-y: scroll;
-}
-
-#tracks .track .empty {
-    opacity: 0.75;
-}
-
 #edittracks ul {
     padding: 0;
     list-style: none;
diff --git a/admin/static/index.css b/admin/static/index.css
deleted file mode 100644
index 5f64a2f..0000000
--- a/admin/static/index.css
+++ /dev/null
@@ -1,84 +0,0 @@
-@import url("/admin/static/release-list-item.css");
-
-.artist {
-    padding: .5em;
-
-    color: var(--fg-3);
-    background: var(--bg-2);
-    box-shadow: var(--shadow-md);
-    border-radius: 16px;
-    text-align: center;
-
-    cursor: pointer;
-    transition: background .1s ease-out, color .1s ease-out;
-}
-
-.artist:hover {
-    background: var(--bg-1);
-    text-decoration: hover;
-}
-
-.artist-avatar {
-    width: 100%;
-    object-fit: cover;
-    border-radius: 8px;
-}
-
-.track {
-    margin-bottom: 1em;
-    padding: 1em;
-    display: flex;
-    flex-direction: column;
-    gap: .5em;
-
-    border-radius: 8px;
-    background: #f8f8f8f8;
-    border: 1px solid #808080;
-
-    transition: background .1s ease-out, color .1s ease-out;
-}
-
-.track p {
-    margin: 0;
-}
-
-.card h2.track-title {
-    margin: 0;
-    display: flex;
-    flex-direction: row;
-    justify-content: space-between;
-}
-
-.track-id {
-    width: fit-content;
-    font-family: "Monaspace Argon", monospace;
-    font-size: .8em;
-    font-style: italic;
-    line-height: 1em;
-    user-select: all;
-}
-
-.track-album {
-    margin-left: auto;
-    font-style: italic;
-    font-size: .75em;
-    opacity: .5;
-}
-
-.track-album.empty {
-    color: #ff2020;
-    opacity: 1;
-}
-
-.track-description {
-    font-style: italic;
-}
-
-.track-lyrics {
-    max-height: 10em;
-    overflow-y: scroll;
-}
-
-.track .empty {
-    opacity: 0.75;
-}
diff --git a/admin/static/index.js b/admin/static/index.js
index c6f6b58..60bdfd0 100644
--- a/admin/static/index.js
+++ b/admin/static/index.js
@@ -1,5 +1,3 @@
-import { hijackClickEvent } from "./admin.js";
-
 const newReleaseBtn = document.getElementById("create-release");
 const newArtistBtn = document.getElementById("create-artist");
 const newTrackBtn = document.getElementById("create-track");
@@ -74,9 +72,3 @@ newTrackBtn.addEventListener("click", event => {
         console.error(err);
     });
 });
-
-document.addEventListener("readystatechange", () => {
-    document.querySelectorAll("#artists .artist").forEach(el => {
-        hijackClickEvent(el, el.querySelector("a.artist-name"))
-    });
-});
diff --git a/admin/static/release-list-item.css b/admin/static/releases.css
similarity index 83%
rename from admin/static/release-list-item.css
rename to admin/static/releases.css
index aedd121..08dcd20 100644
--- a/admin/static/release-list-item.css
+++ b/admin/static/releases.css
@@ -17,7 +17,7 @@
     margin: 0;
 }
 
-.release-artwork {
+.release .release-artwork {
     margin: auto 0;
     width: 96px;
 
@@ -29,16 +29,16 @@
     box-shadow: var(--shadow-sm);
 }
 
-.release-artwork img {
+.release .release-artwork img {
     width: 100%;
     aspect-ratio: 1;
 }
 
-.release-title small {
+.release .release-title small {
     opacity: .75;
 }
 
-.release-links {
+.release .release-links {
     margin: .5em 0;
     padding: 0;
     display: flex;
@@ -48,13 +48,13 @@
     gap: .5em;
 }
 
-.release-actions {
+.release .release-actions {
     margin-top: .5em;
     user-select: none;
     color: var(--fg-3);
 }
 
-.release-actions a {
+.release .release-actions a {
     margin-right: .3em;
     padding: .3em .5em;
     display: inline-block;
@@ -66,7 +66,7 @@
     transition: color .1s ease-out, background .1s ease-out;
 }
 
-.release-actions a:hover {
+.release .release-actions a:hover {
     background: var(--bg-0);
     color: var(--fg-3);
     text-decoration: none;
diff --git a/admin/static/tracks.css b/admin/static/tracks.css
new file mode 100644
index 0000000..c36c1b1
--- /dev/null
+++ b/admin/static/tracks.css
@@ -0,0 +1,127 @@
+#tracks h2.track-title {
+    margin: 0;
+    display: flex;
+    gap: .5em;
+}
+
+#tracks .track {
+    margin-bottom: 1em;
+    padding: 1em;
+    display: flex;
+    flex-direction: column;
+    gap: .5em;
+
+    border-radius: 16px;
+    background: var(--bg-2);
+    box-shadow: var(--shadow-md);
+
+    transition: background .1s ease-out, color .1s ease-out;
+}
+
+#tracks .track h3,
+#tracks .track p {
+    margin: 0;
+}
+
+#tracks h2.track-title {
+    margin: 0;
+    display: flex;
+    gap: .5em;
+}
+
+#tracks h2.track-title .track-number {
+    opacity: .5;
+}
+
+#tracks a:hover {
+    text-decoration: underline;
+}
+
+#tracks .track-album {
+    margin-left: auto;
+    font-style: italic;
+    font-size: .75em;
+    opacity: .5;
+}
+
+#tracks .track-album.empty {
+    color: #ff2020;
+    opacity: 1;
+}
+
+#tracks .track-description {
+    font-style: italic;
+}
+
+#tracks .track-lyrics {
+    max-height: 10em;
+    overflow-y: scroll;
+}
+
+#tracks .track .empty {
+    opacity: 0.75;
+}
+
+
+.card h2.track-title {
+    margin: 0;
+    display: flex;
+    flex-direction: row;
+    /*
+    justify-content: space-between;
+    */
+}
+
+/*
+.track {
+    margin-bottom: 1em;
+    padding: 1em;
+    display: flex;
+    flex-direction: column;
+    gap: .5em;
+
+    border-radius: 8px;
+    background-color: var(--bg-2);
+    box-shadow: var(--shadow-md);
+
+    transition: color .1s ease-out, background-color .1s ease-out;
+}
+
+.track p {
+    margin: 0;
+}
+
+.track-id {
+    width: fit-content;
+    font-family: "Monaspace Argon", monospace;
+    font-size: .8em;
+    font-style: italic;
+    line-height: 1em;
+    user-select: all;
+}
+
+.track-album {
+    margin-left: auto;
+    font-style: italic;
+    font-size: .75em;
+    opacity: .5;
+}
+
+.track-album.empty {
+    color: #ff2020;
+    opacity: 1;
+}
+
+.track-description {
+    font-style: italic;
+}
+
+.track-lyrics {
+    max-height: 10em;
+    overflow-y: scroll;
+}
+
+.track .empty {
+    opacity: 0.75;
+}
+*/
diff --git a/admin/templates/html/artists.html b/admin/templates/html/artists.html
index 7b2a464..fe21153 100644
--- a/admin/templates/html/artists.html
+++ b/admin/templates/html/artists.html
@@ -1,24 +1,21 @@
 {{define "head"}}
 <title>Artists - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/index.css">
+<link rel="stylesheet" href="/admin/static/admin.css">
+<link rel="stylesheet" href="/admin/static/artists.css">
 {{end}}
 
 {{define "content"}}
 <main>
-    <h1>Artists</h1>
-
-    <div class="card-header">
-        <h2><a href="/admin/artists/">Artists</a></h2>
+    <header>
+        <h1><a href="/admin/artists/">Artists</a></h2>
         <a class="button new" id="create-artist">Create New</a>
-    </div>
+    </header>
+
     {{if .Artists}}
     <div class="artists-group">
-        {{range $Artist := .Artists}}
-        <div class="artist">
-            <img src="{{$Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
-            <a href="/admin/artists/{{$Artist.ID}}" class="artist-name">{{$Artist.Name}}</a>
-        </div>       
+        {{range .Artists}}
+        {{block "artist" .}}{{end}}
         {{end}}
     </div>
     {{else}}
@@ -27,4 +24,5 @@
 </main>
 
 <script type="module" src="/admin/static/admin.js"></script>
+<script type="module" src="/admin/static/artists.js"></script>
 {{end}}
diff --git a/admin/templates/html/components/artist/artist.html b/admin/templates/html/components/artist/artist.html
new file mode 100644
index 0000000..86ac4cc
--- /dev/null
+++ b/admin/templates/html/components/artist/artist.html
@@ -0,0 +1,6 @@
+{{define "artist"}}
+<div class="artist">
+    <img src="{{.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
+    <a href="/admin/artists/{{.ID}}" class="artist-name">{{.Name}}</a>
+</div>       
+{{end}}
diff --git a/admin/templates/html/components/credits/addcredit.html b/admin/templates/html/components/credit/addcredit.html
similarity index 100%
rename from admin/templates/html/components/credits/addcredit.html
rename to admin/templates/html/components/credit/addcredit.html
diff --git a/admin/templates/html/components/credits/editcredits.html b/admin/templates/html/components/credit/editcredits.html
similarity index 100%
rename from admin/templates/html/components/credits/editcredits.html
rename to admin/templates/html/components/credit/editcredits.html
diff --git a/admin/templates/html/components/credits/newcredit.html b/admin/templates/html/components/credit/newcredit.html
similarity index 100%
rename from admin/templates/html/components/credits/newcredit.html
rename to admin/templates/html/components/credit/newcredit.html
diff --git a/admin/templates/html/components/links/editlinks.html b/admin/templates/html/components/link/editlinks.html
similarity index 100%
rename from admin/templates/html/components/links/editlinks.html
rename to admin/templates/html/components/link/editlinks.html
diff --git a/admin/templates/html/components/release/release-list-item.html b/admin/templates/html/components/release/release.html
similarity index 100%
rename from admin/templates/html/components/release/release-list-item.html
rename to admin/templates/html/components/release/release.html
diff --git a/admin/templates/html/components/tracks/addtrack.html b/admin/templates/html/components/track/addtrack.html
similarity index 100%
rename from admin/templates/html/components/tracks/addtrack.html
rename to admin/templates/html/components/track/addtrack.html
diff --git a/admin/templates/html/components/tracks/edittracks.html b/admin/templates/html/components/track/edittracks.html
similarity index 100%
rename from admin/templates/html/components/tracks/edittracks.html
rename to admin/templates/html/components/track/edittracks.html
diff --git a/admin/templates/html/components/tracks/newtrack.html b/admin/templates/html/components/track/newtrack.html
similarity index 100%
rename from admin/templates/html/components/tracks/newtrack.html
rename to admin/templates/html/components/track/newtrack.html
diff --git a/admin/templates/html/components/track/track.html b/admin/templates/html/components/track/track.html
new file mode 100644
index 0000000..4db20a3
--- /dev/null
+++ b/admin/templates/html/components/track/track.html
@@ -0,0 +1,24 @@
+{{define "track"}}
+<div class="track" data-id="{{.ID}}">
+    <h2 class="track-title">
+        {{if .Number}}
+        <span class="track-number">{{.Number}}</span>
+        {{end}}
+        <a href="/admin/tracks/{{.ID}}">{{.Title}}</a>
+    </h2>
+
+    <h3>Description</h3>
+    {{if .Description}}
+    <p class="track-description">{{.GetDescriptionHTML}}</p>
+    {{else}}
+    <p class="track-description empty">No description provided.</p>
+    {{end}}
+
+    <h3>Lyrics</h3>
+    {{if .Lyrics}}
+    <p class="track-lyrics">{{.GetLyricsHTML}}</p>
+    {{else}}
+    <p class="track-lyrics empty">There are no lyrics.</p>
+    {{end}}
+</div>       
+{{end}}
diff --git a/admin/templates/html/edit-artist.html b/admin/templates/html/edit-artist.html
index 9bb5a83..e9b829a 100644
--- a/admin/templates/html/edit-artist.html
+++ b/admin/templates/html/edit-artist.html
@@ -2,6 +2,7 @@
 <title>Editing {{.Artist.Name}} - ari melody 💫</title>
 <link rel="shortcut icon" href="{{.Artist.GetAvatar}}" type="image/x-icon">
 <link rel="stylesheet" href="/admin/static/edit-artist.css">
+<link rel="stylesheet" href="/admin/static/artists.css">
 {{end}}
 
 {{define "content"}}
diff --git a/admin/templates/html/edit-release.html b/admin/templates/html/edit-release.html
index 9a16f65..238dd75 100644
--- a/admin/templates/html/edit-release.html
+++ b/admin/templates/html/edit-release.html
@@ -2,6 +2,8 @@
 <title>Editing {{.Release.Title}} - ari melody 💫</title>
 <link rel="shortcut icon" href="{{.Release.GetArtwork}}" type="image/x-icon">
 <link rel="stylesheet" href="/admin/static/edit-release.css">
+<link rel="stylesheet" href="/admin/static/releases.css">
+<link rel="stylesheet" href="/admin/static/tracks.css">
 {{end}}
 
 {{define "content"}}
@@ -154,26 +156,7 @@
                >Edit</a>
         </div>
         {{range $i, $track := .Release.Tracks}}
-        <div class="track" data-id="{{$track.ID}}">
-            <h2 class="track-title">
-                <span class="track-number">{{.Add $i 1}}</span>
-                <a href="/admin/tracks/{{$track.ID}}">{{$track.Title}}</a>
-            </h2>
-
-            <h3>Description</h3>
-            {{if $track.Description}}
-            <p class="track-description">{{$track.GetDescriptionHTML}}</p>
-            {{else}}
-            <p class="track-description empty">No description provided.</p>
-            {{end}}
-
-            <h3>Lyrics</h3>
-            {{if $track.Lyrics}}
-            <p class="track-lyrics">{{$track.GetLyricsHTML}}</p>
-            {{else}}
-            <p class="track-lyrics empty">There are no lyrics.</p>
-            {{end}}
-        </div>       
+        {{block "track" .}}{{end}}
         {{end}}
     </div>
 
diff --git a/admin/templates/html/edit-track.html b/admin/templates/html/edit-track.html
index 871db6f..14f389b 100644
--- a/admin/templates/html/edit-track.html
+++ b/admin/templates/html/edit-track.html
@@ -2,6 +2,8 @@
 <title>Editing Track - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
 <link rel="stylesheet" href="/admin/static/edit-track.css">
+<link rel="stylesheet" href="/admin/static/tracks.css">
+<link rel="stylesheet" href="/admin/static/releases.css">
 {{end}}
 
 {{define "content"}}
diff --git a/admin/templates/html/index.html b/admin/templates/html/index.html
index 581c691..4387c31 100644
--- a/admin/templates/html/index.html
+++ b/admin/templates/html/index.html
@@ -1,7 +1,10 @@
 {{define "head"}}
 <title>Admin - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/index.css">
+<link rel="stylesheet" href="/admin/static/admin.css">
+<link rel="stylesheet" href="/admin/static/releases.css">
+<link rel="stylesheet" href="/admin/static/artists.css">
+<link rel="stylesheet" href="/admin/static/tracks.css">
 {{end}}
 
 {{define "content"}}
@@ -14,26 +17,24 @@
                 <h2><a href="/admin/releases/">Releases</a> <small>({{.ReleaseCount}} total)</small></h2>
                 <a class="button new" id="create-release">Create New</a>
             </div>
+            {{if .Artists}}
             {{range .Releases}}
             {{block "release" .}}{{end}}
             {{end}}
-            {{if not .Releases}}
+            {{else}}
             <p>There are no releases.</p>
             {{end}}
         </div>
 
         <div class="card" id="artists">
             <div class="card-header">
-                <h2><a href="/admin/artists/">Artists</a></h2>
+                <h2><a href="/admin/artists/">Artists</a> <small>({{.ArtistCount}} total)</small></h2>
                 <a class="button new" id="create-artist">Create New</a>
             </div>
             {{if .Artists}}
             <div class="artists-group">
-                {{range $Artist := .Artists}}
-                <div class="artist">
-                    <img src="{{$Artist.GetAvatar}}" alt="" width="64" loading="lazy" class="artist-avatar">
-                    <a href="/admin/artists/{{$Artist.ID}}" class="artist-name">{{$Artist.Name}}</a>
-                </div>       
+                {{range .Artists}}
+                {{block "artist" .}}{{end}}
                 {{end}}
             </div>
             {{else}}
@@ -43,30 +44,13 @@
 
         <div class="card" id="tracks">
             <div class="card-header">
-                <h2><a href="/admin/tracks/">Tracks</a></h2>
+                <h2><a href="/admin/tracks/">Tracks</a> <small>({{.TrackCount}} total)</small></h2>
                 <a class="button new" id="create-track">Create New</a>
             </div>
             <p><em>"Orphaned" tracks that have not yet been bound to a release.</em></p>
             <br>
-            {{range $Track := .Tracks}}
-            <div class="track">
-                <h2 class="track-title">
-                    <a href="/admin/tracks/{{$Track.ID}}">{{$Track.Title}}</a>
-                </h2>
-                {{if $Track.Description}}
-                <p class="track-description">{{$Track.GetDescriptionHTML}}</p>
-                {{else}}
-                <p class="track-description empty">No description provided.</p>
-                {{end}}
-                {{if $Track.Lyrics}}
-                <p class="track-lyrics">{{$Track.GetLyricsHTML}}</p>
-                {{else}}
-                <p class="track-lyrics empty">There are no lyrics.</p>
-                {{end}}
-            </div>       
-            {{end}}
-            {{if not .Artists}}
-            <p>There are no artists.</p>
+            {{range .Tracks}}
+            {{block "track" .}}{{end}}
             {{end}}
         </div>
     </div>
@@ -74,5 +58,6 @@
 </main>
 
 <script type="module" src="/admin/static/admin.js"></script>
+<script type="module" src="/admin/static/artists.js"></script>
 <script type="module" src="/admin/static/index.js"></script>
 {{end}}
diff --git a/admin/templates/html/logs.html b/admin/templates/html/logs.html
index 94146a7..1faf1f1 100644
--- a/admin/templates/html/logs.html
+++ b/admin/templates/html/logs.html
@@ -55,7 +55,7 @@
         </thead>
         <tbody>
             {{range .Logs}}
-            <tr class="log {{lower (parseLevel .Level)}}">
+            <tr class="log {{toLower (parseLevel .Level)}}">
                 <td class="log-time">{{prettyTime .CreatedAt}}</td>
                 <td class="log-level">{{parseLevel .Level}}</td>
                 <td class="log-type">{{titleCase .Type}}</td>
diff --git a/admin/templates/html/releases.html b/admin/templates/html/releases.html
index ec4443f..cf32614 100644
--- a/admin/templates/html/releases.html
+++ b/admin/templates/html/releases.html
@@ -1,19 +1,24 @@
 {{define "head"}}
 <title>Releases - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/index.css">
+<link rel="stylesheet" href="/admin/static/admin.css">
+<link rel="stylesheet" href="/admin/static/releases.css">
 {{end}}
 
 {{define "content"}}
 <main>
-    <div class="card-header">
+    <header>
         <h1><a href="/admin/releases/">Releases</a></h1>
         <a class="button new" id="create-release">Create New</a>
+    </header>
+
+    {{if .Releases}}
+    <div id="releases">
+        {{range .Releases}}
+        {{block "release" .}}{{end}}
+        {{end}}
     </div>
-    {{range .Releases}}
-    {{block "release" .}}{{end}}
-    {{end}}
-    {{if not .Releases}}
+    {{else}}
     <p>There are no releases.</p>
     {{end}}
 </main>
diff --git a/admin/templates/html/tracks.html b/admin/templates/html/tracks.html
index 196b41c..8e9496b 100644
--- a/admin/templates/html/tracks.html
+++ b/admin/templates/html/tracks.html
@@ -1,39 +1,36 @@
 {{define "head"}}
 <title>Releases - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/index.css">
+<link rel="stylesheet" href="/admin/static/admin.css">
+<link rel="stylesheet" href="/admin/static/tracks.css">
 {{end}}
 
 {{define "content"}}
 <main>
-    <h1>Releases</h1>
-
-    <div class="card-header">
-        <h2><a href="/admin/tracks/">Tracks</a></h2>
+    <header>
+        <h1><a href="/admin/tracks/">Tracks</a></h1>
         <a class="button new" id="create-track">Create New</a>
+    </header>
+        
+    <div id="tracks">
+        {{range $Track := .Tracks}}
+        <div class="track">
+            <h2 class="track-title">
+                <a href="/admin/tracks/{{$Track.ID}}">{{$Track.Title}}</a>
+            </h2>
+            {{if $Track.Description}}
+            <p class="track-description">{{$Track.GetDescriptionHTML}}</p>
+            {{else}}
+            <p class="track-description empty">No description provided.</p>
+            {{end}}
+            {{if $Track.Lyrics}}
+            <p class="track-lyrics">{{$Track.GetLyricsHTML}}</p>
+            {{else}}
+            <p class="track-lyrics empty">There are no lyrics.</p>
+            {{end}}
+        </div>       
+        {{end}}
     </div>
-    <p><em>"Orphaned" tracks that have not yet been bound to a release.</em></p>
-    <br>
-    {{range $Track := .Tracks}}
-    <div class="track">
-        <h2 class="track-title">
-            <a href="/admin/tracks/{{$Track.ID}}">{{$Track.Title}}</a>
-        </h2>
-        {{if $Track.Description}}
-        <p class="track-description">{{$Track.GetDescriptionHTML}}</p>
-        {{else}}
-        <p class="track-description empty">No description provided.</p>
-        {{end}}
-        {{if $Track.Lyrics}}
-        <p class="track-lyrics">{{$Track.GetLyricsHTML}}</p>
-        {{else}}
-        <p class="track-lyrics empty">There are no lyrics.</p>
-        {{end}}
-    </div>       
-    {{end}}
-    {{if not .Artists}}
-    <p>There are no artists.</p>
-    {{end}}
 </main>
 
 <script type="module" src="/admin/static/admin.js"></script>
diff --git a/admin/templates/templates.go b/admin/templates/templates.go
index 10005ca..51b1376 100644
--- a/admin/templates/templates.go
+++ b/admin/templates/templates.go
@@ -50,33 +50,34 @@ var editArtistHTML string
 //go:embed "html/edit-track.html"
 var editTrackHTML string
 
-//go:embed "html/components/credits/newcredit.html"
+//go:embed "html/components/credit/newcredit.html"
 var componentNewCreditHTML string
-//go:embed "html/components/credits/addcredit.html"
+//go:embed "html/components/credit/addcredit.html"
 var componentAddCreditHTML string
-//go:embed "html/components/credits/editcredits.html"
+//go:embed "html/components/credit/editcredits.html"
 var componentEditCreditsHTML string
 
-//go:embed "html/components/links/editlinks.html"
+//go:embed "html/components/link/editlinks.html"
 var componentEditLinksHTML string
 
-//go:embed "html/components/release/release-list-item.html"
-var componentReleaseListItemHTML string
+//go:embed "html/components/release/release.html"
+var componentReleaseHTML string
+//go:embed "html/components/artist/artist.html"
+var componentArtistHTML string
+//go:embed "html/components/track/track.html"
+var componentTrackHTML string
 
-//go:embed "html/components/tracks/newtrack.html"
+//go:embed "html/components/track/newtrack.html"
 var componentNewTrackHTML string
-//go:embed "html/components/tracks/addtrack.html"
+//go:embed "html/components/track/addtrack.html"
 var componentAddTrackHTML string
-//go:embed "html/components/tracks/edittracks.html"
+//go:embed "html/components/track/edittracks.html"
 var componentEditTracksHTML string
 
 var BaseTemplate = template.Must(
     template.New("base").Funcs(
         template.FuncMap{
-            "hasPrefix": func(s string, prefix string) bool {
-                fmt.Printf("does \"%s\" start with \"%s\"?\n", s, prefix)
-                return strings.HasPrefix(s, prefix)
-            },
+            "hasPrefix": strings.HasPrefix,
         },
     ).Parse(strings.Join([]string{
         layoutHTML,
@@ -86,10 +87,14 @@ var BaseTemplate = template.Must(
 var IndexTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
     strings.Join([]string{
         indexHTML,
-        componentReleaseListItemHTML,
+        componentReleaseHTML,
+        componentArtistHTML,
+        componentTrackHTML,
     }, "\n"),
 ))
 
+
+
 var LoginTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(loginHTML))
 var LoginTOTPTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(loginTotpHTML))
 var RegisterTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(registerHTML))
@@ -98,51 +103,54 @@ var AccountTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(ed
 var TOTPSetupTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(totpSetupHTML))
 var TOTPConfirmTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(totpConfirmHTML))
 
+
+
 var LogsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Funcs(template.FuncMap{
-    "parseLevel": func(level log.LogLevel) string {
-        switch level {
-        case log.LEVEL_INFO:
-            return "INFO"
-        case log.LEVEL_WARN:
-            return "WARN"
-        }
-        return fmt.Sprintf("%d?", level)
-    },
-    "titleCase": func(logType string) string {
-        runes := []rune(logType)
-        for i, r := range runes {
-            if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' {
-                runes[i] = r + ('A' - 'a')
-            }
-        }
-        return string(runes)
-    },
-    "lower": func(str string) string { return strings.ToLower(str) },
-    "prettyTime": func(t time.Time) string {
-        // return t.Format("2006-01-02 15:04:05")
-        // return t.Format("15:04:05, 2 Jan 2006")
-        return t.Format("02 Jan 2006, 15:04:05")
-    },
+    "parseLevel": parseLevel,
+    "titleCase": titleCase,
+    "toLower": toLower,
+    "prettyTime": prettyTime,
 }).Parse(logsHTML))
 
+
+
 var ReleasesTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
     strings.Join([]string{
         releasesHTML,
-        componentReleaseListItemHTML,
+        componentReleaseHTML,
+    }, "\n"),
+))
+var ArtistsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
+    strings.Join([]string{
+        artistsHTML,
+        componentArtistHTML,
+    }, "\n"),
+))
+var TracksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
+    strings.Join([]string{
+        tracksHTML,
+        componentTrackHTML,
     }, "\n"),
 ))
-var ArtistsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(artistsHTML))
-var TracksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(tracksHTML))
 
-var EditReleaseTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editReleaseHTML))
+
+
+var EditReleaseTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
+    strings.Join([]string{
+        editReleaseHTML,
+        componentTrackHTML,
+    }, "\n"),
+))
 var EditArtistTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(editArtistHTML))
 var EditTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
     strings.Join([]string{
         editTrackHTML,
-        componentReleaseListItemHTML,
+        componentReleaseHTML,
     }, "\n"),
 ))
 
+
+
 var EditCreditsTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditCreditsHTML))
 var AddCreditTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentAddCreditHTML))
 var NewCreditTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentNewCreditHTML))
@@ -152,3 +160,32 @@ var EditLinksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(
 var EditTracksTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentEditTracksHTML))
 var AddTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentAddTrackHTML))
 var NewTrackTemplate = template.Must(template.Must(BaseTemplate.Clone()).Parse(componentNewTrackHTML))
+
+
+
+func parseLevel(level log.LogLevel) string {
+    switch level {
+    case log.LEVEL_INFO:
+        return "INFO"
+    case log.LEVEL_WARN:
+        return "WARN"
+    }
+    return fmt.Sprintf("%d?", level)
+}
+func titleCase(logType string) string {
+    runes := []rune(logType)
+    for i, r := range runes {
+        if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' {
+            runes[i] = r + ('A' - 'a')
+        }
+    }
+    return string(runes)
+}
+func toLower(str string) string {
+    return strings.ToLower(str)
+}
+func prettyTime(t time.Time) string {
+    // return t.Format("2006-01-02 15:04:05")
+    // return t.Format("15:04:05, 2 Jan 2006")
+    return t.Format("02 Jan 2006, 15:04:05")
+}
diff --git a/admin/trackhttp.go b/admin/trackhttp.go
index 9dfd119..bcb5220 100644
--- a/admin/trackhttp.go
+++ b/admin/trackhttp.go
@@ -12,11 +12,46 @@ import (
 
 func serveTracks(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
         slices := strings.Split(strings.TrimPrefix(r.URL.Path, "/tracks")[1:], "/")
-        id := slices[0]
-        track, err := controller.GetTrack(app.DB, id)
+        trackID := slices[0]
+
+        if len(trackID) > 0 {
+            serveTrack(app, trackID).ServeHTTP(w, r)
+            return
+        }
+
+        tracks, err := controller.GetAllTracks(app.DB)
         if err != nil {
-            fmt.Printf("Error rendering admin track page for %s: %s\n", id, err)
+            fmt.Printf("WARN: Failed to fetch tracks: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+            return
+        }
+
+        type TracksResponse struct {
+            adminPageData
+            Tracks []*model.Track
+        }
+
+        err = templates.TracksTemplate.Execute(w, TracksResponse{
+            adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
+            Tracks: tracks,
+        })
+        if err != nil {
+            fmt.Printf("WARN: Failed to serve admin tracks page: %s\n", err)
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+        }
+    })
+}
+
+func serveTrack(app *model.AppState, trackID string) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        session := r.Context().Value("session").(*model.Session)
+
+        track, err := controller.GetTrack(app.DB, trackID)
+        if err != nil {
+            fmt.Printf("WARN: Failed to serve admin track page for %s: %s\n", trackID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -27,7 +62,7 @@ func serveTracks(app *model.AppState) http.Handler {
 
         releases, err := controller.GetTrackReleases(app.DB, track.ID, true)
         if err != nil {
-            fmt.Printf("FATAL: Failed to pull releases for %s: %s\n", id, err)
+            fmt.Printf("WARN: Failed to fetch releases for track %s: %s\n", trackID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             return
         }
@@ -38,17 +73,14 @@ func serveTracks(app *model.AppState) http.Handler {
             Releases    []*model.Release
         }
 
-        session := r.Context().Value("session").(*model.Session)
-
         err = templates.EditTrackTemplate.Execute(w, TrackResponse{
             adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
             Track: track,
             Releases: releases,
         })
         if err != nil {
-            fmt.Printf("Error rendering admin track page for %s: %s\n", id, err)
+            fmt.Printf("WARN: Failed to serve admin track page for %s: %s\n", trackID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
         }
     })
 }
-
diff --git a/controller/artist.go b/controller/artist.go
index f086778..adcdbc5 100644
--- a/controller/artist.go
+++ b/controller/artist.go
@@ -29,6 +29,11 @@ func GetAllArtists(db *sqlx.DB) ([]*model.Artist, error) {
 
     return artists, nil
 }
+func GetArtistCount(db *sqlx.DB) (int, error) {
+    var count int
+    err := db.Get(&count, "SELECT count(*) FROM artist")
+    return count, err
+}
 
 func GetArtistsNotOnRelease(db *sqlx.DB, releaseID string) ([]*model.Artist, error) {
     var artists = []*model.Artist{}
diff --git a/controller/release.go b/controller/release.go
index c729c4f..a22d157 100644
--- a/controller/release.go
+++ b/controller/release.go
@@ -99,7 +99,7 @@ func GetAllReleases(db *sqlx.DB, onlyVisible bool, limit int, full bool) ([]*mod
 
     return releases, nil
 }
-func GetReleasesCount(db *sqlx.DB, onlyVisible bool) (int, error) {
+func GetReleaseCount(db *sqlx.DB, onlyVisible bool) (int, error) {
     query := "SELECT count(*) FROM musicrelease"
     if onlyVisible {
         query += " WHERE visible=true"
diff --git a/controller/track.go b/controller/track.go
index ee7581c..27f4afc 100644
--- a/controller/track.go
+++ b/controller/track.go
@@ -29,6 +29,11 @@ func GetAllTracks(db *sqlx.DB) ([]*model.Track, error) {
 
     return tracks, nil
 }
+func GetTrackCount(db *sqlx.DB) (int, error) {
+    var count int
+    err := db.Get(&count, "SELECT count(*) FROM musictrack")
+    return count, err
+}
 
 func GetOrphanTracks(db *sqlx.DB) ([]*model.Track, error) {
     var tracks = []*model.Track{}
diff --git a/model/release.go b/model/release.go
index e64317b..46f4460 100644
--- a/model/release.go
+++ b/model/release.go
@@ -39,7 +39,7 @@ const (
 // GETTERS
 
 func (release Release) GetDescriptionHTML() template.HTML {
-    return template.HTML(strings.Replace(release.Description, "\n", "<br>", -1))
+    return template.HTML(strings.ReplaceAll(release.Description, "\n", "<br>"))
 }
 
 func (release Release) TextReleaseDate() string {
diff --git a/model/track.go b/model/track.go
index deaf086..b94117e 100644
--- a/model/track.go
+++ b/model/track.go
@@ -13,16 +13,16 @@ type (
         Lyrics      string  `json:"lyrics" db:"lyrics"`
         PreviewURL  string  `json:"previewURL" db:"preview_url"`
 
-        Number      int
+        Number      int     `json:"-"`
     }
 )
 
 func (track Track) GetDescriptionHTML() template.HTML {
-    return template.HTML(strings.Replace(track.Description, "\n", "<br>", -1))
+    return template.HTML(strings.ReplaceAll(track.Description, "\n", "<br>"))
 }
 
 func (track Track) GetLyricsHTML() template.HTML {
-    return template.HTML(strings.Replace(track.Lyrics, "\n", "<br>", -1))
+    return template.HTML(strings.ReplaceAll(track.Lyrics, "\n", "<br>"))
 }
 
 // this function is stupid and i hate that i need it
diff --git a/public/style/music-gateway.css b/public/style/music-gateway.css
index 1c10e0b..1f15f74 100644
--- a/public/style/music-gateway.css
+++ b/public/style/music-gateway.css
@@ -333,7 +333,7 @@ ul#links a {
     background-color: #fff;
     text-align: center;
     text-decoration: none;
-    transition: filter .1s,-webkit-filter .1s
+    transition: filter .1s ease-out, -webkit-filter .1s ease-out;
 }
 
 #buylink {

From 774fb870fc4b1733c210e1b2f4a260a8c93ae9d4 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 18:45:53 +0100
Subject: [PATCH 75/88] show total counts on releases/artists/tracks pages

---
 admin/static/admin.css             | 8 +++++---
 admin/templates/html/artists.html  | 2 +-
 admin/templates/html/releases.html | 2 +-
 admin/templates/html/tracks.html   | 2 +-
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/admin/static/admin.css b/admin/static/admin.css
index 7e94798..bd6b65d 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -250,10 +250,12 @@ main:not(.dashboard) .card {
 .card-header a:hover {
     text-decoration: underline;
 }
-.card-header small {
+
+header :is(h1, h2, h3) small,
+.card-header :is(h1, h2, h3) small {
     display: inline-block;
-    font-size: 15px;
-    transform: translateY(-2px);
+    font-size: .6em;
+    transform: translateY(-0.1em);
     color: var(--fg-0);
 }
 
diff --git a/admin/templates/html/artists.html b/admin/templates/html/artists.html
index fe21153..85a3953 100644
--- a/admin/templates/html/artists.html
+++ b/admin/templates/html/artists.html
@@ -8,7 +8,7 @@
 {{define "content"}}
 <main>
     <header>
-        <h1><a href="/admin/artists/">Artists</a></h2>
+        <h1><a href="/admin/artists/">Artists</a> <small>({{len .Artists}} total)</small></h2>
         <a class="button new" id="create-artist">Create New</a>
     </header>
 
diff --git a/admin/templates/html/releases.html b/admin/templates/html/releases.html
index cf32614..ba59c68 100644
--- a/admin/templates/html/releases.html
+++ b/admin/templates/html/releases.html
@@ -8,7 +8,7 @@
 {{define "content"}}
 <main>
     <header>
-        <h1><a href="/admin/releases/">Releases</a></h1>
+        <h1><a href="/admin/releases/">Releases</a> <small>({{len .Releases}} total)</small></h1>
         <a class="button new" id="create-release">Create New</a>
     </header>
 
diff --git a/admin/templates/html/tracks.html b/admin/templates/html/tracks.html
index 8e9496b..746e535 100644
--- a/admin/templates/html/tracks.html
+++ b/admin/templates/html/tracks.html
@@ -8,7 +8,7 @@
 {{define "content"}}
 <main>
     <header>
-        <h1><a href="/admin/tracks/">Tracks</a></h1>
+        <h1><a href="/admin/tracks/">Tracks</a> <small>({{len .Tracks}} total)</small></h1>
         <a class="button new" id="create-track">Create New</a>
     </header>
         

From 9e984d84b5fc15bb4c64afbd70571b8fc55044aa Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 18:47:27 +0100
Subject: [PATCH 76/88] remove links from releases/artists/tracks headers

---
 admin/templates/html/artists.html  | 2 +-
 admin/templates/html/releases.html | 2 +-
 admin/templates/html/tracks.html   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/admin/templates/html/artists.html b/admin/templates/html/artists.html
index 85a3953..7652d78 100644
--- a/admin/templates/html/artists.html
+++ b/admin/templates/html/artists.html
@@ -8,7 +8,7 @@
 {{define "content"}}
 <main>
     <header>
-        <h1><a href="/admin/artists/">Artists</a> <small>({{len .Artists}} total)</small></h2>
+        <h1>Artists <small>({{len .Artists}} total)</small></h2>
         <a class="button new" id="create-artist">Create New</a>
     </header>
 
diff --git a/admin/templates/html/releases.html b/admin/templates/html/releases.html
index ba59c68..3cf110b 100644
--- a/admin/templates/html/releases.html
+++ b/admin/templates/html/releases.html
@@ -8,7 +8,7 @@
 {{define "content"}}
 <main>
     <header>
-        <h1><a href="/admin/releases/">Releases</a> <small>({{len .Releases}} total)</small></h1>
+        <h1>Releases <small>({{len .Releases}} total)</small></h1>
         <a class="button new" id="create-release">Create New</a>
     </header>
 
diff --git a/admin/templates/html/tracks.html b/admin/templates/html/tracks.html
index 746e535..c470297 100644
--- a/admin/templates/html/tracks.html
+++ b/admin/templates/html/tracks.html
@@ -8,7 +8,7 @@
 {{define "content"}}
 <main>
     <header>
-        <h1><a href="/admin/tracks/">Tracks</a> <small>({{len .Tracks}} total)</small></h1>
+        <h1>Tracks <small>({{len .Tracks}} total)</small></h1>
         <a class="button new" id="create-track">Create New</a>
     </header>
         

From 891f5282dcaaf845f0a57c1c643b1b8deee6a34a Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 18:49:10 +0100
Subject: [PATCH 77/88] fix headers on edit pages

---
 admin/static/edit-artist.css           | 4 ----
 admin/static/edit-track.css            | 4 ----
 admin/templates/html/edit-release.html | 1 +
 3 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/admin/static/edit-artist.css b/admin/static/edit-artist.css
index b171a6e..8693a1d 100644
--- a/admin/static/edit-artist.css
+++ b/admin/static/edit-artist.css
@@ -1,7 +1,3 @@
-h1 {
-    margin: 0 0 1em 0;
-}
-
 #artist {
     margin-bottom: 1em;
     padding: 1.5em;
diff --git a/admin/static/edit-track.css b/admin/static/edit-track.css
index 1a9323f..f292ca5 100644
--- a/admin/static/edit-track.css
+++ b/admin/static/edit-track.css
@@ -1,9 +1,5 @@
 @import url("/admin/static/release-list-item.css");
 
-h1 {
-    margin: 0 0 .5em 0;
-}
-
 #track {
     margin-bottom: 1em;
     padding: .5em 1.5em 1.5em 1.5em;
diff --git a/admin/templates/html/edit-release.html b/admin/templates/html/edit-release.html
index 238dd75..6b47f75 100644
--- a/admin/templates/html/edit-release.html
+++ b/admin/templates/html/edit-release.html
@@ -8,6 +8,7 @@
 
 {{define "content"}}
 <main>
+    <h1>Editing {{.Release.Title}}</h1>
 
     <div id="release" data-id="{{.Release.ID}}">
         <div class="release-artwork">

From e5689ce9503083ac06e38009f29d15838462d492 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 19:04:41 +0100
Subject: [PATCH 78/88] add alternate admin panel colour themes. for fun.

---
 admin/static/admin.css | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/admin/static/admin.css b/admin/static/admin.css
index bd6b65d..7fafa03 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -66,6 +66,32 @@
     }
 }
 
+@media (prefers-color-scheme: green) {
+    :root {
+        --bg-0: #d0d9c7;
+        --bg-1: #e2e5de;
+        --bg-2: #f1f1f1;
+        --bg-3: #ffffff;
+        --fg-0: #626f54;
+        --fg-1: #505c43;
+        --fg-2: #49523e;
+        --fg-3: #2c3522;
+    }
+}
+
+@media (prefers-color-scheme: purple) {
+    :root {
+        --bg-0: #15121c;
+        --bg-1: #1e1a27;
+        --bg-2: #302a3d;
+        --bg-3: #4a4358;
+        --fg-0: #9e8fbf;
+        --fg-1: #a29bb3;
+        --fg-2: #b9b0cd;
+        --fg-3: #dcd5ec;
+    }
+}
+
 @media (prefers-color-scheme: dark) {
     img.icon {
         -webkit-filter: invert(1);
@@ -187,6 +213,7 @@ main.dashboard {
 a {
     color: inherit;
     text-decoration: none;
+    transition: color .1s ease-out, background-color .1s ease-out;
 }
 
 /*

From ad50b9e4faa82899e27d939c8304b166c68e591e Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 21:00:54 +0100
Subject: [PATCH 79/88] admin account/TOTP fixes

---
 admin/accounthttp.go                   | 51 +++++++++++++-------------
 admin/static/admin.css                 | 11 ++++--
 admin/static/edit-account.css          |  7 +++-
 admin/templates/html/artists.html      |  1 -
 admin/templates/html/edit-account.html | 11 +++++-
 admin/templates/html/index.html        |  1 -
 admin/templates/html/login-totp.html   |  1 -
 admin/templates/html/login.html        |  1 -
 admin/templates/html/logs.html         |  1 -
 admin/templates/html/register.html     |  1 -
 admin/templates/html/releases.html     |  1 -
 admin/templates/html/totp-confirm.html | 19 +++++++++-
 admin/templates/html/totp-setup.html   |  3 +-
 admin/templates/html/tracks.html       |  1 -
 14 files changed, 67 insertions(+), 43 deletions(-)

diff --git a/admin/accounthttp.go b/admin/accounthttp.go
index 634bae6..113a17a 100644
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@@ -20,7 +20,7 @@ func accountHandler(app *model.AppState) http.Handler {
 
     mux.Handle("/account/totp-setup", totpSetupHandler(app))
     mux.Handle("/account/totp-confirm", totpConfirmHandler(app))
-    mux.Handle("/account/totp-delete/", http.StripPrefix("/totp-delete", totpDeleteHandler(app)))
+    mux.Handle("/account/totp-delete", totpDeleteHandler(app))
 
     mux.Handle("/account/password", changePasswordHandler(app))
     mux.Handle("/account/delete", deleteAccountHandler(app))
@@ -266,11 +266,6 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
             return
         }
-        code := r.FormValue("totp")
-        if len(code) != controller.TOTP_CODE_LENGTH {
-            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
-            return
-        }
 
         totp, err := controller.GetTOTP(app.DB, session.Account.ID, name)
         if err != nil {
@@ -290,23 +285,22 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
             fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err)
         }
 
+        code := r.FormValue("totp")
         confirmCode := controller.GenerateTOTP(totp.Secret, 0)
-        if code != confirmCode {
-            confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
-            if code != confirmCodeOffset {
-                session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." }
-                err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
-                    adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
-                    TOTP: totp,
-                    NameEscaped: url.PathEscape(totp.Name),
-                    QRBase64Image: qrBase64Image,
-                })
-                if err != nil {
-                    fmt.Fprintf(os.Stderr, "WARN: Failed to render TOTP setup page: %v\n", err)
-                    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-                }
-                return
+        confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1)
+        if len(code) != controller.TOTP_CODE_LENGTH || (code != confirmCode && code != confirmCodeOffset) {
+            session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." }
+            err = templates.TOTPConfirmTemplate.Execute(w, totpConfirmData{
+                adminPageData: adminPageData{ Path: r.URL.Path, Session: session },
+                TOTP: totp,
+                NameEscaped: url.PathEscape(totp.Name),
+                QRBase64Image: qrBase64Image,
+            })
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to render TOTP setup page: %v\n", err)
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
             }
+            return
         }
 
         err = controller.ConfirmTOTP(app.DB, session.Account.ID, name)
@@ -327,18 +321,23 @@ func totpConfirmHandler(app *model.AppState) http.Handler {
 
 func totpDeleteHandler(app *model.AppState) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method != http.MethodGet {
+        if r.Method != http.MethodPost {
             http.NotFound(w, r)
             return
         }
 
-        if len(r.URL.Path) < 2 {
+        session := r.Context().Value("session").(*model.Session)
+
+        err := r.ParseForm()
+        if err != nil {
+            http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+            return
+        }
+        name := r.FormValue("totp-name")
+        if len(name) == 0 {
             http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
             return
         }
-        name := r.URL.Path[1:]
-
-        session := r.Context().Value("session").(*model.Session)
 
         totp, err := controller.GetTOTP(app.DB, session.Account.ID, name)
         if err != nil {
diff --git a/admin/static/admin.css b/admin/static/admin.css
index 7fafa03..60e06c2 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -309,6 +309,7 @@ header :is(h1, h2, h3) small,
     margin: 0 0 1em 0;
     padding: 1em;
     border-radius: 8px;
+    color: #101010;
     background: #ffffff;
 }
 #message {
@@ -379,21 +380,25 @@ button:active, .button:active {
 form {
     width: 100%;
     display: block;
+    color: var(--fg-0);
 }
 form label {
     width: 100%;
     margin: 1rem 0 .5rem 0;
     display: block;
-    color: #10101080;
 }
 form input {
-    margin: .5rem 0;
-    padding: .3rem .5rem;
+    min-width: 20rem;
+    max-width: calc(100% - 1em));
+    margin: .5em 0;
+    padding: .3em .5em;
     display: block;
     border-radius: 4px;
+    border: 1px solid #808080;
     font-size: inherit;
     font-family: inherit;
     color: inherit;
+    background-color: var(--bg-0);
 }
 input[disabled] {
     opacity: .5;
diff --git a/admin/static/edit-account.css b/admin/static/edit-account.css
index 9db3773..9ca4f05 100644
--- a/admin/static/edit-account.css
+++ b/admin/static/edit-account.css
@@ -11,7 +11,8 @@ label {
     align-items: center;
     color: inherit;
 }
-input {
+form#change-password input,
+form#delete-account input {
     width: min(20rem, calc(100% - 1rem));
     margin: .5rem 0;
     padding: .3rem .5rem;
@@ -48,3 +49,7 @@ input {
 .mfa-device .mfa-device-name {
     font-weight: bold;
 }
+
+.mfa-device form input {
+    display: none;
+}
diff --git a/admin/templates/html/artists.html b/admin/templates/html/artists.html
index 7652d78..8364143 100644
--- a/admin/templates/html/artists.html
+++ b/admin/templates/html/artists.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Artists - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <link rel="stylesheet" href="/admin/static/artists.css">
 {{end}}
 
diff --git a/admin/templates/html/edit-account.html b/admin/templates/html/edit-account.html
index a081995..a4c8196 100644
--- a/admin/templates/html/edit-account.html
+++ b/admin/templates/html/edit-account.html
@@ -28,6 +28,8 @@
             <label for="confirm-password">Confirm Password</label>
             <input type="password" id="confirm-password" value="" autocomplete="new-password" required>
 
+            <br>
+
             <button type="submit" class="save">Change Password</button>
         </form>
     </div>
@@ -44,7 +46,10 @@
                 <p class="mfa-device-date">Added: {{.CreatedAtString}}</p>
             </div>
             <div>
-                <a class="button delete" href="/admin/account/totp-delete/{{.TOTP.Name}}">Delete</a>
+                <form method="POST" action="/admin/account/totp-delete">
+                    <input type="text" name="totp-name" value="{{.TOTP.Name}}" hidden>
+                    <button type="submit" class="delete">Delete</button>
+                </form>
             </div>
         </div>
         {{end}}
@@ -67,13 +72,15 @@
         This action is <strong>irreversible</strong>.
         You will need to enter your password and TOTP below.
         </p>
-        <form action="/admin/account/delete" method="POST">
+        <form action="/admin/account/delete" method="POST" id="delete-account">
             <label for="password">Password</label>
             <input type="password" name="password" value="" autocomplete="current-password" required>
 
             <label for="totp">TOTP</label>
             <input type="text" name="totp" value="" autocomplete="one-time-code" required>
 
+            <br>
+
             <button type="submit" class="delete">Delete Account</button>
         </form>
     </div>
diff --git a/admin/templates/html/index.html b/admin/templates/html/index.html
index 4387c31..1e788d5 100644
--- a/admin/templates/html/index.html
+++ b/admin/templates/html/index.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Admin - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <link rel="stylesheet" href="/admin/static/releases.css">
 <link rel="stylesheet" href="/admin/static/artists.css">
 <link rel="stylesheet" href="/admin/static/tracks.css">
diff --git a/admin/templates/html/login-totp.html b/admin/templates/html/login-totp.html
index 33e8c88..e2fa5ee 100644
--- a/admin/templates/html/login-totp.html
+++ b/admin/templates/html/login-totp.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Login - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <style>
 form#login-totp {
     width: 100%;
diff --git a/admin/templates/html/login.html b/admin/templates/html/login.html
index fbb7294..2d7206b 100644
--- a/admin/templates/html/login.html
+++ b/admin/templates/html/login.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Login - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <style>
 form#login {
     width: 100%;
diff --git a/admin/templates/html/logs.html b/admin/templates/html/logs.html
index 1faf1f1..7ddaf9e 100644
--- a/admin/templates/html/logs.html
+++ b/admin/templates/html/logs.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Audit Logs - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <link rel="stylesheet" href="/admin/static/logs.css">
 {{end}}
 
diff --git a/admin/templates/html/register.html b/admin/templates/html/register.html
index 37f0947..a6460e0 100644
--- a/admin/templates/html/register.html
+++ b/admin/templates/html/register.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Register - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <style>
 p a {
     color: #2a67c8;
diff --git a/admin/templates/html/releases.html b/admin/templates/html/releases.html
index 3cf110b..8e7d716 100644
--- a/admin/templates/html/releases.html
+++ b/admin/templates/html/releases.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Releases - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <link rel="stylesheet" href="/admin/static/releases.css">
 {{end}}
 
diff --git a/admin/templates/html/totp-confirm.html b/admin/templates/html/totp-confirm.html
index 7d305ec..459f3fc 100644
--- a/admin/templates/html/totp-confirm.html
+++ b/admin/templates/html/totp-confirm.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>TOTP Confirmation - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <style>
 .qr-code {
     border: 1px solid #8888;
@@ -9,11 +8,20 @@
 code {
     user-select: all;
 }
+#totp-setup input {
+    width: 3.8em;
+    min-width: auto;
+    font-size: 32px;
+    font-family: 'Monaspace Argon', monospace;
+    text-align: center;
+}
 </style>
 {{end}}
 
 {{define "content"}}
 <main>
+    <h1>Two-Factor Authentication</h1>
+
     {{if .Session.Error.Valid}}
     <p id="error">{{html .Session.Error.String}}</p>
     {{end}}
@@ -40,7 +48,14 @@ code {
         <p><code>{{.TOTP.Secret}}</code></p>
 
         <label for="totp">TOTP:</label>
-        <input type="text" name="totp" value="" autocomplete="one-time-code" required autofocus>
+        <input type="text"
+               name="totp"
+               value=""
+               minlength="6"
+               maxlength="6"
+               autocomplete="one-time-code"
+               required
+               autofocus>
 
         <button type="submit" class="new">Create</button>
     </form>
diff --git a/admin/templates/html/totp-setup.html b/admin/templates/html/totp-setup.html
index e74c970..9fcda9d 100644
--- a/admin/templates/html/totp-setup.html
+++ b/admin/templates/html/totp-setup.html
@@ -1,11 +1,12 @@
 {{define "head"}}
 <title>TOTP Setup - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 {{end}}
 
 {{define "content"}}
 <main>
+    <h1>Two-Factor Authentication</h1>
+
     {{if .Session.Error.Valid}}
     <p id="error">{{html .Session.Error.String}}</p>
     {{end}}
diff --git a/admin/templates/html/tracks.html b/admin/templates/html/tracks.html
index c470297..7fe9fd2 100644
--- a/admin/templates/html/tracks.html
+++ b/admin/templates/html/tracks.html
@@ -1,7 +1,6 @@
 {{define "head"}}
 <title>Releases - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
-<link rel="stylesheet" href="/admin/static/admin.css">
 <link rel="stylesheet" href="/admin/static/tracks.css">
 {{end}}
 

From 70b329c902a5b6f2ee1040dd36366c5b7039e9a3 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 23:22:57 +0100
Subject: [PATCH 80/88] admin dashboard: mobile support!

---
 admin/releasehttp.go                   |  10 +--
 admin/static/admin.css                 | 103 ++++++++++++++++++++++---
 admin/static/admin.js                  |   8 ++
 admin/static/artists.css               |   4 +
 admin/static/edit-account.css          |  13 +++-
 admin/static/edit-artist.css           |   6 ++
 admin/static/edit-release.css          |  18 ++++-
 admin/static/logs.css                  |   9 +++
 admin/static/releases.css              |   7 ++
 admin/templates/html/artists.html      |   1 -
 admin/templates/html/edit-account.html |   2 +-
 admin/templates/html/index.html        |   1 -
 admin/templates/html/layout.html       |   6 +-
 admin/templates/html/login-totp.html   |  11 ++-
 admin/templates/html/login.html        |  11 ++-
 admin/templates/html/logs.html         |  42 +++++-----
 admin/templates/html/releases.html     |   2 -
 admin/templates/html/tracks.html       |   2 -
 public/img/hamburger.svg               |   1 +
 19 files changed, 201 insertions(+), 56 deletions(-)
 create mode 100644 public/img/hamburger.svg

diff --git a/admin/releasehttp.go b/admin/releasehttp.go
index 028ad2f..7cca841 100644
--- a/admin/releasehttp.go
+++ b/admin/releasehttp.go
@@ -193,15 +193,9 @@ func serveEditTracks(release *model.Release) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
         w.Header().Set("Content-Type", "text/html")
 
-        type editTracksData struct {
-            Release *model.Release
-            Add func(a int, b int) int
-        }
+        type editTracksData struct { Release *model.Release }
 
-        err := templates.EditTracksTemplate.Execute(w, editTracksData{
-            Release: release,
-            Add: func(a, b int) int { return a + b },
-        })
+        err := templates.EditTracksTemplate.Execute(w, editTracksData{ Release: release })
         if err != nil {
             fmt.Printf("WARN: Failed to serve edit tracks component for %s: %s\n", release.ID, err)
             http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
diff --git a/admin/static/admin.css b/admin/static/admin.css
index 60e06c2..27cd867 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -193,14 +193,44 @@ nav hr {
     border-bottom: 1px solid var(--fg-0);
 }
 nav .section-label {
-    margin: 8px 0 2px 15px;
-    font-size: 10px;
+    margin: .6em 0 .1em 1.6em;
+    font-size: .6em;
     text-transform: uppercase;
     font-weight: 600;
 }
+#toggle-nav {
+    position: fixed;
+    top: 16px;
+    left: 16px;
+    padding: 8px;
+    width: 48px;
+    height: 48px;
+    display: none;
+    justify-content: center;
+    align-items: center;
+    z-index: 1;
+}
+#toggle-nav img {
+    width: 100%;
+    height: 100%;
+    object-fit: cover;
+    transform: translate(1px, 1px);
+}
+#toggle-nav img:hover {
+    filter: invert(.9);
+}
+@media (prefers-color-scheme: dark) {
+    #toggle-nav img {
+        filter: invert(.9);
+    }
+    #toggle-nav img:hover {
+        filter: none;
+    }
+}
 
 main {
-    width: min(calc(100% - 16px), 720px);
+    width: 720px;
+    max-width: calc(100% - 2em);
     height: fit-content;
     min-height: calc(100vh - 2em);
     margin: 0 auto;
@@ -213,6 +243,9 @@ main.dashboard {
 a {
     color: inherit;
     text-decoration: none;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
     transition: color .1s ease-out, background-color .1s ease-out;
 }
 
@@ -296,12 +329,6 @@ header :is(h1, h2, h3) small,
     gap: 1em;
 }
 
-@media screen and (max-width: 520px) {
-    body {
-        font-size: 12px;
-    }
-}
-
 
 
 #message,
@@ -387,9 +414,10 @@ form label {
     margin: 1rem 0 .5rem 0;
     display: block;
 }
-form input {
-    min-width: 20rem;
-    max-width: calc(100% - 1em));
+form input[type="text"],
+form input[type="password"] {
+    width: 16em;
+    max-width: 100%;
     margin: .5em 0;
     padding: .3em .5em;
     display: block;
@@ -404,3 +432,54 @@ input[disabled] {
     opacity: .5;
     cursor: not-allowed;
 }
+
+@media screen and (max-width: 720px) {
+    main {
+        padding-top: 0;
+    }
+
+    body {
+        width: 100%;
+        margin: 0;
+        font-size: 16px;
+    }
+
+    nav {
+        width: 100%;
+        left: -100%;
+        font-size: 24px;
+        z-index: 1;
+        transition: transform .2s cubic-bezier(.2,0,.5,1);
+    }
+    nav.open {
+        transform: translateX(100%);
+    }
+
+    #toggle-nav {
+        display: flex;
+    }
+
+    main > h1:first-of-type {
+        margin-left: 68px;
+        overflow: hidden;
+        white-space: nowrap;
+        text-overflow: ellipsis;
+    }
+    main > header {
+        margin-left: 68px;
+    }
+    main > header h1 {
+        display: flex;
+        flex-direction: column;
+        font-size: 1.5em;
+    }
+
+    .card {
+        flex-basis: 100%;
+        max-width: calc(100vw - 4em);
+    }
+
+    .artists-group {
+        grid-template-columns: repeat(3, 1fr);
+    }
+}
diff --git a/admin/static/admin.js b/admin/static/admin.js
index 140efe0..8bf2480 100644
--- a/admin/static/admin.js
+++ b/admin/static/admin.js
@@ -86,3 +86,11 @@ export function hijackClickEvent(container, link) {
         }));
     });
 }
+
+document.addEventListener("readystatechange", () => {
+    const navbar = document.getElementById("navbar");
+    document.getElementById("toggle-nav").addEventListener("click", event => {
+        event.preventDefault();
+        navbar.classList.toggle("open");
+    })
+});
diff --git a/admin/static/artists.css b/admin/static/artists.css
index 3074874..516a998 100644
--- a/admin/static/artists.css
+++ b/admin/static/artists.css
@@ -21,3 +21,7 @@
     object-fit: cover;
     border-radius: 8px;
 }
+
+.artist .artist-name {
+    display: block;
+}
diff --git a/admin/static/edit-account.css b/admin/static/edit-account.css
index 9ca4f05..c43d6e9 100644
--- a/admin/static/edit-account.css
+++ b/admin/static/edit-account.css
@@ -13,7 +13,9 @@ label {
 }
 form#change-password input,
 form#delete-account input {
-    width: min(20rem, calc(100% - 1rem));
+    width: 20em;
+    min-width: auto;
+    max-width: calc(100% - 1em - 2px);
     margin: .5rem 0;
     padding: .3rem .5rem;
     display: block;
@@ -51,5 +53,12 @@ form#delete-account input {
 }
 
 .mfa-device form input {
-    display: none;
+    display: none !important;
+}
+
+.mfa-actions {
+    display: flex;
+    flex-direction: row;
+    gap: .5em;
+    flex-wrap: wrap;
 }
diff --git a/admin/static/edit-artist.css b/admin/static/edit-artist.css
index 8693a1d..7bf146b 100644
--- a/admin/static/edit-artist.css
+++ b/admin/static/edit-artist.css
@@ -101,8 +101,14 @@ input[type="text"]:focus {
     border-radius: 4px;
 }
 
+.credit-info {
+    overflow: hidden;
+}
 .credit-info h3,
 .credit-info p {
     margin: 0;
     font-size: .9em;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
 }
diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css
index 62dbda1..434b487 100644
--- a/admin/static/edit-release.css
+++ b/admin/static/edit-release.css
@@ -207,6 +207,18 @@ dialog div.dialog-actions {
     opacity: .66;
 }
 
+#credits .credit .credit-info {
+    overflow: hidden;
+}
+
+#credits .credit .credit-info :is(h3, p) {
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+
+
 #editcredits ul {
     margin: 0;
     padding: 0;
@@ -487,15 +499,17 @@ dialog div.dialog-actions {
     padding: .5em;
     display: flex;
     gap: .5em;
+    background-color: var(--bg-0);
     cursor: pointer;
+    transition: background-color .1s ease-out, color .1s ease-out;
 }
 
 #addtrack ul li.new-track:nth-child(even) {
-    background: #f0f0f0;
+    background: color-mix(in srgb, var(--bg-0) 95%, #fff);
 }
 
 #addtrack ul li.new-track:hover {
-    background: #e0e0e0;
+    background: color-mix(in srgb, var(--bg-0) 90%, #fff);
 }
 
 @media only screen and (max-width: 1105px) {
diff --git a/admin/static/logs.css b/admin/static/logs.css
index 4a66038..8da60d0 100644
--- a/admin/static/logs.css
+++ b/admin/static/logs.css
@@ -46,6 +46,15 @@ form #filters input {
 
 #logs {
     width: 100%;
+    overflow: scroll;
+}
+@media screen and (max-width: 720px) {
+    #logs {
+        font-size: 12px;
+    }
+}
+
+#logs table{
     border-collapse: collapse;
 }
 
diff --git a/admin/static/releases.css b/admin/static/releases.css
index 08dcd20..0694875 100644
--- a/admin/static/releases.css
+++ b/admin/static/releases.css
@@ -15,6 +15,9 @@
 .release h3,
 .release p {
     margin: 0;
+    overflow: hidden;
+    white-space: nowrap;
+    text-overflow: ellipsis;
 }
 
 .release .release-artwork {
@@ -34,6 +37,10 @@
     aspect-ratio: 1;
 }
 
+.release .release-info {
+    max-width: calc(100% - 96px - 1em);
+}
+
 .release .release-title small {
     opacity: .75;
 }
diff --git a/admin/templates/html/artists.html b/admin/templates/html/artists.html
index 8364143..f4a6432 100644
--- a/admin/templates/html/artists.html
+++ b/admin/templates/html/artists.html
@@ -22,6 +22,5 @@
     {{end}}
 </main>
 
-<script type="module" src="/admin/static/admin.js"></script>
 <script type="module" src="/admin/static/artists.js"></script>
 {{end}}
diff --git a/admin/templates/html/edit-account.html b/admin/templates/html/edit-account.html
index a4c8196..a63d37a 100644
--- a/admin/templates/html/edit-account.html
+++ b/admin/templates/html/edit-account.html
@@ -57,7 +57,7 @@
         <p>You have no MFA devices.</p>
         {{end}}
 
-        <div>
+        <div class="mfa-actions">
             <button type="submit" class="save" id="enable-email" disabled>Enable Email TOTP</button>
             <a class="button new" id="add-totp-device" href="/admin/account/totp-setup">Add TOTP Device</a>
         </div>
diff --git a/admin/templates/html/index.html b/admin/templates/html/index.html
index 1e788d5..afb9471 100644
--- a/admin/templates/html/index.html
+++ b/admin/templates/html/index.html
@@ -56,7 +56,6 @@
 
 </main>
 
-<script type="module" src="/admin/static/admin.js"></script>
 <script type="module" src="/admin/static/artists.js"></script>
 <script type="module" src="/admin/static/index.js"></script>
 {{end}}
diff --git a/admin/templates/html/layout.html b/admin/templates/html/layout.html
index 0aaf9ca..bf1b542 100644
--- a/admin/templates/html/layout.html
+++ b/admin/templates/html/layout.html
@@ -10,12 +10,13 @@
         {{block "head" .}}{{end}}
 
         <link rel="stylesheet" href="/admin/static/admin.css">
+        <script type="module" src="/admin/static/admin.js"></script>
         <script type="module" src="/script/vendor/htmx.min.js"></script>
     </head>
 
     <body>
         <header>
-            <nav>
+            <nav id="navbar">
                 <a href="/" class="nav icon" aria-label="ari melody" title="Return to Home">
                     <img src="/img/favicon.png" alt="" width="64" height="64">
                 </a>
@@ -57,6 +58,9 @@
                 </div>
                 {{end}}
             </nav>
+            <button type="button" id="toggle-nav" aria-label="Navigation toggle">
+                <img src="/img/hamburger.svg" alt="">
+            </button>
         </header>
 
         {{block "content" .}}{{end}}
diff --git a/admin/templates/html/login-totp.html b/admin/templates/html/login-totp.html
index e2fa5ee..f03d11b 100644
--- a/admin/templates/html/login-totp.html
+++ b/admin/templates/html/login-totp.html
@@ -17,8 +17,15 @@ form button {
     margin-top: 1rem;
 }
 
-input {
-    width: calc(100% - 1rem - 2px);
+form input {
+    width: calc(100% - 1rem - 2px) !important;
+}
+
+@media screen and (max-width: 720px) {
+    h1 {
+        margin-top: 3em;
+        text-align: center;
+    }
 }
 </style>
 {{end}}
diff --git a/admin/templates/html/login.html b/admin/templates/html/login.html
index 2d7206b..aa77967 100644
--- a/admin/templates/html/login.html
+++ b/admin/templates/html/login.html
@@ -2,6 +2,13 @@
 <title>Login - ari melody 💫</title>
 <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
 <style>
+@media screen and (max-width: 720px) {
+    h1 {
+        margin-top: 3em;
+        text-align: center;
+    }
+}
+
 form#login {
     width: 100%;
     display: flex;
@@ -17,8 +24,8 @@ form button {
     margin-top: 1rem;
 }
 
-input {
-    width: calc(100% - 1rem - 2px);
+form input {
+    width: calc(100% - 1rem - 2px) !important;
 }
 </style>
 {{end}}
diff --git a/admin/templates/html/logs.html b/admin/templates/html/logs.html
index 7ddaf9e..4f24c72 100644
--- a/admin/templates/html/logs.html
+++ b/admin/templates/html/logs.html
@@ -43,25 +43,27 @@
     
     <hr>
 
-    <table id="logs">
-        <thead>
-            <tr>
-                <th class="log-time">Time</th>
-                <th class="log-level">Level</th>
-                <th class="log-type">Type</th>
-                <th class="log-content">Message</th>
-            </tr>
-        </thead>
-        <tbody>
-            {{range .Logs}}
-            <tr class="log {{toLower (parseLevel .Level)}}">
-                <td class="log-time">{{prettyTime .CreatedAt}}</td>
-                <td class="log-level">{{parseLevel .Level}}</td>
-                <td class="log-type">{{titleCase .Type}}</td>
-                <td class="log-content">{{.Content}}</td>
-            </tr>
-            {{end}}
-        </tbody>
-    </table>
+    <div id="logs">
+        <table>
+            <thead>
+                <tr>
+                    <th class="log-time">Time</th>
+                    <th class="log-level">Level</th>
+                    <th class="log-type">Type</th>
+                    <th class="log-content">Message</th>
+                </tr>
+            </thead>
+            <tbody>
+                {{range .Logs}}
+                <tr class="log {{toLower (parseLevel .Level)}}">
+                    <td class="log-time">{{prettyTime .CreatedAt}}</td>
+                    <td class="log-level">{{parseLevel .Level}}</td>
+                    <td class="log-type">{{titleCase .Type}}</td>
+                    <td class="log-content">{{.Content}}</td>
+                </tr>
+                {{end}}
+            </tbody>
+        </table>
+    </div>
 </main>
 {{end}}
diff --git a/admin/templates/html/releases.html b/admin/templates/html/releases.html
index 8e7d716..ed5aec6 100644
--- a/admin/templates/html/releases.html
+++ b/admin/templates/html/releases.html
@@ -21,6 +21,4 @@
     <p>There are no releases.</p>
     {{end}}
 </main>
-
-<script type="module" src="/admin/static/admin.js"></script>
 {{end}}
diff --git a/admin/templates/html/tracks.html b/admin/templates/html/tracks.html
index 7fe9fd2..6bb6f18 100644
--- a/admin/templates/html/tracks.html
+++ b/admin/templates/html/tracks.html
@@ -31,6 +31,4 @@
         {{end}}
     </div>
 </main>
-
-<script type="module" src="/admin/static/admin.js"></script>
 {{end}}
diff --git a/public/img/hamburger.svg b/public/img/hamburger.svg
new file mode 100644
index 0000000..f7e91a0
--- /dev/null
+++ b/public/img/hamburger.svg
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;"><rect id="Artboard1" x="0" y="0" width="15.36" height="15.36" style="fill:none;"/><g id="Artboard11" serif:id="Artboard1"><path d="M13.44,7.68c0,0.53 -0.43,0.96 -0.96,0.96l-9.6,0c-0.53,0 -0.96,-0.43 -0.96,-0.96c-0,-0.53 0.43,-0.96 0.96,-0.96l9.6,-0c0.53,-0 0.96,0.43 0.96,0.96Z"/><path d="M13.44,11.52c0,0.53 -0.43,0.96 -0.96,0.96l-9.6,0c-0.53,0 -0.96,-0.43 -0.96,-0.96c-0,-0.53 0.43,-0.96 0.96,-0.96l9.6,0c0.53,0 0.96,0.43 0.96,0.96Z"/><path d="M13.44,3.84c0,0.53 -0.43,0.96 -0.96,0.96l-9.6,0c-0.53,0 -0.96,-0.43 -0.96,-0.96c-0,-0.53 0.43,-0.96 0.96,-0.96l9.6,0c0.53,0 0.96,0.43 0.96,0.96Z"/></g></svg>
\ No newline at end of file

From ef3f3c5428c86692c3ab70f678899204332268c0 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 23:37:31 +0100
Subject: [PATCH 81/88] rollback: go:embed for static files

---
 Makefile                       |  2 +-
 admin/http.go                  | 11 ++++++-----
 admin/static/admin.css         |  7 +++++--
 public/script/music-gateway.js |  3 +--
 view/index.go                  |  3 ++-
 5 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index f96321c..5c96c65 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ build:
 	GOOS=linux GOARCH=amd64 go build -o $(EXEC)
 
 bundle: build
-	tar czf $(EXEC).tar.gz $(EXEC) admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
+	tar czf $(EXEC).tar.gz $(EXEC) admin/static/ public/
 
 clean:
 	rm $(EXEC) $(EXEC).tar.gz
diff --git a/admin/http.go b/admin/http.go
index f65d8b9..23bdeae 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -3,13 +3,9 @@ package admin
 import (
 	"context"
 	"database/sql"
-	"embed"
 	"fmt"
-	"mime"
 	"net/http"
 	"os"
-	"path"
-	"path/filepath"
 	"strings"
 	"time"
 
@@ -17,6 +13,7 @@ import (
 	"arimelody-web/controller"
 	"arimelody-web/log"
 	"arimelody-web/model"
+	"arimelody-web/view"
 
 	"golang.org/x/crypto/bcrypt"
 )
@@ -58,7 +55,9 @@ func Handler(app *model.AppState) http.Handler {
     mux.Handle("/tracks", requireAccount(serveTracks(app)))
     mux.Handle("/tracks/", requireAccount(serveTracks(app)))
 
-    mux.Handle("/static/", staticHandler())
+    mux.Handle("/static/", requireAccount(
+        http.StripPrefix("/static",
+        view.ServeFiles("./admin/static"))))
 
     mux.Handle("/", requireAccount(AdminIndexHandler(app)))
 
@@ -484,6 +483,7 @@ func requireAccount(next http.Handler) http.HandlerFunc {
     })
 }
 
+/*
 //go:embed "static"
 var staticFS embed.FS
 
@@ -502,6 +502,7 @@ func staticHandler() http.Handler {
         w.Write(file)
     })
 }
+*/
 
 func enforceSession(app *model.AppState, next http.Handler) http.Handler {
     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/admin/static/admin.css b/admin/static/admin.css
index 27cd867..8f983c7 100644
--- a/admin/static/admin.css
+++ b/admin/static/admin.css
@@ -94,8 +94,8 @@
 
 @media (prefers-color-scheme: dark) {
     img.icon {
-        -webkit-filter: invert(1);
-        filter: invert(1);
+        -webkit-filter: invert(.9);
+        filter: invert(.9);
     }
 }
 
@@ -217,13 +217,16 @@ nav .section-label {
     transform: translate(1px, 1px);
 }
 #toggle-nav img:hover {
+    -webkit-filter: invert(.9);
     filter: invert(.9);
 }
 @media (prefers-color-scheme: dark) {
     #toggle-nav img {
+        -webkit-filter: invert(.9);
         filter: invert(.9);
     }
     #toggle-nav img:hover {
+        -webkit-filter: none;
         filter: none;
     }
 }
diff --git a/public/script/music-gateway.js b/public/script/music-gateway.js
index 097a398..237868c 100644
--- a/public/script/music-gateway.js
+++ b/public/script/music-gateway.js
@@ -20,7 +20,6 @@ function update_extras_buttons() {
     const info_container = document.getElementById("info")
     info_container.addEventListener("scroll", update_extras_buttons);
     const info_rect = info_container.getBoundingClientRect();
-    const info_y = info_rect.y;
     const font_size = parseFloat(getComputedStyle(document.documentElement).fontSize);
     let current = extras_pairs[0];
     extras_pairs.forEach(pair => {
@@ -53,7 +52,7 @@ function bind_go_back_btn() {
 function bind_share_btn() {
     const share_btn = document.getElementById("share");
     if (navigator.clipboard === undefined) {
-        share_btn.onclick = event => {
+        share_btn.onclick = () => {
             console.error("clipboard is not supported by this browser!");
         };
         return;
diff --git a/view/index.go b/view/index.go
index fabbba4..0b334ef 100644
--- a/view/index.go
+++ b/view/index.go
@@ -38,6 +38,7 @@ func IndexHandler(app *model.AppState) http.Handler {
             return
         }
 
-        ServeEmbedFS(app.PublicFS, "public").ServeHTTP(w, r)
+        http.FileServer(http.Dir("./public")).ServeHTTP(w, r)
+        //ServeEmbedFS(app.PublicFS, "public").ServeHTTP(w, r)
     })
 }

From 800d4b5bdf84e8df45631dd65664bb83fdc6d77d Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 23:48:36 +0100
Subject: [PATCH 82/88] fix core admin css and js not rendering for
 unauthorised users

---
 admin/http.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/admin/http.go b/admin/http.go
index 23bdeae..2a6b4ae 100644
--- a/admin/http.go
+++ b/admin/http.go
@@ -55,9 +55,19 @@ func Handler(app *model.AppState) http.Handler {
     mux.Handle("/tracks", requireAccount(serveTracks(app)))
     mux.Handle("/tracks/", requireAccount(serveTracks(app)))
 
-    mux.Handle("/static/", requireAccount(
-        http.StripPrefix("/static",
-        view.ServeFiles("./admin/static"))))
+    mux.Handle("/static/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        if r.URL.Path == "/static/admin.css" {
+            http.ServeFile(w, r, "./admin/static/admin.css")
+            return
+        }
+        if r.URL.Path == "/static/admin.js" {
+            http.ServeFile(w, r, "./admin/static/admin.js")
+            return
+        }
+        requireAccount(
+            http.StripPrefix("/static",
+            view.ServeFiles("./admin/static"))).ServeHTTP(w, r)
+        }))
 
     mux.Handle("/", requireAccount(AdminIndexHandler(app)))
 

From 87b1fdc3736260f46e3f9e9523fc56ffb097b10a Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Tue, 21 Oct 2025 23:52:46 +0100
Subject: [PATCH 83/88] i am not going to the .DS_Store

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 5c96c65..98a4ea1 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ build:
 	GOOS=linux GOARCH=amd64 go build -o $(EXEC)
 
 bundle: build
-	tar czf $(EXEC).tar.gz $(EXEC) admin/static/ public/
+	tar czf $(EXEC).tar.gz --exclude ".DS_Store" $(EXEC) admin/static/ public/
 
 clean:
 	rm $(EXEC) $(EXEC).tar.gz

From 01c14b4e38a673e170c286b0aed741275b9d864c Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Wed, 22 Oct 2025 00:26:38 +0100
Subject: [PATCH 84/88] testing forgejo actions

---
 .forgejo/workflows/test.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 .forgejo/workflows/test.yaml

diff --git a/.forgejo/workflows/test.yaml b/.forgejo/workflows/test.yaml
new file mode 100644
index 0000000..6f2d729
--- /dev/null
+++ b/.forgejo/workflows/test.yaml
@@ -0,0 +1,9 @@
+on:
+  push:
+    branches:
+      - dev
+jobs:
+  test:
+    runs-on: docker
+    steps:
+      - run: echo it works!

From 75f96ddc8c88deb00b0a246f33ef965b7a77f5c7 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Wed, 22 Oct 2025 01:48:03 +0100
Subject: [PATCH 85/88] baby's first push prod action: let's hope this works!

---
 .forgejo/workflows/push-prod.yaml | 45 +++++++++++++++++++++++++++++++
 .forgejo/workflows/test.yaml      |  9 -------
 2 files changed, 45 insertions(+), 9 deletions(-)
 create mode 100644 .forgejo/workflows/push-prod.yaml
 delete mode 100644 .forgejo/workflows/test.yaml

diff --git a/.forgejo/workflows/push-prod.yaml b/.forgejo/workflows/push-prod.yaml
new file mode 100644
index 0000000..8e732a6
--- /dev/null
+++ b/.forgejo/workflows/push-prod.yaml
@@ -0,0 +1,45 @@
+on:
+  push:
+    branches:
+      - main
+
+env:
+  EXEC: arimelody-web
+
+jobs:
+  deploy:
+    runs-on: docker
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+
+      - name: Run tests
+        run: go test -v ./model
+
+      - name: Build binary
+        run: make build
+
+      - name: Bundle tarball
+        run: make bundle
+
+      - name: Set up SSH keys
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Copy to production server
+        run: |
+          mkdir -p ~/.ssh/
+          export REMOTE=${{ secrets.SSH_USER }}@{{ secrets.SSH_HOST }}
+          export PORT=${{ secrets.SSH_PORT }}
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > 
+          scp -P ${{ secrets.SSH_PORT }} ./$EXEC.tar.gz $REMOTE:~/
+          ssh -o StrictHostKeyChecking=no $REMOTE -p $PORT << EOF
+            cd ${{ secrets.DEPLOY_DIR }}
+            tar xzf ~/$EXEC.tar.gz"
+            echo "restart" > ./deploy.sock
+          EOF
+
diff --git a/.forgejo/workflows/test.yaml b/.forgejo/workflows/test.yaml
deleted file mode 100644
index 6f2d729..0000000
--- a/.forgejo/workflows/test.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-on:
-  push:
-    branches:
-      - dev
-jobs:
-  test:
-    runs-on: docker
-    steps:
-      - run: echo it works!

From c432f8e321f61a7411cb7bae200fd9bec603e535 Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Wed, 22 Oct 2025 01:52:10 +0100
Subject: [PATCH 86/88] maybe fix setup-go action

---
 .forgejo/workflows/push-prod-test.yaml | 36 ++++++++++++++++++++++++++
 .forgejo/workflows/push-prod.yaml      |  2 ++
 2 files changed, 38 insertions(+)
 create mode 100644 .forgejo/workflows/push-prod-test.yaml

diff --git a/.forgejo/workflows/push-prod-test.yaml b/.forgejo/workflows/push-prod-test.yaml
new file mode 100644
index 0000000..70065d6
--- /dev/null
+++ b/.forgejo/workflows/push-prod-test.yaml
@@ -0,0 +1,36 @@
+on:
+  push:
+    branches:
+      - dev
+
+env:
+  EXEC: arimelody-web
+
+jobs:
+  deploy:
+    runs-on: docker
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '^1.25.1'
+
+      - name: Run tests
+        run: go test -v ./model
+
+      - name: Build binary
+        run: make build
+
+      - name: Bundle tarball
+        run: make bundle
+
+      - name: Set up SSH keys
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Copy to production server
+        run: echo "we'll just pretend it works lol"
diff --git a/.forgejo/workflows/push-prod.yaml b/.forgejo/workflows/push-prod.yaml
index 8e732a6..4a7f7a5 100644
--- a/.forgejo/workflows/push-prod.yaml
+++ b/.forgejo/workflows/push-prod.yaml
@@ -15,6 +15,8 @@ jobs:
 
       - name: Set up Go
         uses: actions/setup-go@v4
+        with:
+          go-version: '^1.25.1'
 
       - name: Run tests
         run: go test -v ./model

From c4684285a65b1a1089ed9a29210cbd616f883c0a Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Wed, 22 Oct 2025 01:56:36 +0100
Subject: [PATCH 87/88] moment of truth

---
 .forgejo/workflows/push-prod-test.yaml | 36 --------------------------
 .forgejo/workflows/push-prod.yaml      | 22 +++++++++-------
 2 files changed, 12 insertions(+), 46 deletions(-)
 delete mode 100644 .forgejo/workflows/push-prod-test.yaml

diff --git a/.forgejo/workflows/push-prod-test.yaml b/.forgejo/workflows/push-prod-test.yaml
deleted file mode 100644
index 70065d6..0000000
--- a/.forgejo/workflows/push-prod-test.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-on:
-  push:
-    branches:
-      - dev
-
-env:
-  EXEC: arimelody-web
-
-jobs:
-  deploy:
-    runs-on: docker
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '^1.25.1'
-
-      - name: Run tests
-        run: go test -v ./model
-
-      - name: Build binary
-        run: make build
-
-      - name: Bundle tarball
-        run: make bundle
-
-      - name: Set up SSH keys
-        uses: webfactory/ssh-agent@v0.9.0
-        with:
-          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
-
-      - name: Copy to production server
-        run: echo "we'll just pretend it works lol"
diff --git a/.forgejo/workflows/push-prod.yaml b/.forgejo/workflows/push-prod.yaml
index 4a7f7a5..534304e 100644
--- a/.forgejo/workflows/push-prod.yaml
+++ b/.forgejo/workflows/push-prod.yaml
@@ -5,6 +5,8 @@ on:
 
 env:
   EXEC: arimelody-web
+  REMOTE: ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}
+  PORT: ${{ secrets.SSH_PORT }}
 
 jobs:
   deploy:
@@ -34,14 +36,14 @@ jobs:
 
       - name: Copy to production server
         run: |
-          mkdir -p ~/.ssh/
-          export REMOTE=${{ secrets.SSH_USER }}@{{ secrets.SSH_HOST }}
-          export PORT=${{ secrets.SSH_PORT }}
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > 
-          scp -P ${{ secrets.SSH_PORT }} ./$EXEC.tar.gz $REMOTE:~/
-          ssh -o StrictHostKeyChecking=no $REMOTE -p $PORT << EOF
-            cd ${{ secrets.DEPLOY_DIR }}
-            tar xzf ~/$EXEC.tar.gz"
-            echo "restart" > ./deploy.sock
-          EOF
+          ssh-keyscan -p $PORT ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts
+          scp -P $PORT ./$EXEC.tar.gz $REMOTE:~/
+
+      - name: Restart production
+        run: |
+          ssh -o StrictHostKeyChecking=no $REMOTE -p $PORT << EOT
+            cd ${{ secrets.DEPLOY_DIR }}
+            tar xzf ~/$EXEC.tar.gz
+            echo "restart" > ./deploy.sock
+          EOT
 

From 65f277b3f27a519c69c7924b3444912849ad8e1c Mon Sep 17 00:00:00 2001
From: ari melody <ari@arimelody.space>
Date: Wed, 22 Oct 2025 02:38:10 +0100
Subject: [PATCH 88/88] tweak for new CI

---
 .forgejo/workflows/push-prod.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.forgejo/workflows/push-prod.yaml b/.forgejo/workflows/push-prod.yaml
index 534304e..7a9fd05 100644
--- a/.forgejo/workflows/push-prod.yaml
+++ b/.forgejo/workflows/push-prod.yaml
@@ -44,6 +44,7 @@ jobs:
           ssh -o StrictHostKeyChecking=no $REMOTE -p $PORT << EOT
             cd ${{ secrets.DEPLOY_DIR }}
             tar xzf ~/$EXEC.tar.gz
-            echo "restart" > ./deploy.sock
+            /bin/bash ~/restart.sh
+            rm ~/$EXEC.tar.gz
           EOT