From bcae1b0299ebb8359de44e4c30fd8877d589fd46 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Thu, 26 Aug 2021 18:11:08 +0530
Subject: [PATCH 01/58] prototype QR code generation

---
 www/common/common-interface.js | 19 +++++++++++++++++++
 www/lib/qrcode.min.js          |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 www/lib/qrcode.min.js

diff --git a/www/common/common-interface.js b/www/common/common-interface.js
index 71a1ed8af..9227c600e 100644
--- a/www/common/common-interface.js
+++ b/www/common/common-interface.js
@@ -1482,5 +1482,24 @@ define([
         });
     };
 
+/*  QR code generation is synchronous once the library is loaded
+    so this could be syncronous if we load the library separately.
+    It could also just return the rendered code instead of displaying
+    it in an alert.
+
+    to test:
+    require(['/common/common-interface.js'], function (UI) { UI.createQRCode('https://cryptpad.fr'); });
+*/
+    UI.createQRCode = function (data, _cb) {
+        var cb = Util.once(Util.mkAsync(_cb || Util.noop));
+        require(['/lib/qrcode.min.js'], function () {
+            var div = h('div');
+            var code = new window.QRCode(div, data);
+            // code._el === div
+            UI.alert(div, cb);
+        });
+    };
+
+
     return UI;
 });
diff --git a/www/lib/qrcode.min.js b/www/lib/qrcode.min.js
new file mode 100644
index 000000000..993e88f39
--- /dev/null
+++ b/www/lib/qrcode.min.js
@@ -0,0 +1 @@
+var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this.parsedData=[];for(var b=[],d=0,e=this.data.length;e>d;d++){var f=this.data.charCodeAt(d);f>65536?(b[0]=240|(1835008&f)>>>18,b[1]=128|(258048&f)>>>12,b[2]=128|(4032&f)>>>6,b[3]=128|63&f):f>2048?(b[0]=224|(61440&f)>>>12,b[1]=128|(4032&f)>>>6,b[2]=128|63&f):f>128?(b[0]=192|(1984&f)>>>6,b[1]=128|63&f):b[0]=f,this.parsedData=this.parsedData.concat(b)}this.parsedData.length!=this.data.length&&(this.parsedData.unshift(191),this.parsedData.unshift(187),this.parsedData.unshift(239))}function b(a,b){this.typeNumber=a,this.errorCorrectLevel=b,this.modules=null,this.moduleCount=0,this.dataCache=null,this.dataList=[]}function i(a,b){if(void 0==a.length)throw new Error(a.length+"/"+b);for(var c=0;c<a.length&&0==a[c];)c++;this.num=new Array(a.length-c+b);for(var d=0;d<a.length-c;d++)this.num[d]=a[d+c]}function j(a,b){this.totalCount=a,this.dataCount=b}function k(){this.buffer=[],this.length=0}function m(){return"undefined"!=typeof CanvasRenderingContext2D}function n(){var a=!1,b=navigator.userAgent;return/android/i.test(b)&&(a=!0,aMat=b.toString().match(/android ([0-9]\.[0-9])/i),aMat&&aMat[1]&&(a=parseFloat(aMat[1]))),a}function r(a,b){for(var c=1,e=s(a),f=0,g=l.length;g>=f;f++){var h=0;switch(b){case d.L:h=l[f][0];break;case d.M:h=l[f][1];break;case d.Q:h=l[f][2];break;case d.H:h=l[f][3]}if(h>=e)break;c++}if(c>l.length)throw new Error("Too long data");return c}function s(a){var b=encodeURI(a).toString().replace(/\%[0-9a-fA-F]{2}/g,"a");return b.length+(b.length!=a?3:0)}a.prototype={getLength:function(){return this.parsedData.length},write:function(a){for(var b=0,c=this.parsedData.length;c>b;b++)a.put(this.parsedData[b],8)}},b.prototype={addData:function(b){var c=new a(b);this.dataList.push(c),this.dataCache=null},isDark:function(a,b){if(0>a||this.moduleCount<=a||0>b||this.moduleCount<=b)throw new Error(a+","+b);return this.modules[a][b]},getModuleCount:function(){return this.moduleCount},make:function(){this.makeImpl(!1,this.getBestMaskPattern())},makeImpl:function(a,c){this.moduleCount=4*this.typeNumber+17,this.modules=new Array(this.moduleCount);for(var d=0;d<this.moduleCount;d++){this.modules[d]=new Array(this.moduleCount);for(var e=0;e<this.moduleCount;e++)this.modules[d][e]=null}this.setupPositionProbePattern(0,0),this.setupPositionProbePattern(this.moduleCount-7,0),this.setupPositionProbePattern(0,this.moduleCount-7),this.setupPositionAdjustPattern(),this.setupTimingPattern(),this.setupTypeInfo(a,c),this.typeNumber>=7&&this.setupTypeNumber(a),null==this.dataCache&&(this.dataCache=b.createData(this.typeNumber,this.errorCorrectLevel,this.dataList)),this.mapData(this.dataCache,c)},setupPositionProbePattern:function(a,b){for(var c=-1;7>=c;c++)if(!(-1>=a+c||this.moduleCount<=a+c))for(var d=-1;7>=d;d++)-1>=b+d||this.moduleCount<=b+d||(this.modules[a+c][b+d]=c>=0&&6>=c&&(0==d||6==d)||d>=0&&6>=d&&(0==c||6==c)||c>=2&&4>=c&&d>=2&&4>=d?!0:!1)},getBestMaskPattern:function(){for(var a=0,b=0,c=0;8>c;c++){this.makeImpl(!0,c);var d=f.getLostPoint(this);(0==c||a>d)&&(a=d,b=c)}return b},createMovieClip:function(a,b,c){var d=a.createEmptyMovieClip(b,c),e=1;this.make();for(var f=0;f<this.modules.length;f++)for(var g=f*e,h=0;h<this.modules[f].length;h++){var i=h*e,j=this.modules[f][h];j&&(d.beginFill(0,100),d.moveTo(i,g),d.lineTo(i+e,g),d.lineTo(i+e,g+e),d.lineTo(i,g+e),d.endFill())}return d},setupTimingPattern:function(){for(var a=8;a<this.moduleCount-8;a++)null==this.modules[a][6]&&(this.modules[a][6]=0==a%2);for(var b=8;b<this.moduleCount-8;b++)null==this.modules[6][b]&&(this.modules[6][b]=0==b%2)},setupPositionAdjustPattern:function(){for(var a=f.getPatternPosition(this.typeNumber),b=0;b<a.length;b++)for(var c=0;c<a.length;c++){var d=a[b],e=a[c];if(null==this.modules[d][e])for(var g=-2;2>=g;g++)for(var h=-2;2>=h;h++)this.modules[d+g][e+h]=-2==g||2==g||-2==h||2==h||0==g&&0==h?!0:!1}},setupTypeNumber:function(a){for(var b=f.getBCHTypeNumber(this.typeNumber),c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[Math.floor(c/3)][c%3+this.moduleCount-8-3]=d}for(var c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[c%3+this.moduleCount-8-3][Math.floor(c/3)]=d}},setupTypeInfo:function(a,b){for(var c=this.errorCorrectLevel<<3|b,d=f.getBCHTypeInfo(c),e=0;15>e;e++){var g=!a&&1==(1&d>>e);6>e?this.modules[e][8]=g:8>e?this.modules[e+1][8]=g:this.modules[this.moduleCount-15+e][8]=g}for(var e=0;15>e;e++){var g=!a&&1==(1&d>>e);8>e?this.modules[8][this.moduleCount-e-1]=g:9>e?this.modules[8][15-e-1+1]=g:this.modules[8][15-e-1]=g}this.modules[this.moduleCount-8][8]=!a},mapData:function(a,b){for(var c=-1,d=this.moduleCount-1,e=7,g=0,h=this.moduleCount-1;h>0;h-=2)for(6==h&&h--;;){for(var i=0;2>i;i++)if(null==this.modules[d][h-i]){var j=!1;g<a.length&&(j=1==(1&a[g]>>>e));var k=f.getMask(b,d,h-i);k&&(j=!j),this.modules[d][h-i]=j,e--,-1==e&&(g++,e=7)}if(d+=c,0>d||this.moduleCount<=d){d-=c,c=-c;break}}}},b.PAD0=236,b.PAD1=17,b.createData=function(a,c,d){for(var e=j.getRSBlocks(a,c),g=new k,h=0;h<d.length;h++){var i=d[h];g.put(i.mode,4),g.put(i.getLength(),f.getLengthInBits(i.mode,a)),i.write(g)}for(var l=0,h=0;h<e.length;h++)l+=e[h].dataCount;if(g.getLengthInBits()>8*l)throw new Error("code length overflow. ("+g.getLengthInBits()+">"+8*l+")");for(g.getLengthInBits()+4<=8*l&&g.put(0,4);0!=g.getLengthInBits()%8;)g.putBit(!1);for(;;){if(g.getLengthInBits()>=8*l)break;if(g.put(b.PAD0,8),g.getLengthInBits()>=8*l)break;g.put(b.PAD1,8)}return b.createBytes(g,e)},b.createBytes=function(a,b){for(var c=0,d=0,e=0,g=new Array(b.length),h=new Array(b.length),j=0;j<b.length;j++){var k=b[j].dataCount,l=b[j].totalCount-k;d=Math.max(d,k),e=Math.max(e,l),g[j]=new Array(k);for(var m=0;m<g[j].length;m++)g[j][m]=255&a.buffer[m+c];c+=k;var n=f.getErrorCorrectPolynomial(l),o=new i(g[j],n.getLength()-1),p=o.mod(n);h[j]=new Array(n.getLength()-1);for(var m=0;m<h[j].length;m++){var q=m+p.getLength()-h[j].length;h[j][m]=q>=0?p.get(q):0}}for(var r=0,m=0;m<b.length;m++)r+=b[m].totalCount;for(var s=new Array(r),t=0,m=0;d>m;m++)for(var j=0;j<b.length;j++)m<g[j].length&&(s[t++]=g[j][m]);for(var m=0;e>m;m++)for(var j=0;j<b.length;j++)m<h[j].length&&(s[t++]=h[j][m]);return s};for(var c={MODE_NUMBER:1,MODE_ALPHA_NUM:2,MODE_8BIT_BYTE:4,MODE_KANJI:8},d={L:1,M:0,Q:3,H:2},e={PATTERN000:0,PATTERN001:1,PATTERN010:2,PATTERN011:3,PATTERN100:4,PATTERN101:5,PATTERN110:6,PATTERN111:7},f={PATTERN_POSITION_TABLE:[[],[6,18],[6,22],[6,26],[6,30],[6,34],[6,22,38],[6,24,42],[6,26,46],[6,28,50],[6,30,54],[6,32,58],[6,34,62],[6,26,46,66],[6,26,48,70],[6,26,50,74],[6,30,54,78],[6,30,56,82],[6,30,58,86],[6,34,62,90],[6,28,50,72,94],[6,26,50,74,98],[6,30,54,78,102],[6,28,54,80,106],[6,32,58,84,110],[6,30,58,86,114],[6,34,62,90,118],[6,26,50,74,98,122],[6,30,54,78,102,126],[6,26,52,78,104,130],[6,30,56,82,108,134],[6,34,60,86,112,138],[6,30,58,86,114,142],[6,34,62,90,118,146],[6,30,54,78,102,126,150],[6,24,50,76,102,128,154],[6,28,54,80,106,132,158],[6,32,58,84,110,136,162],[6,26,54,82,110,138,166],[6,30,58,86,114,142,170]],G15:1335,G18:7973,G15_MASK:21522,getBCHTypeInfo:function(a){for(var b=a<<10;f.getBCHDigit(b)-f.getBCHDigit(f.G15)>=0;)b^=f.G15<<f.getBCHDigit(b)-f.getBCHDigit(f.G15);return(a<<10|b)^f.G15_MASK},getBCHTypeNumber:function(a){for(var b=a<<12;f.getBCHDigit(b)-f.getBCHDigit(f.G18)>=0;)b^=f.G18<<f.getBCHDigit(b)-f.getBCHDigit(f.G18);return a<<12|b},getBCHDigit:function(a){for(var b=0;0!=a;)b++,a>>>=1;return b},getPatternPosition:function(a){return f.PATTERN_POSITION_TABLE[a-1]},getMask:function(a,b,c){switch(a){case e.PATTERN000:return 0==(b+c)%2;case e.PATTERN001:return 0==b%2;case e.PATTERN010:return 0==c%3;case e.PATTERN011:return 0==(b+c)%3;case e.PATTERN100:return 0==(Math.floor(b/2)+Math.floor(c/3))%2;case e.PATTERN101:return 0==b*c%2+b*c%3;case e.PATTERN110:return 0==(b*c%2+b*c%3)%2;case e.PATTERN111:return 0==(b*c%3+(b+c)%2)%2;default:throw new Error("bad maskPattern:"+a)}},getErrorCorrectPolynomial:function(a){for(var b=new i([1],0),c=0;a>c;c++)b=b.multiply(new i([1,g.gexp(c)],0));return b},getLengthInBits:function(a,b){if(b>=1&&10>b)switch(a){case c.MODE_NUMBER:return 10;case c.MODE_ALPHA_NUM:return 9;case c.MODE_8BIT_BYTE:return 8;case c.MODE_KANJI:return 8;default:throw new Error("mode:"+a)}else if(27>b)switch(a){case c.MODE_NUMBER:return 12;case c.MODE_ALPHA_NUM:return 11;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 10;default:throw new Error("mode:"+a)}else{if(!(41>b))throw new Error("type:"+b);switch(a){case c.MODE_NUMBER:return 14;case c.MODE_ALPHA_NUM:return 13;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 12;default:throw new Error("mode:"+a)}}},getLostPoint:function(a){for(var b=a.getModuleCount(),c=0,d=0;b>d;d++)for(var e=0;b>e;e++){for(var f=0,g=a.isDark(d,e),h=-1;1>=h;h++)if(!(0>d+h||d+h>=b))for(var i=-1;1>=i;i++)0>e+i||e+i>=b||(0!=h||0!=i)&&g==a.isDark(d+h,e+i)&&f++;f>5&&(c+=3+f-5)}for(var d=0;b-1>d;d++)for(var e=0;b-1>e;e++){var j=0;a.isDark(d,e)&&j++,a.isDark(d+1,e)&&j++,a.isDark(d,e+1)&&j++,a.isDark(d+1,e+1)&&j++,(0==j||4==j)&&(c+=3)}for(var d=0;b>d;d++)for(var e=0;b-6>e;e++)a.isDark(d,e)&&!a.isDark(d,e+1)&&a.isDark(d,e+2)&&a.isDark(d,e+3)&&a.isDark(d,e+4)&&!a.isDark(d,e+5)&&a.isDark(d,e+6)&&(c+=40);for(var e=0;b>e;e++)for(var d=0;b-6>d;d++)a.isDark(d,e)&&!a.isDark(d+1,e)&&a.isDark(d+2,e)&&a.isDark(d+3,e)&&a.isDark(d+4,e)&&!a.isDark(d+5,e)&&a.isDark(d+6,e)&&(c+=40);for(var k=0,e=0;b>e;e++)for(var d=0;b>d;d++)a.isDark(d,e)&&k++;var l=Math.abs(100*k/b/b-50)/5;return c+=10*l}},g={glog:function(a){if(1>a)throw new Error("glog("+a+")");return g.LOG_TABLE[a]},gexp:function(a){for(;0>a;)a+=255;for(;a>=256;)a-=255;return g.EXP_TABLE[a]},EXP_TABLE:new Array(256),LOG_TABLE:new Array(256)},h=0;8>h;h++)g.EXP_TABLE[h]=1<<h;for(var h=8;256>h;h++)g.EXP_TABLE[h]=g.EXP_TABLE[h-4]^g.EXP_TABLE[h-5]^g.EXP_TABLE[h-6]^g.EXP_TABLE[h-8];for(var h=0;255>h;h++)g.LOG_TABLE[g.EXP_TABLE[h]]=h;i.prototype={get:function(a){return this.num[a]},getLength:function(){return this.num.length},multiply:function(a){for(var b=new Array(this.getLength()+a.getLength()-1),c=0;c<this.getLength();c++)for(var d=0;d<a.getLength();d++)b[c+d]^=g.gexp(g.glog(this.get(c))+g.glog(a.get(d)));return new i(b,0)},mod:function(a){if(this.getLength()-a.getLength()<0)return this;for(var b=g.glog(this.get(0))-g.glog(a.get(0)),c=new Array(this.getLength()),d=0;d<this.getLength();d++)c[d]=this.get(d);for(var d=0;d<a.getLength();d++)c[d]^=g.gexp(g.glog(a.get(d))+b);return new i(c,0).mod(a)}},j.RS_BLOCK_TABLE=[[1,26,19],[1,26,16],[1,26,13],[1,26,9],[1,44,34],[1,44,28],[1,44,22],[1,44,16],[1,70,55],[1,70,44],[2,35,17],[2,35,13],[1,100,80],[2,50,32],[2,50,24],[4,25,9],[1,134,108],[2,67,43],[2,33,15,2,34,16],[2,33,11,2,34,12],[2,86,68],[4,43,27],[4,43,19],[4,43,15],[2,98,78],[4,49,31],[2,32,14,4,33,15],[4,39,13,1,40,14],[2,121,97],[2,60,38,2,61,39],[4,40,18,2,41,19],[4,40,14,2,41,15],[2,146,116],[3,58,36,2,59,37],[4,36,16,4,37,17],[4,36,12,4,37,13],[2,86,68,2,87,69],[4,69,43,1,70,44],[6,43,19,2,44,20],[6,43,15,2,44,16],[4,101,81],[1,80,50,4,81,51],[4,50,22,4,51,23],[3,36,12,8,37,13],[2,116,92,2,117,93],[6,58,36,2,59,37],[4,46,20,6,47,21],[7,42,14,4,43,15],[4,133,107],[8,59,37,1,60,38],[8,44,20,4,45,21],[12,33,11,4,34,12],[3,145,115,1,146,116],[4,64,40,5,65,41],[11,36,16,5,37,17],[11,36,12,5,37,13],[5,109,87,1,110,88],[5,65,41,5,66,42],[5,54,24,7,55,25],[11,36,12],[5,122,98,1,123,99],[7,73,45,3,74,46],[15,43,19,2,44,20],[3,45,15,13,46,16],[1,135,107,5,136,108],[10,74,46,1,75,47],[1,50,22,15,51,23],[2,42,14,17,43,15],[5,150,120,1,151,121],[9,69,43,4,70,44],[17,50,22,1,51,23],[2,42,14,19,43,15],[3,141,113,4,142,114],[3,70,44,11,71,45],[17,47,21,4,48,22],[9,39,13,16,40,14],[3,135,107,5,136,108],[3,67,41,13,68,42],[15,54,24,5,55,25],[15,43,15,10,44,16],[4,144,116,4,145,117],[17,68,42],[17,50,22,6,51,23],[19,46,16,6,47,17],[2,139,111,7,140,112],[17,74,46],[7,54,24,16,55,25],[34,37,13],[4,151,121,5,152,122],[4,75,47,14,76,48],[11,54,24,14,55,25],[16,45,15,14,46,16],[6,147,117,4,148,118],[6,73,45,14,74,46],[11,54,24,16,55,25],[30,46,16,2,47,17],[8,132,106,4,133,107],[8,75,47,13,76,48],[7,54,24,22,55,25],[22,45,15,13,46,16],[10,142,114,2,143,115],[19,74,46,4,75,47],[28,50,22,6,51,23],[33,46,16,4,47,17],[8,152,122,4,153,123],[22,73,45,3,74,46],[8,53,23,26,54,24],[12,45,15,28,46,16],[3,147,117,10,148,118],[3,73,45,23,74,46],[4,54,24,31,55,25],[11,45,15,31,46,16],[7,146,116,7,147,117],[21,73,45,7,74,46],[1,53,23,37,54,24],[19,45,15,26,46,16],[5,145,115,10,146,116],[19,75,47,10,76,48],[15,54,24,25,55,25],[23,45,15,25,46,16],[13,145,115,3,146,116],[2,74,46,29,75,47],[42,54,24,1,55,25],[23,45,15,28,46,16],[17,145,115],[10,74,46,23,75,47],[10,54,24,35,55,25],[19,45,15,35,46,16],[17,145,115,1,146,116],[14,74,46,21,75,47],[29,54,24,19,55,25],[11,45,15,46,46,16],[13,145,115,6,146,116],[14,74,46,23,75,47],[44,54,24,7,55,25],[59,46,16,1,47,17],[12,151,121,7,152,122],[12,75,47,26,76,48],[39,54,24,14,55,25],[22,45,15,41,46,16],[6,151,121,14,152,122],[6,75,47,34,76,48],[46,54,24,10,55,25],[2,45,15,64,46,16],[17,152,122,4,153,123],[29,74,46,14,75,47],[49,54,24,10,55,25],[24,45,15,46,46,16],[4,152,122,18,153,123],[13,74,46,32,75,47],[48,54,24,14,55,25],[42,45,15,32,46,16],[20,147,117,4,148,118],[40,75,47,7,76,48],[43,54,24,22,55,25],[10,45,15,67,46,16],[19,148,118,6,149,119],[18,75,47,31,76,48],[34,54,24,34,55,25],[20,45,15,61,46,16]],j.getRSBlocks=function(a,b){var c=j.getRsBlockTable(a,b);if(void 0==c)throw new Error("bad rs block @ typeNumber:"+a+"/errorCorrectLevel:"+b);for(var d=c.length/3,e=[],f=0;d>f;f++)for(var g=c[3*f+0],h=c[3*f+1],i=c[3*f+2],k=0;g>k;k++)e.push(new j(h,i));return e},j.getRsBlockTable=function(a,b){switch(b){case d.L:return j.RS_BLOCK_TABLE[4*(a-1)+0];case d.M:return j.RS_BLOCK_TABLE[4*(a-1)+1];case d.Q:return j.RS_BLOCK_TABLE[4*(a-1)+2];case d.H:return j.RS_BLOCK_TABLE[4*(a-1)+3];default:return void 0}},k.prototype={get:function(a){var b=Math.floor(a/8);return 1==(1&this.buffer[b]>>>7-a%8)},put:function(a,b){for(var c=0;b>c;c++)this.putBit(1==(1&a>>>b-c-1))},getLengthInBits:function(){return this.length},putBit:function(a){var b=Math.floor(this.length/8);this.buffer.length<=b&&this.buffer.push(0),a&&(this.buffer[b]|=128>>>this.length%8),this.length++}};var l=[[17,14,11,7],[32,26,20,14],[53,42,32,24],[78,62,46,34],[106,84,60,44],[134,106,74,58],[154,122,86,64],[192,152,108,84],[230,180,130,98],[271,213,151,119],[321,251,177,137],[367,287,203,155],[425,331,241,177],[458,362,258,194],[520,412,292,220],[586,450,322,250],[644,504,364,280],[718,560,394,310],[792,624,442,338],[858,666,482,382],[929,711,509,403],[1003,779,565,439],[1091,857,611,461],[1171,911,661,511],[1273,997,715,535],[1367,1059,751,593],[1465,1125,805,625],[1528,1190,868,658],[1628,1264,908,698],[1732,1370,982,742],[1840,1452,1030,790],[1952,1538,1112,842],[2068,1628,1168,898],[2188,1722,1228,958],[2303,1809,1283,983],[2431,1911,1351,1051],[2563,1989,1423,1093],[2699,2099,1499,1139],[2809,2213,1579,1219],[2953,2331,1663,1273]],o=function(){var a=function(a,b){this._el=a,this._htOption=b};return a.prototype.draw=function(a){function g(a,b){var c=document.createElementNS("http://www.w3.org/2000/svg",a);for(var d in b)b.hasOwnProperty(d)&&c.setAttribute(d,b[d]);return c}var b=this._htOption,c=this._el,d=a.getModuleCount();Math.floor(b.width/d),Math.floor(b.height/d),this.clear();var h=g("svg",{viewBox:"0 0 "+String(d)+" "+String(d),width:"100%",height:"100%",fill:b.colorLight});h.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:xlink","http://www.w3.org/1999/xlink"),c.appendChild(h),h.appendChild(g("rect",{fill:b.colorDark,width:"1",height:"1",id:"template"}));for(var i=0;d>i;i++)for(var j=0;d>j;j++)if(a.isDark(i,j)){var k=g("use",{x:String(i),y:String(j)});k.setAttributeNS("http://www.w3.org/1999/xlink","href","#template"),h.appendChild(k)}},a.prototype.clear=function(){for(;this._el.hasChildNodes();)this._el.removeChild(this._el.lastChild)},a}(),p="svg"===document.documentElement.tagName.toLowerCase(),q=p?o:m()?function(){function a(){this._elImage.src=this._elCanvas.toDataURL("image/png"),this._elImage.style.display="block",this._elCanvas.style.display="none"}function d(a,b){var c=this;if(c._fFail=b,c._fSuccess=a,null===c._bSupportDataURI){var d=document.createElement("img"),e=function(){c._bSupportDataURI=!1,c._fFail&&_fFail.call(c)},f=function(){c._bSupportDataURI=!0,c._fSuccess&&c._fSuccess.call(c)};return d.onabort=e,d.onerror=e,d.onload=f,d.src="data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==",void 0}c._bSupportDataURI===!0&&c._fSuccess?c._fSuccess.call(c):c._bSupportDataURI===!1&&c._fFail&&c._fFail.call(c)}if(this._android&&this._android<=2.1){var b=1/window.devicePixelRatio,c=CanvasRenderingContext2D.prototype.drawImage;CanvasRenderingContext2D.prototype.drawImage=function(a,d,e,f,g,h,i,j){if("nodeName"in a&&/img/i.test(a.nodeName))for(var l=arguments.length-1;l>=1;l--)arguments[l]=arguments[l]*b;else"undefined"==typeof j&&(arguments[1]*=b,arguments[2]*=b,arguments[3]*=b,arguments[4]*=b);c.apply(this,arguments)}}var e=function(a,b){this._bIsPainted=!1,this._android=n(),this._htOption=b,this._elCanvas=document.createElement("canvas"),this._elCanvas.width=b.width,this._elCanvas.height=b.height,a.appendChild(this._elCanvas),this._el=a,this._oContext=this._elCanvas.getContext("2d"),this._bIsPainted=!1,this._elImage=document.createElement("img"),this._elImage.style.display="none",this._el.appendChild(this._elImage),this._bSupportDataURI=null};return e.prototype.draw=function(a){var b=this._elImage,c=this._oContext,d=this._htOption,e=a.getModuleCount(),f=d.width/e,g=d.height/e,h=Math.round(f),i=Math.round(g);b.style.display="none",this.clear();for(var j=0;e>j;j++)for(var k=0;e>k;k++){var l=a.isDark(j,k),m=k*f,n=j*g;c.strokeStyle=l?d.colorDark:d.colorLight,c.lineWidth=1,c.fillStyle=l?d.colorDark:d.colorLight,c.fillRect(m,n,f,g),c.strokeRect(Math.floor(m)+.5,Math.floor(n)+.5,h,i),c.strokeRect(Math.ceil(m)-.5,Math.ceil(n)-.5,h,i)}this._bIsPainted=!0},e.prototype.makeImage=function(){this._bIsPainted&&d.call(this,a)},e.prototype.isPainted=function(){return this._bIsPainted},e.prototype.clear=function(){this._oContext.clearRect(0,0,this._elCanvas.width,this._elCanvas.height),this._bIsPainted=!1},e.prototype.round=function(a){return a?Math.floor(1e3*a)/1e3:a},e}():function(){var a=function(a,b){this._el=a,this._htOption=b};return a.prototype.draw=function(a){for(var b=this._htOption,c=this._el,d=a.getModuleCount(),e=Math.floor(b.width/d),f=Math.floor(b.height/d),g=['<table style="border:0;border-collapse:collapse;">'],h=0;d>h;h++){g.push("<tr>");for(var i=0;d>i;i++)g.push('<td style="border:0;border-collapse:collapse;padding:0;margin:0;width:'+e+"px;height:"+f+"px;background-color:"+(a.isDark(h,i)?b.colorDark:b.colorLight)+';"></td>');g.push("</tr>")}g.push("</table>"),c.innerHTML=g.join("");var j=c.childNodes[0],k=(b.width-j.offsetWidth)/2,l=(b.height-j.offsetHeight)/2;k>0&&l>0&&(j.style.margin=l+"px "+k+"px")},a.prototype.clear=function(){this._el.innerHTML=""},a}();QRCode=function(a,b){if(this._htOption={width:256,height:256,typeNumber:4,colorDark:"#000000",colorLight:"#ffffff",correctLevel:d.H},"string"==typeof b&&(b={text:b}),b)for(var c in b)this._htOption[c]=b[c];"string"==typeof a&&(a=document.getElementById(a)),this._android=n(),this._el=a,this._oQRCode=null,this._oDrawing=new q(this._el,this._htOption),this._htOption.text&&this.makeCode(this._htOption.text)},QRCode.prototype.makeCode=function(a){this._oQRCode=new b(r(a,this._htOption.correctLevel),this._htOption.correctLevel),this._oQRCode.addData(a),this._oQRCode.make(),this._el.title=a,this._oDrawing.draw(this._oQRCode),this.makeImage()},QRCode.prototype.makeImage=function(){"function"==typeof this._oDrawing.makeImage&&(!this._android||this._android>=3)&&this._oDrawing.makeImage()},QRCode.prototype.clear=function(){this._oDrawing.clear()},QRCode.CorrectLevel=d}();
\ No newline at end of file

From 44f8235ad111d1e3300f0e32ac6f762fa4d7a518 Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Thu, 26 Aug 2021 18:14:57 +0530
Subject: [PATCH 02/58] add qrcode.min.js to the dependency changelog

---
 www/lib/changelog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/www/lib/changelog.md b/www/lib/changelog.md
index 1913b78df..a782c3761 100644
--- a/www/lib/changelog.md
+++ b/www/lib/changelog.md
@@ -8,4 +8,5 @@ This file is intended to be used as a log of what third-party source we have ven
 * [jscolor v2.0.5](https://jscolor.com/) for providing a consistent color picker across all browsers
 * [jquery.ui 1.12.1](https://jqueryui.com/) for its 'autocomplete' extension which is used for our tag picker
 * [pdfjs](https://mozilla.github.io/pdf.js/) with some minor modifications to prevent CSP errors
+* [qrcode.js](https://github.com/davidshimjs/qrcodejs) from [this commit](https://github.com/davidshimjs/qrcodejs/commit/06c7a5e134f116402699f03cda5819e10a0e5787) since the repo doesn't use tags
 

From 9704fb8165e17487eeeca42e9f85bca54dfee50a Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 13 Apr 2022 13:58:12 +0530
Subject: [PATCH 03/58] nearly usable QR code tab in share menu

---
 www/common/common-interface.js |  2 +-
 www/common/inner/share.js      | 34 ++++++++++++++++++++++++++++------
 2 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/www/common/common-interface.js b/www/common/common-interface.js
index bc5979fb1..aa76c4ae6 100644
--- a/www/common/common-interface.js
+++ b/www/common/common-interface.js
@@ -1492,7 +1492,7 @@ define([
         var cb = Util.once(Util.mkAsync(_cb || Util.noop));
         require(['/lib/qrcode.min.js'], function () {
             var div = h('div');
-            var code = new window.QRCode(div, data);
+            /*var code =*/ new window.QRCode(div, data);
             cb(void 0, div);
         }, function (err) {
             cb(err);
diff --git a/www/common/inner/share.js b/www/common/inner/share.js
index 048f09e37..cc25697b2 100644
--- a/www/common/inner/share.js
+++ b/www/common/inner/share.js
@@ -13,6 +13,7 @@ define([
     '/bower_components/nthen/index.js',
     '/customize/pages.js',
 
+    '/bower_components/file-saver/FileSaver.min.js',
     '/lib/qrcode.min.js',
 ], function ($, ApiConfig, Util, Hash, UI, UIElements, Feedback, Modal, h, Clipboard,
              Messages, nThen, Pages) {
@@ -490,25 +491,46 @@ define([
 
     var getQRCode = function (link) {
         var div = h('div');
-        var code = new window.QRCode(div, link);
+        /*var code =*/ new window.QRCode(div, link);
         return div;
     };
 
     var getQRTab = function (Env, data, opts, _cb) {
         var qr = getQRCode(opts.getLinkValue());
-        var link = h('div.cp-share-modal', [
+
+        var container = h('span#cp-qr-container', [
             h('div#cp-qr-link-preview', qr),
         ]);
 
+        var link = h('div.cp-share-modal', [
+            container,
+        ]);
+
+        $(container).css({
+            'background-color': 'white',
+            display: 'inline-flex',
+            padding: '5px',
+        });
+
         var buttons = [
             makeCancelButton(),
+            {
+                className: 'primary cp-bar',
+                name: Messages.share_bar,
+                onClick: function () {
+                    UI.warn("OOPS: NOT IMPLEMENTED"); // XXX
+                    return true;
+                },
+            },
             {
                 className: 'primary cp-nobar',
-                name: Messages.download_dl, //'PEWPEW', //Messages // XXX
+                name: Messages.download_dl,
                 iconClass: '.fa.fa-download',
                 onClick: function () {
-                    console.log("TODO SAVE IMAGE");
-                    UI.warn("NOT IMPLEMENTED");
+                    qr.querySelector('canvas').toBlob(blob => {
+                        var name = Util.fixFileName((opts.title || 'document') + '-qr.png');
+                        window.saveAs(blob, name);
+                    });
                 },
             },
         ];
@@ -700,7 +722,7 @@ define([
             return $rights.parent().find('#cp-embed-link-preview');
         };
         var getQR = function () {
-            return $rights.parent().find('#cp-qr-link-preview');
+            return $rights.parent().find('#cp-qr-container');
         };
 
         // update values for link and embed preview when radio btns change

From c762353cad511125b7e2e25e3a68da2a32e1d9d8 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 7 Dec 2022 13:04:07 +0530
Subject: [PATCH 04/58] interpret maxWorkers config in lib/env instead of in
 worker handler

---
 lib/env.js           | 10 +++++++++-
 lib/workers/index.js | 17 +----------------
 2 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/lib/env.js b/lib/env.js
index bb32f88c0..6519b46d2 100644
--- a/lib/env.js
+++ b/lib/env.js
@@ -205,7 +205,7 @@ module.exports.create = function (config) {
         // but it is referenced in Quota
         domain: config.domain,
 
-        maxWorkers: config.maxWorkers,
+        maxWorkers: undefined,
         disableIntegratedTasks: config.disableIntegratedTasks || false,
         disableIntegratedEviction: typeof(config.disableIntegratedEviction) === 'undefined'? true: config.disableIntegratedEviction,
         lastEviction: +new Date(),
@@ -213,6 +213,14 @@ module.exports.create = function (config) {
         commandTimers: {},
     };
 
+    (function () {
+        var max = config.maxWorkers;
+        // if the supplied value is not a positive number, leave maxWorkers undefined
+        // one worker will be created for each CPU core
+        if (typeof(max) !== 'number' || isNaN(max) || max < 1) { return; }
+        Env.maxWorkers = max;
+    }());
+
     (function () {
     // mode can be FRESH (default), DEV, or PACKAGE
         if (process.env.PACKAGE) {
diff --git a/lib/workers/index.js b/lib/workers/index.js
index 7d82eab0f..6371e5929 100644
--- a/lib/workers/index.js
+++ b/lib/workers/index.js
@@ -260,22 +260,7 @@ Workers.initialize = function (Env, config, _cb) {
     };
 
     nThen(function (w) {
-        const max = config.maxWorkers;
-
-        var limit;
-        if (typeof(max) !== 'undefined') {
-            // the admin provided a limit on the number of workers
-            if (typeof(max) === 'number' && !isNaN(max)) {
-                if (max < 1) {
-                    Log.info("INSUFFICIENT_MAX_WORKERS", max);
-                    limit = 1;
-                }
-                limit = max;
-            } else {
-                Log.error("INVALID_MAX_WORKERS", '[' + max + ']');
-            }
-        }
-
+        var limit = Env.maxWorkers;
         var logged;
 
         OS.cpus().forEach(function (cpu, index) {

From ed981f2b633f29643fa4c0e69e33a5eee527f6a8 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 7 Dec 2022 13:09:24 +0530
Subject: [PATCH 05/58] generalize recommended version code for easier updates

---
 lib/env.js | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/env.js b/lib/env.js
index 6519b46d2..9c6e97723 100644
--- a/lib/env.js
+++ b/lib/env.js
@@ -27,7 +27,9 @@ var deriveSandboxOrigin = function (unsafe, port) {
     return url.origin;
 };
 
+var RECOMMENDED_VERSION = [16, 14, 2];
 var isRecentVersion = function () {
+    var R = RECOMMENDED_VERSION;
     var V = process.version;
     if (typeof(V) !== 'string') { return false; }
     var parts = V.replace(/^v/, '').split('.').map(Number);
@@ -35,13 +37,13 @@ var isRecentVersion = function () {
     if (!parts.every(n => typeof(n) === 'number' && !isNaN(n))) {
         return false;
     }
-    if (parts[0] < 16) { return false; }
-    if (parts[0] > 16) { return true; }
+    if (parts[0] < R[0]) { return false; }
+    if (parts[0] > R[0]) { return true; }
 
     // v16
-    if (parts[1] < 14) { return false; }
-    if (parts[1] > 14) { return true; }
-    if (parts[2] >= 2) { return true; }
+    if (parts[1] < R[1]) { return false; }
+    if (parts[1] > R[1]) { return true; }
+    if (parts[2] >= R[2]) { return true; }
 
     return false;
 };

From afdc4b72d3d1fdc40041019bd68615e5930c8838 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 7 Dec 2022 13:13:19 +0530
Subject: [PATCH 06/58] include whitespace before appended text on checkup page

---
 www/checkup/main.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/checkup/main.js b/www/checkup/main.js
index 0afd0323d..d396c5f88 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -900,7 +900,7 @@ define([
         'child-src': '',
         'frame-src': '',
         'script-src': '',
-        'connect-src': "This rule restricts which URLs can be loaded by scripts. Overly permissive settings can allow users to be tracking using external resources, while overly restrictive settings may block pages from loading entirely.",
+        'connect-src': " This rule restricts which URLs can be loaded by scripts. Overly permissive settings can allow users to be tracked using external resources, while overly restrictive settings may block pages from loading entirely.",
         'img-src': '',
         'media-src': '',
         'worker-src': '',

From b32f2826fbfd7e3363264add61a698efeb91ea97 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 7 Dec 2022 13:14:56 +0530
Subject: [PATCH 07/58] expose map of pending queries in Util.response handler

so that we can more easily generate 'globally' unique identifiers
---
 www/common/common-util.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/www/common/common-util.js b/www/common/common-util.js
index efcb46227..c4b2b3dab 100644
--- a/www/common/common-util.js
+++ b/www/common/common-util.js
@@ -160,6 +160,7 @@
             },
             expect: expect,
             handle: handle,
+            _pending: pending,
         };
     };
 
@@ -187,6 +188,14 @@
             .toString(32).replace(/\./g, '');
     };
 
+    Util.guid = function (map) {
+        var id = Util.uid();
+        // the guid (globally unique id) is valid if it does already exist in the map
+        if (typeof(map[id]) === 'undefined') { return id; }
+        // otherwise try again
+        return Util.guid(map);
+    };
+
     Util.fixHTML = function (str) {
         if (!str) { return ''; }
         return str.replace(/[<>&"']/g, function (x) {

From c9fd6359aaa3e9c6c9a788c322d10afd5e3e3502 Mon Sep 17 00:00:00 2001
From: Ente <ducksource@duckpond.ch>
Date: Tue, 13 Apr 2021 22:55:40 +0200
Subject: [PATCH 08/58] Send HTTP credentials when fetching blobs

With this change media-tag now sends HTTP credentials when fetching
blobs. Also changed the example nginx config to send
Access-Control-Allow-Credentials CORS headers. For this to work, we can
no longer use '*' for Access-Control-Allow-Origin [1][2]: Therefore the
example config was changed to set Access-Control-Allow-Origin to the
sandbox domain only.

Fixes:
- #705: Blob fetch fails with 401 Unauthorized when HTTP basic auth is enabled [3]

Referenes:
[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials
[3]: https://github.com/xwiki-labs/cryptpad/issues/705
---
 docs/example.nginx.conf | 3 +++
 www/common/media-tag.js | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index 1f71fc8b7..94d228c30 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -69,6 +69,7 @@ server {
     add_header X-XSS-Protection "1; mode=block";
     add_header X-Content-Type-Options nosniff;
     add_header Access-Control-Allow-Origin "${allowed_origins}";
+    add_header Access-Control-Allow-Credentials true;
     # add_header X-Frame-Options "SAMEORIGIN";
 
     # Opt out of Google's FLoC Network
@@ -201,6 +202,7 @@ server {
     location ^~ /blob/ {
         if ($request_method = 'OPTIONS') {
             add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
+            add_header 'Access-Control-Allow-Credentials' true;
             add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
             add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
             add_header 'Access-Control-Max-Age' 1728000;
@@ -211,6 +213,7 @@ server {
         add_header X-Content-Type-Options nosniff;
         add_header Cache-Control max-age=31536000;
         add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
+        add_header 'Access-Control-Allow-Credentials' true;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
         add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
         add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
diff --git a/www/common/media-tag.js b/www/common/media-tag.js
index 264fbb462..f05b39d9a 100644
--- a/www/common/media-tag.js
+++ b/www/common/media-tag.js
@@ -244,6 +244,7 @@ var factory = function () {
         var check = function () {
             var xhr = new XMLHttpRequest();
             xhr.open("HEAD", src);
+            xhr.withCredentials = true;
             xhr.onerror = function () { return void cb("XHR_ERROR"); };
             xhr.onreadystatechange = function() {
                 if (this.readyState === this.DONE) {
@@ -276,6 +277,7 @@ var factory = function () {
         var fetch = function () {
             var xhr = new XMLHttpRequest();
             xhr.open('GET', src, true);
+            xhr.withCredentials = true;
             xhr.responseType = 'arraybuffer';
 
             var progress = function (offset) {
@@ -387,6 +389,7 @@ var factory = function () {
         var fetch = function () {
             var xhr = new XMLHttpRequest();
             xhr.open('GET', src, true);
+            xhr.withCredentials = true;
             xhr.setRequestHeader('Range', 'bytes=0-1');
             xhr.responseType = 'arraybuffer';
 
@@ -399,6 +402,7 @@ var factory = function () {
                 var xhr2 = new XMLHttpRequest();
 
                 xhr2.open("GET", src, true);
+                xhr2.withCredentials = true;
                 xhr2.setRequestHeader('Range', 'bytes=2-' + (size + 2));
                 xhr2.responseType = 'arraybuffer';
                 xhr2.onload = function () {

From 6f19101f42e81bc0278db6a561662a43cbc8ef58 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 20 Dec 2022 14:20:59 +0530
Subject: [PATCH 09/58] big server changes:

* use the nodejs cluster module to handle http traffic with multiple threads
* listen for websocket traffic on a new port because all such logic needs to share state
* proxy websocket URLs from the cluster to the new port so everything is backwards compatible
* implement logic for http workers to make requests and stay in sync with the main process
* unrelated: define the expected nodejs version in a constant
---
 lib/decrees.js     |   7 +-
 lib/defaults.js    |   6 +
 lib/env.js         |  55 ++++-
 lib/http-worker.js | 463 +++++++++++++++++++++++++++++++++++++++++
 package-lock.json  | 256 ++++++++++++++++++++++-
 package.json       |   1 +
 server.js          | 506 +++++++++++++--------------------------------
 7 files changed, 918 insertions(+), 376 deletions(-)
 create mode 100644 lib/http-worker.js

diff --git a/lib/decrees.js b/lib/decrees.js
index 1d48f0164..52f587ef9 100644
--- a/lib/decrees.js
+++ b/lib/decrees.js
@@ -331,7 +331,12 @@ var handleCommand = Decrees.handleCommand = function (Env, line) {
         throw new Error("DECREE_UNSUPPORTED_COMMAND");
     }
 
-    return commands[command](Env, args);
+    var outcome = commands[command](Env, args);
+    if (outcome) {
+        // trigger Env change event...
+        Env.envUpdated.fire(); // XXX
+    }
+    return outcome;
 };
 
 Decrees.createLineHandler = function (Env) {
diff --git a/lib/defaults.js b/lib/defaults.js
index f22277538..590e65475 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -65,6 +65,12 @@ Default.mainPages = function () {
     ];
 };
 
+/*  The recommmended minimum Node.js version
+ *  ideally managed using NVM and not your system's
+ *  package manager, which usually provides a very outdated version
+ */
+Default.recommendedVersion = [16,14,2];
+
 /*  By default the CryptPad server will run scheduled tasks every five minutes
  *  If you want to run scheduled tasks in a separate process (like a crontab)
  *  you can disable this behaviour by setting the following value to true
diff --git a/lib/env.js b/lib/env.js
index 9c6e97723..2dbc20a96 100644
--- a/lib/env.js
+++ b/lib/env.js
@@ -11,6 +11,7 @@ const Core = require("./commands/core");
 const Quota = require("./commands/quota");
 const Util = require("./common-util");
 const Package = require("../package.json");
+const Default = require("./defaults");
 
 var canonicalizeOrigin = function (s) {
     if (typeof(s) === 'undefined') { return; }
@@ -27,9 +28,8 @@ var deriveSandboxOrigin = function (unsafe, port) {
     return url.origin;
 };
 
-var RECOMMENDED_VERSION = [16, 14, 2];
 var isRecentVersion = function () {
-    var R = RECOMMENDED_VERSION;
+    var R = Default.recommendedVersion;
     var V = process.version;
     if (typeof(V) !== 'string') { return false; }
     var parts = V.replace(/^v/, '').split('.').map(Number);
@@ -70,6 +70,9 @@ module.exports.create = function (config) {
     }
 
     const Env = {
+        logFeedback: Boolean(config.logFeedback),
+        mainPages: config.mainPages || Default.mainPages(),
+
         protocol: new URL(httpUnsafeOrigin).protocol,
 
         fileHost: config.fileHost || undefined,
@@ -103,15 +106,9 @@ module.exports.create = function (config) {
         apiHeadersCache: undefined,
 
         flushCache: function () {
-            Env.configCache = {};
-            Env.broadcastCache = {};
-
-            Env.officeHeadersCache = undefined;
-            Env.standardHeadersCache = undefined;
-            Env.apiHeadersCache = undefined;
-
             Env.FRESH_KEY = +new Date();
             if (!(Env.DEV_MODE || Env.FRESH_MODE)) { Env.FRESH_MODE = true; }
+            Env.cacheFlushed.fire();
             if (!Env.Log) { return; }
             Env.Log.info("UPDATING_FRESH_KEY", Env.FRESH_KEY);
         },
@@ -343,5 +340,45 @@ module.exports.create = function (config) {
         console.error("Can't parse admin keys. Please update or fix your config.js file!");
     }
 
+    Env.envUpdated = Util.mkEvent();
+    Env.cacheFlushed = Util.mkEvent();
+
     return Env;
 };
+
+// don't serialize these things
+const BAD = [
+    'Log',
+    'envUpdated',
+    'cacheFlushed',
+    'evictionReports',
+    'commandTimers',
+    'metadata_cache',
+    'channel_cache',
+    'cache_checks',
+    'intervals',
+    'Sessions',
+    'netfluxUsers',
+    'limits',
+    'customLimits',
+    'scheduleDecree',
+
+    'httpServer',
+
+    'pinStore',
+    'msgStore',
+    'store',
+    'blobStore',
+];
+
+module.exports.serialize = function (Env) {
+    return JSON.stringify(Env, function (key, value) {
+        if (value === Env) { return value; }
+        if (BAD.includes(key)) { return; }
+
+        if (typeof(value) === 'function') { return; }
+        //console.log('serializing', { key, value, });
+        if (Util.isCircular(value)) { return; }
+        return value;
+    });
+};
diff --git a/lib/http-worker.js b/lib/http-worker.js
new file mode 100644
index 000000000..130cd5f0d
--- /dev/null
+++ b/lib/http-worker.js
@@ -0,0 +1,463 @@
+const process = require("node:process");
+const Http = require("node:http");
+const Default = require("./defaults");
+const Path = require("node:path");
+const Fs = require("node:fs");
+const nThen = require("nthen");
+const Util = require("./common-util");
+const Logger = require("./log");
+
+const DEFAULT_QUERY_TIMEOUT = 5000;
+const PID = process.pid;
+
+const response = Util.response(function (errLabel, info) {
+    // XXX handle error
+    console.error({
+        _: '// XXX',
+        errLabel: errLabel,
+        info: info,
+    });
+});
+
+const guid = () => {
+    return Util.guid(response._pending);
+};
+
+const sendMessage = (msg, cb, opt) => {
+    var txid = guid();
+    var timeout = (opt && opt.timeout) || DEFAULT_QUERY_TIMEOUT;
+
+    /// XXX don't nest
+    var obj = {
+        pid: PID,
+        txid: txid,
+        content: msg,
+    };
+    response.expect(txid, cb, timeout);
+    process.send(obj);
+};
+
+const Log = {};
+Logger.levels.forEach(level => {
+    Log[level] = function (tag, info) {
+        sendMessage({
+            command: 'LOG',
+            level: level,
+            tag: tag,
+            info: info,
+        }, (err) => {
+            if (err) {
+                return void console.error(err); // XXX
+            }
+            //console.log("Log statement received"); // XXX
+        });
+    };
+});
+
+const EVENTS = {};
+
+var Env = JSON.parse(process.env.Env);
+EVENTS.ENV_UPDATE = function (data /*, cb */) { // XXX
+    // XXX log?
+    Env = JSON.parse(data);
+};
+
+EVENTS.FLUSH_CACHE = function (data /*, cb */) { // XXX
+    if (typeof(data) !== 'number') {
+        return Log.error('INVALID_FRESH_KEY', data);
+    }
+
+    Env.FRESH_KEY = data;
+    [ 'configCache', 'broadcastCache', ].forEach(key => {
+        Env[key] = {};
+    });
+    [ 'officeHeadersCache', 'standardHeadersCache', 'apiHeadersCache', ].forEach(key => {
+        Env[key] = undefined;
+    });
+};
+
+process.on('message', msg => {
+    // XXX
+/*
+    console.log({
+        _: 'Message from main process to worker',
+        msg: msg,
+        pid: process.pid,
+    });
+*/
+    if (!(msg && msg.txid)) { return; }
+    //console.log('MESSAGE_RECEIVED', msg);
+
+
+    if (msg.type === 'REPLY') {
+        var txid = msg.txid;
+        return void response.handle(txid, [msg.error, msg.value]);
+    } else if (msg.type === 'EVENT') {
+        // response to event...
+        // ie. Update Env, flush cache, etc.
+        var ev = EVENTS[msg.command];
+        if (typeof(ev) === 'function') {
+            return void ev(msg.data, () => {});
+        }
+    }
+
+    console.error("UNHANDLED_MESSAGE", msg);
+
+    // XXX unhandled
+});
+
+
+var applyHeaderMap = function (res, map) {
+    for (let header in map) {
+        if (typeof(map[header]) === 'string') { res.setHeader(header, map[header]); }
+    }
+};
+
+var EXEMPT = [
+    /^\/common\/onlyoffice\/.*\.html.*/,
+    /^\/(sheet|presentation|doc)\/inner\.html.*/,
+    /^\/unsafeiframe\/inner\.html.*$/,
+];
+
+var cacheHeaders = function (Env, key, headers) {
+    if (Env.DEV_MODE) { return; } // XXX clustering
+    Env[key] = headers;
+};
+
+var getHeaders = function (Env, type) { // XXX clustering
+    var key = type + 'HeadersCache';
+    if (Env[key]) { return Env[key]; }
+
+    var headers = {};
+
+    var custom; // = undefined; //config.httpHeaders; // XXX drop support for this?
+    // if the admin provided valid http headers then use them
+    if (custom && typeof(custom) === 'object' && !Array.isArray(custom)) {
+        headers = Util.clone(custom);
+    } else {
+        // otherwise use the default
+        headers = Default.httpHeaders(Env);
+    }
+
+    headers['Content-Security-Policy'] = type === 'office'?
+        Default.padContentSecurity(Env):
+        Default.contentSecurity(Env);
+
+    if (Env.NO_SANDBOX) { // handles correct configuration for local development
+    // https://stackoverflow.com/questions/11531121/add-duplicate-http-response-headers-in-nodejs
+        headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
+        headers["Cross-Origin-Embedder-Policy"] = 'require-corp';
+    }
+
+    // Don't set CSP headers on /api/ endpoints
+    // because they aren't necessary and they cause problems
+    // when duplicated by NGINX in production environments
+    if (type === 'api') {
+        cacheHeaders(Env, key, headers);
+        return headers;
+    }
+
+    headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
+    cacheHeaders(Env, key, headers);
+    return headers;
+};
+
+var setHeaders = function (req, res) {
+    var type;
+    if (EXEMPT.some(regex => regex.test(req.url))) {
+        type = 'office';
+    } else if (/^\/api\/(broadcast|config)/.test(req.url)) {
+        type = 'api';
+    } else {
+        type = 'standard';
+    }
+
+    var h = getHeaders(Env, type);
+    applyHeaderMap(res, h);
+};
+
+const Express = require("express");
+var app = Express();
+
+(function () {
+if (!Env.logFeedback) { return; }
+
+const logFeedback = function (url) {
+    url.replace(/\?(.*?)=/, function (all, fb) {
+        Log.feedback(fb, '');
+    });
+};
+
+app.head(/^\/common\/feedback\.html/, function (req, res, next) {
+    logFeedback(req.url);
+    next();
+});
+}());
+
+const { createProxyMiddleware } = require("http-proxy-middleware");
+const wsProxy = createProxyMiddleware({
+    target: 'ws://localhost:3003', // XXX
+    ws: true,
+    logLevel: 'error', ///silent',
+    //pathFilter: '/cryptpad_websocket',
+});
+
+app.use('/cryptpad_websocket', wsProxy);
+
+app.use('/blob', function (req, res, next) {
+    // XXX update atime?
+    if (req.method === 'HEAD') {
+        console.log(`Blob head: ${req.url}`);
+        Express.static(Path.resolve(Env.paths.blob), {
+            setHeaders: function (res /*, path, stat */) {
+                res.set('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
+                res.set('Access-Control-Allow-Headers', 'Content-Length');
+                res.set('Access-Control-Expose-Headers', 'Content-Length');
+            }
+        })(req, res, next);
+        return;
+    } else {
+        console.log(`Blob !head: ${req.url}`);
+    }
+    next();
+});
+
+app.use(function (req, res, next) {
+    // XXX update atime?
+    if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) {
+        console.log(`Blob options: ${req.url}`);
+        res.setHeader('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
+        res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin');
+        res.setHeader('Access-Control-Max-Age', 1728000);
+        res.setHeader('Content-Type', 'application/octet-stream; charset=utf-8');
+        res.setHeader('Content-Length', 0);
+        res.statusCode = 204;
+        return void res.end();
+    }
+
+    setHeaders(req, res);
+    if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
+    else { res.setHeader("Cache-Control", "no-cache"); }
+    next();
+});
+
+// serve custom app content from the customize directory
+// useful for testing pages customized with opengraph data
+app.use(Express.static(Path.resolve('./customize/www')));
+app.use(Express.static(Path.resolve('./www')));
+
+// FIXME I think this is a regression caused by a recent PR
+// correct this hack without breaking the contributor's intended behaviour.
+
+var mainPages = Env.mainPages || Default.mainPages();
+var mainPagePattern = new RegExp('^\/(' + mainPages.join('|') + ').html$');
+app.get(mainPagePattern, Express.static('./customize'));
+app.get(mainPagePattern, Express.static('./customize.dist'));
+
+app.use("/blob", Express.static(Path.resolve(Env.paths.blob), {
+    maxAge: Env.DEV_MODE? "0d": "365d"
+}));
+
+// XXX update atime?
+app.use("/block", Express.static(Path.resolve(Env.paths.block), {
+    maxAge: "0d",
+}));
+
+app.use("/customize", Express.static('customize'));
+app.use("/customize", Express.static('customize.dist'));
+app.use("/customize.dist", Express.static('customize.dist'));
+app.use(/^\/[^\/]*$/, Express.static('customize'));
+app.use(/^\/[^\/]*$/, Express.static('customize.dist'));
+
+// if dev mode: never cache
+var cacheString = function () {
+    return (Env.FRESH_KEY? '-' + Env.FRESH_KEY: '') + (Env.DEV_MODE? '-' + (+new Date()): '');
+};
+
+var makeRouteCache = function (template, cacheName) {
+    var cleanUp = {};
+    var cache = Env[cacheName] = Env[cacheName] || {};
+
+    return function (req, res) {
+        var host = req.headers.host.replace(/\:[0-9]+/, '');
+        res.setHeader('Content-Type', 'text/javascript');
+        // don't cache anything if you're in dev mode
+        if (Env.DEV_MODE) {
+            return void res.send(template(host));
+        }
+        // generate a lookup key for the cache
+        var cacheKey = host + ':' + cacheString();
+
+        // FIXME mutable
+        // we must be able to clear the cache when updating any mutable key
+        // if there's nothing cached for that key...
+        if (!cache[cacheKey]) {
+            // generate the response and cache it in memory
+            cache[cacheKey] = template(host);
+            // and create a function to conditionally evict cache entries
+            // which have not been accessed in the last 20 seconds
+            cleanUp[cacheKey] = Util.throttle(function () {
+                delete cleanUp[cacheKey];
+                delete cache[cacheKey];
+            }, 20000);
+        }
+
+        // successive calls to this function
+        cleanUp[cacheKey]();
+        return void res.send(cache[cacheKey]);
+    };
+};
+
+var serveConfig = makeRouteCache(function (/* host */) { // XXX
+    return [
+        'define(function(){',
+        'return ' + JSON.stringify({
+            requireConf: {
+                waitSeconds: 600,
+                urlArgs: 'ver=' + Env.version + cacheString(),
+            },
+            removeDonateButton: (Env.removeDonateButton === true),
+            allowSubscriptions: (Env.allowSubscriptions === true),
+            websocketPath: Env.websocketPath,
+            httpUnsafeOrigin: Env.httpUnsafeOrigin,
+            adminEmail: Env.adminEmail,
+            adminKeys: Env.admins,
+            inactiveTime: Env.inactiveTime,
+            supportMailbox: Env.supportMailbox,
+            defaultStorageLimit: Env.defaultStorageLimit,
+            maxUploadSize: Env.maxUploadSize,
+            premiumUploadSize: Env.premiumUploadSize,
+            restrictRegistration: Env.restrictRegistration,
+            httpSafeOrigin: Env.httpSafeOrigin,
+            enableEmbedding: Env.enableEmbedding,
+            fileHost: Env.fileHost,
+            shouldUpdateNode: Env.shouldUpdateNode || undefined,
+            listMyInstance: Env.listMyInstance,
+            accounts_api: Env.accounts_api,
+        }, null, '\t'),
+        '});'
+    ].join(';\n');
+}, 'configCache');
+
+var serveBroadcast = makeRouteCache(function (/* host */) { // XXX
+    var maintenance = Env.maintenance;
+    if (maintenance && maintenance.end && maintenance.end < (+new Date())) {
+        maintenance = undefined;
+    }
+    return [
+        'define(function(){',
+        'return ' + JSON.stringify({
+            lastBroadcastHash: Env.lastBroadcastHash,
+            surveyURL: Env.surveyURL,
+            maintenance: maintenance
+        }, null, '\t'),
+        '});'
+    ].join(';\n');
+}, 'broadcastCache');
+
+app.get('/api/config', serveConfig);
+app.get('/api/broadcast', serveBroadcast);
+
+var Define = function (obj) {
+    return `define(function (){
+    return ${JSON.stringify(obj, null, '\t')};
+});`;
+};
+
+app.get('/api/instance', function (req, res) { // XXX use caching?
+    res.setHeader('Content-Type', 'text/javascript');
+    res.send(Define({
+        name: Env.instanceName,
+        description: Env.instanceDescription,
+        location: Env.instanceJurisdiction,
+        notice: Env.instanceNotice,
+    }));
+});
+
+var four04_path = Path.resolve('./customize.dist/404.html');
+var fivehundred_path = Path.resolve('./customize.dist/500.html');
+var custom_four04_path = Path.resolve('./customize/404.html');
+var custom_fivehundred_path = Path.resolve('./customize/500.html');
+
+var send404 = function (res, path) {
+    if (!path && path !== four04_path) { path = four04_path; }
+    Fs.exists(path, function (exists) {
+        res.setHeader('Content-Type', 'text/html; charset=utf-8');
+        if (exists) { return Fs.createReadStream(path).pipe(res); }
+        send404(res);
+    });
+};
+var send500 = function (res, path) {
+    if (!path && path !== fivehundred_path) { path = fivehundred_path; }
+    Fs.exists(path, function (exists) {
+        res.setHeader('Content-Type', 'text/html; charset=utf-8');
+        if (exists) { return Fs.createReadStream(path).pipe(res); }
+        send500(res);
+    });
+};
+
+app.get('/api/updatequota', function (req, res) {
+    if (!Env.accounts_api) {
+        res.status(404);
+        return void send404(res);
+    }
+    sendMessage({ // XXX test this
+        command: 'UPDATE_QUOTA',
+    }, (err /*, value */) => {
+        if (err) {
+            res.status(500);
+            return void send500(res);
+        }
+        res.send();
+    });
+});
+
+app.get('/api/profiling', function (req, res) {
+    if (!Env.enableProfiling) { return void send404(res); }
+    sendMessage({ // XXX test this
+        command: 'GET_PROFILING_DATA',
+    }, (err /*, value */) => { // XXX
+        if (err) {
+            res.status(500);
+            return void send500(res);
+        }
+        res.setHeader('Content-Type', 'text/javascript');
+        res.send(JSON.stringify({
+            bytesWritten: Env.bytesWritten,
+        }));
+    });
+});
+
+app.use(function (req, res /*, next */) {
+    Log.info('HTTP_404', req.url);
+    res.status(404);
+    send404(res, custom_four04_path);
+});
+
+// default message for thrown errors in ExpressJS routes
+app.use(function (err, req, res /*, next*/) {
+    Log.error('EXPRESSJS_ROUTING', {
+        error: err.stack || err,
+    });
+    res.status(500);
+    send500(res, custom_fivehundred_path);
+});
+
+var server = Http.createServer(app);
+
+nThen(function (w) {
+    server.listen(3000, w());
+    if (Env.httpSafePort) {
+        server.listen(3001, w()); // if (Env.httpSafePort) {...
+    }
+    server.on('upgrade', function (req, socket, head) {
+        //console.log("This should only happen in a dev environment"); // XXX
+        wsProxy.upgrade(req, socket, head);
+    });
+}).nThen(function () {
+    // XXX inform the parent process that this worker is ready
+
+
+});
+
diff --git a/package-lock.json b/package-lock.json
index 524ddd868..35e40873d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,6 +15,7 @@
         "express": "~4.16.0",
         "fs-extra": "^7.0.0",
         "get-folder-size": "^2.0.1",
+        "http-proxy-middleware": "^2.0.6",
         "netflux-websocket": "^0.1.20",
         "nthen": "0.1.8",
         "pull-stream": "^3.6.1",
@@ -73,6 +74,14 @@
         "@types/node": "*"
       }
     },
+    "node_modules/@types/http-proxy": {
+      "version": "1.17.9",
+      "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.9.tgz",
+      "integrity": "sha512-QsbSjA/fSk7xB+UXlCT3wHBy5ai9wOcNDWwZAtud+jXhwOM3l+EYZh8Lng4+/6n8uar0J7xILzqftJdJ/Wdfkw==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/minimatch": {
       "version": "3.0.5",
       "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.5.tgz",
@@ -82,8 +91,7 @@
     "node_modules/@types/node": {
       "version": "17.0.33",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.33.tgz",
-      "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ==",
-      "dev": true
+      "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ=="
     },
     "node_modules/accepts": {
       "version": "1.3.8",
@@ -933,6 +941,11 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/eventemitter3": {
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz",
+      "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw=="
+    },
     "node_modules/exit": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz",
@@ -1277,6 +1290,25 @@
       "deprecated": "flatten is deprecated in favor of utility frameworks such as lodash.",
       "dev": true
     },
+    "node_modules/follow-redirects": {
+      "version": "1.15.2",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
+      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/RubenVerborgh"
+        }
+      ],
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependenciesMeta": {
+        "debug": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/for-in": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz",
@@ -1569,6 +1601,95 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/http-proxy": {
+      "version": "1.18.1",
+      "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz",
+      "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==",
+      "dependencies": {
+        "eventemitter3": "^4.0.0",
+        "follow-redirects": "^1.0.0",
+        "requires-port": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/http-proxy-middleware": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz",
+      "integrity": "sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw==",
+      "dependencies": {
+        "@types/http-proxy": "^1.17.8",
+        "http-proxy": "^1.18.1",
+        "is-glob": "^4.0.1",
+        "is-plain-obj": "^3.0.0",
+        "micromatch": "^4.0.2"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "@types/express": "^4.17.13"
+      },
+      "peerDependenciesMeta": {
+        "@types/express": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/http-proxy-middleware/node_modules/braces": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "dependencies": {
+        "fill-range": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/http-proxy-middleware/node_modules/fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/http-proxy-middleware/node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/http-proxy-middleware/node_modules/micromatch": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
+      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "dependencies": {
+        "braces": "^3.0.2",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "node_modules/http-proxy-middleware/node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
     "node_modules/http-signature": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
@@ -1741,7 +1862,6 @@
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
       "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
-      "dev": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -1750,7 +1870,6 @@
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
       "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
-      "dev": true,
       "dependencies": {
         "is-extglob": "^2.1.1"
       },
@@ -1782,6 +1901,17 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/is-plain-obj": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-3.0.0.tgz",
+      "integrity": "sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/is-plain-object": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz",
@@ -2502,6 +2632,17 @@
       "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA==",
       "dev": true
     },
+    "node_modules/picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
     "node_modules/pify": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
@@ -2740,6 +2881,11 @@
         "node": ">= 6"
       }
     },
+    "node_modules/requires-port": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
+      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ=="
+    },
     "node_modules/resolve-from": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-3.0.0.tgz",
@@ -3706,6 +3852,14 @@
         "@types/node": "*"
       }
     },
+    "@types/http-proxy": {
+      "version": "1.17.9",
+      "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.9.tgz",
+      "integrity": "sha512-QsbSjA/fSk7xB+UXlCT3wHBy5ai9wOcNDWwZAtud+jXhwOM3l+EYZh8Lng4+/6n8uar0J7xILzqftJdJ/Wdfkw==",
+      "requires": {
+        "@types/node": "*"
+      }
+    },
     "@types/minimatch": {
       "version": "3.0.5",
       "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.5.tgz",
@@ -3715,8 +3869,7 @@
     "@types/node": {
       "version": "17.0.33",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.33.tgz",
-      "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ==",
-      "dev": true
+      "integrity": "sha512-miWq2m2FiQZmaHfdZNcbpp9PuXg34W5JZ5CrJ/BaS70VuhoJENBEQybeiYSaPBRNq6KQGnjfEnc/F3PN++D+XQ=="
     },
     "accepts": {
       "version": "1.3.8",
@@ -4410,6 +4563,11 @@
       "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
       "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
     },
+    "eventemitter3": {
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz",
+      "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw=="
+    },
     "exit": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz",
@@ -4694,6 +4852,11 @@
       "integrity": "sha512-dVsPA/UwQ8+2uoFe5GHtiBMu48dWLTdsuEd7CKGlZlD78r1TTWBvDuFaFGKCo/ZfEr95Uk56vZoX86OsHkUeIg==",
       "dev": true
     },
+    "follow-redirects": {
+      "version": "1.15.2",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
+      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+    },
     "for-in": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz",
@@ -4931,6 +5094,68 @@
         "statuses": ">= 1.4.0 < 2"
       }
     },
+    "http-proxy": {
+      "version": "1.18.1",
+      "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz",
+      "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==",
+      "requires": {
+        "eventemitter3": "^4.0.0",
+        "follow-redirects": "^1.0.0",
+        "requires-port": "^1.0.0"
+      }
+    },
+    "http-proxy-middleware": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz",
+      "integrity": "sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw==",
+      "requires": {
+        "@types/http-proxy": "^1.17.8",
+        "http-proxy": "^1.18.1",
+        "is-glob": "^4.0.1",
+        "is-plain-obj": "^3.0.0",
+        "micromatch": "^4.0.2"
+      },
+      "dependencies": {
+        "braces": {
+          "version": "3.0.2",
+          "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+          "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+          "requires": {
+            "fill-range": "^7.0.1"
+          }
+        },
+        "fill-range": {
+          "version": "7.0.1",
+          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+          "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+          "requires": {
+            "to-regex-range": "^5.0.1"
+          }
+        },
+        "is-number": {
+          "version": "7.0.0",
+          "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+          "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="
+        },
+        "micromatch": {
+          "version": "4.0.5",
+          "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
+          "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+          "requires": {
+            "braces": "^3.0.2",
+            "picomatch": "^2.3.1"
+          }
+        },
+        "to-regex-range": {
+          "version": "5.0.1",
+          "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+          "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+          "requires": {
+            "is-number": "^7.0.0"
+          }
+        }
+      }
+    },
     "http-signature": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
@@ -5065,14 +5290,12 @@
     "is-extglob": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
-      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
-      "dev": true
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI="
     },
     "is-glob": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
       "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
-      "dev": true,
       "requires": {
         "is-extglob": "^2.1.1"
       }
@@ -5097,6 +5320,11 @@
         }
       }
     },
+    "is-plain-obj": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-3.0.0.tgz",
+      "integrity": "sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA=="
+    },
     "is-plain-object": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz",
@@ -5689,6 +5917,11 @@
       "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA==",
       "dev": true
     },
+    "picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="
+    },
     "pify": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
@@ -5877,6 +6110,11 @@
         "uuid": "^3.3.2"
       }
     },
+    "requires-port": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
+      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ=="
+    },
     "resolve-from": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-3.0.0.tgz",
diff --git a/package.json b/package.json
index 8f624fcdd..d52d4ff51 100644
--- a/package.json
+++ b/package.json
@@ -18,6 +18,7 @@
     "express": "~4.16.0",
     "fs-extra": "^7.0.0",
     "get-folder-size": "^2.0.1",
+    "http-proxy-middleware": "^2.0.6",
     "netflux-websocket": "^0.1.20",
     "nthen": "0.1.8",
     "pull-stream": "^3.6.1",
diff --git a/server.js b/server.js
index cbed35cf7..a921759e8 100644
--- a/server.js
+++ b/server.js
@@ -4,25 +4,20 @@
 var Express = require('express');
 var Http = require('http');
 var Fs = require('fs');
-var Path = require("path");
+//var Path = require("path");
 var nThen = require("nthen");
 var Util = require("./lib/common-util");
-var Default = require("./lib/defaults");
 var Keys = require("./lib/keys");
+var OS = require("node:os");
+var Cluster = require("node:cluster");
 
 var config = require("./lib/load-config");
-var Env = require("./lib/env").create(config);
+var Environment = require("./lib/env");
+var Env = Environment.create(config);
+var Default = require("./lib/defaults");
 
 var app = Express();
 
-var fancyURL = function (domain, path) {
-    try {
-        if (domain && path) { return new URL(path, domain).href; }
-        return new URL(domain);
-    } catch (err) {}
-    return false;
-};
-
 (function () {
     // you absolutely must provide an 'httpUnsafeOrigin' (a truthy string)
     if (typeof(Env.httpUnsafeOrigin) !== 'string' || !Env.httpUnsafeOrigin.trim()) {
@@ -30,320 +25,29 @@ var fancyURL = function (domain, path) {
     }
 }());
 
-var applyHeaderMap = function (res, map) {
-    for (let header in map) {
-        if (typeof(map[header]) === 'string') { res.setHeader(header, map[header]); }
-    }
+var COMMANDS = {};
+
+COMMANDS.LOG = function (msg, cb) {
+    var level = msg.level;
+    Env.Log[level](msg.tag, msg.info);
+    cb();
 };
 
-var EXEMPT = [
-    /^\/common\/onlyoffice\/.*\.html.*/,
-    /^\/(sheet|presentation|doc)\/inner\.html.*/,
-    /^\/unsafeiframe\/inner\.html.*$/,
-];
-
-var cacheHeaders = function (Env, key, headers) {
-    if (Env.DEV_MODE) { return; }
-    Env[key] = headers;
-};
-
-var getHeaders = function (Env, type) {
-    var key = type + 'HeadersCache';
-    if (Env[key]) { return Env[key]; }
-
-    var headers = {};
-
-    var custom = config.httpHeaders;
-    // if the admin provided valid http headers then use them
-    if (custom && typeof(custom) === 'object' && !Array.isArray(custom)) {
-        headers = Util.clone(custom);
-    } else {
-        // otherwise use the default
-        headers = Default.httpHeaders(Env);
-    }
-
-    headers['Content-Security-Policy'] = type === 'office'?
-        Default.padContentSecurity(Env):
-        Default.contentSecurity(Env);
-
-    if (Env.NO_SANDBOX) { // handles correct configuration for local development
-    // https://stackoverflow.com/questions/11531121/add-duplicate-http-response-headers-in-nodejs
-        headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
-        headers["Cross-Origin-Embedder-Policy"] = 'require-corp';
-    }
-
-    // Don't set CSP headers on /api/ endpoints
-    // because they aren't necessary and they cause problems
-    // when duplicated by NGINX in production environments
-    if (type === 'api') {
-        cacheHeaders(Env, key, headers);
-        return headers;
-    }
-
-    headers["Cross-Origin-Resource-Policy"] = 'cross-origin';
-    cacheHeaders(Env, key, headers);
-    return headers;
-};
-
-var setHeaders = function (req, res) {
-    var type;
-    if (EXEMPT.some(regex => regex.test(req.url))) {
-        type = 'office';
-    } else if (/^\/api\/(broadcast|config)/.test(req.url)) {
-        type = 'api';
-    } else {
-        type = 'standard';
-    }
-
-    var h = getHeaders(Env, type);
-    //console.log('PEWPEW', type, h);
-    applyHeaderMap(res, h);
-};
-
-(function () {
-if (!config.logFeedback) { return; }
-
-const logFeedback = function (url) {
-    url.replace(/\?(.*?)=/, function (all, fb) {
-        if (!config.log) { return; }
-        config.log.feedback(fb, '');
-    });
-};
-
-app.head(/^\/common\/feedback\.html/, function (req, res, next) {
-    logFeedback(req.url);
-    next();
-});
-}());
-
-app.use('/blob', function (req, res, next) {
-    if (req.method === 'HEAD') {
-        Express.static(Path.join(__dirname, Env.paths.blob), {
-            setHeaders: function (res, path, stat) {
-                res.set('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
-                res.set('Access-Control-Allow-Headers', 'Content-Length');
-                res.set('Access-Control-Expose-Headers', 'Content-Length');
-            }
-        })(req, res, next);
-        return;
-    }
-    next();
-});
-
-app.use(function (req, res, next) {
-    if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) {
-        res.setHeader('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
-        res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
-        res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin');
-        res.setHeader('Access-Control-Max-Age', 1728000);
-        res.setHeader('Content-Type', 'application/octet-stream; charset=utf-8');
-        res.setHeader('Content-Length', 0);
-        res.statusCode = 204;
-        return void res.end();
-    }
-
-    setHeaders(req, res);
-    if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
-    else { res.setHeader("Cache-Control", "no-cache"); }
-    next();
-});
-
-// serve custom app content from the customize directory
-// useful for testing pages customized with opengraph data
-app.use(Express.static(__dirname + '/customize/www'));
-app.use(Express.static(__dirname + '/www'));
-
-// FIXME I think this is a regression caused by a recent PR
-// correct this hack without breaking the contributor's intended behaviour.
-
-var mainPages = config.mainPages || Default.mainPages();
-var mainPagePattern = new RegExp('^\/(' + mainPages.join('|') + ').html$');
-app.get(mainPagePattern, Express.static(__dirname + '/customize'));
-app.get(mainPagePattern, Express.static(__dirname + '/customize.dist'));
-
-app.use("/blob", Express.static(Path.join(__dirname, Env.paths.blob), {
-    maxAge: Env.DEV_MODE? "0d": "365d"
-}));
-app.use("/datastore", Express.static(Path.join(__dirname, Env.paths.data), {
-    maxAge: "0d"
-}));
-app.use("/block", Express.static(Path.join(__dirname, Env.paths.block), {
-    maxAge: "0d",
-}));
-
-app.use("/customize", Express.static(__dirname + '/customize'));
-app.use("/customize", Express.static(__dirname + '/customize.dist'));
-app.use("/customize.dist", Express.static(__dirname + '/customize.dist'));
-app.use(/^\/[^\/]*$/, Express.static('customize'));
-app.use(/^\/[^\/]*$/, Express.static('customize.dist'));
-
-// if dev mode: never cache
-var cacheString = function () {
-    return (Env.FRESH_KEY? '-' + Env.FRESH_KEY: '') + (Env.DEV_MODE? '-' + (+new Date()): '');
-};
-
-var makeRouteCache = function (template, cacheName) {
-    var cleanUp = {};
-    var cache = Env[cacheName] = Env[cacheName] || {};
-
-    return function (req, res) {
-        var host = req.headers.host.replace(/\:[0-9]+/, '');
-        res.setHeader('Content-Type', 'text/javascript');
-        // don't cache anything if you're in dev mode
-        if (Env.DEV_MODE) {
-            return void res.send(template(host));
-        }
-        // generate a lookup key for the cache
-        var cacheKey = host + ':' + cacheString();
-
-        // FIXME mutable
-        // we must be able to clear the cache when updating any mutable key
-        // if there's nothing cached for that key...
-        if (!cache[cacheKey]) {
-            // generate the response and cache it in memory
-            cache[cacheKey] = template(host);
-            // and create a function to conditionally evict cache entries
-            // which have not been accessed in the last 20 seconds
-            cleanUp[cacheKey] = Util.throttle(function () {
-                delete cleanUp[cacheKey];
-                delete cache[cacheKey];
-            }, 20000);
-        }
-
-        // successive calls to this function
-        cleanUp[cacheKey]();
-        return void res.send(cache[cacheKey]);
-    };
-};
-
-var serveConfig = makeRouteCache(function (host) {
-    return [
-        'define(function(){',
-        'return ' + JSON.stringify({
-            requireConf: {
-                waitSeconds: 600,
-                urlArgs: 'ver=' + Env.version + cacheString(),
-            },
-            removeDonateButton: (Env.removeDonateButton === true),
-            allowSubscriptions: (Env.allowSubscriptions === true),
-            websocketPath: Env.websocketPath,
-            httpUnsafeOrigin: Env.httpUnsafeOrigin,
-            adminEmail: Env.adminEmail,
-            adminKeys: Env.admins,
-            inactiveTime: Env.inactiveTime,
-            supportMailbox: Env.supportMailbox,
-            defaultStorageLimit: Env.defaultStorageLimit,
-            maxUploadSize: Env.maxUploadSize,
-            premiumUploadSize: Env.premiumUploadSize,
-            restrictRegistration: Env.restrictRegistration,
-            httpSafeOrigin: Env.httpSafeOrigin,
-            enableEmbedding: Env.enableEmbedding,
-            fileHost: Env.fileHost,
-            shouldUpdateNode: Env.shouldUpdateNode || undefined,
-            listMyInstance: Env.listMyInstance,
-            accounts_api: Env.accounts_api,
-        }, null, '\t'),
-        '});'
-    ].join(';\n')
-}, 'configCache');
-
-var serveBroadcast = makeRouteCache(function (host) {
-    var maintenance = Env.maintenance;
-    if (maintenance && maintenance.end && maintenance.end < (+new Date())) {
-        maintenance = undefined;
-    }
-    return [
-        'define(function(){',
-        'return ' + JSON.stringify({
-            lastBroadcastHash: Env.lastBroadcastHash,
-            surveyURL: Env.surveyURL,
-            maintenance: maintenance
-        }, null, '\t'),
-        '});'
-    ].join(';\n')
-}, 'broadcastCache');
-
-app.get('/api/config', serveConfig);
-app.get('/api/broadcast', serveBroadcast);
-
-var define = function (obj) {
-    return `define(function (){
-    return ${JSON.stringify(obj, null, '\t')};
-});`
-};
-
-app.get('/api/instance', function (req, res) { // XXX use caching?
-    res.setHeader('Content-Type', 'text/javascript');
-    res.send(define({
-        name: Env.instanceName,
-        description: Env.instanceDescription,
-        location: Env.instanceJurisdiction,
-        notice: Env.instanceNotice,
-    }));
-});
-
-var four04_path = Path.resolve(__dirname + '/customize.dist/404.html');
-var fivehundred_path = Path.resolve(__dirname + '/customize.dist/500.html');
-var custom_four04_path = Path.resolve(__dirname + '/customize/404.html');
-var custom_fivehundred_path = Path.resolve(__dirname + '/customize/500.html');
-
-var send404 = function (res, path) {
-    if (!path && path !== four04_path) { path = four04_path; }
-    Fs.exists(path, function (exists) {
-        res.setHeader('Content-Type', 'text/html; charset=utf-8');
-        if (exists) { return Fs.createReadStream(path).pipe(res); }
-        send404(res);
-    });
-};
-var send500 = function (res, path) {
-    if (!path && path !== fivehundred_path) { path = fivehundred_path; }
-    Fs.exists(path, function (exists) {
-        res.setHeader('Content-Type', 'text/html; charset=utf-8');
-        if (exists) { return Fs.createReadStream(path).pipe(res); }
-        send500(res);
-    });
-};
-
-app.get('/api/updatequota', function (req, res) {
-    if (!Env.accounts_api) {
-        res.status(404);
-        return void send404(res);
-    }
+COMMANDS.UPDATE_QUOTA = function (msg, cb) {
     var Quota = require("./lib/commands/quota");
     Quota.updateCachedLimits(Env, (e) => {
         if (e) {
             Env.Log.warn('UPDATE_QUOTA_ERR', e);
-            res.status(500);
-            return void send500(res);
+            return void cb(err);
         }
         Env.Log.info('QUOTA_UPDATED', {});
-        res.send();
+        cb();
     });
-});
+};
 
-app.get('/api/profiling', function (req, res, next) {
-    if (!Env.enableProfiling) { return void send404(res); }
-    res.setHeader('Content-Type', 'text/javascript');
-    res.send(JSON.stringify({
-        bytesWritten: Env.bytesWritten,
-    }));
-});
-
-app.use(function (req, res, next) {
-    res.status(404);
-    send404(res, custom_four04_path);
-});
-
-// default message for thrown errors in ExpressJS routes
-app.use(function (err, req, res, next) {
-    Env.Log.error('EXPRESSJS_ROUTING', {
-        error: err.stack || err,
-    });
-    res.status(500);
-    send500(res, custom_fivehundred_path);
-});
-
-var httpServer = Env.httpServer = Http.createServer(app);
+COMMANDS.GET_PROFILING_DATA = function (msg, cb) {
+    cb(void 0, Env.bytesWritten);
+};
 
 nThen(function (w) {
     Fs.exists(__dirname + "/customize", w(function (e) {
@@ -351,51 +55,139 @@ nThen(function (w) {
         console.log("CryptPad is customizable, see customize.dist/readme.md for details");
     }));
 }).nThen(function (w) {
-    httpServer.listen(Env.httpPort, Env.httpAddress, function(){
-        var host = Env.httpAddress;
-        var hostName = !host.indexOf(':') ? '[' + host + ']' : host;
-
-        var port = Env.httpPort;
-        var ps = port === 80? '': ':' + port;
-
-        var roughAddress = 'http://' + hostName + ps;
-        var betterAddress = fancyURL(Env.httpUnsafeOrigin);
-
-        if (betterAddress) {
-            console.log('Serving content for %s via %s.\n', betterAddress, roughAddress);
-        } else {
-            console.log('Serving content via %s.\n', roughAddress);
-        }
-        if (!Env.admins.length) {
-            console.log("Your instance is not correctly configured for safe use in production.\nSee %s for more information.\n",
-                fancyURL(Env.httpUnsafeOrigin, '/checkup/') || 'https://your-domain.com/checkup/'
-            );
-        }
-    });
-
-    if (Env.httpSafePort) {
-        Http.createServer(app).listen(Env.httpSafePort, Env.httpAddress, w());
-    }
-}).nThen(function () {
-    var wsConfig = { server: httpServer };
-
-    // Initialize logging then start the API server
-    require("./lib/log").create(config, function (_log) {
+    require("./lib/log").create(config, w(function (_log) {
         Env.Log = _log;
         config.log = _log;
+    }));
+}).nThen(function (w) {
+    Env.httpServer = Http.createServer(app);
+    Env.httpServer.listen(3003, '::', w(function () { // XXX 3003 should not be hardcoded
+        console.log("Socket server is listening on 3003"); // XXX
+    }));
+}).nThen(function (w) {
+    var limit = Env.maxWorkers;
+    var workerState = {
+        Env: Environment.serialize(Env),
+    };
 
-        if (Env.shouldUpdateNode) {
-            Env.Log.warn("NODEJS_OLD_VERSION", {
-                message: `The CryptPad development team recommends using at least NodeJS v16.14.2`,
-                currentVersion: process.version,
-            });
-        }
-
-        if (Env.OFFLINE_MODE) { return; }
-        if (Env.websocketPath) { return; }
-
-        require("./lib/api").create(Env);
+    Cluster.setupPrimary({
+        exec: './lib/http-worker.js',
+        args: [],
     });
+
+    var launchWorker = (online) => {
+        var worker = Cluster.fork(workerState);
+        worker.on('online', () => {
+            online();
+        });
+
+        worker.on('message', msg => {
+            if (!msg) { return; }
+            var txid = msg.txid;
+            var content = msg.content; // XXX don't nest
+            if (!content) { return; } // XXX
+
+            var command = COMMANDS[content.command];
+            if (typeof(command) !== 'function') {
+                return void Env.Log.error('UNHANDLED_HTTP_WORKER_COMMAND', msg);
+            }
+
+            const cb = Util.once(Util.mkAsync(function (err, value) {
+                value = Math.random();
+                worker.send({
+                    type: 'REPLY',
+                    error: Util.serializeError(err),
+                    txid: txid,
+                    pid: msg.pid,
+                    value: value, // XXX
+                });
+            }));
+
+            command(content, cb);
+        });
+    };
+
+    var txids = {};
+
+    var sendCommand = (worker, command, data /*, cb */) => {
+        worker.send({
+            type: 'EVENT',
+            txid: Util.guid(txids),
+            command: command,
+            data: data,
+        });
+    };
+
+    var broadcast = (command, data, cb) => {
+        cb = cb; // XXX nThen/concurrency
+        for (const worker of Object.values(Cluster.workers)) {
+            sendCommand(worker, command, data /*, cb */);
+        }
+    };
+
+    var throttledEnvChange = Util.throttle(function () {
+        Env.Log.info('WORKER_ENV_UPDATE', 'Updating HTTP workers with latest state'); // XXX
+        broadcast('ENV_UPDATE', Environment.serialize(Env)); //JSON.stringify(Env));
+    }, 250);
+
+    var throttledCacheFlush = Util.throttle(function () {
+        Env.Log.info('WORKER_CACHE_FLUSH', 'Instructing HTTP workers to flush cache'); // XXX
+        broadcast('FLUSH_CACHE', Env.FRESH_KEY);
+    }, 250);
+
+    Env.envUpdated.reg(throttledEnvChange);
+    Env.cacheFlushed.reg(throttledCacheFlush);
+
+    var logCPULimit = Util.once(function (index) {
+        Env.Log.info('HTTP_WORKER_LIMIT', `(Opting not to use available CPUs beyond ${index})`);
+    });
+
+    OS.cpus().forEach((cpu, index) => {
+        if (limit && index >= limit) {
+            return;
+            //return logCPULimit(index);
+        }
+        launchWorker(w());
+    });
+}).nThen(function (w) {
+    var fancyURL = function (domain, path) {
+        try {
+            if (domain && path) { return new URL(path, domain).href; }
+            return new URL(domain);
+        } catch (err) {}
+        return false;
+    };
+
+    var host = Env.httpAddress;
+    var hostName = !host.indexOf(':') ? '[' + host + ']' : host;
+
+    var port = Env.httpPort;
+    var ps = port === 80? '': ':' + port;
+
+    var roughAddress = 'http://' + hostName + ps;
+    var betterAddress = fancyURL(Env.httpUnsafeOrigin);
+
+    if (betterAddress) {
+        console.log('Serving content for %s via %s.\n', betterAddress, roughAddress);
+    } else {
+        console.log('Serving content via %s.\n', roughAddress);
+    }
+    if (!Env.admins.length) {
+        console.log("Your instance is not correctly configured for safe use in production.\nSee %s for more information.\n",
+            fancyURL(Env.httpUnsafeOrigin, '/checkup/') || 'https://your-domain.com/checkup/'
+        );
+    }
+}).nThen(function () {
+    if (Env.shouldUpdateNode) {
+        Env.Log.warn("NODEJS_OLD_VERSION", {
+            message: `The CryptPad development team recommends using at least NodeJS v${Default.recommendedVersion.join('.')}`,
+            currentVersion: process.version,
+        });
+    }
+
+    if (Env.OFFLINE_MODE) { return; }
+    //if (Env.websocketPath) { return; } // XXX
+
+    require("./lib/api").create(Env);
 });
 
-

From 7e4518b43d7efed1fad30c3c6e7627cb25a5d6fe Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 20 Dec 2022 16:29:38 +0530
Subject: [PATCH 10/58] More server cleanup:

* make the websocket port configurable
* reorder some tasks at launch time to use more consistent logging
* relaunch http workers if they crash
* refuse to launch if httpUnsafeOrigin cannot be parsed as a URL
* fix a path issue reintroduced by a git merge
---
 config/config.example.js | 13 ++++++
 lib/env.js               |  6 +++
 server.js                | 90 +++++++++++++++++++++-------------------
 3 files changed, 67 insertions(+), 42 deletions(-)

diff --git a/config/config.example.js b/config/config.example.js
index b78bf8fc3..4f289b56b 100644
--- a/config/config.example.js
+++ b/config/config.example.js
@@ -92,6 +92,19 @@ module.exports = {
  */
     //httpSafePort: 3001,
 
+/*  Websockets need to be exposed on a separate port from the rest of
+ *  the platform's HTTP traffic. Port 3003 is used by default.
+ *  You can change this to a different port if it is in use by a
+ *  different service, but under most circumstances you can leave this
+ *  commented and it will work.
+ *
+ *  In production environments, your reverse proxy (usually NGINX)
+ *  will need to forward websocket traffic (/cryptpad_websocket)
+ *  to this port.
+ *
+ */
+    // websocketPort: 3003,
+
 /*  CryptPad will launch a child process for every core available
  *  in order to perform CPU-intensive tasks in parallel.
  *  Some host environments may have a very large number of cores available
diff --git a/lib/env.js b/lib/env.js
index 176673ffb..3fa39809f 100644
--- a/lib/env.js
+++ b/lib/env.js
@@ -65,6 +65,10 @@ module.exports.create = function (config) {
         httpSafeOrigin = canonicalizeOrigin(config.httpSafeOrigin);
     }
 
+    if (typeof(config.websocketPort) !== 'number') {
+        config.websocketPort = 3003;
+    }
+
     var permittedEmbedders = config.permittedEmbedders;
     if (typeof(permittedEmbedders) === 'string') {
         permittedEmbedders = permittedEmbedders.trim();
@@ -79,6 +83,8 @@ module.exports.create = function (config) {
         fileHost: config.fileHost || undefined,
         NO_SANDBOX: NO_SANDBOX,
         httpSafePort: httpSafePort,
+        websocketPort: config.websocketPort,
+
         accounts_api: config.accounts_api || undefined, // this simplifies integration with an accounts page
 
         shouldUpdateNode: !isRecentVersion(),
diff --git a/server.js b/server.js
index e7d1e4688..e3904eb4f 100644
--- a/server.js
+++ b/server.js
@@ -4,11 +4,9 @@
 var Express = require('express');
 var Http = require('http');
 var Fs = require('fs');
-//var Path = require("path");
 var nThen = require("nthen");
 var Util = require("./lib/common-util");
 
-//var Keys = require("./lib/keys");
 var OS = require("node:os");
 var Cluster = require("node:cluster");
 
@@ -51,19 +49,43 @@ COMMANDS.GET_PROFILING_DATA = function (msg, cb) {
 };
 
 nThen(function (w) {
-    Fs.exists(__dirname + "/customize", w(function (e) {
-        if (e) { return; }
-        console.log("CryptPad is customizable, see customize.dist/readme.md for details");
-    }));
-}).nThen(function (w) {
     require("./lib/log").create(config, w(function (_log) {
         Env.Log = _log;
         config.log = _log;
     }));
+}).nThen(function (w) {
+    Fs.exists("customize", w(function (e) {
+        if (e) { return; }
+        Env.Log.info('NO_CUSTOMIZE_FOLDER', {
+            message: "CryptPad is customizable, see customize.dist/readme.md for details",
+        });
+    }));
+}).nThen(function () {
+    // check that a valid origin was provided in the config
+    try {
+        var url = new URL('', Env.httpUnsafeOrigin).href;
+        Env.Log.info("WEBSERVER_LISTENING", {
+            origin: url,
+        });
+
+        if (!Env.admins.length) {
+            Env.Log.info('NO_ADMIN_CONFIGURED', {
+                message: `Your instance is not correctly configured for production usage. Review its checkup page for more information.`,
+                details: new URL('/checkup/', Env.httpUnsafeOrigin).href,
+            });
+        }
+    } catch (err) {
+        Env.Log.error("INVALID_ORIGIN", {
+            httpUnsafeOrigin: Env.httpUnsafeOrigin,
+        });
+        process.exit(1);
+    }
 }).nThen(function (w) {
     Env.httpServer = Http.createServer(app);
-    Env.httpServer.listen(3003, '::', w(function () { // XXX 3003 should not be hardcoded
-        console.log("Socket server is listening on 3003"); // XXX
+    Env.httpServer.listen(Env.websocketPort, '::', w(function () {
+        Env.Log.info('WEBSOCKET_LISTENING', {
+            port: Env.websocketPort,
+        });
     }));
 }).nThen(function (w) {
     var limit = Env.maxWorkers;
@@ -106,6 +128,20 @@ nThen(function (w) {
 
             command(content, cb);
         });
+
+        worker.on('exit', (code, signal) => {
+            if (!signal && code === 0) { return; }
+            // relaunch http workers if they crash
+            Env.Log.error('HTTP_WORKER_EXIT', {
+                signal,
+                code,
+            });
+            // update the environment with the latest state before relaunching
+            workerState.Env = Environment.serialize(Env);
+            launchWorker(function () {
+                Env.Log.info('HTTP_WORKER_RELAUNCH', {});
+            });
+        });
     };
 
     var txids = {};
@@ -127,12 +163,12 @@ nThen(function (w) {
     };
 
     var throttledEnvChange = Util.throttle(function () {
-        Env.Log.info('WORKER_ENV_UPDATE', 'Updating HTTP workers with latest state'); // XXX
-        broadcast('ENV_UPDATE', Environment.serialize(Env)); //JSON.stringify(Env));
+        Env.Log.info('WORKER_ENV_UPDATE', 'Updating HTTP workers with latest state');
+        broadcast('ENV_UPDATE', Environment.serialize(Env));
     }, 250);
 
     var throttledCacheFlush = Util.throttle(function () {
-        Env.Log.info('WORKER_CACHE_FLUSH', 'Instructing HTTP workers to flush cache'); // XXX
+        Env.Log.info('WORKER_CACHE_FLUSH', 'Instructing HTTP workers to flush cache');
         broadcast('FLUSH_CACHE', Env.FRESH_KEY);
     }, 250);
 
@@ -145,36 +181,6 @@ nThen(function (w) {
         }
         launchWorker(w());
     });
-}).nThen(function () {
-    // Nothing async happens here but I'm using this function scope
-    // as a logical grouping for readability
-    var fancyURL = function (domain, path) {
-        try {
-            if (domain && path) { return new URL(path, domain).href; }
-            return new URL(domain);
-        } catch (err) {}
-        return false;
-    };
-
-    var host = Env.httpAddress;
-    var hostName = !host.indexOf(':') ? '[' + host + ']' : host;
-
-    var port = Env.httpPort;
-    var ps = port === 80? '': ':' + port;
-
-    var roughAddress = 'http://' + hostName + ps;
-    var betterAddress = fancyURL(Env.httpUnsafeOrigin);
-
-    if (betterAddress) {
-        console.log('Serving content for %s via %s.\n', betterAddress, roughAddress);
-    } else {
-        console.log('Serving content via %s.\n', roughAddress);
-    }
-    if (!Env.admins.length) {
-        console.log("Your instance is not correctly configured for safe use in production.\nSee %s for more information.\n",
-            fancyURL(Env.httpUnsafeOrigin, '/checkup/') || 'https://your-domain.com/checkup/'
-        );
-    }
 }).nThen(function () {
     if (Env.shouldUpdateNode) {
         Env.Log.warn("NODEJS_OLD_VERSION", {

From 24274e6c9b744b1a49350b2f529713940f446332 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 20 Dec 2022 17:10:10 +0530
Subject: [PATCH 11/58] remove some prototyping code that was overwriting
 values in responses to http-workers

---
 lib/http-worker.js | 4 ++--
 server.js          | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/http-worker.js b/lib/http-worker.js
index 130cd5f0d..ef5194941 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -417,14 +417,14 @@ app.get('/api/profiling', function (req, res) {
     if (!Env.enableProfiling) { return void send404(res); }
     sendMessage({ // XXX test this
         command: 'GET_PROFILING_DATA',
-    }, (err /*, value */) => { // XXX
+    }, (err, value) => {
         if (err) {
             res.status(500);
             return void send500(res);
         }
         res.setHeader('Content-Type', 'text/javascript');
         res.send(JSON.stringify({
-            bytesWritten: Env.bytesWritten,
+            bytesWritten: value,
         }));
     });
 });
diff --git a/server.js b/server.js
index e3904eb4f..e215db4ee 100644
--- a/server.js
+++ b/server.js
@@ -116,13 +116,12 @@ nThen(function (w) {
             }
 
             const cb = Util.once(Util.mkAsync(function (err, value) {
-                value = Math.random();
                 worker.send({
                     type: 'REPLY',
                     error: Util.serializeError(err),
                     txid: txid,
                     pid: msg.pid,
-                    value: value, // XXX
+                    value: value,
                 });
             }));
 

From 953c817c5b2c5343270dfd00ec247e6039d3c162 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 20 Dec 2022 18:03:52 +0530
Subject: [PATCH 12/58] clean up more prototype code:

* remove commented code
* serialize errors sent from http workers to the main process
* drop support for custom http headers set via config.js#httpHeaders
* websockets: only listen on localhost, respect websocketPort config in workers' proxy config
---
 lib/http-worker.js | 53 +++++++++++++++++++---------------------------
 server.js          |  2 +-
 2 files changed, 23 insertions(+), 32 deletions(-)

diff --git a/lib/http-worker.js b/lib/http-worker.js
index ef5194941..bec5d718f 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -47,9 +47,8 @@ Logger.levels.forEach(level => {
             info: info,
         }, (err) => {
             if (err) {
-                return void console.error(err); // XXX
+                return void console.error(new Error(err));
             }
-            //console.log("Log statement received"); // XXX
         });
     };
 });
@@ -57,9 +56,12 @@ Logger.levels.forEach(level => {
 const EVENTS = {};
 
 var Env = JSON.parse(process.env.Env);
-EVENTS.ENV_UPDATE = function (data /*, cb */) { // XXX
-    // XXX log?
-    Env = JSON.parse(data);
+EVENTS.ENV_UPDATE = function (data /*, cb */) {
+    try {
+        Env = JSON.parse(data);
+    } catch (err) {
+        Log.error('HTTP_WORKER_ENV_UPDATE', Util.serializeError(err));
+    }
 };
 
 EVENTS.FLUSH_CACHE = function (data /*, cb */) { // XXX
@@ -86,9 +88,6 @@ process.on('message', msg => {
     });
 */
     if (!(msg && msg.txid)) { return; }
-    //console.log('MESSAGE_RECEIVED', msg);
-
-
     if (msg.type === 'REPLY') {
         var txid = msg.txid;
         return void response.handle(txid, [msg.error, msg.value]);
@@ -100,9 +99,7 @@ process.on('message', msg => {
             return void ev(msg.data, () => {});
         }
     }
-
     console.error("UNHANDLED_MESSAGE", msg);
-
     // XXX unhandled
 });
 
@@ -120,24 +117,15 @@ var EXEMPT = [
 ];
 
 var cacheHeaders = function (Env, key, headers) {
-    if (Env.DEV_MODE) { return; } // XXX clustering
+    if (Env.DEV_MODE) { return; }
     Env[key] = headers;
 };
 
-var getHeaders = function (Env, type) { // XXX clustering
+var getHeaders = function (Env, type) {
     var key = type + 'HeadersCache';
     if (Env[key]) { return Env[key]; }
 
-    var headers = {};
-
-    var custom; // = undefined; //config.httpHeaders; // XXX drop support for this?
-    // if the admin provided valid http headers then use them
-    if (custom && typeof(custom) === 'object' && !Array.isArray(custom)) {
-        headers = Util.clone(custom);
-    } else {
-        // otherwise use the default
-        headers = Default.httpHeaders(Env);
-    }
+    var headers = Default.httpHeaders(Env);
 
     headers['Content-Security-Policy'] = type === 'office'?
         Default.padContentSecurity(Env):
@@ -195,11 +183,14 @@ app.head(/^\/common\/feedback\.html/, function (req, res, next) {
 }());
 
 const { createProxyMiddleware } = require("http-proxy-middleware");
+
+var proxyTarget = new URL('', 'ws:localhost');
+proxyTarget.port = Env.websocketPort;
+
 const wsProxy = createProxyMiddleware({
-    target: 'ws://localhost:3003', // XXX
+    target: proxyTarget.href,
     ws: true,
-    logLevel: 'error', ///silent',
-    //pathFilter: '/cryptpad_websocket',
+    logLevel: 'error',
 });
 
 app.use('/cryptpad_websocket', wsProxy);
@@ -309,7 +300,7 @@ var makeRouteCache = function (template, cacheName) {
     };
 };
 
-var serveConfig = makeRouteCache(function (/* host */) { // XXX
+var serveConfig = makeRouteCache(function () {
     return [
         'define(function(){',
         'return ' + JSON.stringify({
@@ -340,7 +331,7 @@ var serveConfig = makeRouteCache(function (/* host */) { // XXX
     ].join(';\n');
 }, 'configCache');
 
-var serveBroadcast = makeRouteCache(function (/* host */) { // XXX
+var serveBroadcast = makeRouteCache(function () {
     var maintenance = Env.maintenance;
     if (maintenance && maintenance.end && maintenance.end < (+new Date())) {
         maintenance = undefined;
@@ -365,7 +356,7 @@ var Define = function (obj) {
 });`;
 };
 
-app.get('/api/instance', function (req, res) { // XXX use caching?
+app.get('/api/instance', function (req, res) {
     res.setHeader('Content-Type', 'text/javascript');
     res.send(Define({
         name: Env.instanceName,
@@ -402,9 +393,9 @@ app.get('/api/updatequota', function (req, res) {
         res.status(404);
         return void send404(res);
     }
-    sendMessage({ // XXX test this
+    sendMessage({
         command: 'UPDATE_QUOTA',
-    }, (err /*, value */) => {
+    }, (err) => {
         if (err) {
             res.status(500);
             return void send500(res);
@@ -415,7 +406,7 @@ app.get('/api/updatequota', function (req, res) {
 
 app.get('/api/profiling', function (req, res) {
     if (!Env.enableProfiling) { return void send404(res); }
-    sendMessage({ // XXX test this
+    sendMessage({
         command: 'GET_PROFILING_DATA',
     }, (err, value) => {
         if (err) {
diff --git a/server.js b/server.js
index e215db4ee..9983ceb79 100644
--- a/server.js
+++ b/server.js
@@ -82,7 +82,7 @@ nThen(function (w) {
     }
 }).nThen(function (w) {
     Env.httpServer = Http.createServer(app);
-    Env.httpServer.listen(Env.websocketPort, '::', w(function () {
+    Env.httpServer.listen(Env.websocketPort, 'localhost', w(function () {
         Env.Log.info('WEBSOCKET_LISTENING', {
             port: Env.websocketPort,
         });

From 4968bbf9613ddec64ecb87082ee62724c4d0147e Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 11 Jan 2023 14:50:16 +0530
Subject: [PATCH 13/58] WIP limit on block size

---
 customize.dist/login.js | 2 +-
 lib/storage/block.js    | 2 ++
 lib/workers/index.js    | 7 +++++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/customize.dist/login.js b/customize.dist/login.js
index efce968ca..ce1c4eb3d 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -99,7 +99,7 @@ define([
         opt.channelHex = parsed.channel;
         opt.keys = parsed.keys;
         opt.edPublic = blockInfo.edPublic;
-        opt.User_name = blockInfo.User_name;
+        opt.User_name = blockInfo.User_name; // XXX do we actually use this? can we drop it?
         return opt;
     };
 
diff --git a/lib/storage/block.js b/lib/storage/block.js
index fb82f0e41..9f02fc02b 100644
--- a/lib/storage/block.js
+++ b/lib/storage/block.js
@@ -116,6 +116,8 @@ Block.check = function (Env, publicKey, _cb) { // 'check' because 'exists' impli
     Fs.access(path, Fs.constants.F_OK, cb);
 };
 
+Block.MAX_SIZE = 256; // XXX confirm that this is sufficient, prevent user inputs that would result in larger blocks
+
 Block.write = function (Env, publicKey, buffer, _cb) {
     var cb = Util.once(Util.mkAsync(_cb));
     var path = Block.mkPath(Env, publicKey);
diff --git a/lib/workers/index.js b/lib/workers/index.js
index 7d82eab0f..c9955c2d2 100644
--- a/lib/workers/index.js
+++ b/lib/workers/index.js
@@ -6,6 +6,7 @@ const OS = require("os");
 const { fork } = require('child_process');
 const Workers = module.exports;
 const PID = process.pid;
+const Block = require("../storage/block");
 
 const DB_PATH = 'lib/workers/db-worker';
 const MAX_JOBS = 16;
@@ -472,6 +473,12 @@ Workers.initialize = function (Env, config, _cb) {
         };
 
         Env.validateLoginBlock = function (publicKey, signature, block, cb) {
+            if (!block || !block.length || !block.length > Block.MAX_SIZE) {
+                return void setTimeout(function () {
+                    cb('E_INVALID_BLOCK_SIZE');
+                });
+            }
+
             sendCommand({
                 command: 'VALIDATE_LOGIN_BLOCK',
                 publicKey: publicKey,

From 3f18a3871419fcde7d840f90588deaee185ed3b4 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 11 Jan 2023 15:02:02 +0530
Subject: [PATCH 14/58] report http-worker RPC errors to the main process for
 logging

---
 lib/http-worker.js | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/lib/http-worker.js b/lib/http-worker.js
index bec5d718f..5e86dae49 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -11,12 +11,7 @@ const DEFAULT_QUERY_TIMEOUT = 5000;
 const PID = process.pid;
 
 const response = Util.response(function (errLabel, info) {
-    // XXX handle error
-    console.error({
-        _: '// XXX',
-        errLabel: errLabel,
-        info: info,
-    });
+    Env.Log.error(errLabel, info);
 });
 
 const guid = () => {
@@ -64,7 +59,7 @@ EVENTS.ENV_UPDATE = function (data /*, cb */) {
     }
 };
 
-EVENTS.FLUSH_CACHE = function (data /*, cb */) { // XXX
+EVENTS.FLUSH_CACHE = function (data) {
     if (typeof(data) !== 'number') {
         return Log.error('INVALID_FRESH_KEY', data);
     }
@@ -443,12 +438,13 @@ nThen(function (w) {
         server.listen(3001, w()); // if (Env.httpSafePort) {...
     }
     server.on('upgrade', function (req, socket, head) {
-        //console.log("This should only happen in a dev environment"); // XXX
+        // TODO warn admins that websockets should only be proxied in this way in a dev environment
+        // in production it's more efficient to have your reverse proxy (NGINX) directly forward
+        // websocket traffic to the correct port (Env.websocketPort)
         wsProxy.upgrade(req, socket, head);
     });
 }).nThen(function () {
-    // XXX inform the parent process that this worker is ready
-
+    // TODO inform the parent process that this worker is ready
 
 });
 

From b0d10c3777d6976a6bc6a6513c1830153a81500f Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 11 Jan 2023 15:08:16 +0530
Subject: [PATCH 15/58] oops - fix inverted not

---
 lib/workers/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/workers/index.js b/lib/workers/index.js
index c9955c2d2..96cb0e795 100644
--- a/lib/workers/index.js
+++ b/lib/workers/index.js
@@ -473,7 +473,7 @@ Workers.initialize = function (Env, config, _cb) {
         };
 
         Env.validateLoginBlock = function (publicKey, signature, block, cb) {
-            if (!block || !block.length || !block.length > Block.MAX_SIZE) {
+            if (!block || !block.length || block.length > Block.MAX_SIZE) {
                 return void setTimeout(function () {
                     cb('E_INVALID_BLOCK_SIZE');
                 });

From 8fce5bcaf6c8949986d2d7b3b8bd671605de155a Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Thu, 2 Mar 2023 12:45:38 +0530
Subject: [PATCH 16/58] use configured http ports

---
 lib/http-worker.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/http-worker.js b/lib/http-worker.js
index 5e86dae49..cad694ac2 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -433,9 +433,9 @@ app.use(function (err, req, res /*, next*/) {
 var server = Http.createServer(app);
 
 nThen(function (w) {
-    server.listen(3000, w());
+    server.listen(Env.httpPort, w());
     if (Env.httpSafePort) {
-        server.listen(3001, w()); // if (Env.httpSafePort) {...
+        server.listen(Env.httpSafePort, w());
     }
     server.on('upgrade', function (req, socket, head) {
         // TODO warn admins that websockets should only be proxied in this way in a dev environment

From 64d24f8b20e1646e6b5f61bd01d1892c8fe1e8fb Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 7 Mar 2023 11:17:46 +0530
Subject: [PATCH 17/58] clean up http-worker code and add comments

---
 lib/http-worker.js | 46 +++++++++++++++++++++++++++-------------------
 server.js          |  4 ++--
 2 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/lib/http-worker.js b/lib/http-worker.js
index cad694ac2..121471577 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -21,8 +21,6 @@ const guid = () => {
 const sendMessage = (msg, cb, opt) => {
     var txid = guid();
     var timeout = (opt && opt.timeout) || DEFAULT_QUERY_TIMEOUT;
-
-    /// XXX don't nest
     var obj = {
         pid: PID,
         txid: txid,
@@ -31,7 +29,6 @@ const sendMessage = (msg, cb, opt) => {
     response.expect(txid, cb, timeout);
     process.send(obj);
 };
-
 const Log = {};
 Logger.levels.forEach(level => {
     Log[level] = function (tag, info) {
@@ -74,14 +71,6 @@ EVENTS.FLUSH_CACHE = function (data) {
 };
 
 process.on('message', msg => {
-    // XXX
-/*
-    console.log({
-        _: 'Message from main process to worker',
-        msg: msg,
-        pid: process.pid,
-    });
-*/
     if (!(msg && msg.txid)) { return; }
     if (msg.type === 'REPLY') {
         var txid = msg.txid;
@@ -94,8 +83,7 @@ process.on('message', msg => {
             return void ev(msg.data, () => {});
         }
     }
-    console.error("UNHANDLED_MESSAGE", msg);
-    // XXX unhandled
+    console.error("UNHANDLED_MESSAGE", msg); // XXX
 });
 
 
@@ -190,10 +178,12 @@ const wsProxy = createProxyMiddleware({
 
 app.use('/cryptpad_websocket', wsProxy);
 
+
 app.use('/blob', function (req, res, next) {
-    // XXX update atime?
+/*  Head requests are used to check the size of a blob.
+    Clients can configure a maximum size to download automatically,
+    and can manually click to download blobs which exceed that limit.  */
     if (req.method === 'HEAD') {
-        console.log(`Blob head: ${req.url}`);
         Express.static(Path.resolve(Env.paths.blob), {
             setHeaders: function (res /*, path, stat */) {
                 res.set('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
@@ -202,16 +192,34 @@ app.use('/blob', function (req, res, next) {
             }
         })(req, res, next);
         return;
-    } else {
-        console.log(`Blob !head: ${req.url}`);
     }
+
+/*  Some GET requests concern the whole file,
+    others only target ranges, either:
+
+    1. a two octet prefix which encodes the length of the metadata in octets
+    2. the metadata itself, excluding the two preceding octets
+*/
+
+/*
+    // Example code to demonstrate the types of requests which are handled
+    if (req.method === 'GET') {
+        if (!req.headers.range) {
+            // metadata
+        } else {
+            // full request
+        }
+    }
+*/
+
     next();
 });
 
 app.use(function (req, res, next) {
-    // XXX update atime?
+/*  These are pre-flight requests, through which the client
+    confirms with the server that it is permitted to make the
+    actual requests which will follow */
     if (req.method === 'OPTIONS' && /\/blob\//.test(req.url)) {
-        console.log(`Blob options: ${req.url}`);
         res.setHeader('Access-Control-Allow-Origin', Env.enableEmbedding? '*': Env.permittedEmbedders);
         res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
         res.setHeader('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Access-Control-Allow-Origin');
diff --git a/server.js b/server.js
index 9983ceb79..1ea944044 100644
--- a/server.js
+++ b/server.js
@@ -107,8 +107,8 @@ nThen(function (w) {
         worker.on('message', msg => {
             if (!msg) { return; }
             var txid = msg.txid;
-            var content = msg.content; // XXX don't nest
-            if (!content) { return; } // XXX
+            var content = msg.content;
+            if (!content) { return; }
 
             var command = COMMANDS[content.command];
             if (typeof(command) !== 'function') {

From 08b6009a846c2666cd864e404174199dc10de139 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 7 Mar 2023 13:29:45 +0530
Subject: [PATCH 18/58] stop including username in login block

---
 customize.dist/login.js       | 1 -
 www/common/cryptpad-common.js | 1 -
 2 files changed, 2 deletions(-)

diff --git a/customize.dist/login.js b/customize.dist/login.js
index ce1c4eb3d..15707ca94 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -99,7 +99,6 @@ define([
         opt.channelHex = parsed.channel;
         opt.keys = parsed.keys;
         opt.edPublic = blockInfo.edPublic;
-        opt.User_name = blockInfo.User_name; // XXX do we actually use this? can we drop it?
         return opt;
     };
 
diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index f417a4507..9911a6e72 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -2068,7 +2068,6 @@ define([
         }).nThen(function (waitFor) {
             // Write the new login block
             var temp = {
-                User_name: accountName,
                 User_hash: newHash,
                 edPublic: edPublic,
             };

From d8ef2c83710341500cd983698fef9674e795f02e Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 7 Mar 2023 13:30:30 +0530
Subject: [PATCH 19/58] print login block size when it exceeds the maximum

---
 lib/workers/index.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/workers/index.js b/lib/workers/index.js
index 96cb0e795..d97f52225 100644
--- a/lib/workers/index.js
+++ b/lib/workers/index.js
@@ -475,6 +475,10 @@ Workers.initialize = function (Env, config, _cb) {
         Env.validateLoginBlock = function (publicKey, signature, block, cb) {
             if (!block || !block.length || block.length > Block.MAX_SIZE) {
                 return void setTimeout(function () {
+                    Env.Log.error('E_INVALID_BLOCK_SIZE', {
+                        size: block.length,
+                    });
+
                     cb('E_INVALID_BLOCK_SIZE');
                 });
             }

From 0b6ac69e324d2bafd58804e1ece05c2c375b5580 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 7 Mar 2023 14:02:25 +0530
Subject: [PATCH 20/58] enforce maximum username length of 64 characters

---
 www/common/common-credential.js | 11 +++++++++--
 www/register/main.js            |  7 +++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/www/common/common-credential.js b/www/common/common-credential.js
index ffbc482d6..b3be97308 100644
--- a/www/common/common-credential.js
+++ b/www/common/common-credential.js
@@ -3,7 +3,10 @@ var factory = function (AppConfig, Scrypt) {
     var Cred = {};
 
     Cred.MINIMUM_PASSWORD_LENGTH = typeof(AppConfig.minimumPasswordLength) === 'number'?
-        AppConfig.minimumPasswordLength: 8;
+        AppConfig.minimumPasswordLength: 8; // TODO 14 or higher is a decent default for 2023
+
+    Cred.MINIMUM_NAME_LENGTH = 1;
+    Cred.MAXIMUM_NAME_LENGTH = 64;
 
     // https://stackoverflow.com/questions/46155/how-to-validate-an-email-address-in-javascript
     Cred.isEmail = function (email) {
@@ -19,8 +22,12 @@ var factory = function (AppConfig, Scrypt) {
         return typeof(x) === 'string';
     };
 
+    // Maximum username length is enforced at registration time
+    // rather than in this function
+    // in order to maintain backwards compatibility with accounts
+    // that might have already registered with a longer name.
     Cred.isValidUsername = function (name) {
-        return !!(name && isString(name));
+        return !!(isString(name) && name.length >= Cred.MINIMUM_NAME_LENGTH);
     };
 
     Cred.isValidPassword = function (passwd) {
diff --git a/www/register/main.js b/www/register/main.js
index fa26f38b4..d772c770f 100644
--- a/www/register/main.js
+++ b/www/register/main.js
@@ -48,12 +48,19 @@ define([
 
         var I_REALLY_WANT_TO_USE_MY_EMAIL_FOR_MY_USERNAME = false;
         var br = function () { return h('br'); };
+        Messages.register_nameTooLong = "Usernames must be shorter than {0} characters"; // XXX
 
         var registerClick = function () {
             var uname = $uname.val().trim();
     // trim whitespace surrounding the username since it is otherwise included in key derivation
     // most people won't realize that its presence is significant
             $uname.val(uname);
+            if (uname.length > Cred.MAXIMUM_NAME_LENGTH) {
+                let nameWarning = Messages._getKey('register_nameTooLong', [ Cred.MAXIMUM_NAME_LENGTH ]);
+                return void UI.alert(nameWarning, function () {
+                    registering = false;
+                });
+            }
 
             var passwd = $passwd.val();
             var confirmPassword = $confirm.val();

From 71ad9f2688c523e744423f17b9f9878800148a07 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 10 Mar 2023 12:57:25 +0530
Subject: [PATCH 21/58] check allowed origins for blob and block URLs on
 checkup page

---
 www/checkup/main.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/www/checkup/main.js b/www/checkup/main.js
index 7748b3b22..cf4f716a9 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -1091,12 +1091,14 @@ define([
         });
     };
 
-    assert(function (cb, msg) {
-        var header = 'Access-Control-Allow-Origin';
-        var url = new URL('/', trimmedUnsafe).href;
-        Tools.common_xhr(url, function (xhr) {
-            var raw = xhr.getResponseHeader(header);
-            checkAllowedOrigins(raw, url, msg, cb);
+    ['/', '/blob/placeholder.txt', '/block/placeholder.txt'].forEach(relativeURL => {
+        assert(function (cb, msg) {
+            var header = 'Access-Control-Allow-Origin';
+            var url = new URL(relativeURL, trimmedUnsafe).href;
+            Tools.common_xhr(url, function (xhr) {
+                var raw = xhr.getResponseHeader(header);
+                checkAllowedOrigins(raw, url, msg, cb);
+            });
         });
     });
 

From cfbb5e1fc6493943ac47aba22a84af744ca2fb89 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 10 Mar 2023 13:52:03 +0530
Subject: [PATCH 22/58] WIP debug duplicated headers in production envs

---
 www/checkup/main.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/www/checkup/main.js b/www/checkup/main.js
index cf4f716a9..1743d99da 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -1177,6 +1177,19 @@ define([
         });
     });
 
+    ['/', '/blob/placeholder.txt', '/block/placeholder.txt'].forEach(relativeURL => {
+        assert(function (cb, msg) {
+            var url = new URL(relativeURL, trimmedUnsafe).href;
+            Tools.common_xhr(url, xhr => {
+                msg.appendChild(h('span', [
+                    h('p', '// XXX DEBUGGING DUPLICATED HEADERS'),
+                    h('pre', xhr.getAllResponseHeaders()),
+                ]));
+                cb(false);
+            });
+        });
+    });
+
     var POLICY_ADVISORY = " This link will be included in the home page footer and 'About CryptPad' menu. It's advised that you either provide one or disable registration.";
     var APPCONFIG_DOCS_LINK = function (key, href) {
         return h('span', [

From f96492d5b48fd37f69dba59f3929435ef2f67031 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 10 Mar 2023 14:05:21 +0530
Subject: [PATCH 23/58] fix pre tag overflow in checkup error message

---
 www/checkup/app-checkup.less | 9 +++++++++
 www/checkup/main.js          | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/www/checkup/app-checkup.less b/www/checkup/app-checkup.less
index d7be2f4c9..ae1f805db 100644
--- a/www/checkup/app-checkup.less
+++ b/www/checkup/app-checkup.less
@@ -75,6 +75,10 @@ html, body {
         padding: 5px;
         //font-size: 16px;
         border-radius: @corner;
+
+        max-width: 100%;
+        box-sizing: border-box;
+
         &.cp-danger {
             border: 1px solid @cp_alerts-danger-bg;
             background-color: @cp_alerts-danger-bg;
@@ -85,6 +89,11 @@ html, body {
             background-color: @cp_alerts-warning-bg;
             color: @cp_alerts-warning-text;
         }
+        pre.cp-raw-text {
+            overflow: auto;
+            background-color: #2222;
+        }
+
         code {
             word-break: keep-all;
             font-style: italic;
diff --git a/www/checkup/main.js b/www/checkup/main.js
index 1743d99da..2383d1f4b 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -1183,7 +1183,7 @@ define([
             Tools.common_xhr(url, xhr => {
                 msg.appendChild(h('span', [
                     h('p', '// XXX DEBUGGING DUPLICATED HEADERS'),
-                    h('pre', xhr.getAllResponseHeaders()),
+                    h('pre.cp-raw-text', xhr.getAllResponseHeaders()),
                 ]));
                 cb(false);
             });

From 95ee95ece7346af2a9d1fd63112698e2fbdd82ef Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 10 Mar 2023 14:35:54 +0530
Subject: [PATCH 24/58] more obvious message for duplicated header detection on
 checkup

---
 www/checkup/main.js | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/www/checkup/main.js b/www/checkup/main.js
index 2383d1f4b..3f40bd897 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -1177,15 +1177,43 @@ define([
         });
     });
 
+    var COMMONLY_DUPLICATED_HEADERS = [
+        'X-Content-Type-Options',
+        'Access-Control-Allow-Origin',
+        'Permissions-Policy',
+        'X-XSS-Protection',
+    ];
+
     ['/', '/blob/placeholder.txt', '/block/placeholder.txt'].forEach(relativeURL => {
         assert(function (cb, msg) {
             var url = new URL(relativeURL, trimmedUnsafe).href;
             Tools.common_xhr(url, xhr => {
+                var span = h('span', h('p', '// XXX DEBUGGING DUPLICATED HEADERS'));
+
+                var duplicated = false;
+                var pre = [];
+                COMMONLY_DUPLICATED_HEADERS.forEach(h => {
+                    var value = xhr.getResponseHeader(h);
+                    if (/,/.test(value)) {
+                        pre.push(`${h}: ${value}`);
+                        duplicated = true;
+                    }
+                });
+                if (duplicated) {
+                    span.appendChild(h('pre', pre.join('\n')));
+                }
+
+                // none of the headers should include a comma
+                // as that indicates they are duplicated
+                if (!duplicated) { return void cb(true); }
+
                 msg.appendChild(h('span', [
-                    h('p', '// XXX DEBUGGING DUPLICATED HEADERS'),
                     h('pre.cp-raw-text', xhr.getAllResponseHeaders()),
                 ]));
-                cb(false);
+                cb({
+                    duplicated,
+                    url,
+                });
             });
         });
     });

From b7a796cc6ffd52808ab7624c1e2155c90b7a505a Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 10 Mar 2023 14:37:01 +0530
Subject: [PATCH 25/58] oops

---
 www/checkup/main.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/www/checkup/main.js b/www/checkup/main.js
index 3f40bd897..517c03912 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -1207,9 +1207,7 @@ define([
                 // as that indicates they are duplicated
                 if (!duplicated) { return void cb(true); }
 
-                msg.appendChild(h('span', [
-                    h('pre.cp-raw-text', xhr.getAllResponseHeaders()),
-                ]));
+                msg.appendChild(span);
                 cb({
                     duplicated,
                     url,

From 3c6a35b713f9e14a14e64d0030abc6e94d5ec2ac Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Tue, 2 May 2023 23:35:09 +0530
Subject: [PATCH 26/58] new types of storage for challenges, MFA settings, and
 sessions

---
 lib/env.js               |  1 +
 lib/storage/basic.js     | 53 ++++++++++++++++++++++++++++++++++++++++
 lib/storage/challenge.js | 39 +++++++++++++++++++++++++++++
 lib/storage/mfa.js       | 43 ++++++++++++++++++++++++++++++++
 lib/storage/sessions.js  | 44 +++++++++++++++++++++++++++++++++
 5 files changed, 180 insertions(+)
 create mode 100644 lib/storage/basic.js
 create mode 100644 lib/storage/challenge.js
 create mode 100644 lib/storage/mfa.js
 create mode 100644 lib/storage/sessions.js

diff --git a/lib/env.js b/lib/env.js
index ecea533df..687d5bed0 100644
--- a/lib/env.js
+++ b/lib/env.js
@@ -329,6 +329,7 @@ module.exports.create = function (config) {
     paths.staging = keyOrDefaultString('blobStagingPath', './blobstage');
     paths.blob = keyOrDefaultString('blobPath', './blob');
     paths.decree = keyOrDefaultString('decreePath', './data/');
+    paths.base = keyOrDefaultString('base', './data');
     paths.archive = keyOrDefaultString('archivePath', './data/archive');
     paths.task = keyOrDefaultString('taskPath', './tasks');
 
diff --git a/lib/storage/basic.js b/lib/storage/basic.js
new file mode 100644
index 000000000..215ffc0fe
--- /dev/null
+++ b/lib/storage/basic.js
@@ -0,0 +1,53 @@
+/*  Mulfi-factor auth requires some rudimentary storage methods
+    for a number of data types:
+
+* "challenges" (described in challenge.js)
+* account settings for MFA (described in mfa.js)
+* session tokens (described in sessions.js)
+
+Each data type requires the same three simple methods:
+
+* read
+* write
+* delete
+
+These could be implemented as tables in a relational database, but committing to a relational DB
+is a big decision, so these methods are instead implemented using the filesystem, with each
+file's path and naming convention implemented outside of this module.
+
+Feel free to migrate all of these to a relational DB at some point in the future if you like.
+
+*/
+
+const Basic = module.exports;
+const Fs = require("node:fs");
+const Path = require("node:path");
+
+var pathError = (cb) => {
+    setTimeout(function () {
+        cb(new Error("INVALID_PATH"));
+    });
+};
+
+Basic.read = function (Env, path, cb) {
+    if (!path) { return void pathError(cb); }
+    Fs.readFile(path, 'utf8', (err, content) => {
+        if (err) { return void cb(err); }
+        cb(void 0, content);
+    });
+};
+
+Basic.write = function (Env, path, data, cb) {
+    if (!path) { return void pathError(cb); }
+    var dirpath = Path.dirname(path);
+    Fs.mkdir(dirpath, { recursive: true }, function (err) {
+        if (err) { return void cb(err); }
+        Fs.writeFile(path, data, cb);
+    });
+};
+
+Basic.delete = function (Env, path, cb) {
+    if (!path) { return void pathError(cb); }
+    Fs.rm(path, cb);
+};
+
diff --git a/lib/storage/challenge.js b/lib/storage/challenge.js
new file mode 100644
index 000000000..e4d9ca6c8
--- /dev/null
+++ b/lib/storage/challenge.js
@@ -0,0 +1,39 @@
+const Basic = require("./basic.js");
+const Path = require("node:path");
+
+const Challenge = module.exports;
+/*  This module manages storage used to implement a public-key authenticated
+    challenge-response protocol.
+
+    Each 'challenge' is only intended to be valid for a short period of time.
+    1. A client makes a request of the server
+    2. The server stores their request with a nonce and challenges them to sign for this request
+    3. If the client successfully signs for the request within a short window then the request is executed
+    4. Whether the signature is valid or not, the challenge is removed
+
+    Thus, we only expect challenges to remain in storage if the request was aborted or interrupted
+    for some unexpected reason.
+
+    Some form of garbage collection should be implemented in the future.
+*/
+
+const pathFromId = function (Env, id) {
+    if (!id || typeof(id) !== 'string') { return void console.error('CHALLENGE_BAD_ID', id); }
+    return Path.join(Env.paths.base, "challenges", id.slice(0, 2), id);
+};
+
+Challenge.read = function (Env, id, cb) {
+    var path = pathFromId(Env, id);
+    Basic.read(Env, path, cb);
+};
+
+Challenge.write = function (Env, id, data, cb) {
+    var path = pathFromId(Env, id);
+    Basic.write(Env, path, data, cb);
+};
+
+Challenge.delete = function (Env, id, cb) {
+    var path = pathFromId(Env, id);
+    Basic.delete(Env, path, cb);
+};
+
diff --git a/lib/storage/mfa.js b/lib/storage/mfa.js
new file mode 100644
index 000000000..0cb957817
--- /dev/null
+++ b/lib/storage/mfa.js
@@ -0,0 +1,43 @@
+const Basic = require("./basic");
+const Path = require("node:path");
+const Util  = require("../common-util");
+
+const MFA = module.exports;
+
+/*
+This module manages storage related to accounts' multi-factor authentication settings.
+
+These settings are checked every time a block is accessed, so we do as little as possible
+so that it can be accessed quickly.
+
+*/
+
+/*  The path for a given account's settings is based on the public signing key
+    which identifies its "login block". We expect that any action to create or access
+    a block will be authenticated with a challenge-response protocol, so we
+    don't bother checking the validity of an identifier in here aside from
+    ensuring that it won't throw when using string methods.
+
+*/
+var pathFromId = function (Env, id) {
+    if (!id || typeof(id) !== 'string') { return; }
+    id = Util.escapeKeyCharacters(id);
+    return Path.join(Env.paths.base, "mfa", id.slice(0, 2), `${id}.json`);
+};
+
+MFA.read = function (Env, id, cb) {
+    var path = pathFromId(Env, id);
+    Basic.read(Env, path, cb);
+};
+
+// data should be a string
+MFA.write = function (Env, id, data, cb) {
+    var path = pathFromId(Env, id);
+    Basic.write(Env, path, data, cb);
+};
+
+MFA.delete = function (Env, id, cb) {
+    var path = pathFromId(Env, id);
+    Basic.delete(Env, path, cb);
+};
+
diff --git a/lib/storage/sessions.js b/lib/storage/sessions.js
new file mode 100644
index 000000000..d9056ae4b
--- /dev/null
+++ b/lib/storage/sessions.js
@@ -0,0 +1,44 @@
+const Basic = require("./basic");
+const Path = require("node:path");
+const Nacl  = require("tweetnacl/nacl-fast");
+const Util = require("../common-util");
+
+const Sessions = module.exports;
+/*  This module manages storage for per-acccount session tokens - currently assumed to be
+    JSON Web Tokens (JWTs).
+
+    Decisions about what goes into each of those JWTs happens upstream, so the storage
+    itself is relatively unopinionated.
+
+    The key things to understand are:
+
+* valid sessions allow the holder of a given JWT to access a given "login block"
+* JWTs are signed with a key held in the server's memory. If that key leaks then it should be rotated (with the SET_BEARER_SECRET decree) to invalidate all existing JWTs. Under these conditions then all tokens signed with the old key can be removed. Garbage collection of these older tokens is not implemented.
+* it is expected that any given login-block can have multiple active sessions (for different devices, or if their browser clears its cache automatically). All sessions for a given block are stored in a per-user directory which is intended to make listing or iterating over them simple.
+* It could be desirable to expose the list of sessions to the relevant user and allow them to revoke sessions individually or en-masse, though this is not currently implemented.
+
+*/
+
+var pathFromId = function (Env, id, ref) {
+    if (!id || typeof(id) !== 'string') { return; }
+    id = Util.escapeKeyCharacters(id);
+    return Path.join(Env.paths.base, "sessions", id.slice(0, 2), id, ref);
+};
+
+Sessions.randomId = () => Nacl.util.encodeBase64(Nacl.randomBytes(24)).replace(/\//g, '-');
+
+Sessions.read = function (Env, id, ref, cb) {
+    var path = pathFromId(Env, id, ref);
+    Basic.read(Env, path, cb);
+};
+
+Sessions.write = function (Env, id, ref, data, cb) {
+    var path = pathFromId(Env, id, ref);
+    Basic.write(Env, path, data, cb);
+};
+
+Sessions.delete = function (Env, id, ref, cb) {
+    var path = pathFromId(Env, id, ref);
+    Basic.delete(Env, path, cb);
+};
+

From 987607a7d8ec3a48e11a1a24c8e804844bb9c7cb Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 3 May 2023 15:45:27 +0530
Subject: [PATCH 27/58] add new serverside dependencies for TOTP

---
 package-lock.json | 1893 ++++++++++++++++++++++++++++++++++++++++++---
 package.json      |    3 +
 2 files changed, 1808 insertions(+), 88 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8941a8f10..0f03b2329 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,12 +16,16 @@
         "fs-extra": "^7.0.0",
         "get-folder-size": "^2.0.1",
         "http-proxy-middleware": "^2.0.6",
+        "jsonwebtoken": "^9.0.0",
         "netflux-websocket": "^0.1.20",
+        "notp": "^2.0.3",
         "nthen": "0.1.8",
+        "prompt-confirm": "^2.0.4",
         "pull-stream": "^3.6.1",
         "saferphore": "0.0.1",
         "sortify": "^1.0.4",
         "stream-to-pull-stream": "^1.7.2",
+        "thirty-two": "^1.0.2",
         "tweetnacl": "~0.12.2",
         "ulimit": "0.0.2",
         "ws": "^3.3.1"
@@ -122,6 +126,345 @@
         "url": "https://github.com/sponsors/epoberezkin"
       }
     },
+    "node_modules/ansi-bgblack": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgblack/-/ansi-bgblack-0.1.1.tgz",
+      "integrity": "sha512-tp8M/NCmSr6/skdteeo9UgJ2G1rG88X3ZVNZWXUxFw4Wh0PAGaAAWQS61sfBt/1QNcwMTY3EBKOMPujwioJLaw==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bgblue": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgblue/-/ansi-bgblue-0.1.1.tgz",
+      "integrity": "sha512-R8JmX2Xv3+ichUQE99oL+LvjsyK+CDWo/BtVb4QUz3hOfmf2bdEmiDot3fQcpn2WAHW3toSRdjSLm6bgtWRDlA==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bgcyan": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgcyan/-/ansi-bgcyan-0.1.1.tgz",
+      "integrity": "sha512-6SByK9q2H978bmqzuzA5NPT1lRDXl3ODLz/DjC4URO5f/HqK7dnRKfoO/xQLx/makOz7zWIbRf6+Uf7bmaPSkQ==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bggreen": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bggreen/-/ansi-bggreen-0.1.1.tgz",
+      "integrity": "sha512-8TRtOKmIPOuxjpklrkhUbqD2NnVb4WZQuIjXrT+TGKFKzl7NrL7wuNvEap3leMt2kQaCngIN1ZzazSbJNzF+Aw==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bgmagenta": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgmagenta/-/ansi-bgmagenta-0.1.1.tgz",
+      "integrity": "sha512-UZYhobiGAlV4NiwOlKAKbkCyxOl1PPZNvdIdl/Ce5by45vwiyNdBetwHk/AjIpo1Ji9z+eE29PUBAjjfVmz5SA==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bgred": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgred/-/ansi-bgred-0.1.1.tgz",
+      "integrity": "sha512-BpPHMnYmRBhcjY5knRWKjQmPDPvYU7wrgBSW34xj7JCH9+a/SEIV7+oSYVOgMFopRIadOz9Qm4zIy+mEBvUOPA==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bgwhite": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgwhite/-/ansi-bgwhite-0.1.1.tgz",
+      "integrity": "sha512-KIF19t+HOYOorUnHTOhZpeZ3bJsjzStBG2hSGM0WZ8YQQe4c7lj9CtwnucscJDPrNwfdz6GBF+pFkVfvHBq6uw==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bgyellow": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgyellow/-/ansi-bgyellow-0.1.1.tgz",
+      "integrity": "sha512-WyRoOFSIvOeM7e7YdlSjfAV82Z6K1+VUVbygIQ7C/VGzWYuO/d30F0PG7oXeo4uSvSywR0ozixDQvtXJEorq4Q==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-black": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-black/-/ansi-black-0.1.1.tgz",
+      "integrity": "sha512-hl7re02lWus7lFOUG6zexhoF5gssAfG5whyr/fOWK9hxNjUFLTjhbU/b4UHWOh2dbJu9/STSUv+80uWYzYkbTQ==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-blue": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-blue/-/ansi-blue-0.1.1.tgz",
+      "integrity": "sha512-8Um59dYNDdQyoczlf49RgWLzYgC2H/28W3JAIyOAU/+WkMcfZmaznm+0i1ikrE0jME6Ypk9CJ9CY2+vxbPs7Fg==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-bold": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bold/-/ansi-bold-0.1.1.tgz",
+      "integrity": "sha512-wWKwcViX1E28U6FohtWOP4sHFyArELHJ2p7+3BzbibqJiuISeskq6t7JnrLisUngMF5zMhgmXVw8Equjzz9OlA==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-colors": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-0.2.0.tgz",
+      "integrity": "sha512-ScRNUT0TovnYw6+Xo3iKh6G+VXDw2Ds7ZRnMIuKBgHY02DgvT2T2K22/tc/916Fi0W/5Z1RzDaHQwnp75hqdbA==",
+      "dependencies": {
+        "ansi-bgblack": "^0.1.1",
+        "ansi-bgblue": "^0.1.1",
+        "ansi-bgcyan": "^0.1.1",
+        "ansi-bggreen": "^0.1.1",
+        "ansi-bgmagenta": "^0.1.1",
+        "ansi-bgred": "^0.1.1",
+        "ansi-bgwhite": "^0.1.1",
+        "ansi-bgyellow": "^0.1.1",
+        "ansi-black": "^0.1.1",
+        "ansi-blue": "^0.1.1",
+        "ansi-bold": "^0.1.1",
+        "ansi-cyan": "^0.1.1",
+        "ansi-dim": "^0.1.1",
+        "ansi-gray": "^0.1.1",
+        "ansi-green": "^0.1.1",
+        "ansi-grey": "^0.1.1",
+        "ansi-hidden": "^0.1.1",
+        "ansi-inverse": "^0.1.1",
+        "ansi-italic": "^0.1.1",
+        "ansi-magenta": "^0.1.1",
+        "ansi-red": "^0.1.1",
+        "ansi-reset": "^0.1.1",
+        "ansi-strikethrough": "^0.1.1",
+        "ansi-underline": "^0.1.1",
+        "ansi-white": "^0.1.1",
+        "ansi-yellow": "^0.1.1",
+        "lazy-cache": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-cyan": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-cyan/-/ansi-cyan-0.1.1.tgz",
+      "integrity": "sha512-eCjan3AVo/SxZ0/MyIYRtkpxIu/H3xZN7URr1vXVrISxeyz8fUFz0FJziamK4sS8I+t35y4rHg1b2PklyBe/7A==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-dim": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-dim/-/ansi-dim-0.1.1.tgz",
+      "integrity": "sha512-zAfb1fokXsq4BoZBkL0eK+6MfFctbzX3R4UMcoWrL1n2WHewFKentTvOZv2P11u6P4NtW/V47hVjaN7fJiefOg==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-gray": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-gray/-/ansi-gray-0.1.1.tgz",
+      "integrity": "sha512-HrgGIZUl8h2EHuZaU9hTR/cU5nhKxpVE1V6kdGsQ8e4zirElJ5fvtfc8N7Q1oq1aatO275i8pUFUCpNWCAnVWw==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-green": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-green/-/ansi-green-0.1.1.tgz",
+      "integrity": "sha512-WJ70OI4jCaMy52vGa/ypFSKFb/TrYNPaQ2xco5nUwE0C5H8piume/uAZNNdXXiMQ6DbRmiE7l8oNBHu05ZKkrw==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-grey": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-grey/-/ansi-grey-0.1.1.tgz",
+      "integrity": "sha512-+J1nM4lC+whSvf3T4jsp1KR+C63lypb+VkkwtLQMc1Dlt+nOvdZpFT0wwFTYoSlSwCcLUAaOpHF6kPkYpSa24A==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-hidden": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-hidden/-/ansi-hidden-0.1.1.tgz",
+      "integrity": "sha512-8gB1bo9ym9qZ/Obvrse1flRsfp2RE+40B23DhQcKxY+GSeaOJblLnzBOxzvmLTWbi5jNON3as7wd9rC0fNK73Q==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-inverse": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-inverse/-/ansi-inverse-0.1.1.tgz",
+      "integrity": "sha512-Kq8Z0dBRhQhDMN/Rso1Nu9niwiTsRkJncfJZXiyj7ApbfJrGrrubHXqXI37feJZkYcIx6SlTBdNCeK0OQ6X6ag==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-italic": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-italic/-/ansi-italic-0.1.1.tgz",
+      "integrity": "sha512-jreCxifSAqbaBvcibeQxcwhQDbEj7gF69XnpA6x83qbECEBaRBD1epqskrmov1z4B+zzQuEdwbWxgzvhKa+PkA==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-magenta": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-magenta/-/ansi-magenta-0.1.1.tgz",
+      "integrity": "sha512-A1Giu+HRwyWuiXKyXPw2AhG1yWZjNHWO+5mpt+P+VWYkmGRpLPry0O5gmlJQEvpjNpl4RjFV7DJQ4iozWOmkbQ==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-red": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-red/-/ansi-red-0.1.1.tgz",
+      "integrity": "sha512-ewaIr5y+9CUTGFwZfpECUbFlGcC0GCw1oqR9RI6h1gQCd9Aj2GxSckCnPsVJnmfMZbwFYE+leZGASgkWl06Jow==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-regex": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.1.tgz",
+      "integrity": "sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/ansi-reset": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-reset/-/ansi-reset-0.1.1.tgz",
+      "integrity": "sha512-n+D0qD3B+h/lP0dSwXX1SZMoXufdUVotLMwUuvXa50LtBAh3f+WV8b5nFMfLL/hgoPBUt+rG/pqqzF8krlZKcw==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-strikethrough": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-strikethrough/-/ansi-strikethrough-0.1.1.tgz",
+      "integrity": "sha512-gWkLPDvHH2pC9YEKqp8dIl0mg3sRglMPvioqGDIOXiwxjxUwIJ1gF86E2o4R5yLNh8IAkwHbaMtASkJfkQ2hIA==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-underline": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-underline/-/ansi-underline-0.1.1.tgz",
+      "integrity": "sha512-D+Bzwio/0/a0Fu5vJzrIT6bFk43TW46vXfSvzysOTEHcXOAUJTVMHWDbELIzGU4AVxVw2rCTb7YyWS4my2cSKQ==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-white": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-white/-/ansi-white-0.1.1.tgz",
+      "integrity": "sha512-DJHaF2SRzBb9wZBgqIJNjjTa7JUJTO98sHeTS1sDopyKKRopL1KpaJ20R6W2f/ZGras8bYyIZDtNwYOVXNgNFg==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-wrap": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/ansi-wrap/-/ansi-wrap-0.1.0.tgz",
+      "integrity": "sha512-ZyznvL8k/FZeQHr2T6LzcJ/+vBApDnMNZvfVFy3At0knswWd6rJ3/0Hhmpu8oqa6C92npmozs890sX9Dl6q+Qw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ansi-yellow": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-yellow/-/ansi-yellow-0.1.1.tgz",
+      "integrity": "sha512-6E3D4BQLXHLl3c/NwirWVZ+BCkMq2qsYxdeAGGOijKrx09FaqU+HktFL6QwAwNvgJiMLnv6AQ2C1gFZx0h1CBg==",
+      "dependencies": {
+        "ansi-wrap": "0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/argparse": {
       "version": "1.0.10",
       "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
@@ -144,7 +487,17 @@
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz",
       "integrity": "sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==",
-      "dev": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/arr-swap": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/arr-swap/-/arr-swap-1.0.1.tgz",
+      "integrity": "sha512-SxBKd/By8+AaREcv/ZhFqmapfpqK4kyaQkUHwmJjlczI5ZtuuT5gofKHlCrSJ4oR7zXezFhv+7zsnLEdg9uGgQ==",
+      "dependencies": {
+        "is-number": "^3.0.0"
+      },
       "engines": {
         "node": ">=0.10.0"
       }
@@ -412,6 +765,11 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/buffer-equal-constant-time": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
+      "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA=="
+    },
     "node_modules/bytes": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
@@ -517,6 +875,19 @@
         "ws": "^3.3.1"
       }
     },
+    "node_modules/choices-separator": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/choices-separator/-/choices-separator-2.0.0.tgz",
+      "integrity": "sha512-BCKlzRcP2V6X+85TSKn09oGZkO2zK2zytGyZeHvM2s+kv/ydAzJtsc+rZqYRWNlojIBfkOnPxgKXrBefTFZbTQ==",
+      "dependencies": {
+        "ansi-dim": "^0.1.1",
+        "debug": "^2.6.6",
+        "strip-color": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/class-utils": {
       "version": "0.3.6",
       "resolved": "https://registry.npmjs.org/class-utils/-/class-utils-0.3.6.tgz",
@@ -628,11 +999,32 @@
         "node": ">=0.2.5"
       }
     },
+    "node_modules/clone-deep": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-1.0.0.tgz",
+      "integrity": "sha512-hmJRX8x1QOJVV+GUjOBzi6iauhPqc9hIF6xitWRBbiPZOBb6vGo/mDRIK9P74RTKSQK7AE8B0DDWY/vpRrPmQw==",
+      "dependencies": {
+        "for-own": "^1.0.0",
+        "is-plain-object": "^2.0.4",
+        "kind-of": "^5.0.0",
+        "shallow-clone": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/clone-deep/node_modules/kind-of": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+      "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/collection-visit": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz",
       "integrity": "sha1-S8A3PBZLwykbTTaMgpzxqApZ3KA=",
-      "dev": true,
       "dependencies": {
         "map-visit": "^1.0.0",
         "object-visit": "^1.0.0"
@@ -663,8 +1055,7 @@
     "node_modules/component-emitter": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz",
-      "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==",
-      "dev": true
+      "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg=="
     },
     "node_modules/concat-map": {
       "version": "0.0.1",
@@ -736,7 +1127,6 @@
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/copy-descriptor/-/copy-descriptor-0.1.1.tgz",
       "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=",
-      "dev": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -814,7 +1204,6 @@
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz",
       "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==",
-      "dev": true,
       "dependencies": {
         "is-descriptor": "^1.0.2",
         "isobject": "^3.0.1"
@@ -929,6 +1318,14 @@
         "safer-buffer": "^2.1.0"
       }
     },
+    "node_modules/ecdsa-sig-formatter": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+      "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+      "dependencies": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
     "node_modules/ee-first": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
@@ -970,6 +1367,14 @@
         "is-arrayish": "^0.2.1"
       }
     },
+    "node_modules/error-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/error-symbol/-/error-symbol-0.1.0.tgz",
+      "integrity": "sha512-VyjaKxUmeDX/m2lxm/aknsJ1GWDWUO2Ze2Ad8S1Pb9dykAm9TjSKp5CjrNyltYqZ5W/PO6TInAmO2/BfwMyT1g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/escape-html": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
@@ -1402,7 +1807,17 @@
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz",
       "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=",
-      "dev": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/for-own": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/for-own/-/for-own-1.0.0.tgz",
+      "integrity": "sha512-0OABksIGrxKK8K4kynWkQ7y1zounQxP+CWnyclVwj81KW3vlLlGUx57DKGcP/LH216GzqnstnPocF16Nxs0Ycg==",
+      "dependencies": {
+        "for-in": "^1.0.1"
+      },
       "engines": {
         "node": ">=0.10.0"
       }
@@ -1556,7 +1971,7 @@
     "node_modules/glob-parent": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz",
-      "integrity": "sha1-nmr2KZ2NO9K9QEMIMr0RPfkGxa4=",
+      "integrity": "sha512-E8Ak/2+dZY6fnzlR7+ueWvhsH1SjHr4jjss4YS/h4py44jY9MhK/VFdaZJAWDz6BbL21KeteKxFSFpq8OS5gVA==",
       "dev": true,
       "dependencies": {
         "is-glob": "^3.1.0",
@@ -1904,6 +2319,14 @@
         "wrappy": "1"
       }
     },
+    "node_modules/info-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/info-symbol/-/info-symbol-0.1.0.tgz",
+      "integrity": "sha512-qkc9wjLDQ+dYYZnY5uJXGNNHyZ0UOMDUnhvy0SEZGVVYmQ5s4i8cPAin2MbU6OxJgi8dfj/AnwqPx0CJE6+Lsw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/inherits": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
@@ -1921,7 +2344,6 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz",
       "integrity": "sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==",
-      "dev": true,
       "dependencies": {
         "kind-of": "^6.0.0"
       },
@@ -1938,14 +2360,12 @@
     "node_modules/is-buffer": {
       "version": "1.1.6",
       "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz",
-      "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==",
-      "dev": true
+      "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w=="
     },
     "node_modules/is-data-descriptor": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz",
       "integrity": "sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==",
-      "dev": true,
       "dependencies": {
         "kind-of": "^6.0.0"
       },
@@ -1957,7 +2377,6 @@
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz",
       "integrity": "sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==",
-      "dev": true,
       "dependencies": {
         "is-accessor-descriptor": "^1.0.0",
         "is-data-descriptor": "^1.0.0",
@@ -1996,6 +2415,14 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
+      "integrity": "sha512-VHskAKYM8RfSFXwee5t5cbN5PZeq1Wrh6qd5bkyiXIf6UQcN6w/A0eXM9r6t8d+GYOh+o6ZhiEnb88LN/Y8m2w==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/is-glob": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
@@ -2011,7 +2438,6 @@
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz",
       "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=",
-      "dev": true,
       "dependencies": {
         "kind-of": "^3.0.2"
       },
@@ -2023,7 +2449,6 @@
       "version": "3.2.2",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
       "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-      "dev": true,
       "dependencies": {
         "is-buffer": "^1.1.5"
       },
@@ -2046,7 +2471,6 @@
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz",
       "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==",
-      "dev": true,
       "dependencies": {
         "isobject": "^3.0.1"
       },
@@ -2065,7 +2489,6 @@
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz",
       "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==",
-      "dev": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -2080,7 +2503,6 @@
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz",
       "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
-      "dev": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -2165,6 +2587,26 @@
         "graceful-fs": "^4.1.6"
       }
     },
+    "node_modules/jsonwebtoken": {
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.0.tgz",
+      "integrity": "sha512-tuGfYXxkQGDPnLJ7SibiQgVgeDgfbPq2k2ICcbgqW8WxWLBAxKQM/ZCu/IT8SOSwmaYl4dpTFCW5xZv7YbbWUw==",
+      "dependencies": {
+        "jws": "^3.2.2",
+        "lodash": "^4.17.21",
+        "ms": "^2.1.1",
+        "semver": "^7.3.8"
+      },
+      "engines": {
+        "node": ">=12",
+        "npm": ">=6"
+      }
+    },
+    "node_modules/jsonwebtoken/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
     "node_modules/jsprim": {
       "version": "1.4.2",
       "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz",
@@ -2223,11 +2665,48 @@
         "safe-buffer": "~5.1.0"
       }
     },
+    "node_modules/jwa": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz",
+      "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==",
+      "dependencies": {
+        "buffer-equal-constant-time": "1.0.1",
+        "ecdsa-sig-formatter": "1.0.11",
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "node_modules/jws": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
+      "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
+      "dependencies": {
+        "jwa": "^1.4.1",
+        "safe-buffer": "^5.0.1"
+      }
+    },
     "node_modules/kind-of": {
       "version": "6.0.3",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz",
       "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==",
-      "dev": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/koalas": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/koalas/-/koalas-1.0.2.tgz",
+      "integrity": "sha512-RYhBbYaTTTHId3l6fnMZc3eGQNW6FVCqMG6AMwA5I1Mafr6AflaXeoi6x3xQuATRotGYRLk6+1ELZH4dstFNOA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/lazy-cache": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-2.0.2.tgz",
+      "integrity": "sha512-7vp2Acd2+Kz4XkzxGxaB1FWOi8KjWIWsgdfD5MCb86DWvlLqhRPM+d6Pro3iNEL5VT9mstz5hKAlcd+QR6H3aA==",
+      "dependencies": {
+        "set-getter": "^0.1.0"
+      },
       "engines": {
         "node": ">=0.10.0"
       }
@@ -2307,8 +2786,7 @@
     "node_modules/lodash": {
       "version": "4.17.21",
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-      "dev": true
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
     "node_modules/lodash.merge": {
       "version": "4.6.2",
@@ -2322,11 +2800,51 @@
       "integrity": "sha1-5pfwTOXXhSL1TZM4syuBozk+TrM=",
       "dev": true
     },
+    "node_modules/log-ok": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/log-ok/-/log-ok-0.1.1.tgz",
+      "integrity": "sha512-cc8VrkS6C+9TFuYAwuHpshrcrGRAv7d0tUJ0GdM72ZBlKXtlgjUZF84O+OhQUdiVHoF7U/nVxwpjOdwUJ8d3Vg==",
+      "dependencies": {
+        "ansi-green": "^0.1.1",
+        "success-symbol": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/log-utils": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/log-utils/-/log-utils-0.2.1.tgz",
+      "integrity": "sha512-udyegKoMz9eGfpKAX//Khy7sVAZ8b1F7oLDnepZv/1/y8xTvsyPgqQrM94eG8V0vcc2BieYI2kVW4+aa6m+8Qw==",
+      "dependencies": {
+        "ansi-colors": "^0.2.0",
+        "error-symbol": "^0.1.0",
+        "info-symbol": "^0.1.0",
+        "log-ok": "^0.1.1",
+        "success-symbol": "^0.1.0",
+        "time-stamp": "^1.0.1",
+        "warning-symbol": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/looper": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/looper/-/looper-3.0.0.tgz",
       "integrity": "sha1-LvpUw7HLq6m5Su4uWRSwvlf7t0k="
     },
+    "node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/map-cache": {
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/map-cache/-/map-cache-0.2.2.tgz",
@@ -2340,7 +2858,6 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz",
       "integrity": "sha1-7Nyo8TFE5mDxtb1B8S80edmN+48=",
-      "dev": true,
       "dependencies": {
         "object-visit": "^1.0.0"
       },
@@ -2464,6 +2981,34 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/mixin-object": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/mixin-object/-/mixin-object-2.0.1.tgz",
+      "integrity": "sha512-ALGF1Jt9ouehcaXaHhn6t1yGWRqGaHkPFndtFVHfZXOvkIZ/yoGaSi0AHVTafb3ZBGg4dr/bDwnaEKqCXzchMA==",
+      "dependencies": {
+        "for-in": "^0.1.3",
+        "is-extendable": "^0.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/mixin-object/node_modules/for-in": {
+      "version": "0.1.8",
+      "resolved": "https://registry.npmjs.org/for-in/-/for-in-0.1.8.tgz",
+      "integrity": "sha512-F0to7vbBSHP8E3l6dCjxNOLuSFAACIxFy3UehTUlG7svlXi37HHsDkyVcHo0Pq8QwrE+pXvWSVX3ZT1T9wAZ9g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/mixin-object/node_modules/is-extendable": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+      "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/mkdirp": {
       "version": "0.5.6",
       "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
@@ -2482,6 +3027,11 @@
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
+    "node_modules/mute-stream": {
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz",
+      "integrity": "sha512-r65nCZhrbXXb6dXOACihYApHw2Q6pV0M3V0PSxd74N0+D8nzAdEAITq2oAjA1jVnKI+tGvEBUpqiMh0+rW6zDQ=="
+    },
     "node_modules/nanomatch": {
       "version": "1.2.13",
       "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz",
@@ -2517,6 +3067,14 @@
       "resolved": "https://registry.npmjs.org/netflux-websocket/-/netflux-websocket-0.1.21.tgz",
       "integrity": "sha512-Zjl5lefg8urC0a0T7YCPGiUgRsISZBsTZl1STylmQz8Bq4ohcZ8cP3r6VoCpeVcvJ1Y/e3ZCXPxndWlNP9Jfug=="
     },
+    "node_modules/notp": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/notp/-/notp-2.0.3.tgz",
+      "integrity": "sha512-oBig/2uqkjQ5AkBuw4QJYwkEWa/q+zHxI5/I5z6IeP2NT0alpJFsP/trrfCC+9xOAgQSZXssNi962kp5KBmypQ==",
+      "engines": {
+        "node": "> v0.6.0"
+      }
+    },
     "node_modules/nthen": {
       "version": "0.1.8",
       "resolved": "https://registry.npmjs.org/nthen/-/nthen-0.1.8.tgz",
@@ -2536,7 +3094,6 @@
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz",
       "integrity": "sha1-fn2Fi3gb18mRpBupde04EnVOmYw=",
-      "dev": true,
       "dependencies": {
         "copy-descriptor": "^0.1.0",
         "define-property": "^0.2.5",
@@ -2550,7 +3107,6 @@
       "version": "0.2.5",
       "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz",
       "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=",
-      "dev": true,
       "dependencies": {
         "is-descriptor": "^0.1.0"
       },
@@ -2562,7 +3118,6 @@
       "version": "0.1.6",
       "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz",
       "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=",
-      "dev": true,
       "dependencies": {
         "kind-of": "^3.0.2"
       },
@@ -2574,7 +3129,6 @@
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz",
       "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=",
-      "dev": true,
       "dependencies": {
         "kind-of": "^3.0.2"
       },
@@ -2586,7 +3140,6 @@
       "version": "0.1.6",
       "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz",
       "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==",
-      "dev": true,
       "dependencies": {
         "is-accessor-descriptor": "^0.1.6",
         "is-data-descriptor": "^0.1.4",
@@ -2600,7 +3153,6 @@
       "version": "5.1.0",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
       "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
-      "dev": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -2609,7 +3161,6 @@
       "version": "3.2.2",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
       "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-      "dev": true,
       "dependencies": {
         "is-buffer": "^1.1.5"
       },
@@ -2629,7 +3180,6 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/object-visit/-/object-visit-1.0.1.tgz",
       "integrity": "sha1-95xEk68MU3e1n+OdOV5BBC3QRbs=",
-      "dev": true,
       "dependencies": {
         "isobject": "^3.0.0"
       },
@@ -2788,6 +3338,14 @@
         "node": ">=6"
       }
     },
+    "node_modules/pointer-symbol": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/pointer-symbol/-/pointer-symbol-1.0.0.tgz",
+      "integrity": "sha512-pozTTFO3kG9HQWXCSTJkCgq4fBF8lUQf+5bLddTEW6v4zdjQhcBVfLmKzABEMJMA7s8jhzi0sgANIwdrf4kq+A==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/posix-character-classes": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/posix-character-classes/-/posix-character-classes-0.1.1.tgz",
@@ -2870,6 +3428,179 @@
         "asap": "~2.0.3"
       }
     },
+    "node_modules/prompt-actions": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/prompt-actions/-/prompt-actions-3.0.2.tgz",
+      "integrity": "sha512-dhz2Fl7vK+LPpmnQ/S/eSut4BnH4NZDLyddHKi5uTU/2PDn3grEMGkgsll16V5RpVUh/yxdiam0xsM0RD4xvtg==",
+      "dependencies": {
+        "debug": "^2.6.8"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/prompt-base": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/prompt-base/-/prompt-base-4.1.0.tgz",
+      "integrity": "sha512-svGzgLUKZoqomz9SGMkf1hBG8Wl3K7JGuRCXc/Pv7xw8239hhaTBXrmjt7EXA9P/QZzdyT8uNWt9F/iJTXq75g==",
+      "dependencies": {
+        "component-emitter": "^1.2.1",
+        "debug": "^3.0.1",
+        "koalas": "^1.0.2",
+        "log-utils": "^0.2.1",
+        "prompt-actions": "^3.0.2",
+        "prompt-question": "^5.0.1",
+        "readline-ui": "^2.2.3",
+        "readline-utils": "^2.2.3",
+        "static-extend": "^0.1.2"
+      },
+      "engines": {
+        "node": ">=5.0"
+      }
+    },
+    "node_modules/prompt-base/node_modules/debug": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dependencies": {
+        "ms": "^2.1.1"
+      }
+    },
+    "node_modules/prompt-base/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
+    "node_modules/prompt-choices": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/prompt-choices/-/prompt-choices-4.1.0.tgz",
+      "integrity": "sha512-ZNYLv6rW9z9n0WdwCkEuS+w5nUAGzRgtRt6GQ5aFNFz6MIcU7nHFlHOwZtzy7RQBk80KzUGPSRQphvMiQzB8pg==",
+      "dependencies": {
+        "arr-flatten": "^1.1.0",
+        "arr-swap": "^1.0.1",
+        "choices-separator": "^2.0.0",
+        "clone-deep": "^4.0.0",
+        "collection-visit": "^1.0.0",
+        "define-property": "^2.0.2",
+        "is-number": "^6.0.0",
+        "kind-of": "^6.0.2",
+        "koalas": "^1.0.2",
+        "log-utils": "^0.2.1",
+        "pointer-symbol": "^1.0.0",
+        "radio-symbol": "^2.0.0",
+        "set-value": "^3.0.0",
+        "strip-color": "^0.1.0",
+        "terminal-paginator": "^2.0.2",
+        "toggle-array": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/prompt-choices/node_modules/clone-deep": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz",
+      "integrity": "sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==",
+      "dependencies": {
+        "is-plain-object": "^2.0.4",
+        "kind-of": "^6.0.2",
+        "shallow-clone": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/prompt-choices/node_modules/is-number": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-6.0.0.tgz",
+      "integrity": "sha512-Wu1VHeILBK8KAWJUAiSZQX94GmOE45Rg6/538fKwiloUu21KncEkYGPqob2oSZ5mUT73vLGrHQjKw3KMPwfDzg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/prompt-choices/node_modules/set-value": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/set-value/-/set-value-3.0.3.tgz",
+      "integrity": "sha512-Xsn/XSatoVOGBbp5hs3UylFDs5Bi9i+ArpVJKdHPniZHoEgRniXTqHWrWrGQ0PbEClVT6WtfnBwR8CAHC9sveg==",
+      "dependencies": {
+        "is-plain-object": "^2.0.4"
+      },
+      "engines": {
+        "node": ">=6.0"
+      }
+    },
+    "node_modules/prompt-choices/node_modules/shallow-clone": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz",
+      "integrity": "sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==",
+      "dependencies": {
+        "kind-of": "^6.0.2"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/prompt-confirm": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/prompt-confirm/-/prompt-confirm-2.0.4.tgz",
+      "integrity": "sha512-X5lzbC8/kMNHdPOqQPfMKpH4VV2f7v2OTRJoN69ZYBirSwTeQaf9ZhmzPEO9ybMA0YV2Pha5MV27u2/U4ahWfg==",
+      "dependencies": {
+        "ansi-cyan": "^0.1.1",
+        "prompt-base": "^4.0.1"
+      },
+      "engines": {
+        "node": ">=6.0"
+      }
+    },
+    "node_modules/prompt-question": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/prompt-question/-/prompt-question-5.0.2.tgz",
+      "integrity": "sha512-wreaLbbu8f5+7zXds199uiT11Ojp59Z4iBi6hONlSLtsKGTvL2UY8VglcxQ3t/X4qWIxsNCg6aT4O8keO65v6Q==",
+      "dependencies": {
+        "clone-deep": "^1.0.0",
+        "debug": "^3.0.1",
+        "define-property": "^1.0.0",
+        "isobject": "^3.0.1",
+        "kind-of": "^5.0.2",
+        "koalas": "^1.0.2",
+        "prompt-choices": "^4.0.5"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/prompt-question/node_modules/debug": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dependencies": {
+        "ms": "^2.1.1"
+      }
+    },
+    "node_modules/prompt-question/node_modules/define-property": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz",
+      "integrity": "sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==",
+      "dependencies": {
+        "is-descriptor": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/prompt-question/node_modules/kind-of": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+      "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/prompt-question/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
     "node_modules/proxy-addr": {
       "version": "2.0.7",
       "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
@@ -2921,6 +3652,19 @@
         "node": ">=0.6"
       }
     },
+    "node_modules/radio-symbol": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/radio-symbol/-/radio-symbol-2.0.0.tgz",
+      "integrity": "sha512-fpuWhwGD4XG1BfUWKXhCqdguCXzGi/DDb6RzmAGZo9R75enjlx0l+ZhHF93KNG7iNpT0Vi7wEqbf8ZErbe+JtQ==",
+      "dependencies": {
+        "ansi-gray": "^0.1.1",
+        "ansi-green": "^0.1.1",
+        "is-windows": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -2955,6 +3699,58 @@
         "string_decoder": "~0.10.x"
       }
     },
+    "node_modules/readline-ui": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/readline-ui/-/readline-ui-2.2.3.tgz",
+      "integrity": "sha512-ix7jz0PxqQqcIuq3yQTHv1TOhlD2IHO74aNO+lSuXsRYm1d+pdyup1yF3zKyLK1wWZrVNGjkzw5tUegO2IDy+A==",
+      "dependencies": {
+        "component-emitter": "^1.2.1",
+        "debug": "^2.6.8",
+        "readline-utils": "^2.2.1",
+        "string-width": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/readline-utils": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/readline-utils/-/readline-utils-2.2.3.tgz",
+      "integrity": "sha512-cjFo7R7e7AaFOz2JLQ4EgsHh4+l7mw29Eu3DAEPgGeWbYQFKqyxWsL61/McC6b2oJAvn14Ea8eUms9o8ZFC1iQ==",
+      "dependencies": {
+        "arr-flatten": "^1.1.0",
+        "extend-shallow": "^2.0.1",
+        "is-buffer": "^1.1.5",
+        "is-number": "^3.0.0",
+        "is-windows": "^1.0.1",
+        "koalas": "^1.0.2",
+        "mute-stream": "0.0.7",
+        "strip-color": "^0.1.0",
+        "window-size": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/readline-utils/node_modules/extend-shallow": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
+      "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==",
+      "dependencies": {
+        "is-extendable": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/readline-utils/node_modules/is-extendable": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+      "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/regex-not": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.2.tgz",
@@ -3106,6 +3902,20 @@
         "node": ">= 6.9.0"
       }
     },
+    "node_modules/semver": {
+      "version": "7.3.8",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
+      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/send": {
       "version": "0.18.0",
       "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
@@ -3148,6 +3958,17 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/set-getter": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/set-getter/-/set-getter-0.1.1.tgz",
+      "integrity": "sha512-9sVWOy+gthr+0G9DzqqLaYNA7+5OKkSmcqjL9cBpDEaZrr3ShQlyX2cZ/O/ozE41oxn/Tt0LGEM/w4Rub3A3gw==",
+      "dependencies": {
+        "to-object-path": "^0.3.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/set-immediate-shim": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz",
@@ -3198,6 +4019,35 @@
       "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
       "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
     },
+    "node_modules/shallow-clone": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-1.0.0.tgz",
+      "integrity": "sha512-oeXreoKR/SyNJtRJMAKPDSvd28OqEwG4eR/xc856cRGBII7gX9lvAqDxusPm0846z/w/hWYjI1NpKwJ00NHzRA==",
+      "dependencies": {
+        "is-extendable": "^0.1.1",
+        "kind-of": "^5.0.0",
+        "mixin-object": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/shallow-clone/node_modules/is-extendable": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+      "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/shallow-clone/node_modules/kind-of": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+      "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/side-channel": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
@@ -3495,7 +4345,6 @@
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz",
       "integrity": "sha1-YICcOcv/VTNyJv1eC1IPNB8ftcY=",
-      "dev": true,
       "dependencies": {
         "define-property": "^0.2.5",
         "object-copy": "^0.1.0"
@@ -3508,7 +4357,6 @@
       "version": "0.2.5",
       "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz",
       "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=",
-      "dev": true,
       "dependencies": {
         "is-descriptor": "^0.1.0"
       },
@@ -3520,7 +4368,6 @@
       "version": "0.1.6",
       "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz",
       "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=",
-      "dev": true,
       "dependencies": {
         "kind-of": "^3.0.2"
       },
@@ -3532,7 +4379,6 @@
       "version": "3.2.2",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
       "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-      "dev": true,
       "dependencies": {
         "is-buffer": "^1.1.5"
       },
@@ -3544,7 +4390,6 @@
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz",
       "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=",
-      "dev": true,
       "dependencies": {
         "kind-of": "^3.0.2"
       },
@@ -3556,7 +4401,6 @@
       "version": "3.2.2",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
       "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-      "dev": true,
       "dependencies": {
         "is-buffer": "^1.1.5"
       },
@@ -3568,7 +4412,6 @@
       "version": "0.1.6",
       "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz",
       "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==",
-      "dev": true,
       "dependencies": {
         "is-accessor-descriptor": "^0.1.6",
         "is-data-descriptor": "^0.1.4",
@@ -3582,7 +4425,6 @@
       "version": "5.1.0",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
       "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
-      "dev": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -3610,6 +4452,37 @@
       "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
       "dev": true
     },
+    "node_modules/string-width": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
+      "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
+      "dependencies": {
+        "is-fullwidth-code-point": "^2.0.0",
+        "strip-ansi": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
+      "integrity": "sha512-4XaJ2zQdCzROZDivEVIDPkcQn8LMFSa8kj8Gxb/Lnwzv9A8VctNZ+lfivC/sV3ivW8ElJTERXZoPBRrZKkNKow==",
+      "dependencies": {
+        "ansi-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/strip-color": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/strip-color/-/strip-color-0.1.0.tgz",
+      "integrity": "sha512-p9LsUieSjWNNAxVCXLeilaDlmuUOrDS5/dF9znM1nZc7EGX5+zEFC0bEevsNIaldjlks+2jns5Siz6F9iK6jwA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/strip-json-comments": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-1.0.4.tgz",
@@ -3622,6 +4495,62 @@
         "node": ">=0.8.0"
       }
     },
+    "node_modules/success-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/success-symbol/-/success-symbol-0.1.0.tgz",
+      "integrity": "sha512-7S6uOTxPklNGxOSbDIg4KlVLBQw1UiGVyfCUYgYxrZUKRblUkmGj7r8xlfQoFudvqLv6Ap5gd76/IIFfI9JG2A==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/terminal-paginator": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/terminal-paginator/-/terminal-paginator-2.0.2.tgz",
+      "integrity": "sha512-IZMT5ECF9p4s+sNCV8uvZSW9E1+9zy9Ji9xz2oee8Jfo7hUFpauyjxkhfRcIH6Lu3Wdepv5D1kVRc8Hx74/LfQ==",
+      "dependencies": {
+        "debug": "^2.6.6",
+        "extend-shallow": "^2.0.1",
+        "log-utils": "^0.2.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/terminal-paginator/node_modules/extend-shallow": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
+      "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==",
+      "dependencies": {
+        "is-extendable": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/terminal-paginator/node_modules/is-extendable": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+      "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/thirty-two": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz",
+      "integrity": "sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==",
+      "engines": {
+        "node": ">=0.2.6"
+      }
+    },
+    "node_modules/time-stamp": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/time-stamp/-/time-stamp-1.1.0.tgz",
+      "integrity": "sha512-gLCeArryy2yNTRzTGKbZbloctj64jkZ57hj5zdraXue6aFgd6PmvVtEyiUU+hvU0v7q08oVv8r8ev0tRo6bvgw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/tiny-each-async": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/tiny-each-async/-/tiny-each-async-2.0.3.tgz",
@@ -3643,7 +4572,6 @@
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/to-object-path/-/to-object-path-0.3.0.tgz",
       "integrity": "sha1-KXWIt7Dn4KwI4E5nL4XB9JmeF68=",
-      "dev": true,
       "dependencies": {
         "kind-of": "^3.0.2"
       },
@@ -3655,7 +4583,6 @@
       "version": "3.2.2",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
       "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-      "dev": true,
       "dependencies": {
         "is-buffer": "^1.1.5"
       },
@@ -3691,6 +4618,17 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/toggle-array": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toggle-array/-/toggle-array-1.0.1.tgz",
+      "integrity": "sha512-TZXgboKpD5Iu0Goi8hRXuJpE06Pbo+bies4I4jnTBhlRRgyen9c37nMylnquK/ZPKXXOeh1mJ14p9QdKp+9v7A==",
+      "dependencies": {
+        "isobject": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/toidentifier": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
@@ -3937,6 +4875,40 @@
       "dev": true,
       "optional": true
     },
+    "node_modules/warning-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/warning-symbol/-/warning-symbol-0.1.0.tgz",
+      "integrity": "sha512-1S0lwbHo3kNUKA4VomBAhqn4DPjQkIKSdbOin5K7EFUQNwyIKx+wZMGXKI53RUjla8V2B8ouQduUlgtx8LoSMw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/window-size": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/window-size/-/window-size-1.1.1.tgz",
+      "integrity": "sha512-5D/9vujkmVQ7pSmc0SCBmHXbkv6eaHwXEx65MywhmUMsI8sGqJ972APq1lotfcwMKPFLuCFfL8xGHLIp7jaBmA==",
+      "dependencies": {
+        "define-property": "^1.0.0",
+        "is-number": "^3.0.0"
+      },
+      "bin": {
+        "window-size": "cli.js"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      }
+    },
+    "node_modules/window-size/node_modules/define-property": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz",
+      "integrity": "sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==",
+      "dependencies": {
+        "is-descriptor": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
@@ -3974,6 +4946,11 @@
       "engines": {
         "node": ">=4.0"
       }
+    },
+    "node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
     }
   },
   "dependencies": {
@@ -4049,6 +5026,258 @@
         "uri-js": "^4.2.2"
       }
     },
+    "ansi-bgblack": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgblack/-/ansi-bgblack-0.1.1.tgz",
+      "integrity": "sha512-tp8M/NCmSr6/skdteeo9UgJ2G1rG88X3ZVNZWXUxFw4Wh0PAGaAAWQS61sfBt/1QNcwMTY3EBKOMPujwioJLaw==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bgblue": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgblue/-/ansi-bgblue-0.1.1.tgz",
+      "integrity": "sha512-R8JmX2Xv3+ichUQE99oL+LvjsyK+CDWo/BtVb4QUz3hOfmf2bdEmiDot3fQcpn2WAHW3toSRdjSLm6bgtWRDlA==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bgcyan": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgcyan/-/ansi-bgcyan-0.1.1.tgz",
+      "integrity": "sha512-6SByK9q2H978bmqzuzA5NPT1lRDXl3ODLz/DjC4URO5f/HqK7dnRKfoO/xQLx/makOz7zWIbRf6+Uf7bmaPSkQ==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bggreen": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bggreen/-/ansi-bggreen-0.1.1.tgz",
+      "integrity": "sha512-8TRtOKmIPOuxjpklrkhUbqD2NnVb4WZQuIjXrT+TGKFKzl7NrL7wuNvEap3leMt2kQaCngIN1ZzazSbJNzF+Aw==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bgmagenta": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgmagenta/-/ansi-bgmagenta-0.1.1.tgz",
+      "integrity": "sha512-UZYhobiGAlV4NiwOlKAKbkCyxOl1PPZNvdIdl/Ce5by45vwiyNdBetwHk/AjIpo1Ji9z+eE29PUBAjjfVmz5SA==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bgred": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgred/-/ansi-bgred-0.1.1.tgz",
+      "integrity": "sha512-BpPHMnYmRBhcjY5knRWKjQmPDPvYU7wrgBSW34xj7JCH9+a/SEIV7+oSYVOgMFopRIadOz9Qm4zIy+mEBvUOPA==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bgwhite": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgwhite/-/ansi-bgwhite-0.1.1.tgz",
+      "integrity": "sha512-KIF19t+HOYOorUnHTOhZpeZ3bJsjzStBG2hSGM0WZ8YQQe4c7lj9CtwnucscJDPrNwfdz6GBF+pFkVfvHBq6uw==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bgyellow": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bgyellow/-/ansi-bgyellow-0.1.1.tgz",
+      "integrity": "sha512-WyRoOFSIvOeM7e7YdlSjfAV82Z6K1+VUVbygIQ7C/VGzWYuO/d30F0PG7oXeo4uSvSywR0ozixDQvtXJEorq4Q==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-black": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-black/-/ansi-black-0.1.1.tgz",
+      "integrity": "sha512-hl7re02lWus7lFOUG6zexhoF5gssAfG5whyr/fOWK9hxNjUFLTjhbU/b4UHWOh2dbJu9/STSUv+80uWYzYkbTQ==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-blue": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-blue/-/ansi-blue-0.1.1.tgz",
+      "integrity": "sha512-8Um59dYNDdQyoczlf49RgWLzYgC2H/28W3JAIyOAU/+WkMcfZmaznm+0i1ikrE0jME6Ypk9CJ9CY2+vxbPs7Fg==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-bold": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-bold/-/ansi-bold-0.1.1.tgz",
+      "integrity": "sha512-wWKwcViX1E28U6FohtWOP4sHFyArELHJ2p7+3BzbibqJiuISeskq6t7JnrLisUngMF5zMhgmXVw8Equjzz9OlA==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-colors": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-0.2.0.tgz",
+      "integrity": "sha512-ScRNUT0TovnYw6+Xo3iKh6G+VXDw2Ds7ZRnMIuKBgHY02DgvT2T2K22/tc/916Fi0W/5Z1RzDaHQwnp75hqdbA==",
+      "requires": {
+        "ansi-bgblack": "^0.1.1",
+        "ansi-bgblue": "^0.1.1",
+        "ansi-bgcyan": "^0.1.1",
+        "ansi-bggreen": "^0.1.1",
+        "ansi-bgmagenta": "^0.1.1",
+        "ansi-bgred": "^0.1.1",
+        "ansi-bgwhite": "^0.1.1",
+        "ansi-bgyellow": "^0.1.1",
+        "ansi-black": "^0.1.1",
+        "ansi-blue": "^0.1.1",
+        "ansi-bold": "^0.1.1",
+        "ansi-cyan": "^0.1.1",
+        "ansi-dim": "^0.1.1",
+        "ansi-gray": "^0.1.1",
+        "ansi-green": "^0.1.1",
+        "ansi-grey": "^0.1.1",
+        "ansi-hidden": "^0.1.1",
+        "ansi-inverse": "^0.1.1",
+        "ansi-italic": "^0.1.1",
+        "ansi-magenta": "^0.1.1",
+        "ansi-red": "^0.1.1",
+        "ansi-reset": "^0.1.1",
+        "ansi-strikethrough": "^0.1.1",
+        "ansi-underline": "^0.1.1",
+        "ansi-white": "^0.1.1",
+        "ansi-yellow": "^0.1.1",
+        "lazy-cache": "^2.0.1"
+      }
+    },
+    "ansi-cyan": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-cyan/-/ansi-cyan-0.1.1.tgz",
+      "integrity": "sha512-eCjan3AVo/SxZ0/MyIYRtkpxIu/H3xZN7URr1vXVrISxeyz8fUFz0FJziamK4sS8I+t35y4rHg1b2PklyBe/7A==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-dim": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-dim/-/ansi-dim-0.1.1.tgz",
+      "integrity": "sha512-zAfb1fokXsq4BoZBkL0eK+6MfFctbzX3R4UMcoWrL1n2WHewFKentTvOZv2P11u6P4NtW/V47hVjaN7fJiefOg==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-gray": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-gray/-/ansi-gray-0.1.1.tgz",
+      "integrity": "sha512-HrgGIZUl8h2EHuZaU9hTR/cU5nhKxpVE1V6kdGsQ8e4zirElJ5fvtfc8N7Q1oq1aatO275i8pUFUCpNWCAnVWw==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-green": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-green/-/ansi-green-0.1.1.tgz",
+      "integrity": "sha512-WJ70OI4jCaMy52vGa/ypFSKFb/TrYNPaQ2xco5nUwE0C5H8piume/uAZNNdXXiMQ6DbRmiE7l8oNBHu05ZKkrw==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-grey": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-grey/-/ansi-grey-0.1.1.tgz",
+      "integrity": "sha512-+J1nM4lC+whSvf3T4jsp1KR+C63lypb+VkkwtLQMc1Dlt+nOvdZpFT0wwFTYoSlSwCcLUAaOpHF6kPkYpSa24A==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-hidden": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-hidden/-/ansi-hidden-0.1.1.tgz",
+      "integrity": "sha512-8gB1bo9ym9qZ/Obvrse1flRsfp2RE+40B23DhQcKxY+GSeaOJblLnzBOxzvmLTWbi5jNON3as7wd9rC0fNK73Q==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-inverse": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-inverse/-/ansi-inverse-0.1.1.tgz",
+      "integrity": "sha512-Kq8Z0dBRhQhDMN/Rso1Nu9niwiTsRkJncfJZXiyj7ApbfJrGrrubHXqXI37feJZkYcIx6SlTBdNCeK0OQ6X6ag==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-italic": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-italic/-/ansi-italic-0.1.1.tgz",
+      "integrity": "sha512-jreCxifSAqbaBvcibeQxcwhQDbEj7gF69XnpA6x83qbECEBaRBD1epqskrmov1z4B+zzQuEdwbWxgzvhKa+PkA==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-magenta": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-magenta/-/ansi-magenta-0.1.1.tgz",
+      "integrity": "sha512-A1Giu+HRwyWuiXKyXPw2AhG1yWZjNHWO+5mpt+P+VWYkmGRpLPry0O5gmlJQEvpjNpl4RjFV7DJQ4iozWOmkbQ==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-red": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-red/-/ansi-red-0.1.1.tgz",
+      "integrity": "sha512-ewaIr5y+9CUTGFwZfpECUbFlGcC0GCw1oqR9RI6h1gQCd9Aj2GxSckCnPsVJnmfMZbwFYE+leZGASgkWl06Jow==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-regex": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.1.tgz",
+      "integrity": "sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw=="
+    },
+    "ansi-reset": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-reset/-/ansi-reset-0.1.1.tgz",
+      "integrity": "sha512-n+D0qD3B+h/lP0dSwXX1SZMoXufdUVotLMwUuvXa50LtBAh3f+WV8b5nFMfLL/hgoPBUt+rG/pqqzF8krlZKcw==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-strikethrough": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-strikethrough/-/ansi-strikethrough-0.1.1.tgz",
+      "integrity": "sha512-gWkLPDvHH2pC9YEKqp8dIl0mg3sRglMPvioqGDIOXiwxjxUwIJ1gF86E2o4R5yLNh8IAkwHbaMtASkJfkQ2hIA==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-underline": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-underline/-/ansi-underline-0.1.1.tgz",
+      "integrity": "sha512-D+Bzwio/0/a0Fu5vJzrIT6bFk43TW46vXfSvzysOTEHcXOAUJTVMHWDbELIzGU4AVxVw2rCTb7YyWS4my2cSKQ==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-white": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-white/-/ansi-white-0.1.1.tgz",
+      "integrity": "sha512-DJHaF2SRzBb9wZBgqIJNjjTa7JUJTO98sHeTS1sDopyKKRopL1KpaJ20R6W2f/ZGras8bYyIZDtNwYOVXNgNFg==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
+    "ansi-wrap": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/ansi-wrap/-/ansi-wrap-0.1.0.tgz",
+      "integrity": "sha512-ZyznvL8k/FZeQHr2T6LzcJ/+vBApDnMNZvfVFy3At0knswWd6rJ3/0Hhmpu8oqa6C92npmozs890sX9Dl6q+Qw=="
+    },
+    "ansi-yellow": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-yellow/-/ansi-yellow-0.1.1.tgz",
+      "integrity": "sha512-6E3D4BQLXHLl3c/NwirWVZ+BCkMq2qsYxdeAGGOijKrx09FaqU+HktFL6QwAwNvgJiMLnv6AQ2C1gFZx0h1CBg==",
+      "requires": {
+        "ansi-wrap": "0.1.0"
+      }
+    },
     "argparse": {
       "version": "1.0.10",
       "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
@@ -4067,8 +5296,15 @@
     "arr-flatten": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz",
-      "integrity": "sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==",
-      "dev": true
+      "integrity": "sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg=="
+    },
+    "arr-swap": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/arr-swap/-/arr-swap-1.0.1.tgz",
+      "integrity": "sha512-SxBKd/By8+AaREcv/ZhFqmapfpqK4kyaQkUHwmJjlczI5ZtuuT5gofKHlCrSJ4oR7zXezFhv+7zsnLEdg9uGgQ==",
+      "requires": {
+        "is-number": "^3.0.0"
+      }
     },
     "arr-union": {
       "version": "3.1.0",
@@ -4289,6 +5525,11 @@
         }
       }
     },
+    "buffer-equal-constant-time": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
+      "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA=="
+    },
     "bytes": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
@@ -4376,6 +5617,16 @@
         "ws": "^3.3.1"
       }
     },
+    "choices-separator": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/choices-separator/-/choices-separator-2.0.0.tgz",
+      "integrity": "sha512-BCKlzRcP2V6X+85TSKn09oGZkO2zK2zytGyZeHvM2s+kv/ydAzJtsc+rZqYRWNlojIBfkOnPxgKXrBefTFZbTQ==",
+      "requires": {
+        "ansi-dim": "^0.1.1",
+        "debug": "^2.6.6",
+        "strip-color": "^0.1.0"
+      }
+    },
     "class-utils": {
       "version": "0.3.6",
       "resolved": "https://registry.npmjs.org/class-utils/-/class-utils-0.3.6.tgz",
@@ -4466,11 +5717,28 @@
         "glob": "^7.1.1"
       }
     },
+    "clone-deep": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-1.0.0.tgz",
+      "integrity": "sha512-hmJRX8x1QOJVV+GUjOBzi6iauhPqc9hIF6xitWRBbiPZOBb6vGo/mDRIK9P74RTKSQK7AE8B0DDWY/vpRrPmQw==",
+      "requires": {
+        "for-own": "^1.0.0",
+        "is-plain-object": "^2.0.4",
+        "kind-of": "^5.0.0",
+        "shallow-clone": "^1.0.0"
+      },
+      "dependencies": {
+        "kind-of": {
+          "version": "5.1.0",
+          "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+          "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw=="
+        }
+      }
+    },
     "collection-visit": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz",
       "integrity": "sha1-S8A3PBZLwykbTTaMgpzxqApZ3KA=",
-      "dev": true,
       "requires": {
         "map-visit": "^1.0.0",
         "object-visit": "^1.0.0"
@@ -4495,8 +5763,7 @@
     "component-emitter": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz",
-      "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==",
-      "dev": true
+      "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg=="
     },
     "concat-map": {
       "version": "0.0.1",
@@ -4546,8 +5813,7 @@
     "copy-descriptor": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/copy-descriptor/-/copy-descriptor-0.1.1.tgz",
-      "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=",
-      "dev": true
+      "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40="
     },
     "core-util-is": {
       "version": "1.0.3",
@@ -4607,7 +5873,6 @@
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz",
       "integrity": "sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==",
-      "dev": true,
       "requires": {
         "is-descriptor": "^1.0.2",
         "isobject": "^3.0.1"
@@ -4699,6 +5964,14 @@
         "safer-buffer": "^2.1.0"
       }
     },
+    "ecdsa-sig-formatter": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+      "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
     "ee-first": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
@@ -4734,6 +6007,11 @@
         "is-arrayish": "^0.2.1"
       }
     },
+    "error-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/error-symbol/-/error-symbol-0.1.0.tgz",
+      "integrity": "sha512-VyjaKxUmeDX/m2lxm/aknsJ1GWDWUO2Ze2Ad8S1Pb9dykAm9TjSKp5CjrNyltYqZ5W/PO6TInAmO2/BfwMyT1g=="
+    },
     "escape-html": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
@@ -5063,8 +6341,15 @@
     "for-in": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz",
-      "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=",
-      "dev": true
+      "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA="
+    },
+    "for-own": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/for-own/-/for-own-1.0.0.tgz",
+      "integrity": "sha512-0OABksIGrxKK8K4kynWkQ7y1zounQxP+CWnyclVwj81KW3vlLlGUx57DKGcP/LH216GzqnstnPocF16Nxs0Ycg==",
+      "requires": {
+        "for-in": "^1.0.1"
+      }
     },
     "forever-agent": {
       "version": "0.6.1",
@@ -5193,7 +6478,7 @@
     "glob-parent": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz",
-      "integrity": "sha1-nmr2KZ2NO9K9QEMIMr0RPfkGxa4=",
+      "integrity": "sha512-E8Ak/2+dZY6fnzlR7+ueWvhsH1SjHr4jjss4YS/h4py44jY9MhK/VFdaZJAWDz6BbL21KeteKxFSFpq8OS5gVA==",
       "dev": true,
       "requires": {
         "is-glob": "^3.1.0",
@@ -5453,6 +6738,11 @@
         "wrappy": "1"
       }
     },
+    "info-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/info-symbol/-/info-symbol-0.1.0.tgz",
+      "integrity": "sha512-qkc9wjLDQ+dYYZnY5uJXGNNHyZ0UOMDUnhvy0SEZGVVYmQ5s4i8cPAin2MbU6OxJgi8dfj/AnwqPx0CJE6+Lsw=="
+    },
     "inherits": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
@@ -5467,7 +6757,6 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz",
       "integrity": "sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==",
-      "dev": true,
       "requires": {
         "kind-of": "^6.0.0"
       }
@@ -5481,14 +6770,12 @@
     "is-buffer": {
       "version": "1.1.6",
       "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz",
-      "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==",
-      "dev": true
+      "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w=="
     },
     "is-data-descriptor": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz",
       "integrity": "sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==",
-      "dev": true,
       "requires": {
         "kind-of": "^6.0.0"
       }
@@ -5497,7 +6784,6 @@
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz",
       "integrity": "sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==",
-      "dev": true,
       "requires": {
         "is-accessor-descriptor": "^1.0.0",
         "is-data-descriptor": "^1.0.0",
@@ -5524,6 +6810,11 @@
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
       "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI="
     },
+    "is-fullwidth-code-point": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
+      "integrity": "sha512-VHskAKYM8RfSFXwee5t5cbN5PZeq1Wrh6qd5bkyiXIf6UQcN6w/A0eXM9r6t8d+GYOh+o6ZhiEnb88LN/Y8m2w=="
+    },
     "is-glob": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
@@ -5536,7 +6827,6 @@
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz",
       "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=",
-      "dev": true,
       "requires": {
         "kind-of": "^3.0.2"
       },
@@ -5545,7 +6835,6 @@
           "version": "3.2.2",
           "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
           "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-          "dev": true,
           "requires": {
             "is-buffer": "^1.1.5"
           }
@@ -5561,7 +6850,6 @@
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz",
       "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==",
-      "dev": true,
       "requires": {
         "isobject": "^3.0.1"
       }
@@ -5576,8 +6864,7 @@
     "is-windows": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz",
-      "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==",
-      "dev": true
+      "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA=="
     },
     "isarray": {
       "version": "0.0.1",
@@ -5588,8 +6875,7 @@
     "isobject": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz",
-      "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
-      "dev": true
+      "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8="
     },
     "isstream": {
       "version": "0.1.2",
@@ -5665,6 +6951,24 @@
         "graceful-fs": "^4.1.6"
       }
     },
+    "jsonwebtoken": {
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.0.tgz",
+      "integrity": "sha512-tuGfYXxkQGDPnLJ7SibiQgVgeDgfbPq2k2ICcbgqW8WxWLBAxKQM/ZCu/IT8SOSwmaYl4dpTFCW5xZv7YbbWUw==",
+      "requires": {
+        "jws": "^3.2.2",
+        "lodash": "^4.17.21",
+        "ms": "^2.1.1",
+        "semver": "^7.3.8"
+      },
+      "dependencies": {
+        "ms": {
+          "version": "2.1.3",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+        }
+      }
+    },
     "jsprim": {
       "version": "1.4.2",
       "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz",
@@ -5722,11 +7026,42 @@
         }
       }
     },
+    "jwa": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz",
+      "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==",
+      "requires": {
+        "buffer-equal-constant-time": "1.0.1",
+        "ecdsa-sig-formatter": "1.0.11",
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "jws": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
+      "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
+      "requires": {
+        "jwa": "^1.4.1",
+        "safe-buffer": "^5.0.1"
+      }
+    },
     "kind-of": {
       "version": "6.0.3",
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz",
-      "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==",
-      "dev": true
+      "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw=="
+    },
+    "koalas": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/koalas/-/koalas-1.0.2.tgz",
+      "integrity": "sha512-RYhBbYaTTTHId3l6fnMZc3eGQNW6FVCqMG6AMwA5I1Mafr6AflaXeoi6x3xQuATRotGYRLk6+1ELZH4dstFNOA=="
+    },
+    "lazy-cache": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-2.0.2.tgz",
+      "integrity": "sha512-7vp2Acd2+Kz4XkzxGxaB1FWOi8KjWIWsgdfD5MCb86DWvlLqhRPM+d6Pro3iNEL5VT9mstz5hKAlcd+QR6H3aA==",
+      "requires": {
+        "set-getter": "^0.1.0"
+      }
     },
     "less": {
       "version": "3.7.1",
@@ -5787,8 +7122,7 @@
     "lodash": {
       "version": "4.17.21",
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-      "dev": true
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
     "lodash.merge": {
       "version": "4.6.2",
@@ -5802,11 +7136,42 @@
       "integrity": "sha1-5pfwTOXXhSL1TZM4syuBozk+TrM=",
       "dev": true
     },
+    "log-ok": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/log-ok/-/log-ok-0.1.1.tgz",
+      "integrity": "sha512-cc8VrkS6C+9TFuYAwuHpshrcrGRAv7d0tUJ0GdM72ZBlKXtlgjUZF84O+OhQUdiVHoF7U/nVxwpjOdwUJ8d3Vg==",
+      "requires": {
+        "ansi-green": "^0.1.1",
+        "success-symbol": "^0.1.0"
+      }
+    },
+    "log-utils": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/log-utils/-/log-utils-0.2.1.tgz",
+      "integrity": "sha512-udyegKoMz9eGfpKAX//Khy7sVAZ8b1F7oLDnepZv/1/y8xTvsyPgqQrM94eG8V0vcc2BieYI2kVW4+aa6m+8Qw==",
+      "requires": {
+        "ansi-colors": "^0.2.0",
+        "error-symbol": "^0.1.0",
+        "info-symbol": "^0.1.0",
+        "log-ok": "^0.1.1",
+        "success-symbol": "^0.1.0",
+        "time-stamp": "^1.0.1",
+        "warning-symbol": "^0.1.0"
+      }
+    },
     "looper": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/looper/-/looper-3.0.0.tgz",
       "integrity": "sha1-LvpUw7HLq6m5Su4uWRSwvlf7t0k="
     },
+    "lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "requires": {
+        "yallist": "^4.0.0"
+      }
+    },
     "map-cache": {
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/map-cache/-/map-cache-0.2.2.tgz",
@@ -5817,7 +7182,6 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/map-visit/-/map-visit-1.0.0.tgz",
       "integrity": "sha1-7Nyo8TFE5mDxtb1B8S80edmN+48=",
-      "dev": true,
       "requires": {
         "object-visit": "^1.0.0"
       }
@@ -5908,6 +7272,27 @@
         "is-extendable": "^1.0.1"
       }
     },
+    "mixin-object": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/mixin-object/-/mixin-object-2.0.1.tgz",
+      "integrity": "sha512-ALGF1Jt9ouehcaXaHhn6t1yGWRqGaHkPFndtFVHfZXOvkIZ/yoGaSi0AHVTafb3ZBGg4dr/bDwnaEKqCXzchMA==",
+      "requires": {
+        "for-in": "^0.1.3",
+        "is-extendable": "^0.1.1"
+      },
+      "dependencies": {
+        "for-in": {
+          "version": "0.1.8",
+          "resolved": "https://registry.npmjs.org/for-in/-/for-in-0.1.8.tgz",
+          "integrity": "sha512-F0to7vbBSHP8E3l6dCjxNOLuSFAACIxFy3UehTUlG7svlXi37HHsDkyVcHo0Pq8QwrE+pXvWSVX3ZT1T9wAZ9g=="
+        },
+        "is-extendable": {
+          "version": "0.1.1",
+          "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+          "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw=="
+        }
+      }
+    },
     "mkdirp": {
       "version": "0.5.6",
       "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
@@ -5923,6 +7308,11 @@
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
+    "mute-stream": {
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz",
+      "integrity": "sha512-r65nCZhrbXXb6dXOACihYApHw2Q6pV0M3V0PSxd74N0+D8nzAdEAITq2oAjA1jVnKI+tGvEBUpqiMh0+rW6zDQ=="
+    },
     "nanomatch": {
       "version": "1.2.13",
       "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz",
@@ -5952,6 +7342,11 @@
       "resolved": "https://registry.npmjs.org/netflux-websocket/-/netflux-websocket-0.1.21.tgz",
       "integrity": "sha512-Zjl5lefg8urC0a0T7YCPGiUgRsISZBsTZl1STylmQz8Bq4ohcZ8cP3r6VoCpeVcvJ1Y/e3ZCXPxndWlNP9Jfug=="
     },
+    "notp": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/notp/-/notp-2.0.3.tgz",
+      "integrity": "sha512-oBig/2uqkjQ5AkBuw4QJYwkEWa/q+zHxI5/I5z6IeP2NT0alpJFsP/trrfCC+9xOAgQSZXssNi962kp5KBmypQ=="
+    },
     "nthen": {
       "version": "0.1.8",
       "resolved": "https://registry.npmjs.org/nthen/-/nthen-0.1.8.tgz",
@@ -5968,7 +7363,6 @@
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz",
       "integrity": "sha1-fn2Fi3gb18mRpBupde04EnVOmYw=",
-      "dev": true,
       "requires": {
         "copy-descriptor": "^0.1.0",
         "define-property": "^0.2.5",
@@ -5979,7 +7373,6 @@
           "version": "0.2.5",
           "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz",
           "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=",
-          "dev": true,
           "requires": {
             "is-descriptor": "^0.1.0"
           }
@@ -5988,7 +7381,6 @@
           "version": "0.1.6",
           "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz",
           "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=",
-          "dev": true,
           "requires": {
             "kind-of": "^3.0.2"
           }
@@ -5997,7 +7389,6 @@
           "version": "0.1.4",
           "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz",
           "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=",
-          "dev": true,
           "requires": {
             "kind-of": "^3.0.2"
           }
@@ -6006,7 +7397,6 @@
           "version": "0.1.6",
           "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz",
           "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==",
-          "dev": true,
           "requires": {
             "is-accessor-descriptor": "^0.1.6",
             "is-data-descriptor": "^0.1.4",
@@ -6016,8 +7406,7 @@
             "kind-of": {
               "version": "5.1.0",
               "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
-              "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
-              "dev": true
+              "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw=="
             }
           }
         },
@@ -6025,7 +7414,6 @@
           "version": "3.2.2",
           "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
           "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-          "dev": true,
           "requires": {
             "is-buffer": "^1.1.5"
           }
@@ -6041,7 +7429,6 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/object-visit/-/object-visit-1.0.1.tgz",
       "integrity": "sha1-95xEk68MU3e1n+OdOV5BBC3QRbs=",
-      "dev": true,
       "requires": {
         "isobject": "^3.0.0"
       }
@@ -6163,6 +7550,11 @@
       "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
       "dev": true
     },
+    "pointer-symbol": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/pointer-symbol/-/pointer-symbol-1.0.0.tgz",
+      "integrity": "sha512-pozTTFO3kG9HQWXCSTJkCgq4fBF8lUQf+5bLddTEW6v4zdjQhcBVfLmKzABEMJMA7s8jhzi0sgANIwdrf4kq+A=="
+    },
     "posix-character-classes": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/posix-character-classes/-/posix-character-classes-0.1.1.tgz",
@@ -6226,6 +7618,152 @@
         "asap": "~2.0.3"
       }
     },
+    "prompt-actions": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/prompt-actions/-/prompt-actions-3.0.2.tgz",
+      "integrity": "sha512-dhz2Fl7vK+LPpmnQ/S/eSut4BnH4NZDLyddHKi5uTU/2PDn3grEMGkgsll16V5RpVUh/yxdiam0xsM0RD4xvtg==",
+      "requires": {
+        "debug": "^2.6.8"
+      }
+    },
+    "prompt-base": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/prompt-base/-/prompt-base-4.1.0.tgz",
+      "integrity": "sha512-svGzgLUKZoqomz9SGMkf1hBG8Wl3K7JGuRCXc/Pv7xw8239hhaTBXrmjt7EXA9P/QZzdyT8uNWt9F/iJTXq75g==",
+      "requires": {
+        "component-emitter": "^1.2.1",
+        "debug": "^3.0.1",
+        "koalas": "^1.0.2",
+        "log-utils": "^0.2.1",
+        "prompt-actions": "^3.0.2",
+        "prompt-question": "^5.0.1",
+        "readline-ui": "^2.2.3",
+        "readline-utils": "^2.2.3",
+        "static-extend": "^0.1.2"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.2.7",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+          "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "ms": {
+          "version": "2.1.3",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+        }
+      }
+    },
+    "prompt-choices": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/prompt-choices/-/prompt-choices-4.1.0.tgz",
+      "integrity": "sha512-ZNYLv6rW9z9n0WdwCkEuS+w5nUAGzRgtRt6GQ5aFNFz6MIcU7nHFlHOwZtzy7RQBk80KzUGPSRQphvMiQzB8pg==",
+      "requires": {
+        "arr-flatten": "^1.1.0",
+        "arr-swap": "^1.0.1",
+        "choices-separator": "^2.0.0",
+        "clone-deep": "^4.0.0",
+        "collection-visit": "^1.0.0",
+        "define-property": "^2.0.2",
+        "is-number": "^6.0.0",
+        "kind-of": "^6.0.2",
+        "koalas": "^1.0.2",
+        "log-utils": "^0.2.1",
+        "pointer-symbol": "^1.0.0",
+        "radio-symbol": "^2.0.0",
+        "set-value": "^3.0.0",
+        "strip-color": "^0.1.0",
+        "terminal-paginator": "^2.0.2",
+        "toggle-array": "^1.0.1"
+      },
+      "dependencies": {
+        "clone-deep": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz",
+          "integrity": "sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==",
+          "requires": {
+            "is-plain-object": "^2.0.4",
+            "kind-of": "^6.0.2",
+            "shallow-clone": "^3.0.0"
+          }
+        },
+        "is-number": {
+          "version": "6.0.0",
+          "resolved": "https://registry.npmjs.org/is-number/-/is-number-6.0.0.tgz",
+          "integrity": "sha512-Wu1VHeILBK8KAWJUAiSZQX94GmOE45Rg6/538fKwiloUu21KncEkYGPqob2oSZ5mUT73vLGrHQjKw3KMPwfDzg=="
+        },
+        "set-value": {
+          "version": "3.0.3",
+          "resolved": "https://registry.npmjs.org/set-value/-/set-value-3.0.3.tgz",
+          "integrity": "sha512-Xsn/XSatoVOGBbp5hs3UylFDs5Bi9i+ArpVJKdHPniZHoEgRniXTqHWrWrGQ0PbEClVT6WtfnBwR8CAHC9sveg==",
+          "requires": {
+            "is-plain-object": "^2.0.4"
+          }
+        },
+        "shallow-clone": {
+          "version": "3.0.1",
+          "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz",
+          "integrity": "sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==",
+          "requires": {
+            "kind-of": "^6.0.2"
+          }
+        }
+      }
+    },
+    "prompt-confirm": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/prompt-confirm/-/prompt-confirm-2.0.4.tgz",
+      "integrity": "sha512-X5lzbC8/kMNHdPOqQPfMKpH4VV2f7v2OTRJoN69ZYBirSwTeQaf9ZhmzPEO9ybMA0YV2Pha5MV27u2/U4ahWfg==",
+      "requires": {
+        "ansi-cyan": "^0.1.1",
+        "prompt-base": "^4.0.1"
+      }
+    },
+    "prompt-question": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/prompt-question/-/prompt-question-5.0.2.tgz",
+      "integrity": "sha512-wreaLbbu8f5+7zXds199uiT11Ojp59Z4iBi6hONlSLtsKGTvL2UY8VglcxQ3t/X4qWIxsNCg6aT4O8keO65v6Q==",
+      "requires": {
+        "clone-deep": "^1.0.0",
+        "debug": "^3.0.1",
+        "define-property": "^1.0.0",
+        "isobject": "^3.0.1",
+        "kind-of": "^5.0.2",
+        "koalas": "^1.0.2",
+        "prompt-choices": "^4.0.5"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.2.7",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+          "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "define-property": {
+          "version": "1.0.0",
+          "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz",
+          "integrity": "sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==",
+          "requires": {
+            "is-descriptor": "^1.0.0"
+          }
+        },
+        "kind-of": {
+          "version": "5.1.0",
+          "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+          "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw=="
+        },
+        "ms": {
+          "version": "2.1.3",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+        }
+      }
+    },
     "proxy-addr": {
       "version": "2.0.7",
       "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
@@ -6268,6 +7806,16 @@
       "dev": true,
       "optional": true
     },
+    "radio-symbol": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/radio-symbol/-/radio-symbol-2.0.0.tgz",
+      "integrity": "sha512-fpuWhwGD4XG1BfUWKXhCqdguCXzGi/DDb6RzmAGZo9R75enjlx0l+ZhHF93KNG7iNpT0Vi7wEqbf8ZErbe+JtQ==",
+      "requires": {
+        "ansi-gray": "^0.1.1",
+        "ansi-green": "^0.1.1",
+        "is-windows": "^1.0.1"
+      }
+    },
     "range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -6296,6 +7844,48 @@
         "string_decoder": "~0.10.x"
       }
     },
+    "readline-ui": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/readline-ui/-/readline-ui-2.2.3.tgz",
+      "integrity": "sha512-ix7jz0PxqQqcIuq3yQTHv1TOhlD2IHO74aNO+lSuXsRYm1d+pdyup1yF3zKyLK1wWZrVNGjkzw5tUegO2IDy+A==",
+      "requires": {
+        "component-emitter": "^1.2.1",
+        "debug": "^2.6.8",
+        "readline-utils": "^2.2.1",
+        "string-width": "^2.0.0"
+      }
+    },
+    "readline-utils": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/readline-utils/-/readline-utils-2.2.3.tgz",
+      "integrity": "sha512-cjFo7R7e7AaFOz2JLQ4EgsHh4+l7mw29Eu3DAEPgGeWbYQFKqyxWsL61/McC6b2oJAvn14Ea8eUms9o8ZFC1iQ==",
+      "requires": {
+        "arr-flatten": "^1.1.0",
+        "extend-shallow": "^2.0.1",
+        "is-buffer": "^1.1.5",
+        "is-number": "^3.0.0",
+        "is-windows": "^1.0.1",
+        "koalas": "^1.0.2",
+        "mute-stream": "0.0.7",
+        "strip-color": "^0.1.0",
+        "window-size": "^1.1.0"
+      },
+      "dependencies": {
+        "extend-shallow": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
+          "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==",
+          "requires": {
+            "is-extendable": "^0.1.0"
+          }
+        },
+        "is-extendable": {
+          "version": "0.1.1",
+          "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+          "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw=="
+        }
+      }
+    },
     "regex-not": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.2.tgz",
@@ -6421,6 +8011,14 @@
         "xml2js": "^0.4.17"
       }
     },
+    "semver": {
+      "version": "7.3.8",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
+      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "requires": {
+        "lru-cache": "^6.0.0"
+      }
+    },
     "send": {
       "version": "0.18.0",
       "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
@@ -6459,6 +8057,14 @@
         "send": "0.18.0"
       }
     },
+    "set-getter": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/set-getter/-/set-getter-0.1.1.tgz",
+      "integrity": "sha512-9sVWOy+gthr+0G9DzqqLaYNA7+5OKkSmcqjL9cBpDEaZrr3ShQlyX2cZ/O/ozE41oxn/Tt0LGEM/w4Rub3A3gw==",
+      "requires": {
+        "to-object-path": "^0.3.0"
+      }
+    },
     "set-immediate-shim": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz",
@@ -6499,6 +8105,28 @@
       "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
       "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
     },
+    "shallow-clone": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-1.0.0.tgz",
+      "integrity": "sha512-oeXreoKR/SyNJtRJMAKPDSvd28OqEwG4eR/xc856cRGBII7gX9lvAqDxusPm0846z/w/hWYjI1NpKwJ00NHzRA==",
+      "requires": {
+        "is-extendable": "^0.1.1",
+        "kind-of": "^5.0.0",
+        "mixin-object": "^2.0.1"
+      },
+      "dependencies": {
+        "is-extendable": {
+          "version": "0.1.1",
+          "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+          "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw=="
+        },
+        "kind-of": {
+          "version": "5.1.0",
+          "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+          "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw=="
+        }
+      }
+    },
     "side-channel": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
@@ -6741,7 +8369,6 @@
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/static-extend/-/static-extend-0.1.2.tgz",
       "integrity": "sha1-YICcOcv/VTNyJv1eC1IPNB8ftcY=",
-      "dev": true,
       "requires": {
         "define-property": "^0.2.5",
         "object-copy": "^0.1.0"
@@ -6751,7 +8378,6 @@
           "version": "0.2.5",
           "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz",
           "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=",
-          "dev": true,
           "requires": {
             "is-descriptor": "^0.1.0"
           }
@@ -6760,7 +8386,6 @@
           "version": "0.1.6",
           "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz",
           "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=",
-          "dev": true,
           "requires": {
             "kind-of": "^3.0.2"
           },
@@ -6769,7 +8394,6 @@
               "version": "3.2.2",
               "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
               "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-              "dev": true,
               "requires": {
                 "is-buffer": "^1.1.5"
               }
@@ -6780,7 +8404,6 @@
           "version": "0.1.4",
           "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz",
           "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=",
-          "dev": true,
           "requires": {
             "kind-of": "^3.0.2"
           },
@@ -6789,7 +8412,6 @@
               "version": "3.2.2",
               "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
               "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-              "dev": true,
               "requires": {
                 "is-buffer": "^1.1.5"
               }
@@ -6800,7 +8422,6 @@
           "version": "0.1.6",
           "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz",
           "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==",
-          "dev": true,
           "requires": {
             "is-accessor-descriptor": "^0.1.6",
             "is-data-descriptor": "^0.1.4",
@@ -6810,8 +8431,7 @@
         "kind-of": {
           "version": "5.1.0",
           "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
-          "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
-          "dev": true
+          "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw=="
         }
       }
     },
@@ -6835,12 +8455,74 @@
       "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
       "dev": true
     },
+    "string-width": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
+      "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
+      "requires": {
+        "is-fullwidth-code-point": "^2.0.0",
+        "strip-ansi": "^4.0.0"
+      }
+    },
+    "strip-ansi": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
+      "integrity": "sha512-4XaJ2zQdCzROZDivEVIDPkcQn8LMFSa8kj8Gxb/Lnwzv9A8VctNZ+lfivC/sV3ivW8ElJTERXZoPBRrZKkNKow==",
+      "requires": {
+        "ansi-regex": "^3.0.0"
+      }
+    },
+    "strip-color": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/strip-color/-/strip-color-0.1.0.tgz",
+      "integrity": "sha512-p9LsUieSjWNNAxVCXLeilaDlmuUOrDS5/dF9znM1nZc7EGX5+zEFC0bEevsNIaldjlks+2jns5Siz6F9iK6jwA=="
+    },
     "strip-json-comments": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-1.0.4.tgz",
       "integrity": "sha1-HhX7ysl9Pumb8tc7TGVrCCu6+5E=",
       "dev": true
     },
+    "success-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/success-symbol/-/success-symbol-0.1.0.tgz",
+      "integrity": "sha512-7S6uOTxPklNGxOSbDIg4KlVLBQw1UiGVyfCUYgYxrZUKRblUkmGj7r8xlfQoFudvqLv6Ap5gd76/IIFfI9JG2A=="
+    },
+    "terminal-paginator": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/terminal-paginator/-/terminal-paginator-2.0.2.tgz",
+      "integrity": "sha512-IZMT5ECF9p4s+sNCV8uvZSW9E1+9zy9Ji9xz2oee8Jfo7hUFpauyjxkhfRcIH6Lu3Wdepv5D1kVRc8Hx74/LfQ==",
+      "requires": {
+        "debug": "^2.6.6",
+        "extend-shallow": "^2.0.1",
+        "log-utils": "^0.2.1"
+      },
+      "dependencies": {
+        "extend-shallow": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
+          "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==",
+          "requires": {
+            "is-extendable": "^0.1.0"
+          }
+        },
+        "is-extendable": {
+          "version": "0.1.1",
+          "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz",
+          "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw=="
+        }
+      }
+    },
+    "thirty-two": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz",
+      "integrity": "sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA=="
+    },
+    "time-stamp": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/time-stamp/-/time-stamp-1.1.0.tgz",
+      "integrity": "sha512-gLCeArryy2yNTRzTGKbZbloctj64jkZ57hj5zdraXue6aFgd6PmvVtEyiUU+hvU0v7q08oVv8r8ev0tRo6bvgw=="
+    },
     "tiny-each-async": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/tiny-each-async/-/tiny-each-async-2.0.3.tgz",
@@ -6859,7 +8541,6 @@
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/to-object-path/-/to-object-path-0.3.0.tgz",
       "integrity": "sha1-KXWIt7Dn4KwI4E5nL4XB9JmeF68=",
-      "dev": true,
       "requires": {
         "kind-of": "^3.0.2"
       },
@@ -6868,7 +8549,6 @@
           "version": "3.2.2",
           "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
           "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-          "dev": true,
           "requires": {
             "is-buffer": "^1.1.5"
           }
@@ -6897,6 +8577,14 @@
         "repeat-string": "^1.6.1"
       }
     },
+    "toggle-array": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toggle-array/-/toggle-array-1.0.1.tgz",
+      "integrity": "sha512-TZXgboKpD5Iu0Goi8hRXuJpE06Pbo+bies4I4jnTBhlRRgyen9c37nMylnquK/ZPKXXOeh1mJ14p9QdKp+9v7A==",
+      "requires": {
+        "isobject": "^3.0.0"
+      }
+    },
     "toidentifier": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
@@ -7095,6 +8783,30 @@
         }
       }
     },
+    "warning-symbol": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/warning-symbol/-/warning-symbol-0.1.0.tgz",
+      "integrity": "sha512-1S0lwbHo3kNUKA4VomBAhqn4DPjQkIKSdbOin5K7EFUQNwyIKx+wZMGXKI53RUjla8V2B8ouQduUlgtx8LoSMw=="
+    },
+    "window-size": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/window-size/-/window-size-1.1.1.tgz",
+      "integrity": "sha512-5D/9vujkmVQ7pSmc0SCBmHXbkv6eaHwXEx65MywhmUMsI8sGqJ972APq1lotfcwMKPFLuCFfL8xGHLIp7jaBmA==",
+      "requires": {
+        "define-property": "^1.0.0",
+        "is-number": "^3.0.0"
+      },
+      "dependencies": {
+        "define-property": {
+          "version": "1.0.0",
+          "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz",
+          "integrity": "sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==",
+          "requires": {
+            "is-descriptor": "^1.0.0"
+          }
+        }
+      }
+    },
     "wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
@@ -7126,6 +8838,11 @@
       "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz",
       "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==",
       "dev": true
+    },
+    "yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
     }
   }
 }
diff --git a/package.json b/package.json
index 168fc3596..9fe5bb1a5 100644
--- a/package.json
+++ b/package.json
@@ -19,13 +19,16 @@
     "fs-extra": "^7.0.0",
     "get-folder-size": "^2.0.1",
     "http-proxy-middleware": "^2.0.6",
+    "jsonwebtoken": "^9.0.0",
     "netflux-websocket": "^0.1.20",
+    "notp": "^2.0.3",
     "nthen": "0.1.8",
     "prompt-confirm": "^2.0.4",
     "pull-stream": "^3.6.1",
     "saferphore": "0.0.1",
     "sortify": "^1.0.4",
     "stream-to-pull-stream": "^1.7.2",
+    "thirty-two": "^1.0.2",
     "tweetnacl": "~0.12.2",
     "ulimit": "0.0.2",
     "ws": "^3.3.1"

From e895990426d3a45dd307cea141c45815384281d2 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 3 May 2023 16:19:01 +0530
Subject: [PATCH 28/58] generate a secret at launch time

used for issuing and validating JWTs
---
 lib/api.js     | 16 ++++++++++++++++
 lib/decrees.js | 14 ++++++++++++++
 lib/env.js     |  3 +++
 3 files changed, 33 insertions(+)

diff --git a/lib/api.js b/lib/api.js
index 9a317be86..252edc1a4 100644
--- a/lib/api.js
+++ b/lib/api.js
@@ -6,6 +6,7 @@ const Decrees = require("./decrees");
 const nThen = require("nthen");
 const Fs = require("fs");
 const Path = require("path");
+const Nacl = require("tweetnacl/nacl-fast");
 
 module.exports.create = function (Env) {
     var log = Env.Log;
@@ -21,6 +22,21 @@ nThen(function (w) {
             console.error(err);
         }
     }));
+}).nThen(function (w) {
+    // we assume the server has generated a secret used to validate JWT tokens
+    if (typeof(Env.bearerSecret) === 'string') { return; }
+    // if one does not exist, then create one and remember it
+    // 256 bits
+    var bearerSecret = Nacl.util.encodeBase64(Nacl.randomBytes(32));
+    Env.Log.info("GENERATING_BEARER_SECRET", {});
+    Decrees.write(Env, [
+        'SET_BEARER_SECRET',
+        [bearerSecret],
+        'INTERNAL',
+        +new Date()
+    ], w(function (err) {
+        if (err) { throw err; }
+    }));
 }).nThen(function (w) {
     var fullPath = Path.join(Env.paths.block, 'placeholder.txt');
     Fs.writeFile(fullPath, 'PLACEHOLDER\n', w());
diff --git a/lib/decrees.js b/lib/decrees.js
index 9b8878157..8f4b53ad8 100644
--- a/lib/decrees.js
+++ b/lib/decrees.js
@@ -49,6 +49,9 @@ SET_INSTANCE_DESCRIPTION
 SET_INSTANCE_NAME
 SET_INSTANCE_NOTICE
 
+// bearer secret
+SET_BEARER_SECRET
+
 NOT IMPLEMENTED:
 
 // RESTRICTED REGISTRATION
@@ -348,6 +351,17 @@ commands.ADD_ADMIN_KEY = function (Env, args) {
     return true;
 };
 
+commands.SET_BEARER_SECRET = function (Env, args) {
+    if (!args_isString(args) || args.length !== 1 || !args[0]) {
+        throw new Error("INVALID_ARGS");
+    }
+
+    var secret = args[0];
+    if (secret === Env.bearerSecret) { return false; }
+    Env.bearerSecret = secret;
+    return true;
+};
+
 // [<command>, <args>, <author>, <time>]
 var handleCommand = Decrees.handleCommand = function (Env, line) {
     var command = line[0];
diff --git a/lib/env.js b/lib/env.js
index 687d5bed0..e02e12dfa 100644
--- a/lib/env.js
+++ b/lib/env.js
@@ -218,6 +218,9 @@ module.exports.create = function (config) {
         lastEviction: +new Date(),
         evictionReport: {},
         commandTimers: {},
+
+        // initialized as undefined
+        bearerSecret: void 0,
     };
 
     (function () {

From b753a067ac530752d95d16ddd94f252a0c3bff45 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 3 May 2023 16:32:09 +0530
Subject: [PATCH 29/58] avoid logging for common 404s

---
 lib/http-worker.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/http-worker.js b/lib/http-worker.js
index 121471577..8582196f9 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -424,7 +424,12 @@ app.get('/api/profiling', function (req, res) {
 });
 
 app.use(function (req, res /*, next */) {
-    Log.info('HTTP_404', req.url);
+    if (/^(\/favicon\.ico\/|.*\.js\.map)$/.test(req.url)) {
+        // ignore common 404s
+    } else {
+        Log.info('HTTP_404', req.url);
+    }
+
     res.status(404);
     send404(res, custom_four04_path);
 });

From 41e870d3dbc0b14ddd4968722e5736c193c2b603 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 5 May 2023 18:17:58 +0530
Subject: [PATCH 30/58] serverside protocol work for authentication enforcement
 and configuration

---
 lib/challenge-commands/totp.js | 337 +++++++++++++++++++++++++++++++++
 lib/http-commands.js           | 313 ++++++++++++++++++++++++++++++
 lib/http-worker.js             | 190 ++++++++++++++++++-
 3 files changed, 835 insertions(+), 5 deletions(-)
 create mode 100644 lib/challenge-commands/totp.js
 create mode 100644 lib/http-commands.js

diff --git a/lib/challenge-commands/totp.js b/lib/challenge-commands/totp.js
new file mode 100644
index 000000000..d9a2a54ad
--- /dev/null
+++ b/lib/challenge-commands/totp.js
@@ -0,0 +1,337 @@
+/* globals Buffer */
+const B32 = require("thirty-two");
+const OTP = require("notp");
+const JWT = require("jsonwebtoken");
+const nThen = require("nthen");
+const Util = require("../common-util");
+
+const MFA = require("../storage/mfa");
+const Sessions = require("../storage/sessions");
+const Block = require("../storage/block");
+
+const  Commands = module.exports;
+
+var isString = s => typeof(s) === 'string';
+
+// basic definition of what we'll accept as an OTP code
+// exactly six numerical digits
+var isValidOTP = otp => {
+    return isString(otp) &&
+        // in the future this could be updated to support 8 digits
+        otp.length === 6 &&
+        // \D is non-digit characters, so this tests that it is exclusively numeric
+        !/\D/.test(otp);
+};
+
+// we'll only allow users to set up multi-factor auth
+// for keypairs they control which already have blocks
+// this check doesn't confirm that their id is valid base64
+// any attempt relying on this should fail when we can't decode
+// the id they provided.
+var isValidBlockId = id => {
+    return id && isString(id) && id.length === 44;
+};
+
+// the base32 library can throw when decoding under various conditions.
+// we have some basic requirements for the length of base32 as well,
+// so we just do all the validation here. It either returns a buffer
+// of length 20 or undefined, so the caller can just check whether it's
+// falsey and otherwise assume it was well-formed
+// Length === 20 comes from the recommendation of 160 bits of entropy
+// in RFC4226 (https://www.rfc-editor.org/rfc/rfc4226#section-4)
+var decode32 = S => {
+    let decoded;
+    try {
+        decoded = B32.decode(S);
+    } catch (err) { return; }
+    if (!(decoded instanceof Buffer) || decoded.length !== 20) { return; }
+    return decoded;
+};
+
+var createJWT = function (Env, sessionId, publicKey, cb) {
+    JWT.sign({
+        // this is a custom JWT field (not a standard) - we include a reference to the session
+        // which is used to look up whether it has been revoked.
+        ref: sessionId,
+        // we specify in the token for what resource the token should be valid (their block's public key)
+        sub: Util.escapeKeyCharacters(publicKey),
+    }, Env.bearerSecret, {
+        // token integrity is ensured with HMAC SHA512 with the server's bearerSecret
+        // clients can inspect token parameters, but cannot modify them
+        algorithm: 'HS512',
+        // if you want it to expire you can set this for an arbitrary number of seconds in the future, but I won't assume that for now
+        //expiresIn: (60 * 60 * 24 * 7)),
+    }, function (err, token) {
+        if (err) { return void cb(err); }
+        cb(void 0, token);
+    });
+};
+
+// This command allows clients to configure TOTP as a second factor protecting
+// their login block IFF they:
+// 1. provide a sufficiently strong TOTP secret
+// 2. are able to produce a valid OTP code for that secret (indicating that their clock is sufficiently close to ours)
+// 3. such a login block actually exists
+// 4. are able to sign an arbitrary message for the login block's public key
+// 5. have not already configured TOTP protection for this account
+// (changing to a new secret can be done by disabling and re-enabling TOTP 2FA)
+const TOTP_SETUP = Commands.TOTP_SETUP = function (Env, body, cb) {
+    const { publicKey, secret, code, contact } = body;
+
+    // the client MUST provide an OTP code of the expected format
+    // this doesn't check if it matches the secret and time, just that it's well-formed
+    if (!isValidOTP(code)) { return void cb("E_INVALID"); }
+
+    // if they provide an (optional) point of contact as a recovery mechanism then it should be a string.
+    // the intent is to allow to specify some side channel for those who inevitably lock themselves out
+    // we should be able to use that to validate their identity.
+    // I don't want to assume email, but limiting its length to 254 (the maximum email length) seems fair.
+    if (contact && (!isString(contact) || contact.length > 254)) { return void cb("INVALID_CONTACT"); }
+
+    // Check that the provided public key is the expected format for a block
+    if (!isValidBlockId(publicKey)) {
+        return void cb("INVALID_KEY");
+    }
+
+    // decode32 checks whether the secret decodes to a sufficiently long buffer
+    var decoded = decode32(secret);
+    if (!decoded) { return void cb('INVALID_SECRET'); }
+
+    // Reject attempts to setup TOTP if a record of their preferences already exists
+    MFA.read(Env, publicKey, function (err) {
+        // There **should be** an error here, because anything else
+        // means that a record already exists
+        // This may need to be adjusted as other methods of MFA are added
+        if (!err) { return void cb("EEXISTS"); }
+
+        // if no MFA settings exist then we expect ENOENT
+        // anything else indicates a problem and should result in rejection
+        if (err.code !== 'ENOENT') { return void cb(err); }
+        try {
+            // allow for 30s of clock drift in either direction
+            // returns an object ({ delta: 0 }) indicating the amount of clock drift
+            // if successful, otherwise `null`
+            var validated = OTP.totp.verify(code, decoded, {
+                window: 1,
+            });
+            if (!validated) { return void cb("INVALID_OTP"); }
+            cb();
+        } catch (err2) {
+            Env.Log.error('TOTP_SETUP_VERIFICATION_ERROR', {
+                error: err2,
+            });
+            return void cb("INTERNAL_ERROR");
+        }
+    });
+};
+
+// The 'complete' step for TOTP_SETUP will only be called if the client
+// passed earlier validation and successfully signed the server's challenge.
+// There's still a little bit more to do and it could still fail.
+TOTP_SETUP.complete = function (Env, body, cb) {
+    // the OTP code should have already been validated
+    var { publicKey, secret, contact } = body;
+
+    // the device from which they configure MFA settings
+    // is assumed to be safe, so we'll respond with a JWT token
+    // the remainder of the setup is successfully completed.
+    // Otherwise they would have to reauthenticate.
+    // The session id is used as a reference to this particular session.
+    const sessionId = Sessions.randomId();
+    var token;
+    nThen(function (w) {
+        // confirm that the block exists
+        Block.check(Env, publicKey, w(function (err) {
+            if (err) {
+                Env.Log.error("TOTP_SETUP_NO_BLOCK", {
+                    publicKey,
+                });
+                w.abort();
+                return void cb("NO_BLOCK");
+            }
+            // otherwise the block exists, continue
+        }));
+    }).nThen(function (w) {
+        // store the data you'll need in the future
+        var data = {
+            method: 'TOTP', // specify this so it's easier to add other methods later?
+            secret: secret, // the 160 bit, base32-encoded secret that is used for OTP validation
+            creation: new Date(), // the moment at which the MFA was configured
+        };
+
+        if (isString(contact)) {
+            // 'contact' is an arbitary (and optional) string for manual recovery from 2FA auth fails
+            // it should already be validated
+            data.contact = contact;
+        }
+
+        // We attempt to store a record of the above preferences
+        // if it fails then we abort and inform the client of an error.
+        MFA.write(Env, publicKey, JSON.stringify(data), w(function (err) {
+            if (err) {
+                w.abort();
+                Env.Log.error("TOTP_SETUP_STORAGE_FAILURE", {
+                    publicKey: publicKey,
+                    error: err,
+                });
+                return void cb('STORAGE_FAILURE');
+            }
+            // otherwise continue
+        }));
+    }).nThen(function (w) {
+        // generate a bearer token and store it
+        createJWT(Env, sessionId, publicKey, w(function (err, _token) {
+            if (err) {
+// we have already stored the MFA data, which will cause access to the resource to be restricted to the provided TOTP secret.
+// we attempt to create a session as a matter of convenience - so if it fails
+// that just means they'll be forced to authenticate
+                Env.Log.error("TOTP_SETUP_JWT_SIGN_ERROR", {
+                    error: err,
+                    publicKey: publicKey,
+                });
+                return void cb('TOKEN_ERROR');
+            }
+            token = _token;
+        }));
+    }).nThen(function (w) {
+        // store the token
+        Sessions.write(Env, publicKey, sessionId, token, w(function (err) {
+            if (err) {
+                // again, if there's a failure here the user should automatically
+                // be forced to reauthenticate because their block is protected
+                // but they will not have a valid JWT allowing them to access it
+                Env.Log.error("TOTP_SETUP_SESSION_WRITE", {
+                    error: err,
+                    publicKey: publicKey,
+                    sessionId: sessionId,
+                });
+                w.abort();
+                return void cb("SESSION_WRITE_ERROR");
+            }
+            // else continue
+        }));
+    }).nThen(function () {
+        // respond with the stored token that they can now use to authenticate
+        cb(void 0, {
+            bearer: token,
+        });
+    });
+};
+
+// This command is somewhat simpler than TOTP_SETUP
+// Issue a client a JWT which will allow them to access a login block IFF:
+// 1. That login block exists
+// 2. That login block is protected by TOTP 2FA
+// 3. They can produce a valid OTP for that block's TOTP secret
+// 4. They can sign for the block's public key
+const validate = Commands.TOTP_VALIDATE = function (Env, body, cb) {
+    var { publicKey, code } = body;
+
+    // they must provide a valid OTP code
+    if (!isValidOTP(code)) { return void cb('E_INVALID'); }
+
+    // they must provide a valid block public key
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+
+    var secret;
+    nThen(function (w) {
+        // check that there is an MFA configuration for the given account
+        MFA.read(Env, publicKey, w(function (err, content) {
+            if (err) {
+                w.abort();
+                Env.Log.error('TOTP_VALIDATE_MFA_READ', {
+                    error: err,
+                    publicKey: publicKey,
+                });
+                return void cb('NO_MFA_CONFIGURED');
+            }
+
+            var parsed = Util.tryParse(content);
+
+            if (!parsed) {
+                w.abort();
+                return void cb("INVALID_CONFIGURATION");
+            }
+
+            secret = parsed.secret;
+        }));
+    }).nThen(function () {
+        let decoded = decode32(secret);
+        if (!decoded) {
+            Env.Log.error("TOTP_VALIDATE_INVALID_SECRET", {
+                publicKey, // log the public key so the admin can investigate further
+                // don't log the problematic secret directly as
+                // logs are likely to be pasted in random places
+            });
+            return void cb("E_INVALID_SECRET");
+        }
+
+        // validate the code
+        var validated = OTP.totp.verify(code, decoded, {
+            window: 1,
+        });
+
+        if (!validated) {
+            // I won't worry about logging these OTPs as they shouldn't leak any useful information
+            Env.Log.error("TOTP_VALIDATE_BAD_OTP", {
+                code,
+            });
+            return void cb("INVALID_OTP");
+        }
+
+        // call back to indicate that their request was well-formed and valid
+        cb();
+    });
+};
+
+validate.complete = function (Env, body, cb) {
+/*
+if they are here then they:
+
+1. have a valid block configured with TOTP-based 2FA
+2. were able to provide a valid TOTP for that block's secret
+3. were able to sign their messages for the block's public key
+
+So, we should:
+
+1. instanciate a session for them by generating and storing a token for their public key
+2. send them the token
+
+*/
+    var { publicKey } = body;
+
+    const sessionId = Sessions.randomId();
+
+    var token;
+    nThen(function (w) {
+        createJWT(Env, sessionId, publicKey, w(function (err, _token) {
+            if (err) {
+                Env.Log.error("TOTP_VALIDATE_JWT_SIGN_ERROR", {
+                    error: err,
+                    publicKey: publicKey,
+                });
+                return void cb("TOKEN_ERROR");
+            }
+            token = _token;
+        }));
+    }).nThen(function (w) {
+        // store the token
+        Sessions.write(Env, publicKey, sessionId, token, w(function (err) {
+            if (err) {
+                Env.Log.error("TOTP_VALIDATE_SESSION_WRITE", {
+                    error: err,
+                    publicKey: publicKey,
+                    sessionId: sessionId,
+                });
+                w.abort();
+                return void cb("SESSION_WRITE_ERROR");
+            }
+            // else continue
+        }));
+    }).nThen(function () {
+        cb(void 0, {
+            bearer: token,
+        });
+    });
+};
+
diff --git a/lib/http-commands.js b/lib/http-commands.js
new file mode 100644
index 000000000..c31ae2429
--- /dev/null
+++ b/lib/http-commands.js
@@ -0,0 +1,313 @@
+var Nacl = require("tweetnacl/nacl-fast");
+var Util = require('./common-util.js');
+
+var Challenge = require("./storage/challenge.js");
+    // C.read(Env, id, cb)
+    // C.write(Env,id, data, cb)
+    // C.delete(Env, id, cb)
+
+
+/*
+The API for command definition consists of two stages:
+
+Clients first send a command and its associated parameters.
+The server validates that the command is supported, and that
+the provided parameters are valid. If it fails validation for any reason,
+the server responds with an error and the protocol is aborted.
+
+COMMANDS[COMMAND_NAME] = function (Env, body, cb) {
+    // inspect parameters in the request body
+    if (!body.essential_parameter) {
+        return void cb('NO');
+    }
+    cb();
+};
+
+Commands whose parameters are successfully validated
+have those parameters stored on the disk (or a relational DB in the future).
+The server then requests that the client sign their well-formulated
+command along with a server-generated transaction id ('txid': randomized to prevent replays)
+and a date (so that it can ensure that the client responds within a reasonable window.
+
+Clients then respond with a txid and a cryptographic signature
+which matches the parameters of the command. The server loads the command
+with the corresponding txid, checks that it was signed within a reasonable time window,
+validates the signature, and attempts to complete the command's execution:
+
+COMMAND[COMMAND_NAME].complete = function (Env, body, cb) {
+    doAThing(function (err, values) {
+        if (err) {
+            // Log the error and respond that the command was not successful
+            return void cb("SORRY_BUT_IM_NOT_OK");
+        }
+        cb(void 0, {
+            arbitrary: values,
+        });
+    });
+};
+
+In this second stage the protocol can be aborted if the client has done something wrong:
+(ie. if it did not produce a valid signature for the command)
+or it can can fail because the server was not able to complete the requested task
+(ie. because of an I/O error or because an error was thrown and caught).
+
+It is intended that the server will respond with an appropriate error if
+the request cannot be completed, and it will respond OK if everything completed successfully.
+
+*/
+
+var COMMANDS = {};
+
+// Methods allowing clients to configure Time-based One-Time Passwords for their login-block,
+// and to authenticate new sessions once a TOTP secret has been associated with their account,
+const TOTP = require("./challenge-commands/totp.js");
+COMMANDS.TOTP_SETUP = TOTP.TOTP_SETUP;
+COMMANDS.TOTP_VALIDATE = TOTP.TOTP_VALIDATE;
+
+var randomToken = () => Nacl.util.encodeBase64(Nacl.randomBytes(24)).replace(/\//g, '-');
+
+// this function handles the first stage of the protocol
+// (the server's validation of the client's request and the generation of its challenge)
+var handleCommand = function (Env, req, res) {
+    var body = req.body;
+    var command = body.command;
+
+    // reject if the command does not have a corresponding function
+    if (typeof(COMMANDS[command]) !== 'function') {
+        Env.Log.error('CHALLENGE_UNSUPPORTED_COMMAND', command);
+        return void res.status(500).json({
+            error: 'invalid command',
+        });
+    }
+
+    var publicKey = body.publicKey;
+    // reject if they did not provide a valid public key
+    if (!publicKey || typeof(publicKey) !== 'string' || publicKey.length !== 44) {
+        Env.Log.error('CHALLENGE_INVALID_KEY', publicKey);
+        return void res.status(500).json({
+            error: 'Invalid key',
+        });
+    }
+
+    try {
+        COMMANDS[command](Env, body, function (err) {
+            if (err) {
+                Env.Log.error('CHALLENGE_COMMAND_EXECUTION_ERROR', {
+                    body: body,
+                    error: err,
+                });
+                // errors returned from commands are passed back to the client
+                // as a weak precaution, we try to only send an error's message
+                // if one exists. This makes it less likely that we'll respond with any
+                // sensitive information in a stack trace. Ideally functions should
+                // only return error messages or codes in the form of a string or number,
+                // but mistakes happen.
+                return void res.status(500).json({
+                    error: (err && err.message) || err,
+                });
+            }
+
+            var txid = randomToken();
+            var date = new Date().toISOString();
+
+            var copy = Util.clone(body);
+            copy.txid = txid;
+            copy.date = date;
+
+            // Write the command and challenge to disk, because the challenge protocol
+            // is interactive and the subsequent response might be handled by a different http worker
+            // this makes it so we can avoid holding state in memory
+            Challenge.write(Env, txid, JSON.stringify(copy), function (err) {
+                if (err) {
+                    Env.Log.error('CHALLENGE_WRITE_ERROR', err);
+                    return void res.status(500).json({
+                        // arbitrary error message, only intended for debugging
+                        error: 'Internal server error 6250',
+                    });
+                }
+                // respond with challenge parameters
+                return void res.status(200).json({
+                    txid: txid,
+                    date: date,
+                });
+            });
+        });
+    } catch (err) {
+        Env.Log.error("CHALLENGE_COMMAND_THROWN_ERROR", {
+            error: err,
+        });
+        return void res.status(500).json({
+            // arbitrary error message, only intended for debugging
+            error: 'Internal server error 7692',
+        });
+    }
+};
+
+// this function handles the second stage of the protocol
+// (the client's response to the server's challenge)
+var handleResponse = function (Env, req, res) {
+    var body = req.body;
+
+    if (Object.keys(body).some(k => !/(sig|txid)/.test(k))) {
+        Env.Log.error("CHALLENGE_RESPONSE_DEBUGGING", body);
+        // we expect the response to only have two keys
+        // if any more are present then the response is malformed
+        return void res.status(500).json({
+            error: 'extraneous parameters',
+        });
+    }
+
+
+    // transaction ids are issued to the client by the server
+    // they allow it to recall the full details of the challenge
+    // to which the client is responding
+    var txid = body.txid;
+
+    // if no txid is present, then the server can't look up the corresponding challenge
+    // the response is definitely malformed, so reject it.
+    // Additionally, we expect txids to be 32 characters long (24 Uint8s as base64)
+    // reject txids of any other length
+    if (!txid || typeof(txid) !== 'string' || txid.length !== 32) {
+        Env.Log.error('CHALLENGE_RESPONSE_BAD_TXID', body);
+        return void res.status(500).json({
+            error: "Invalid txid",
+        });
+    }
+
+    var sig = body.sig;
+    if (!sig || typeof(sig) !== 'string' || sig.length !== 88) {
+        Env.Log.error("CHALLENGE_RESPONSE_BAD_SIG", body);
+        return void res.status(500).json({
+            error: "Missing signature",
+        });
+    }
+
+    Challenge.read(Env, txid, function (err, text) {
+        if (err) {
+            Env.Log.error("CHALLENGE_READ_ERROR", {
+                txid: txid,
+                error: err,
+            });
+            return void res.status(500).json({
+                error: "Unexpected response",
+            });
+        }
+
+        // garbage collection can clean this up later
+        Challenge.delete(Env, txid, function (err) {
+            if (err) {
+                Env.Log.error("CHALLENGE_DELETION_ERROR", {
+                    txid: txid,
+                    error: err,
+                });
+            }
+        });
+
+        var json = Util.tryParse(text);
+
+        if (!json) {
+            Env.Log.error("CHALLENGE_PARSE_ERROR", {
+                txid: txid,
+            });
+            return void res.status(500).json({
+                error: "Internal server error 129",
+            });
+        }
+
+        var publicKey = json.publicKey;
+        if (!publicKey || typeof(publicKey) !== 'string') {
+            // This shouldn't happen, as we expect that the server
+            // will have validated the key to an extent before storing the challenge
+            Env.Log.error('CHALLENGE_INVALID_PUBLICKEY', {
+                publicKey: publicKey,
+            });
+            return res.status(500).json({
+                error: "Invalid public key",
+            });
+        }
+
+        var action;
+        try {
+            action = COMMANDS[json.command].complete;
+        } catch (err2) {}
+
+        if (typeof(action) !== 'function') {
+            Env.Log.error("CHALLENGE_RESPONSE_ACTION_NOT_IMPLEMENTED", json.command);
+            return res.status(501).json({
+                error: 'Not implemented',
+            });
+        }
+
+        var u8_toVerify,
+            u8_sig,
+            u8_publicKey;
+
+        try {
+            u8_toVerify = Nacl.util.decodeUTF8(text);
+            u8_sig = Nacl.util.decodeBase64(sig);
+            u8_publicKey = Nacl.util.decodeBase64(publicKey);
+        } catch (err3) {
+            Env.Log.error('CHALLENGE_RESPONSE_DECODING_ERROR', {
+                text: text,
+                sig: sig,
+                publicKey: publicKey,
+                error: err3,
+            });
+            return res.status(500).json({
+                error: "decoding error"
+            });
+        }
+
+        // validate the response
+        var success = Nacl.sign.detached.verify(u8_toVerify, u8_sig, u8_publicKey);
+        if (success !== true) {
+            Env.Log.error("CHALLENGE_RESPONSE_SIGNATURE_FAILURE", {
+                publicKey,
+            });
+            return void res.status(500).json({
+                error: 'Failed signature validation',
+            });
+        }
+
+        // execute the command
+        action(Env, json, function (err, content) {
+            if (err) {
+                Env.Log.error("CHALLENGE_RESPONSE_ACTION_ERROR", {
+                    error: err,
+                });
+                return res.status(500).json({
+                    error: 'Execution error',
+                });
+            }
+            res.status(200).json(content);
+        });
+    });
+};
+
+
+module.exports.handle = function (Env, req, res /*, next */) {
+    var body = req.body;
+    // we expect that the client has posted some JSON data
+    if (!body) {
+        return void res.status(500).json({
+            error: 'invalid request',
+        });
+    }
+
+    // we only expect responses to challenges to have a 'txid' attribute
+    // further validation is performed in handleResponse
+    if (body.txid) {
+        return void handleResponse(Env, req, res);
+    }
+
+    // we only expect initial requests to have a 'command' attribute
+    // further validation is performed in handleCommand
+    if (body.command) {
+        return void handleCommand(Env, req, res);
+    }
+
+    // if a request is neither a command nor a response, then reject it with an error
+    res.status(500).json({
+        error: 'invalid request',
+    });
+};
diff --git a/lib/http-worker.js b/lib/http-worker.js
index 8582196f9..7b3d986da 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -6,11 +6,17 @@ const Fs = require("node:fs");
 const nThen = require("nthen");
 const Util = require("./common-util");
 const Logger = require("./log");
+const AuthCommands = require("./http-commands");
+const JWT = require("jsonwebtoken");
+const MFA = require("./storage/mfa");
+const Sessions = require("./storage/sessions");
 
 const DEFAULT_QUERY_TIMEOUT = 5000;
 const PID = process.pid;
 
+var Env = JSON.parse(process.env.Env);
 const response = Util.response(function (errLabel, info) {
+    if (!Env.Log) { return; }
     Env.Log.error(errLabel, info);
 });
 
@@ -47,10 +53,10 @@ Logger.levels.forEach(level => {
 
 const EVENTS = {};
 
-var Env = JSON.parse(process.env.Env);
 EVENTS.ENV_UPDATE = function (data /*, cb */) {
     try {
         Env = JSON.parse(data);
+        Env.Log = Log;
     } catch (err) {
         Log.error('HTTP_WORKER_ENV_UPDATE', Util.serializeError(err));
     }
@@ -241,9 +247,6 @@ app.use(function (req, res, next) {
 app.use(Express.static(Path.resolve('./customize/www')));
 app.use(Express.static(Path.resolve('./www')));
 
-// FIXME I think this is a regression caused by a recent PR
-// correct this hack without breaking the contributor's intended behaviour.
-
 var mainPages = Env.mainPages || Default.mainPages();
 var mainPagePattern = new RegExp('^\/(' + mainPages.join('|') + ').html$');
 app.get(mainPagePattern, Express.static('./customize'));
@@ -253,7 +256,175 @@ app.use("/blob", Express.static(Path.resolve(Env.paths.blob), {
     maxAge: Env.DEV_MODE? "0d": "365d"
 }));
 
-// XXX update atime?
+app.use('/block/', function (req, res, next) {
+    var parsed = Path.parse(req.url);
+    var name = parsed.name;
+    // block access control only applies to files
+    // identified by base64-encoded public keys
+    // skip everything else, ie. /block/placeholder.txt
+    if (typeof(name) !== 'string' || name.length !== 44) {
+        return void next();
+    }
+
+    var authorization = req.headers.authorization;
+
+    var mfa_params, jwt_payload;
+    nThen(function (w) {
+        // First, check whether the block id in question has any MFA settings stored
+        MFA.read(Env, name, w(function (err, content) {
+            // ENOENT means there are no settings configured
+            // it could be a 404 or an existing block without MFA protection
+            // in either case you can abort and fall through
+            // allowing the static webserver to handle either case
+            if (err && err.code === 'ENOENT') {
+                w.abort();
+                return void next();
+            }
+
+            // we're not expecting other errors. the sensible thing is to fail
+            // closed - meaning assume some protection is in place but that
+            // the settings couldn't be loaded for some reason. block access
+            // to the resource, logging for the admin and responding to the client
+            // with a vague error code
+            if (err) {
+                Log.error('GET_BLOCK_METADATA', err);
+                return void res.status(500).json({
+                    code: 500,
+                    error: "UNEXPECTED_ERROR",
+                });
+            }
+
+            // Otherwise, some settings were loaded correctly.
+            // We're expecting stringified JSON, so try to parse it.
+            // Log and respond with an error again if this fails.
+            // If it parses successfully then fall through to the next block.
+            try {
+                mfa_params = JSON.parse(content);
+            } catch (err2) {
+                w.abort();
+                Log.error("INVALID_BLOCK_METADATA", err2);
+                return res.status(500).json({
+                    code: 500,
+                    error: "UNEXPECTED_ERROR",
+                });
+            }
+        }));
+    }).nThen(function (w) {
+        // We should only be able to reach this logic
+        // if we successfully loaded and parsed some JSON
+        // representing the user's MFA settings.
+
+        // Failures at this point relate to insufficient or incorrect authorization.
+        // This function standardizes how we reject such requests.
+
+        // So far the only additional factor which is supported is TOTP.
+        // We specify what the method is to allow for future alternatives
+        // and inform the client so they can determine how to respond
+        // "401" means "Unauthorized"
+        var no = function () {
+            w.abort();
+            res.status(401).json({
+                method: mfa_params.method,
+                code: 401
+            });
+        };
+
+        // if you are here it is because this block is protected by MFA.
+        // they will need to provide a JSON Web Token, so we can reject them outright
+        // if one is not present in their authorization header
+        if (!authorization) { return void no(); }
+
+        // The authorization header should be of the form
+        // "Authorization: Bearer <JWT>"
+        // We can reject the request if it is malformed.
+        let token = authorization.replace(/^Bearer\s+/, '').trim();
+        if (!token) { return void no(); }
+
+        // Otherwise we attempt to validate the token
+        // Successful validation implies that the token was issued by the server
+        // since only the server should possess the current bearer secret (unless it has leaked).
+
+        // It is still possible that the token is not valid for this particular resource,
+        // so the algorithm (HMAC SHA512) only asserts its integrity, not its validity.
+        JWT.verify(token, Env.bearerSecret, {
+            algorithm: 'HS512',
+        }, w(function (err, payload) {
+            if (err) {
+                // the token could not be validated for some reason.
+                // it might have expired, the server might have rotated secrets,
+                // it might not be well-formed, etc.
+                // log and respond.
+                Log.info('INVALID_JWT', {
+                    error: err,
+                    token: token,
+                });
+                return void no();
+            }
+
+            // Now that we have the payload we can inspect its properties
+            // and reject anything which is obviously wrong without requiring
+            // any async I/O
+
+            // Tokens are issued with a "reference" - a random id which is
+            // used alongside the block id to look up whether a given session
+            // is still valid
+
+            // reject if it does not provide a lookup reference
+            if (typeof(payload.ref) !== 'string') {
+                Log.error("JWT_NO_REFERENCE", payload);
+                return void no();
+            }
+
+            // A JWT can optionally indicate a finite lifetime.
+            // reject if it's too old
+            if (payload.exp && ((+new Date()) > payload.exp)) {
+                Log.error("JWT_EXPIRED", payload);
+                return void no();
+            }
+
+            // A JWT indicates the subject (the block id) for which it is valid
+            // reject if it does not match the block the client is trying to access
+            if (payload.sub !== name) {
+                Log.error("JWT_SUBJECT_MISMATCH", payload);
+                return void no();
+            }
+
+            // otherwise, it seems basically correct.
+            Log.verbose("VALID_JWT", payload);
+
+            // remember the payload for subsequent asynchronous checks
+            jwt_payload = payload;
+        }));
+    }).nThen(function () {
+        // Finally, even if the JWT itself seems valid, the database
+        // is the final authority as to whether the session is still valid,
+        // as it might have been revoked
+        Sessions.read(Env, name, jwt_payload.ref, function (err /*, content */) {
+            if (err) {
+                Log.error('JWT_SESSION_READ_ERROR', err);
+                return res.status(401).json({
+                    method: mfa_params.method,
+                    code: 401,
+                });
+            }
+
+            // we could also check whether the content of the file matches the token,
+            // but clients don't have any influence over the reference and can only
+            // request to create tokens that are scoped to a public key they control.
+            // I don' think there's any practical benefit to such a check.
+
+            // So, interpret the existence of a file in that location as the continued
+            // validity of the session. Fall through and let the built-in webserver
+            // handle the 404 or serving the file.
+            next();
+        });
+    });
+});
+
+// TODO this would be a good place to update a block's atime
+// in a manner independent of the filesystem. ie. for detecting and archiving
+// inactive accounts in a way that will not be invalidated by other forms of access
+// like filesystem backups.
 app.use("/block", Express.static(Path.resolve(Env.paths.block), {
     maxAge: "0d",
 }));
@@ -423,6 +594,13 @@ app.get('/api/profiling', function (req, res) {
     });
 });
 
+// This endpoint handles authenticated RPCs over HTTP
+// via an interactive challenge-response protocol
+app.use(Express.json());
+app.post('/api/auth', function (req, res, next) {
+    AuthCommands.handle(Env, req, res, next);
+});
+
 app.use(function (req, res /*, next */) {
     if (/^(\/favicon\.ico\/|.*\.js\.map)$/.test(req.url)) {
         // ignore common 404s
@@ -461,3 +639,5 @@ nThen(function (w) {
 
 });
 
+
+

From 06232ab6d740ed41ab0c7c0d3447286e198720f7 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 5 May 2023 18:18:46 +0530
Subject: [PATCH 31/58] overwriting basic storage should fail with an error

---
 lib/storage/basic.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/storage/basic.js b/lib/storage/basic.js
index 215ffc0fe..db79e5749 100644
--- a/lib/storage/basic.js
+++ b/lib/storage/basic.js
@@ -42,7 +42,9 @@ Basic.write = function (Env, path, data, cb) {
     var dirpath = Path.dirname(path);
     Fs.mkdir(dirpath, { recursive: true }, function (err) {
         if (err) { return void cb(err); }
-        Fs.writeFile(path, data, cb);
+        // the 'wx' flag causes writes to fail with EEXIST if a file is already present at the given path
+        // this could be overridden with options in the future if necessary, but it seems like a sensible default
+        Fs.writeFile(path, data, { flag: 'wx', }, cb);
     });
 };
 

From 31dc7b523a3a113610ce51adddcf7550cb089b96 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 5 May 2023 18:20:51 +0530
Subject: [PATCH 32/58] XXXs and TODOs for handling blocks now that 2FA is in
 play

---
 lib/commands/block.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/commands/block.js b/lib/commands/block.js
index 4af32af70..bb3114209 100644
--- a/lib/commands/block.js
+++ b/lib/commands/block.js
@@ -180,6 +180,10 @@ const DELETE_BLOCK = Nacl.util.encodeBase64(Nacl.util.decodeUTF8('DELETE_BLOCK')
 
 */
 Block.removeLoginBlock = function (Env, safeKey, msg, _cb) {
+// XXX respect MFA settings if they exist
+// XXX delete MFA settings if they are able to authenticate
+// XXX clean up any existing sessions when deleting
+// TODO This should probably be converted to run as challenge-response commands
     var cb = Util.once(Util.mkAsync(_cb));
 
     var publicKey = msg[0];

From 6ef1527a299f8f0b4de222cedd2322eadc32f9e9 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 5 May 2023 18:21:44 +0530
Subject: [PATCH 33/58] add a debugging script which demonstrates JWT creation

---
 scripts/issue-jwt.js | 73 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 scripts/issue-jwt.js

diff --git a/scripts/issue-jwt.js b/scripts/issue-jwt.js
new file mode 100644
index 000000000..6dcdddc78
--- /dev/null
+++ b/scripts/issue-jwt.js
@@ -0,0 +1,73 @@
+const jwt = require("jsonwebtoken");
+const Sessions = require("../lib/storage/sessions.js");
+
+/*
+This script was created strictly for debugging purposes so that I could manually create an
+authenticated session and a corresponding JWT to test whether the client and server would
+correctly validate that JWT and allow access to the protected resource.
+
+I'm including it in the scripts directory in case it's useful for future debugging,
+but I don't expect it to be of any use to non-developers.
+
+--Aaron
+
+*/
+
+
+var [
+    secret,
+    subject
+] = process.argv.slice(2);
+
+if (!(secret && subject)) {
+    return void console.error(`This script creates a JSON Web Token (JWT) for a given subject.
+It expects:
+
+1. a secret known only to the issuer which is used to authenticate the token's integrity
+2. a subject which the JWT is intended to protect (ie. a block id)
+
+Call this script like so:
+
+node ./scripts/issue-jwt.js "my_secret" "my_subject"`);
+
+}
+
+// the session storage module uses a pair of (subject, reference) to look up a session
+// subject refers to a block public key, reference refers to a session for that block
+var reference = Sessions.randomId();
+
+jwt.sign({
+    ref: reference,
+    sub: subject
+}, secret, {
+    expiresIn: (60 * 60 * 24 * 3), // Expire three days from now
+    algorithm: 'HS512',
+}, function (err, token) {
+    if (err) { return void console.error(err); }
+    console.log(`Token:
+${token}
+`);
+
+    jwt.verify(token, secret, {
+        algorithm: 'HS512',
+    }, function (err, result) {
+        if (err) {
+            return void console.error(err);
+        }
+
+        console.log("JSON Payload");
+        console.log(result);
+        console.log();
+
+        // these values are in seconds, not milliseconds
+        // https://www.npmjs.com/package/jsonwebtoken#token-expiration-exp-claim
+        if (result.iat) {
+            console.log(`Issued at ${new Date(result.iat * 1000)}`);
+        }
+
+        if (result.exp) {
+            console.log(`Expires at ${new Date(result.exp * 1000)}`);
+        }
+    });
+});
+

From 5cd306a18a42ce4137c836a17adbb460d95be079 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 14:39:23 +0530
Subject: [PATCH 34/58] add client-side support for TOTP-authenticated sessions

---
 customize.dist/login.js          | 132 ++++++++++++++++++++++++++-----
 www/common/common-constants.js   |   2 +
 www/common/common-util.js        |  29 +++++++
 www/common/cryptpad-common.js    |  75 +++++++++++++-----
 www/common/outer/http-command.js | 100 +++++++++++++++++++++++
 www/common/outer/local-store.js  |   9 +++
 6 files changed, 310 insertions(+), 37 deletions(-)
 create mode 100644 www/common/outer/http-command.js

diff --git a/customize.dist/login.js b/customize.dist/login.js
index 15707ca94..18463916e 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -15,11 +15,12 @@ define([
     '/bower_components/nthen/index.js',
     '/common/outer/login-block.js',
     '/common/common-hash.js',
+    '/common/outer/http-command.js',
 
     '/bower_components/tweetnacl/nacl-fast.min.js',
     '/bower_components/scrypt-async/scrypt-async.min.js', // better load speed
 ], function ($, Listmap, Crypto, Util, NetConfig, Cred, ChainPad, Realtime, Constants, UI,
-            Feedback, LocalStore, Messages, nThen, Block, Hash) {
+            Feedback, LocalStore, Messages, nThen, Block, Hash, ServerCommand) {
     var Exports = {
         Cred: Cred,
         Block: Block,
@@ -172,26 +173,117 @@ define([
             // determine where a block for your set of keys would be stored
             blockUrl = Block.getBlockUrl(res.opt.blockKeys);
 
-            // Check whether there is a block at that location
-            Util.fetch(blockUrl, waitFor(function (err, block) {
-                // if users try to log in or register, we must check
-                // whether there is a block.
-
-                // the block is only useful if it can be decrypted, though
-                if (err) {
-                    console.log("no block found");
-                    return;
+            var TOTP_prompt = function (cb) {
+                // XXX This should use nice UI elements integrated into
+                // the loading screen. window.prompt is here for prototyping only
+                var code = window.prompt('Enter TOTP');
+                if (!code) {
+                    return void cb("INVALID_TOTP");
                 }
+                ServerCommand(res.opt.blockKeys.sign, {
+                    command: 'TOTP_VALIDATE',
+                    code: code,
+                    // TODO optionally allow the user to specify a lifetime for this session?
+                    // this will require a little bit of server work
+                    // and more UI/UX:
+                    // ie. just a simple "remember me" checkbox?
+                    // allow them to specify a lifetime for the session?
+                    // "log me out after one day"?
+                }, cb);
+            };
 
-                var decryptedBlock = Block.decrypt(block, blockKeys);
-                if (!decryptedBlock) {
-                    console.error("Found a login block but failed to decrypt");
-                    return;
-                }
+            var done = waitFor();
+            var responseToDecryptedBlock = function (response, cb) {
+                response.arrayBuffer().then(arraybuffer => {
+                    arraybuffer = new Uint8Array(arraybuffer);
+                    var decryptedBlock =  Block.decrypt(arraybuffer, blockKeys);
+                    if (!decryptedBlock) {
+                        console.error("BLOCK DECRYPTION ERROR");
+                        return void cb("BLOCK_DECRYPTION_ERROR");
+                    }
+                    cb(void 0, decryptedBlock);
+                });
+            };
 
-                //console.error(decryptedBlock);
-                res.blockInfo = decryptedBlock;
-            }));
+            var TOTP_response;
+            nThen(function (w) {
+                Util.getBlock(blockUrl, {
+                // request the block without credentials
+                }, w(function (err, response) {
+                    if (err === 401) {
+                        return void console.log("Block requires 2FA");
+                    }
+
+                    // Some other error?
+                    if (err) {
+                        console.error(err);
+                        w.abort();
+                        return void done();
+                    }
+
+                    // If the block was returned without requiring authentication
+                    // then we can abort the subsequent steps of this nested nThen
+                    w.abort();
+
+                    // decrypt the response and continue the normal procedure with its payload
+                    responseToDecryptedBlock(response, function (err, decryptedBlock) {
+                        if (err) {
+                            // if a block was present but you were not able to decrypt it...
+                            console.error(err);
+                            waitFor.abort();
+                            return void cb(err);
+                        }
+                        res.blockInfo = decryptedBlock;
+                        done();
+                    });
+                }));
+            }).nThen(function (w) {
+                // if you're here then you need to request a JWT
+                var done = w();
+                var tries = 3;
+                var ask = function () {
+                    if (!tries) {
+                        w.abort();
+                        waitFor.abort();
+                        return void cb('TOTP_ATTEMPTS_EXHAUSTED');
+                    }
+                    tries--;
+                    TOTP_prompt(function (err, response) {
+                        // ask again until your number of tries are exhausted
+                        if (err) {
+                            console.error(err);
+                            console.log("Normal failure. Asking again...")
+                            return void ask();
+                        }
+                        if (!response || !response.bearer) {
+                            console.log(response);
+                            console.log("Unexpected failure. No bearer token. Asking again");
+                            return void ask();
+                        }
+                        console.log("Successfully retrieved a bearer token");
+                        res.TOTP_token = TOTP_response = response;
+                        done();
+                    });
+                };
+                ask();
+            }).nThen(function (w) {
+                Util.getBlock(blockUrl, TOTP_response, function (err, response) {
+                    if (err) {
+                        w.abort();
+                        console.error(err);
+                        return void cb('BLOCK_ERROR_3');
+                    }
+
+                    responseToDecryptedBlock(response, function (err, decryptedBlock) {
+                        if (err) {
+                            waitFor.abort();
+                            return void cb(err);
+                        }
+                        res.blockInfo = decryptedBlock;
+                        done();
+                    });
+                });
+            });
         }).nThen(function (waitFor) {
             // we assume that if there is a block, it was created in a valid manner
             // so, just proceed to the next block which handles that stuff
@@ -357,6 +449,10 @@ define([
                     if (l) {
                         localStorage.setItem(LS_LANG, l);
                     }
+
+                    if (res.TOTP_token && res.TOTP_token.bearer) {
+                        LocalStore.setSessionToken(res.TOTP_token.bearer);
+                    }
                     return void LocalStore.login(userHash, uname, function () {
                         cb(void 0, res);
                     });
diff --git a/www/common/common-constants.js b/www/common/common-constants.js
index 6be5d7552..888edeafd 100644
--- a/www/common/common-constants.js
+++ b/www/common/common-constants.js
@@ -5,6 +5,8 @@ define(['/customize/application_config.js'], function (AppConfig) {
         userNameKey: 'User_name',
         blockHashKey: 'Block_hash',
         fileHashKey: 'FS_hash',
+        sessionJWT: 'Session_JWT',
+
         // Store
         displayNameKey: 'cryptpad.username',
         oldStorageKey: 'CryptPad_RECENTPADS',
diff --git a/www/common/common-util.js b/www/common/common-util.js
index 678806f98..8b730fa60 100644
--- a/www/common/common-util.js
+++ b/www/common/common-util.js
@@ -312,6 +312,35 @@
         if (!/^[a-f0-9]{48}$/.test(cacheKey)) { cacheKey = undefined; }
         return cacheKey;
     };
+
+
+    Util.getBlock = function (src, opt, cb) {
+        var CB = Util.once(Util.mkAsync(cb));
+
+        var headers = {};
+
+        if (typeof(opt.bearer) === 'string' && opt.bearer) {
+            headers.authorization = `Bearer ${opt.bearer}`;
+        }
+
+
+        fetch(src, {
+            method: 'GET',
+            credentials: 'include',
+            headers: headers,
+        }).then(response => {
+            if (response.ok) {
+                // TODO this should probably be returned as an arraybuffer or something rather than a promise
+                // this is resulting in some code duplication
+                return void CB(void 0, response);
+            }
+            CB(response.status);
+        }).catch(error => {
+            CB(error);
+        });
+    };
+
+
     Util.fetch = function (src, cb, progress, cache) {
         var CB = Util.once(Util.mkAsync(cb));
 
diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index 9911a6e72..3edc4b8a9 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -2483,6 +2483,7 @@ define([
             }
 
         }).nThen(function (waitFor) {
+            // if a block URL is present then the user is probably logged in with a modern account
             var blockHash = LocalStore.getBlockHash();
             if (blockHash) {
                 console.debug("Block hash is present");
@@ -2492,28 +2493,64 @@ define([
                     console.error("Failed to parse blockHash");
                     console.log(parsed);
                     return;
-                } else {
-                    //console.log(parsed);
                 }
-                Util.fetch(parsed.href, waitFor(function (err, arraybuffer) {
-                    if (err) { return void console.log(err); }
 
-                    // use the results to load your user hash and
-                    // put your userhash into localStorage
-                    try {
-                        var block_info = Block.decrypt(arraybuffer, parsed.keys);
-                        if (!block_info) {
-                            console.error("Failed to decrypt !");
-                            return;
-                        }
-                        userHash = block_info[Constants.userHashKey];
-                        if (!userHash || userHash !== LocalStore.getUserHash()) {
-                            return void requestLogin();
-                        }
-                    } catch (e) {
-                        console.error(e);
-                        return void console.error("failed to decrypt or decode block content");
+                // they might also have a "session token", which is a JWT.
+                // this indicates that their login block is protected with 2FA
+                var sessionToken = LocalStore.getSessionToken() || undefined;
+
+                var done = waitFor();
+
+                // request the login block, providing credentials if available
+                Util.getBlock(parsed.href, {
+                    bearer: sessionToken,
+                }, waitFor((err, response) => {
+                    if (err === 401) {
+                        // a 401 error indicates insufficient authentication
+                        // either their JWT is invalid, or they didn't provide one
+                        // when it was expected. Log them out and redirect them to
+                        // the login page, where they will be able to authenticate
+                        // and request a new JWT
+                        waitFor.abort();
+                        return void LocalStore.logout(function () {
+                            requestLogin();
+                        });
                     }
+
+                    if (err) {
+                        // TODO
+                        // it seems wrong that errors here aren't reported or handled
+                        // but it's consistent with other failure cases in the rest of this process
+                        // that probably justifies some more thorough review.
+                        // In particular, it should not be possible to be "half-logged-in"
+                        // behaving like a guest after trying to authenticate as a registered user
+                        return void console.error(err);
+                    }
+
+                    // if no errors occurred then we can try to convert the response
+                    // to an arraybuffer and decrypt its payload
+                    response.arrayBuffer().then(arraybuffer => {
+                        arraybuffer = new Uint8Array(arraybuffer);
+                        // use the results to load your user hash and
+                        // put your userhash into localStorage
+                        try {
+                            var block_info = Block.decrypt(arraybuffer, parsed.keys);
+                            if (!block_info) {
+                                console.error("Failed to decrypt !");
+                                return;
+                            }
+                            userHash = block_info[Constants.userHashKey];
+                            if (!userHash || userHash !== LocalStore.getUserHash()) {
+                                return void LocalStore.logout(function () {
+                                    requestLogin();
+                                });
+                            }
+                        } catch (e) {
+                            console.error(e);
+                            return void console.error("failed to decrypt or decode block content");
+                        }
+                        done();
+                    });
                 }));
             }
         }).nThen(function (waitFor) {
diff --git a/www/common/outer/http-command.js b/www/common/outer/http-command.js
new file mode 100644
index 000000000..653fbb46d
--- /dev/null
+++ b/www/common/outer/http-command.js
@@ -0,0 +1,100 @@
+define([
+    '/bower_components/nthen/index.js',
+    '/common/common-util.js',
+    '/api/config',
+
+    '/bower_components/tweetnacl/nacl-fast.min.js',
+], function (nThen, Util, ApiConfig) {
+    var Nacl = window.nacl;
+    var clone = o => JSON.parse(JSON.stringify(o));
+    var randomToken = () => Nacl.util.encodeBase64(Nacl.randomBytes(24));
+    var postData = function (url, data, cb) {
+        var CB = Util.once(Util.mkAsync(cb));
+        fetch(url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify(data),
+        }).then(response => {
+            if (response.ok) {
+                return void response.json().then(result => { CB(void 0, result); });
+            }
+
+            response.json().then().then(result => {
+                CB(response.status, result);
+            });
+            //CB(response.status, response);
+        }).catch(error => {
+            CB(error);
+        });
+    };
+
+    var API_ORIGIN = (function () {
+        var url;
+        var unsafeOriginURL = new URL(ApiConfig.httpUnsafeOrigin);
+        try {
+            url = new URL(ApiConfig.websocketPath, ApiConfig.httpUnsafeOrigin);
+            url.protocol = unsafeOriginURL.protocol;
+            return url.origin;
+        } catch (err) {
+            console.error(err);
+            return ApiConfig.httpUnsafeOrigin;
+        }
+    }());
+    var serverCommand = function (keypair, my_data, cb) {
+        var obj = clone(my_data);
+        obj.publicKey = Nacl.util.encodeBase64(keypair.publicKey);
+        obj.nonce = randomToken();
+        var href = new URL('/api/auth/', API_ORIGIN);
+        var txid, date;
+
+        var responseBody;
+
+        nThen(function (w) {
+            // Tell the server we want to do some action
+            postData(href, obj, w((err, data) => {
+                if (err) {
+                    w.abort();
+                    console.error(err);
+                    // there might be more info here
+                    if (data) { console.error(data); }
+                    return void cb(err);
+                }
+
+                // if the requested action is valid, it responds with a txid and a nonce
+                // bundle all that up into an object, stringify it, and sign it.
+                // respond with an object: {sig, txid}
+                if (!data.date || !data.txid) {
+                    w.abort();
+                    return void cb('REQUEST_REJECTED');
+                }
+                txid = data.txid;
+                date = data.date;
+            }));
+        }).nThen(function (w) {
+            var copy = clone(obj);
+            copy.txid = txid;
+            copy.date = date;
+            var toSign = Nacl.util.decodeUTF8(JSON.stringify(copy));
+            var sig = Nacl.sign.detached(toSign, keypair.secretKey);
+            var encoded = Nacl.util.encodeBase64(sig);
+            var obj2 = {
+                sig: encoded,
+                txid: txid,
+            };
+            postData(href, obj2, w((err, data) => {
+                if (err) {
+                    w.abort();
+                    console.err(err);
+                    // there might be more info here
+                    if (data) { console.error(data); }
+                    return void cb("RESPONSE_REJECTED");
+                }
+                cb(void 0, data);
+            }));
+        });
+    };
+
+    return serverCommand;
+});
diff --git a/www/common/outer/local-store.js b/www/common/outer/local-store.js
index 6f5f128ba..c7fa13a88 100644
--- a/www/common/outer/local-store.js
+++ b/www/common/outer/local-store.js
@@ -76,6 +76,14 @@ define([
         safeSet(Constants.blockHashKey, hash);
     };
 
+    LocalStore.getSessionToken = function () {
+        return localStorage[Constants.sessionJWT];
+    };
+
+    LocalStore.setSessionToken = function (token) {
+        safeSet(Constants.sessionJWT, token);
+    };
+
     LocalStore.getAccountName = function () {
         return localStorage[Constants.userNameKey];
     };
@@ -121,6 +129,7 @@ define([
             Constants.userNameKey,
             Constants.userHashKey,
             Constants.blockHashKey,
+            Constants.sessionJWT,
             'loginToken',
             'plan',
         ].forEach(function (k) {

From c27ff40db142cec87b5d0b9248c14198e655d204 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 14:41:22 +0530
Subject: [PATCH 35/58] proxy requests for blocks to the API server

---
 docs/example.nginx.conf | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index ebf6f2dc6..962d72f70 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -217,7 +217,7 @@ server {
     }
 
     # encrypted blobs are immutable and are thus cached for a year
-    location ^~ /blob/ {
+    location ~ ^/(blob|block)/.*$ {
         if ($request_method = 'OPTIONS') {
             add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
             add_header 'Access-Control-Allow-Credentials' true;
@@ -238,23 +238,6 @@ server {
         try_files $uri =404;
     }
 
-    # the "block-store" serves encrypted payloads containing users' drive keys
-    # these payloads are unlocked via login credentials. They are mutable
-    # and are thus never cached. They're small enough that it doesn't matter, in any case.
-    location ^~ /block/ {
-        add_header X-Content-Type-Options nosniff;
-        add_header Cache-Control max-age=0;
-        try_files $uri =404;
-    }
-
-    # This block provides an alternative means of loading content
-    # otherwise only served via websocket. This is solely for debugging purposes,
-    # and is thus not allowed by default.
-    #location ^~ /datastore/ {
-        #add_header Cache-Control max-age=0;
-        #try_files $uri =404;
-    #}
-
     # The nodejs server has some built-in forwarding rules to prevent
     # URLs like /pad from resulting in a 404. This simply adds a trailing slash
     # to a variety of applications.

From dbe0e782bc4612c0ad68f610f746c5e4f73bc91d Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 18:55:56 +0530
Subject: [PATCH 36/58] lint compliance

---
 customize.dist/login.js          | 2 +-
 scripts/issue-jwt.js             | 1 +
 www/common/outer/http-command.js | 3 ---
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/customize.dist/login.js b/customize.dist/login.js
index 18463916e..348d2c6ed 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -252,7 +252,7 @@ define([
                         // ask again until your number of tries are exhausted
                         if (err) {
                             console.error(err);
-                            console.log("Normal failure. Asking again...")
+                            console.log("Normal failure. Asking again...");
                             return void ask();
                         }
                         if (!response || !response.bearer) {
diff --git a/scripts/issue-jwt.js b/scripts/issue-jwt.js
index 6dcdddc78..9b12686a1 100644
--- a/scripts/issue-jwt.js
+++ b/scripts/issue-jwt.js
@@ -1,3 +1,4 @@
+/* globals process */
 const jwt = require("jsonwebtoken");
 const Sessions = require("../lib/storage/sessions.js");
 
diff --git a/www/common/outer/http-command.js b/www/common/outer/http-command.js
index 653fbb46d..e565d45ce 100644
--- a/www/common/outer/http-command.js
+++ b/www/common/outer/http-command.js
@@ -48,9 +48,6 @@ define([
         obj.nonce = randomToken();
         var href = new URL('/api/auth/', API_ORIGIN);
         var txid, date;
-
-        var responseBody;
-
         nThen(function (w) {
             // Tell the server we want to do some action
             postData(href, obj, w((err, data) => {

From 866085dd7fa8f0f61283d068dc1133bee8c5da5f Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 18:56:29 +0530
Subject: [PATCH 37/58] better UX around QR codes in the share modal

---
 www/common/inner/share.js | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/www/common/inner/share.js b/www/common/inner/share.js
index 82b708725..4054f84a2 100644
--- a/www/common/inner/share.js
+++ b/www/common/inner/share.js
@@ -490,28 +490,30 @@ define([
     };
 
     var getQRCode = function (link) {
-        var div = h('div');
-        /*var code =*/ new window.QRCode(div, link);
-        return div;
+        var blocker = h('div#cp-qr-blocker', Messages.share_toggleQR);
+        var $blocker = $(blocker).click(function () {
+            $blocker.toggleClass("hidden");
+        });
+
+        var qrDiv = h('div');
+
+        var container = h('div#cp-qr-container', [
+            blocker,
+            h('div#cp-qr-link-preview', qrDiv),
+        ]);
+
+        new window.QRCode(qrDiv, link);
+        return container;
     };
 
+    Messages.share_toggleQR = "Click to toggle QR code visibility"; // XXX
     var getQRTab = function (Env, data, opts, _cb) {
         var qr = getQRCode(opts.getLinkValue());
 
-        var container = h('span#cp-qr-container', [
-            h('div#cp-qr-link-preview', qr),
-        ]);
-
         var link = h('div.cp-share-modal', [
-            container,
+            h('span#cp-qr-target', qr),
         ]);
 
-        $(container).css({
-            'background-color': 'white',
-            display: 'inline-flex',
-            padding: '5px',
-        });
-
         var buttons = [
             makeCancelButton(),
             {
@@ -722,7 +724,7 @@ define([
             return $rights.parent().find('#cp-embed-link-preview');
         };
         var getQR = function () {
-            return $rights.parent().find('#cp-qr-container');
+            return $rights.parent().find('#cp-qr-target');
         };
 
         // update values for link and embed preview when radio btns change
@@ -786,6 +788,8 @@ define([
         return $rights;
     };
 
+    Messages.share_QRCategory = "QR"; // XXX
+
     // In the share modal, tabs need to share data between themselves.
     // To do so we're using "opts" to store data and functions
     Share.getShareModal = function (common, opts, cb) {
@@ -846,9 +850,8 @@ define([
             active: !contactsActive,
         }, {
             getTab: getQRTab,
-            title: "QR", // XXX
+            title: Messages.share_QRCategory,
             icon: 'fa fa-qrcode',
-            active: true,
         }];
         if (!opts.static && ApiConfig.enableEmbedding && embeddableApps.includes(pathname)) {
             tabs.push({
@@ -1046,6 +1049,7 @@ define([
             active: !hasFriends,
         }];
 
+        // XXX add QR code generation for files
         if (ApiConfig.enableEmbedding) {
             tabs.push({
                 getTab: getFileEmbedTab,

From 1f0f48b85f3c9c4b3ad9ff1b28ad73a4a6837273 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 18:59:13 +0530
Subject: [PATCH 38/58] simplify blob fetch behind basic auth

---
 www/common/media-tag.js        | 9 +++++----
 www/common/onlyoffice/inner.js | 5 +++++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/www/common/media-tag.js b/www/common/media-tag.js
index f05b39d9a..1e76cfc0b 100644
--- a/www/common/media-tag.js
+++ b/www/common/media-tag.js
@@ -3,6 +3,7 @@ var factory = function () {
     var Promise = window.Promise;
     var cache;
     var cypherChunkLength = 131088;
+    var sendCredentials = window.sendCredentials || false; // XXX find a logical place to infer whether this should be set
 
     // Save a blob on the file system
     var saveFile = function (blob, url, fileName) {
@@ -244,7 +245,7 @@ var factory = function () {
         var check = function () {
             var xhr = new XMLHttpRequest();
             xhr.open("HEAD", src);
-            xhr.withCredentials = true;
+            if (sendCredentials) { xhr.withCredentials = true; }
             xhr.onerror = function () { return void cb("XHR_ERROR"); };
             xhr.onreadystatechange = function() {
                 if (this.readyState === this.DONE) {
@@ -277,7 +278,7 @@ var factory = function () {
         var fetch = function () {
             var xhr = new XMLHttpRequest();
             xhr.open('GET', src, true);
-            xhr.withCredentials = true;
+            if (sendCredentials) { xhr.withCredentials = true; }
             xhr.responseType = 'arraybuffer';
 
             var progress = function (offset) {
@@ -389,7 +390,7 @@ var factory = function () {
         var fetch = function () {
             var xhr = new XMLHttpRequest();
             xhr.open('GET', src, true);
-            xhr.withCredentials = true;
+            if (sendCredentials) { xhr.withCredentials = true; }
             xhr.setRequestHeader('Range', 'bytes=0-1');
             xhr.responseType = 'arraybuffer';
 
@@ -402,7 +403,7 @@ var factory = function () {
                 var xhr2 = new XMLHttpRequest();
 
                 xhr2.open("GET", src, true);
-                xhr2.withCredentials = true;
+                if (sendCredentials) { xhr2.withCredentials = true; }
                 xhr2.setRequestHeader('Range', 'bytes=2-' + (size + 2));
                 xhr2.responseType = 'arraybuffer';
                 xhr2.onload = function () {
diff --git a/www/common/onlyoffice/inner.js b/www/common/onlyoffice/inner.js
index 96842f99c..53a18a1ef 100644
--- a/www/common/onlyoffice/inner.js
+++ b/www/common/onlyoffice/inner.js
@@ -685,6 +685,7 @@ define([
             var key = secret.keys && secret.keys.cryptKey;
             var xhr = new XMLHttpRequest();
             xhr.open('GET', src, true);
+            if (window.sendCredentials) { xhr.withCredentials = true; }
             xhr.responseType = 'arraybuffer';
             xhr.onload = function () {
                 if (/^4/.test('' + this.status)) {
@@ -848,6 +849,10 @@ define([
                 lastCpHash: getLastCp().hash
             }, function (err, obj) {
                 if (err || (obj && obj.error)) { console.error(err || (obj && obj.error)); }
+                // XXX an error loading a checkpoint was ignored, causing a sheet
+                // to load incorrectly. There's a risk of a new checkpoint being created
+                // with the resulting (incorrect) state. Errors like this should be reported
+                // to the user so they realize something is wrong.
             });
             sframeChan.on('EV_OO_EVENT', function (obj) {
                 switch (obj.ev) {

From 70f48592aebf6d5774a0f54b3d6d2f3f5ed72e88 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 19:00:28 +0530
Subject: [PATCH 39/58] commit missing styles for share modal improvements

---
 .../src/less2/include/alertify.less           | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/customize.dist/src/less2/include/alertify.less b/customize.dist/src/less2/include/alertify.less
index 3cd4c0318..260716aa0 100644
--- a/customize.dist/src/less2/include/alertify.less
+++ b/customize.dist/src/less2/include/alertify.less
@@ -487,5 +487,32 @@
             overflow-x: auto;
         }
     }
+    // XXX this might not be the best place for this.
+    // I just put it next to other "share" styles
+    // --Aaron
+    #cp-qr-container {
+        position: relative;
+        background-color: white;
+        display: inline-flex;
+        padding: @alertify_padding-base;
+        border-radius: @variables_radius_L;
+        #cp-qr-blocker {
+            position: absolute;
+            height: 100%;
+            width: 100%;
+            border-radius: @variables_radius_L;
+
+            margin: -@alertify_padding-base;
+            padding-top: @alertify_padding-base * 2;
+            text-align: center;
+
+            background: @cryptpad_color_brand;
+            color: @cryptpad_text_col;
+            font-weight: bold;
+            &.hidden {
+                opacity: 0;
+            }
+        }
+    }
 }
 

From adeb7b264a2f9323cd138309a81a9f9823d18af4 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 19:46:05 +0530
Subject: [PATCH 40/58] fix type error

---
 www/common/outer/http-command.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/common/outer/http-command.js b/www/common/outer/http-command.js
index e565d45ce..cba32f24e 100644
--- a/www/common/outer/http-command.js
+++ b/www/common/outer/http-command.js
@@ -83,7 +83,7 @@ define([
             postData(href, obj2, w((err, data) => {
                 if (err) {
                     w.abort();
-                    console.err(err);
+                    console.error(err);
                     // there might be more info here
                     if (data) { console.error(data); }
                     return void cb("RESPONSE_REJECTED");

From 921c46956d05cc58b03a6df7128a61efcc7f0771 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sat, 6 May 2023 20:42:11 +0530
Subject: [PATCH 41/58] fix a type error by ensuring Env.Log is defined

---
 lib/http-worker.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/http-worker.js b/lib/http-worker.js
index 7b3d986da..b11ad0077 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -50,6 +50,7 @@ Logger.levels.forEach(level => {
         });
     };
 });
+Env.Log = Log;
 
 const EVENTS = {};
 
@@ -639,5 +640,9 @@ nThen(function (w) {
 
 });
 
-
-
+process.on('uncaughtException', function (err) {
+    console.error('[%s] UNCAUGHT EXCEPTION IN HTTP WORKER', new Date());
+    console.error(err);
+    console.error("TERMINATING");
+    process.exit(1);
+});

From f82c877cbe7c1eab8e1da3ee99bbe9aebb689c79 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Sun, 7 May 2023 12:17:28 +0530
Subject: [PATCH 42/58] serialize possible errors

---
 lib/challenge-commands/totp.js |  5 +++--
 lib/http-commands.js           | 14 +++++++-------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/lib/challenge-commands/totp.js b/lib/challenge-commands/totp.js
index d9a2a54ad..f86797569 100644
--- a/lib/challenge-commands/totp.js
+++ b/lib/challenge-commands/totp.js
@@ -78,6 +78,7 @@ var createJWT = function (Env, sessionId, publicKey, cb) {
 const TOTP_SETUP = Commands.TOTP_SETUP = function (Env, body, cb) {
     const { publicKey, secret, code, contact } = body;
 
+
     // the client MUST provide an OTP code of the expected format
     // this doesn't check if it matches the secret and time, just that it's well-formed
     if (!isValidOTP(code)) { return void cb("E_INVALID"); }
@@ -307,7 +308,7 @@ So, we should:
         createJWT(Env, sessionId, publicKey, w(function (err, _token) {
             if (err) {
                 Env.Log.error("TOTP_VALIDATE_JWT_SIGN_ERROR", {
-                    error: err,
+                    error: Util.serializeError(err),
                     publicKey: publicKey,
                 });
                 return void cb("TOKEN_ERROR");
@@ -319,7 +320,7 @@ So, we should:
         Sessions.write(Env, publicKey, sessionId, token, w(function (err) {
             if (err) {
                 Env.Log.error("TOTP_VALIDATE_SESSION_WRITE", {
-                    error: err,
+                    error: Util.serializeError(err),
                     publicKey: publicKey,
                     sessionId: sessionId,
                 });
diff --git a/lib/http-commands.js b/lib/http-commands.js
index c31ae2429..82508b2dd 100644
--- a/lib/http-commands.js
+++ b/lib/http-commands.js
@@ -94,7 +94,7 @@ var handleCommand = function (Env, req, res) {
             if (err) {
                 Env.Log.error('CHALLENGE_COMMAND_EXECUTION_ERROR', {
                     body: body,
-                    error: err,
+                    error: Util.serializeError(err),
                 });
                 // errors returned from commands are passed back to the client
                 // as a weak precaution, we try to only send an error's message
@@ -119,7 +119,7 @@ var handleCommand = function (Env, req, res) {
             // this makes it so we can avoid holding state in memory
             Challenge.write(Env, txid, JSON.stringify(copy), function (err) {
                 if (err) {
-                    Env.Log.error('CHALLENGE_WRITE_ERROR', err);
+                    Env.Log.error('CHALLENGE_WRITE_ERROR', Util.serializeError(err));
                     return void res.status(500).json({
                         // arbitrary error message, only intended for debugging
                         error: 'Internal server error 6250',
@@ -134,7 +134,7 @@ var handleCommand = function (Env, req, res) {
         });
     } catch (err) {
         Env.Log.error("CHALLENGE_COMMAND_THROWN_ERROR", {
-            error: err,
+            error: Util.serializeError(err),
         });
         return void res.status(500).json({
             // arbitrary error message, only intended for debugging
@@ -186,7 +186,7 @@ var handleResponse = function (Env, req, res) {
         if (err) {
             Env.Log.error("CHALLENGE_READ_ERROR", {
                 txid: txid,
-                error: err,
+                error: Util.serializeError(err),
             });
             return void res.status(500).json({
                 error: "Unexpected response",
@@ -198,7 +198,7 @@ var handleResponse = function (Env, req, res) {
             if (err) {
                 Env.Log.error("CHALLENGE_DELETION_ERROR", {
                     txid: txid,
-                    error: err,
+                    error: Util.serializeError(err),
                 });
             }
         });
@@ -251,7 +251,7 @@ var handleResponse = function (Env, req, res) {
                 text: text,
                 sig: sig,
                 publicKey: publicKey,
-                error: err3,
+                error: Util.serializeError(err3),
             });
             return res.status(500).json({
                 error: "decoding error"
@@ -273,7 +273,7 @@ var handleResponse = function (Env, req, res) {
         action(Env, json, function (err, content) {
             if (err) {
                 Env.Log.error("CHALLENGE_RESPONSE_ACTION_ERROR", {
-                    error: err,
+                    error: Util.serializeError(err),
                 });
                 return res.status(500).json({
                     error: 'Execution error',

From 880a156efbd76b8a46c17087a096fdc158fc65cc Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Thu, 11 May 2023 16:15:59 +0530
Subject: [PATCH 43/58] add basic 2FA setup app

---
 www/auth/app-auth.less |  90 +++++++++++
 www/auth/base32.js     |  59 +++++++
 www/auth/index.html    |   8 +
 www/auth/main.js       | 359 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 516 insertions(+)
 create mode 100644 www/auth/app-auth.less
 create mode 100644 www/auth/base32.js
 create mode 100644 www/auth/index.html
 create mode 100644 www/auth/main.js

diff --git a/www/auth/app-auth.less b/www/auth/app-auth.less
new file mode 100644
index 000000000..ac3ba08c2
--- /dev/null
+++ b/www/auth/app-auth.less
@@ -0,0 +1,90 @@
+@import (reference) "../../customize/src/less2/include/colortheme-all.less";
+@import (reference) "../../customize/src/less2/include/font.less";
+@import (reference) "../../customize/src/less2/include/alertify.less";
+
+@import (reference) "../../customize/src/less2/include/charts.less";
+
+html, body {
+    .font_main();
+    .alertify_main();
+    .charts_main();
+    height: 100%;
+    margin: 0px;
+    padding: 0px;
+    background-color: @cp_static-bg !important;
+    color: @cryptpad_text_col;
+    font-family: "IBM Plex Mono";
+    width: 100%;
+
+    .centered {
+        width: 100%;
+        max-width: 50em;
+        margin: auto;
+        box-sizing: border-box;
+    }
+
+    h1 {
+        .centered;
+        text-align: center;
+        margin-bottom: 15px;
+    }
+    --height: 0;
+
+    @brand: #0087ff;
+
+    div.container {
+        height: 20em;
+        .centered;
+        //overflow: auto;
+        margin-bottom: 15px;
+        border: 1px solid white;
+    }
+    div.wrapper {
+        max-width: 50em;
+        margin: auto;
+        //margin-top: 5em !important;
+    }
+    p {
+        margin-top: 45px !important;
+    }
+    a, a:visited {
+        color: #ddf;
+    }
+
+    .bordered {
+        border: 1px solid #777;
+        padding: 15px;
+        margin: 15px;
+    }
+
+    #qr-target {
+        display: inline-block;
+        min-height: 256px;
+        min-width: 256px;
+        //height: 350px;
+        //width: 350px;
+        background: white;
+        padding: 5px;
+        margin-top: 15px;
+    }
+    input {
+        box-sizing: border-box;
+    }
+    blockquote {
+        border-left: 3px solid #999;
+        background: #77777777;
+        width: 100%;
+        padding: 15px;
+        box-sizing: border-box;
+        margin-left: 0px;
+
+        white-space: pre-wrap;
+
+    }
+    button {
+        border: 0px;
+        border-radius: 5px;
+        padding: 15px;
+    }
+}
+
diff --git a/www/auth/base32.js b/www/auth/base32.js
new file mode 100644
index 000000000..0da9ab118
--- /dev/null
+++ b/www/auth/base32.js
@@ -0,0 +1,59 @@
+define([], function () {
+    // Based on https://gist.github.com/bellbind/871b145110c458e83077a718aef9fa0e
+
+    // base32 elements
+    //RFC4648: why include 2? Z and 2 looks similar than 8 and O
+    const b32 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+    console.assert(b32.length === 32, b32.length);
+    const b32r = new Map(Array.from(b32, (ch, i) => [ch, i])).set("=", 0);
+    //[constants derived from character table size]
+    //cbit = 5 (as 32 == 2 ** 5), ubit = 8 (as byte)
+    //ccount = 8 (= cbit / gcd(cbit, ubit)), ucount = 5 (= ubit / gcd(cbit, ubit))
+    //cmask = 0x1f (= 2 ** cbit - 1), umask = 0xff (= 2 ** ubit - 1)
+    //const b32pad = [0, 6, 4, 3, 1];
+    const b32pad = Array.from(Array(5), (_, i) => (8 - i * 8 / 5 | 0) % 8);
+
+    function b32e5(u1, u2 = 0, u3 = 0, u4 = 0, u5 = 0) {
+        const u40 = u1 * 2 ** 32 + u2 * 2 ** 24 + u3 * 2 ** 16 + u4 * 2 ** 8 + u5;
+        return [b32[u40 / 2 ** 35 & 0x1f], b32[u40 / 2 ** 30 & 0x1f],
+                b32[u40 / 2 ** 25 & 0x1f], b32[u40 / 2 ** 20 & 0x1f],
+                b32[u40 / 2 ** 15 & 0x1f], b32[u40 / 2 ** 10 & 0x1f],
+                b32[u40 / 2 ** 5 & 0x1f], b32[u40 & 0x1f]];
+    }
+    function b32d8(b1, b2, b3, b4, b5, b6, b7, b8) {
+        const u40 = b32r.get(b1) * 2 ** 35 + b32r.get(b2) * 2 ** 30 +
+              b32r.get(b3) * 2 ** 25 + b32r.get(b4) * 2 ** 20 +
+              b32r.get(b5) * 2 ** 15 + b32r.get(b6) * 2 ** 10 +
+              b32r.get(b7) * 2 ** 5 + b32r.get(b8);
+        return [u40 / 2 ** 32 & 0xff, u40 / 2 ** 24 & 0xff, u40 / 2 ** 16 & 0xff,
+                u40 / 2 ** 8 & 0xff, u40 & 0xff];
+    }
+
+    // base32 encode/decode: Uint8Array <=> string
+    function b32e(u8a) {
+        console.assert(u8a instanceof Uint8Array, u8a.constructor);
+        const len = u8a.length, rem = len % 5;
+        const u5s = Array.from(Array((len - rem) / 5),
+                               (_, i) => u8a.subarray(i * 5, i * 5 + 5));
+        const pad = b32pad[rem];
+        const br = rem === 0 ? [] : b32e5(...u8a.subarray(-rem)).slice(0, 8 - pad);
+        return [].concat(...u5s.map(u5 => b32e5(...u5)),
+                         br, ["=".repeat(pad)]).join("");
+    }
+    function b32d(bs) {
+        const len = bs.length;
+        if (len === 0) return new Uint8Array([]);
+        //console.assert(len % 8 === 0, len);
+        const pad = len - bs.indexOf("="), rem = b32pad.indexOf(pad);
+        //console.assert(rem >= 0, pad);
+        console.assert(/^[A-Z2-7+\/]*$/.test(bs.slice(0, len - pad)), bs);
+        const u8s = [].concat(...bs.match(/.{8}/g).map(b8 => b32d8(...b8)));
+        return new Uint8Array(rem > 0 ? u8s.slice(0, rem - 5) : u8s);
+    }
+
+    return {
+        encode: b32e,
+        decode: b32d,
+        characters: b32,
+    };
+});
diff --git a/www/auth/index.html b/www/auth/index.html
new file mode 100644
index 000000000..d21810baf
--- /dev/null
+++ b/www/auth/index.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
+</head>
+<body>
diff --git a/www/auth/main.js b/www/auth/main.js
new file mode 100644
index 000000000..30e9c0703
--- /dev/null
+++ b/www/auth/main.js
@@ -0,0 +1,359 @@
+define([
+    'jquery',
+    '/common/common-util.js',
+    '/common/hyperscript.js',
+    '/common/common-interface.js',
+    '/common/outer/http-command.js',
+    '/auth/base32.js',
+    '/customize.dist/login.js',
+    '/common/outer/login-block.js',
+    '/common/outer/local-store.js',
+
+    '/lib/qrcode.min.js',
+    '/bower_components/tweetnacl/nacl-fast.min.js',
+
+    'less!/auth/app-auth.less',
+], function ($, Util, h, UI, ServerCommand, Base32, Login, Block, LocalStore) {
+    var QRCode = window.QRCode;
+    var Nacl = window.nacl;
+
+
+    var main = h('div.centered', [
+        h('h1', 'Auth prototype'),
+
+        h('div.bordered', [
+            h('h2#keys', "Key derivation"),
+            h('blockquote',
+`A user's name and password are used to derive:
+
+1. a symmetric key which decrypts their "login block" and provides access to the rest of their account's credentials
+
+2. an asymmetric signing keypair which proves they own the block (the public key is used as its identifier), allowing them to create new blocks, and overwrite or delete old ones.
+
+With the introduction of TOTP as a second factor of authentication, the signing keypair is also used to setup multi-factor auth parameters and other actions that requrire authentication, such as:
+
+1. configuration of the TOTP secret, optional contact field, and future parameters for other MFA mechanisms
+
+2. authentication of new sessions
+
+3. revoking existing sessions
+
+Because these two cryptographic keys provide access to and control of the user's entire account, it is prudent to treat them (and the credentials from which they are derived) very carefully.
+
+The symmetric key is kept in localStorage until logging out because it is needed to access the rest of their account, however, the signing keys should be forgotten as soon as they are no longer necessary (ie. once a session is authenticated, or once sensitive operations like password change have been completed).
+
+Note: The login process performs many checks, confirming that crentials point to a valid block and that it yields access to a valid account, falling back to legacy methods of login where necessary. This prototype ignnores all those edge cases and is here only to derive a valid signing keypair.
+`),
+            h('p', h('input#username', {
+                type: 'text',
+                placeholder: "Username",
+            })),
+            h('p', h('input#password', {
+                type: 'password',
+                placeholder: "Password",
+            })),
+            h('button#derive-keys', "Derive keys"),
+            h('hr'),
+            h('p', [
+                'Block id:',
+                h('div#block-id', '???'),
+            ]),
+        ]),
+
+
+        h('div.bordered#totp-app-config', [
+            h('h2#app', "TOTP app configuration"),
+            h('blockquote', `// XXX TOTP app configuration notes
+Time-based One-Time Passwords are generated using a relatively simple algorithm which uses:
+
+1. a hash function
+
+2. a secret known to the client and the service authenticating them
+
+3. the current time, upon which both parties must agree
+
+Both parties should then be able to derive the same code which is valid within a 30 second window.
+
+The server expects the client to provide a valid code in order to configure their account for TOTP 2FA. This ensures that the client's clock matches the server's, and avoids unfortunate situations in which the client enables TOTP authentication and but is then unable to authenticate.
+
+The secret should consist of not less than 160 bits of entropy (20 Uint8s). When encoded as base32 this should result in a 32 character string.
+
+Some authenticator apps can be configured with manual entry of the secret, but there are additional parameters indicating the name of the service and the account or resource to which it corresponds. These parameters can all be represented with a standardized URI, which can then be represented as a QR code.
+
+It is possible to specify a variety of other values (code length, issuer, stronger hashing algorithms) through query parameters in the URI, but not all authenticator apps will support them. The ones specified below should work basically everywhere. Note that longer URIs produce more complex QR codes, which may be more difficult to scan.
+
+Scan the generated code with your preferred app so that you can generate a code and configure your block with TOTP 2FA.
+`),
+
+            h('p', [
+                "Base32 secret",
+                h('input#base32-secret', {
+                    type: 'text',
+                    placeholder: 'secret',
+                }),
+            ]),
+            h('button#generate-secret', "Generate new TOTP secret"),
+            h('hr'),
+            h('p', [
+                "Label",
+                h('input#totp-label', {
+                    type: 'text',
+                    placeholder: 'Label',
+                }),
+            ]),
+            h('p', [
+                "Hostname",
+                h('input#totp-hostname', {
+                    type: 'text',
+                    placeholder: 'Hostname',
+                }),
+            ]),
+            h('p', [
+                "TOTP URI",
+                h('input#totp-uri', {
+                    type: 'text',
+                    //disabled: 'disabled',
+                    placeholder: 'URI',
+                }),
+            ]),
+            h('p', [
+                'QR Code',
+                h('br'),
+                h('div#qr-target', ''),
+            ]),
+        ]),
+
+        h('div.bordered', [
+            h('h2#setup', "MFA account settings"),
+            h('blockquote',
+`// XXX MFA account settings notes
+
+Once you have:
+
+1. derived your block signing keypair
+
+2. generated a secret
+
+3. configured your authenticator app to generate codes using that secret
+
+...then you can try entering a one-time password (OTP). This will be used in a request to the server to configure your account such that your block can only be requested with a valid token.
+
+Note: This must currently be reversed manually (by deleting the mfa config file) because block removal of these settings is not yet implemented.
+
+`),
+            h('p', [
+                h('input#otp-entry', {
+                    type: 'text',
+                    inputmode: 'numeric',
+                    autocomplete: 'one-time-code',
+                    pattern: '[0-9]{6}',
+                    maxlength: "6",
+                    placeholder: 'One-Time Password',
+                    
+                }),
+            ]),
+            h('button#submit-otp', 'Submit OTP'),
+        ]),
+    ]);
+
+    document.body.appendChild(main);
+
+    // XXX hack to make the page jump to a given element once the content has been rendered
+    window.location.hash = window.location.hash;
+
+    // Key derivation
+
+    var $username = $('#username');
+    var $password = $('#password');
+    var $deriveKeys = $('#derive-keys');
+    var $blockId = $('#block-id');
+
+    var BUSY = false;
+
+    var blockKeys;
+    var blockId;
+    $deriveKeys.click(function () {
+        if (BUSY) { return; }
+
+        var name = $username.val().trim()
+        var password = $password.val();
+
+        if (!name) { return void window.alert("Invalid name"); }
+        if (!password) { return void window.alert("Invalid password"); }
+
+        UI.log("Deriving keys..");
+
+        BUSY = true;
+        // scrypt locks up the UI before the DOM has a chance to update (displaying logs, etc.)
+        // so do a set timeout
+        setTimeout(function () {
+            Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
+                BUSY = false;
+                UI.log("DONE");
+                console.log(bytes);
+
+                var result = Login.allocateBytes(bytes);
+
+                console.log(result);
+
+                blockKeys = result.blockKeys;
+
+                var blockURL = Block.getBlockUrl(blockKeys);
+                console.log('block URL', blockURL);
+
+                blockId = blockURL.replace(/.*\//, '');
+                $blockId.html(blockId);
+            });
+        }, 1500);
+    });
+
+
+
+
+    // TOTP app configuration
+
+    var $generateSecret = $('#generate-secret')
+    var $b32Secret = $('#base32-secret');
+
+    var randomSecret = () => {
+        var U8 = Nacl.randomBytes(20);
+        return Base32.encode(U8);
+    };
+
+    var isValidBase32 = input => {
+        if (typeof(input) !== 'string') { return false; }
+        try {
+            var output = Base32.decode(input);
+            if (!(output instanceof Uint8Array)) { return false; }
+        } catch (err) {
+            console.error(err);
+            return false;
+        }
+        return true;
+    };
+
+    // use the same base32 secret across page reloads
+    // by trying to read the hash and interpret it as a secret
+    // otherwise use a new, random secret, and store it in the hash
+    var hash = window.location.hash.slice(1);
+    console.log(hash);
+    console.log('isValid', isValidBase32(hash));
+    if (hash && hash.length >= 32 && isValidBase32(hash)) {
+        console.log("Reusing existing secret");
+        $b32Secret.val(hash);
+    } else {
+        console.log("Generating new secret");
+        let secret = randomSecret();
+        $b32Secret.val(secret);
+        window.location.hash = secret;
+    }
+
+    var $hostname = $('#totp-hostname');
+    $hostname.val(new URL(window.location.href).hostname);
+
+    var $label = $('#totp-label');
+    $label.val('CryptPad');
+
+    var $uri = $('#totp-uri');
+
+    var valueOrPlaceholder = $e => {
+        return $e.val().trim() || ($e.attr('placeholder') || '').trim();
+    };
+
+    var $qrTarget = $('#qr-target');
+
+    var updateQR = Util.throttle(function () {
+        var uri = $uri.val();
+        $qrTarget.html("");
+        new QRCode($qrTarget[0], uri);
+    }, 400);
+    updateQR();
+
+    $uri.on("change keyup keydown", updateQR);
+
+    var updateURI = Util.throttle(function () {
+        var username = valueOrPlaceholder($username);
+
+        var hostname = valueOrPlaceholder($hostname);
+        var label = valueOrPlaceholder($label);
+        var secret = valueOrPlaceholder($b32Secret);
+
+        var uri = `otpauth://totp/${label}:${username}@${hostname}?secret=${secret}`;
+
+        $uri.val(uri);
+
+        updateQR();
+
+    }, 400);
+
+    updateURI();
+
+    [$username, $b32Secret, $hostname, $label].forEach($el => {
+        $el.on('change keydown keyup', updateURI);
+    });
+
+    $generateSecret.click(function () {
+        //UI.log('gen secret');
+        var secret = randomSecret();
+        $b32Secret.val(secret);
+        window.location.hash = secret;
+        updateURI();
+    });
+
+    // MFA Account settings
+
+    var $OTPEntry = $('#otp-entry');
+    var $submitOTP = $('#submit-otp');
+
+    var OTP_LOCK;
+    $submitOTP.click(function () {
+        if (OTP_LOCK) {
+            return void window.alert("Server request already in progress");
+        }
+
+        console.log("OTP submission clicked");
+        // Double-check that the secret is OK
+        var secret = $b32Secret.val();
+        if (!isValidBase32(secret)) {
+            return void window.alert("Your base32 secret is not valid");
+        }
+
+        // Check block keys last, since they're the most expensive to derive
+
+        // The user can't set up 2FA unless they have a signing key which corresponds to an existing block
+        if (!blockKeys || !blockId) {
+            return void window.alert("Derive block keys first");
+        }
+
+        var code = $OTPEntry.val();
+        if (code.length !== 6 || /\D/.test(code)) {
+            return void window.alert("Invalid code");
+        }
+
+        OTP_LOCK = true;
+        ServerCommand(blockKeys.sign, {
+            command: 'TOTP_SETUP',
+            secret: secret,
+            code: code,
+        }, function (err, response) {
+            OTP_LOCK = false;
+            $OTPEntry.val("");
+            if (err) {
+                console.error(err);
+                console.log(response);
+                return void UI.warn("Error: see console");
+            }
+            if (!response || !response.bearer) {
+                console.log(response);
+                return void window.alert("Unexpected response");
+            }
+
+            // the server responded with a bearer token
+            // remember it so that you aren't redirected back to the login page
+            // when you access a page that enforces session persistence
+            console.log(response);
+            LocalStore.setSessionToken(response.bearer);
+            window.alert(`Success! This device's session should already be authenticated. Try accessing this account from a different device or browser to confirm that a TOTP code is required`);
+        });
+    });
+});

From bd19288869ae77dec2aa5a65cd7a6da4c036f9ef Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Thu, 11 May 2023 16:42:47 +0530
Subject: [PATCH 44/58] notes on pending improvements to add before
 merge/release

---
 customize.dist/login.js | 7 ++++++-
 lib/storage/basic.js    | 5 +++++
 lib/storage/sessions.js | 6 ++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/customize.dist/login.js b/customize.dist/login.js
index 348d2c6ed..3da608230 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -504,7 +504,12 @@ define([
             // Finally, create the login block for the object you just created.
             var toPublish = {};
 
-            toPublish[Constants.userNameKey] = uname;
+// XXX I did some basic testing and searching and could not find this attribute
+// actually being used anywhere. Including it means either supporting arbitrarily
+// large blocks (a DoS vector) or having registration fail for large usernames.
+// Can someone please double-check that removing this doesn't break anything?
+// --Aaron
+            //toPublish[Constants.userNameKey] = uname;
             toPublish[Constants.userHashKey] = userHash;
             toPublish.edPublic = RT.proxy.edPublic;
 
diff --git a/lib/storage/basic.js b/lib/storage/basic.js
index db79e5749..be20d0cd9 100644
--- a/lib/storage/basic.js
+++ b/lib/storage/basic.js
@@ -48,6 +48,11 @@ Basic.write = function (Env, path, data, cb) {
     });
 };
 
+// XXX I didn't bother implementing the usual "archive/restore/delete-from-archives" methods
+// because they didn't seem particularly important for the data implemented with this module.
+// They're still worth considering, though, so don't let my ommission stop you.
+// Login blocks could probably be implemented with this module if these methods were supported.
+// --Aaron
 Basic.delete = function (Env, path, cb) {
     if (!path) { return void pathError(cb); }
     Fs.rm(path, cb);
diff --git a/lib/storage/sessions.js b/lib/storage/sessions.js
index d9056ae4b..cd52558d4 100644
--- a/lib/storage/sessions.js
+++ b/lib/storage/sessions.js
@@ -42,3 +42,9 @@ Sessions.delete = function (Env, id, ref, cb) {
     Basic.delete(Env, path, cb);
 };
 
+// XXX All of a user's sessions should be removed When a user deletes their account
+// The fact that each user is given their own publicKey-scoped directory makes them easy
+// to remove all at once. Nodejs provides an easy way to `rm -rf` since 14.14.0:
+// Fs.rm(dir, { recursive: true, force: true }, console.log)
+// just be careful to validate the directory's path
+// --Aaron

From bf548c10228b0043ebe89ef57a744af153a7a214 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Thu, 11 May 2023 17:06:46 +0530
Subject: [PATCH 45/58] updated nginx config for new API server features

---
 docs/example.nginx.conf | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index a66aa07ec..7805df59e 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -174,7 +174,12 @@ server {
     # We prefer to serve static content from nginx directly and to leave the API server to handle
     # the dynamic content that only it can manage. This is primarily an optimization
     location ^~ /cryptpad_websocket {
-        proxy_pass http://localhost:3000;
+        # XXX
+        # static assets like blobs and blocks are served by clustered workers in the API server
+        # Websocket traffic still needs to be handled by the main process, which means it needs
+        # to be hosted on a different port. By default 3003 will be used, though this is configurable
+        # via config.websocketPort
+        proxy_pass http://localhost:3003;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -213,7 +218,11 @@ server {
         add_header Cross-Origin-Embedder-Policy require-corp;
     }
 
-    # encrypted blobs are immutable and are thus cached for a year
+    # Requests for blobs and blocks are now proxied to the API server
+    # This simplifies NGINX path configuration in the event they are being hosted in a non-standard location
+    # or with odd unexpected permissions. Serving blobs in this manner also means that it will be possible to
+    # enforce access control for them, though this is not yet implemented.
+    # Access control (via TOTP 2FA) has been added to blocks, so they can be handled with the same directives.
     location ~ ^/(blob|block)/.*$ {
         if ($request_method = 'OPTIONS') {
             add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
@@ -225,14 +234,13 @@ server {
             add_header 'Content-Length' 0;
             return 204;
         }
-        add_header X-Content-Type-Options nosniff;
-        add_header Cache-Control max-age=31536000;
-        add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
-        add_header 'Access-Control-Allow-Credentials' true;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
-        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
-        try_files $uri =404;
+        # Since we are proxying to the API server these headers can get duplicated
+        # so we hide them
+        proxy_hide_header 'X-Content-Type-Options';
+        proxy_hide_header 'Access-Control-Allow-Origin';
+        proxy_hide_header 'Permissions-Policy';
+        proxy_hide_header 'X-XSS-Protection';^
+        proxy_pass http://localhost:3000;
     }
 
     # The nodejs server has some built-in forwarding rules to prevent

From d789627920faea410599cd4b05ac31d012a136c1 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Fri, 12 May 2023 18:21:15 +0200
Subject: [PATCH 46/58] TOTP setup and revocation in settings

---
 lib/challenge-commands/totp.js | 115 +++++++++++++++
 lib/http-commands.js           |   1 +
 lib/http-worker.js             |   7 +
 lib/storage/basic.js           |   9 ++
 lib/storage/sessions.js        |  14 ++
 www/auth/base32.js             |   3 +-
 www/auth/main.js               |   4 +-
 www/common/cryptpad-common.js  |   4 +
 www/settings/inner.js          | 251 ++++++++++++++++++++++++++++++++-
 www/settings/main.js           |  41 ++++++
 10 files changed, 445 insertions(+), 4 deletions(-)

diff --git a/lib/challenge-commands/totp.js b/lib/challenge-commands/totp.js
index f86797569..57b5257a6 100644
--- a/lib/challenge-commands/totp.js
+++ b/lib/challenge-commands/totp.js
@@ -48,6 +48,11 @@ var decode32 = S => {
     return decoded;
 };
 
+
+// XXX Decide expire time
+// Allow user settings?
+var EXPIRATION = 7 * 24 * 3600 * 1000; // Sessions are valid 7 days
+
 var createJWT = function (Env, sessionId, publicKey, cb) {
     JWT.sign({
         // this is a custom JWT field (not a standard) - we include a reference to the session
@@ -55,6 +60,7 @@ var createJWT = function (Env, sessionId, publicKey, cb) {
         ref: sessionId,
         // we specify in the token for what resource the token should be valid (their block's public key)
         sub: Util.escapeKeyCharacters(publicKey),
+        exp: (+new Date()) + EXPIRATION
     }, Env.bearerSecret, {
         // token integrity is ensured with HMAC SHA512 with the server's bearerSecret
         // clients can inspect token parameters, but cannot modify them
@@ -336,3 +342,112 @@ So, we should:
     });
 };
 
+// This command is somewhat simpler than TOTP_SETUP
+// Revoke a client TOTP secret which will allow them to disable TOTP for a login block IFF:
+// 1. That login block exists
+// 2. That login block is protected by TOTP 2FA
+// 3. They can produce a valid OTP for that block's TOTP secret
+// 4. They can sign for the block's public key
+const revoke = Commands.TOTP_REVOKE = function (Env, body, cb) {
+    var { publicKey, code } = body;
+
+    // they must provide a valid OTP code
+    if (!isValidOTP(code)) { return void cb('E_INVALID'); }
+
+    // they must provide a valid block public key
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+
+    var secret;
+    nThen(function (w) {
+        // check that there is an MFA configuration for the given account
+        MFA.read(Env, publicKey, w(function (err, content) {
+            if (err) {
+                w.abort();
+                Env.Log.error('TOTP_VALIDATE_MFA_READ', {
+                    error: err,
+                    publicKey: publicKey,
+                });
+                return void cb('NO_MFA_CONFIGURED');
+            }
+
+            var parsed = Util.tryParse(content);
+
+            if (!parsed) {
+                w.abort();
+                return void cb("INVALID_CONFIGURATION");
+            }
+
+            secret = parsed.secret;
+        }));
+    }).nThen(function () {
+        let decoded = decode32(secret);
+        if (!decoded) {
+            Env.Log.error("TOTP_VALIDATE_INVALID_SECRET", {
+                publicKey, // log the public key so the admin can investigate further
+                // don't log the problematic secret directly as
+                // logs are likely to be pasted in random places
+            });
+            return void cb("E_INVALID_SECRET");
+        }
+
+        // validate the code
+        var validated = OTP.totp.verify(code, decoded, {
+            window: 1,
+        });
+
+        if (!validated) {
+            // I won't worry about logging these OTPs as they shouldn't leak any useful information
+            Env.Log.error("TOTP_VALIDATE_BAD_OTP", {
+                code,
+            });
+            return void cb("INVALID_OTP");
+        }
+
+        // call back to indicate that their request was well-formed and valid
+        cb();
+    });
+};
+
+revoke.complete = function (Env, body, cb) {
+/*
+if they are here then they:
+
+1. have a valid block configured with TOTP-based 2FA
+2. were able to provide a valid TOTP for that block's secret
+3. were able to sign their messages for the block's public key
+
+So, we should:
+
+1. Revoke the TOTP authentication for their block
+2. Remove all existing sessions
+
+*/
+    var { publicKey } = body;
+
+    nThen(function (w) {
+        MFA.delete(Env, publicKey, w(function (err) {
+            if (!err) { return; }
+            w.abort();
+            Env.Log.error('TOTP_REVOKE_MFA_DELETE', {
+                error: err,
+                publicKey: publicKey,
+            });
+            cb('MFA_ERROR');
+        }));
+    }).nThen(function () {
+        Sessions.deleteUser(Env, publicKey, function (err) {
+            if (!err) { return; }
+            // If we can't delete the sessions, don't send an erorr, just log to the server.
+            // The MFA will still be correctly disabled as long as the first step is done.
+            Env.Log.error('TOTP_REVOKE_SESSIONS__DELETE', {
+                error: err,
+                publicKey: publicKey,
+            });
+        });
+    }).nThen(function () {
+        cb(void 0, {
+            success: true
+        });
+    });
+};
+
diff --git a/lib/http-commands.js b/lib/http-commands.js
index 82508b2dd..04ccf9101 100644
--- a/lib/http-commands.js
+++ b/lib/http-commands.js
@@ -63,6 +63,7 @@ var COMMANDS = {};
 const TOTP = require("./challenge-commands/totp.js");
 COMMANDS.TOTP_SETUP = TOTP.TOTP_SETUP;
 COMMANDS.TOTP_VALIDATE = TOTP.TOTP_VALIDATE;
+COMMANDS.TOTP_REVOKE = TOTP.TOTP_REVOKE;
 
 var randomToken = () => Nacl.util.encodeBase64(Nacl.randomBytes(24)).replace(/\//g, '-');
 
diff --git a/lib/http-worker.js b/lib/http-worker.js
index b11ad0077..e920a25e7 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -380,6 +380,13 @@ app.use('/block/', function (req, res, next) {
             // reject if it's too old
             if (payload.exp && ((+new Date()) > payload.exp)) {
                 Log.error("JWT_EXPIRED", payload);
+                Sessions.delete(Env, name, payload.ref, function (err) {
+                    if (err) {
+                        Log.error('JWT_SESSION_DELETE_EXPIRED_ERROR', err);
+                        return;
+                    }
+                    Log.info('JWT_SESSION_DELETE_EXPIRED', err);
+                });
                 return void no();
             }
 
diff --git a/lib/storage/basic.js b/lib/storage/basic.js
index be20d0cd9..92854a0fa 100644
--- a/lib/storage/basic.js
+++ b/lib/storage/basic.js
@@ -36,6 +36,10 @@ Basic.read = function (Env, path, cb) {
         cb(void 0, content);
     });
 };
+Basic.readDir = function (Env, path, cb) {
+    if (!path) { return void pathError(cb); }
+    Fs.readdir(path, cb);
+};
 
 Basic.write = function (Env, path, data, cb) {
     if (!path) { return void pathError(cb); }
@@ -57,4 +61,9 @@ Basic.delete = function (Env, path, cb) {
     if (!path) { return void pathError(cb); }
     Fs.rm(path, cb);
 };
+Basic.deleteDir = function (Env, path, cb) {
+    if (!path) { return void pathError(cb); }
+    Fs.rm(path, { recursive: true, force: true }, cb);
+};
+
 
diff --git a/lib/storage/sessions.js b/lib/storage/sessions.js
index cd52558d4..f31151ec8 100644
--- a/lib/storage/sessions.js
+++ b/lib/storage/sessions.js
@@ -42,6 +42,20 @@ Sessions.delete = function (Env, id, ref, cb) {
     Basic.delete(Env, path, cb);
 };
 
+Sessions.deleteUser = function (Env, id,  cb) {
+    if (!id || typeof(id) !== 'string') { return; }
+    id = Util.escapeKeyCharacters(id);
+    var dirPath = Path.join(Env.paths.base, "sessions", id.slice(0, 2), id);
+
+    Basic.readDir(Env, dirPath, (err, files) => {
+        var checkContent = !files || (Array.isArray(files) && files.every((file) => {
+            return file && file.length === 32;
+        }));
+        if (!checkContent) { return void cb('INVALID_SESSIONS_DIR'); }
+        Basic.deleteDir(Env, dirPath, cb);
+    });
+};
+
 // XXX All of a user's sessions should be removed When a user deletes their account
 // The fact that each user is given their own publicKey-scoped directory makes them easy
 // to remove all at once. Nodejs provides an easy way to `rm -rf` since 14.14.0:
diff --git a/www/auth/base32.js b/www/auth/base32.js
index 0da9ab118..d9a15f5ea 100644
--- a/www/auth/base32.js
+++ b/www/auth/base32.js
@@ -1,3 +1,4 @@
+/* jshint esversion: 7 */
 define([], function () {
     // Based on https://gist.github.com/bellbind/871b145110c458e83077a718aef9fa0e
 
@@ -42,7 +43,7 @@ define([], function () {
     }
     function b32d(bs) {
         const len = bs.length;
-        if (len === 0) return new Uint8Array([]);
+        if (len === 0) { return new Uint8Array([]); }
         //console.assert(len % 8 === 0, len);
         const pad = len - bs.indexOf("="), rem = b32pad.indexOf(pad);
         //console.assert(rem >= 0, pad);
diff --git a/www/auth/main.js b/www/auth/main.js
index 30e9c0703..a15edfc85 100644
--- a/www/auth/main.js
+++ b/www/auth/main.js
@@ -175,7 +175,7 @@ Note: This must currently be reversed manually (by deleting the mfa config file)
     $deriveKeys.click(function () {
         if (BUSY) { return; }
 
-        var name = $username.val().trim()
+        var name = $username.val().trim();
         var password = $password.val();
 
         if (!name) { return void window.alert("Invalid name"); }
@@ -212,7 +212,7 @@ Note: This must currently be reversed manually (by deleting the mfa config file)
 
     // TOTP app configuration
 
-    var $generateSecret = $('#generate-secret')
+    var $generateSecret = $('#generate-secret');
     var $b32Secret = $('#base32-secret');
 
     var randomSecret = () => {
diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index 237a258c9..135d522f6 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -2513,6 +2513,10 @@ define([
                         // when it was expected. Log them out and redirect them to
                         // the login page, where they will be able to authenticate
                         // and request a new JWT
+
+                        // XXX We may only require them to provid a new TOTP code here
+                        // instead of redirecting them to the login page
+
                         waitFor.abort();
                         return void LocalStore.logout(function () {
                             requestLogin();
diff --git a/www/settings/inner.js b/www/settings/inner.js
index 459257c93..e19ba65b9 100644
--- a/www/settings/inner.js
+++ b/www/settings/inner.js
@@ -15,6 +15,7 @@ define([
     '/common/make-backup.js',
     '/common/common-feedback.js',
     '/common/common-constants.js',
+    '/customize.dist/login.js',
 
     '/common/jscolor.js',
     '/bower_components/file-saver/FileSaver.min.js',
@@ -37,7 +38,8 @@ define([
     ApiConfig,
     Backup,
     Feedback,
-    Constants
+    Constants,
+    Login
 ) {
     var saveAs = window.saveAs;
     var APP = window.APP = {};
@@ -47,6 +49,17 @@ define([
     var privateData;
     var sframeChan;
 
+    Messages.settings_totpTitle = "TOTP"; // XXX
+    Messages.settings_cat_access = "Security"; // XXX
+    Messages.settings_totp_enable = "Enable TOTP"; // XXX
+    Messages.settings_totp_disable = "Disable TOTP"; // XXX
+    Messages.settings_totp_generate = "Generate secret"; // XXX
+    Messages.settings_totp_code = "OTP code"; // XXX
+    Messages.settings_totp_code_invalid = "Invalid OTP code"; // XXX
+
+    Messages.settings_totp_tuto = "Scan this QR code with a authenticator application. Obtain a valid authentication code and confirm before it expires."; // XXX
+    Messages.settings_totp_confirm = "Enable TOTP with this secret"; // XXX
+
     var categories = {
         'account': [ // Msg.settings_cat_account
             'cp-settings-own-drive',
@@ -57,6 +70,10 @@ define([
             'cp-settings-change-password',
             'cp-settings-delete'
         ],
+        'access': [ // Msg.settings_cat_access // XXX
+            // XXX add password change and account deletion here?
+            'cp-settings-totp'
+        ],
         'security': [ // Msg.settings_cat_security
             'cp-settings-logout-everywhere',
             'cp-settings-autostore',
@@ -777,6 +794,238 @@ define([
         cb($inputBlock);
     }, true);
 
+
+    // Account access
+
+    var drawTotp = function (content, enabled) {
+        var $content = $(content).empty();
+        if (enabled) {
+            (function () {
+            var disable = h('button.btn.btn-danger', Messages.settings_totp_disable);
+            var OTPEntry, pwInput;
+            $content.append(h('div', [
+                h('p', pwInput = h('input', {
+                    type: 'password',
+                    placeholder: Messages.login_password,
+                })),
+                OTPEntry = h('input', {
+                    placeholder: Messages.settings_totp_code
+                }),
+                disable
+            ]));
+            var $b = $(disable);
+            var $OTPEntry = $(OTPEntry);
+            UI.confirmButton(disable, {
+                classes: 'btn-danger',
+                multiple: true
+            }, function () {
+                $b.attr('disabled', 'disabled');
+                var name = privateData.accountName;
+                var password = $(pwInput).val();
+
+                // scrypt locks up the UI before the DOM has a chance
+                // to update (displaying logs, etc.), so do a set timeout
+                setTimeout(function () {
+                Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
+                    var result = Login.allocateBytes(bytes);
+                    sframeChan.query("Q_SETTINGS_CHECK_BLOCK", {
+                        blockHash: result.blockHash,
+                    }, function (err, obj) {
+                        if (!obj || !obj.correct) {
+                            UI.warn(Messages.login_noSuchUser);
+                            $b.removeAttr('disabled');
+                            return;
+                        }
+                        var blockKeys = result.blockKeys;
+                        var code = $OTPEntry.val();
+                        sframeChan.query("Q_SETTINGS_TOTP_REVOKE", {
+                            key: blockKeys.sign,
+                            data: {
+                                command: 'TOTP_REVOKE',
+                                code: code,
+                            }
+                        }, function (err, obj) {
+                            $OTPEntry.val("");
+                            if (err || !obj || !obj.success) {
+                                $b.removeAttr('disabled');
+                                return void UI.warn(Messages.settings_totp_code_invalid);
+                            }
+                            drawTotp(content, false);
+                        }, {raw: true});
+                    });
+                });
+                }, 1000);
+            });
+
+            })();
+            return;
+        }
+
+        var button = h('button.btn.btn-primary', Messages.settings_totp_enable);
+        $(button).click(function () {
+            $content.empty();
+            var Base32, Block, QRCode, Nacl;
+            var blockKeys;
+            nThen(function (waitFor) {
+                require([
+                    '/auth/base32.js',
+                    '/common/outer/login-block.js',
+                    '/lib/qrcode.min.js',
+                    '/bower_components/tweetnacl/nacl-fast.min.js',
+                ], waitFor(function (_Base32, _Login, _Block) {
+                    Base32 = _Base32;
+                    Block = _Block;
+                    QRCode = window.QRCode;
+                    Nacl = window.nacl;
+                }));
+            }).nThen(function (waitFor) {
+                var pwInput;
+                var button = h('button.btn.btn-secondary', Messages.ui_confirm);
+                $content.append(h('div', [
+                    h('p', pwInput = h('input', {
+                        type: 'password',
+                        placeholder: Messages.login_password,
+                    })),
+                    button
+                ]));
+                var next = waitFor();
+                var BUSY = false;
+
+                var spinner = UI.makeSpinner($content);
+                var $b = $(button).click(function () {
+                    if (BUSY) { return; }
+
+                    var name = privateData.accountName;
+                    var password = $(pwInput).val();
+
+                    if (!password) { return void UI.warn(Messages.login_noSuchUser); }
+
+                    spinner.spin();
+                    $b.attr('disabled', 'disabled');
+                    BUSY = true;
+
+                    // scrypt locks up the UI before the DOM has a chance
+                    // to update (displaying logs, etc.), so do a set timeout
+                    setTimeout(function () {
+                        Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
+                            var result = Login.allocateBytes(bytes);
+                            sframeChan.query("Q_SETTINGS_CHECK_BLOCK", {
+                                blockHash: result.blockHash,
+                            }, function (err, obj) {
+                                BUSY = false;
+                                if (!obj || !obj.correct) {
+                                    spinner.hide();
+                                    UI.warn(Messages.login_noSuchUser);
+                                    $b.removeAttr('disabled');
+                                    return;
+                                }
+                                spinner.done();
+                                blockKeys = result.blockKeys;
+                                next();
+                            });
+                        });
+                    }, 1000);
+                });
+            }).nThen(function () {
+                var randomSecret = function () {
+                    var U8 = Nacl.randomBytes(20);
+                    return Base32.encode(U8);
+                };
+                $content.empty();
+                var generate = h('button.btn.btn-primary', Messages.settings_totp_generate);
+                var secretContainer = h('div');
+                var $container = $(secretContainer);
+                $content.append(secretContainer, h('p', generate));
+
+                var updateQR = Util.throttle(function (uri, target) {
+                    new QRCode(target, uri);
+                }, 400);
+                var updateURI = function (secret) {
+                    $container.empty();
+
+                    var username = privateData.accountName;
+                    var hostname = new URL(privateData.origin).hostname;
+                    var label = "CryptPad";
+
+                    var uri = `otpauth://totp/${label}:${username}@${hostname}?secret=${secret}`;
+
+                    var qr = h('div');
+                    var uriInput = UI.dialog.selectable(uri);
+                    updateQR(uri, qr);
+
+                    var OTPEntry = h('input', {
+                        placeholder: Messages.settings_totp_code
+                    });
+                    var $OTPEntry = $(OTPEntry);
+
+                    var description = h('p', Messages.settings_totp_tuto);
+                    var confirmOTP = h('button.btn.btn-primary', Messages.settings_totp_confirm);
+                    var $confirmBtn = $(confirmOTP);
+                    var lock = false;
+                    UI.confirmButton(confirmOTP, {
+                        multiple: true
+                    }, function () {
+                        var code = $OTPEntry.val();
+                        if (code.length !== 6 || /\D/.test(code)) {
+                            return void UI.warn(Messages.error); // XXX
+                        }
+                        $confirmBtn.attr('disabled', 'disabled');
+                        lock = true;
+
+                        sframeChan.query("Q_SETTINGS_TOTP_SETUP", {
+                            key: blockKeys.sign,
+                            data: {
+                                command: 'TOTP_SETUP',
+                                secret: secret,
+                                code: code,
+                            }
+                        }, function (err, obj) {
+                            lock = false;
+                            $OTPEntry.val("");
+                            if (err || !obj || !obj.success) {
+                                $confirmBtn.removeAttr('disabled');
+                                console.error(err);
+                                return void UI.warn(Messages.error);
+                            }
+                            drawTotp(content, true);
+                        }, {raw: true});
+
+                    });
+
+                    $container.append([
+                        uriInput,
+                        qr,
+                        h('br'),
+                        description,
+                        OTPEntry,
+                        confirmOTP
+                    ]);
+                };
+
+
+                var $g = $(generate).click(function () {
+                    $g.remove();
+                    var secret = randomSecret();
+                    updateURI(secret);
+                });
+            });
+
+        }).appendTo(content);
+    };
+    makeBlock('totp', function (cb) { // Msg.settings_totpTitle
+        if (!common.isLoggedIn()) { return void cb(false); }
+
+        var content = h('div');
+        sframeChan.query('Q_SETTINGS_TOTP_CHECK', {}, function (err, obj) {
+            if (err || !obj || (obj && obj.err === 'NOBLOCK')) { return void cb(false); }
+            var enabled = obj && obj.totp;
+            drawTotp(content, Boolean(enabled));
+            cb(content);
+        });
+    }, true);
+
+
+
     // Security
 
     makeBlock('safe-links', function(cb) { // Msg.settings_safeLinksTitle
diff --git a/www/settings/main.js b/www/settings/main.js
index 189d94eb5..f9e00fbc7 100644
--- a/www/settings/main.js
+++ b/www/settings/main.js
@@ -70,6 +70,47 @@ define([
             sframeChan.on('Q_SETTINGS_IMPORT_LOCAL', function (data, cb) {
                 Cryptpad.mergeAnonDrive(cb);
             });
+            sframeChan.on('Q_SETTINGS_CHECK_BLOCK', function (data, cb) {
+                cb({correct: data.blockHash === Utils.LocalStore.getBlockHash() });
+            });
+            sframeChan.on('Q_SETTINGS_TOTP_SETUP', function (obj, cb) {
+                require([
+                    '/common/outer/http-command.js',
+                ], function (ServerCommand) {
+                    ServerCommand(obj.key, obj.data, function (err, response) {
+                        cb({ success: Boolean(!err && response && response.bearer) });
+                        console.log(response);
+                        if (response && response.bearer) {
+                            Utils.LocalStore.setSessionToken(response.bearer);
+                        }
+                    });
+                });
+            });
+            sframeChan.on('Q_SETTINGS_TOTP_REVOKE', function (obj, cb) {
+                require([
+                    '/common/outer/http-command.js',
+                ], function (ServerCommand) {
+                    ServerCommand(obj.key, obj.data, function (err, response) {
+                        cb({ success: Boolean(!err && response && response.success) });
+                        console.error(response);
+                        if (response && response.success) {
+                            Utils.LocalStore.setSessionToken('');
+                        }
+                    });
+                });
+            });
+            sframeChan.on('Q_SETTINGS_TOTP_CHECK', function (obj, cb) {
+                require([
+                    '/common/outer/login-block.js',
+                ], function (Block) {
+                    var blockHash = Utils.LocalStore.getBlockHash();
+                    if (!blockHash) { return void cb({ err: 'NOBLOCK' }); }
+                    var parsed = Block.parseBlockHash(blockHash);
+                    Utils.Util.getBlock(parsed.href, {}, function (err) {
+                        cb({totp: err === 401});
+                    });
+                });
+            });
             sframeChan.on('Q_SETTINGS_DELETE_ACCOUNT', function (data, cb) {
                 Cryptpad.deleteAccount(data, cb);
             });

From be152fdaae6bf0d40699a2037f60db5124f78992 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Mon, 15 May 2023 12:13:14 +0200
Subject: [PATCH 47/58] Fix enabling TOTP with sandbox

---
 www/common/outer/login-block.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/common/outer/login-block.js b/www/common/outer/login-block.js
index 0d75fdfca..c5026c565 100644
--- a/www/common/outer/login-block.js
+++ b/www/common/outer/login-block.js
@@ -133,7 +133,7 @@ define([
         // 'block/' here is hardcoded because it's hardcoded on the server
         // if we want to make CryptPad work in server subfolders, we'll need
         // to update this path derivation
-        return (ApiConfig.fileHost || window.location.origin)
+        return (ApiConfig.fileHost || ApiConfig.httpUnsafeOrigin || window.location.origin)
             + '/block/' + publicKey.slice(0, 2) + '/' +  publicKey;
     };
 

From e893613b43c46b6aea51161e177261c752bc0151 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Mon, 15 May 2023 17:33:58 +0200
Subject: [PATCH 48/58] TOTP: recovery by secret key

---
 customize.dist/pages/recovery.js              | 128 +++++++++++++++++
 .../src/less2/include/infopages.less          |   7 +-
 .../src/less2/pages/page-recovery.less        |  99 +++++++++++++
 customize.dist/template.js                    |   2 +
 lib/challenge-commands/totp.js                |  28 +++-
 www/common/common-interface.js                |   3 +
 www/recovery/index.html                       |  15 ++
 www/recovery/main.js                          | 135 ++++++++++++++++++
 www/settings/inner.js                         |  30 ++--
 www/settings/main.js                          |   2 -
 10 files changed, 434 insertions(+), 15 deletions(-)
 create mode 100644 customize.dist/pages/recovery.js
 create mode 100644 customize.dist/src/less2/pages/page-recovery.less
 create mode 100644 www/recovery/index.html
 create mode 100644 www/recovery/main.js

diff --git a/customize.dist/pages/recovery.js b/customize.dist/pages/recovery.js
new file mode 100644
index 000000000..c5736f4ac
--- /dev/null
+++ b/customize.dist/pages/recovery.js
@@ -0,0 +1,128 @@
+define([
+    '/api/config',
+    'jquery',
+    '/common/hyperscript.js',
+    '/common/common-interface.js',
+    '/customize/messages.js',
+    '/customize/pages.js'
+], function (Config, $, h, UI, Msg, Pages) {
+    return function () {
+        document.title = Msg.register_header;
+
+        var tos = $(UI.createCheckbox('accept-terms')).find('.cp-checkmark-label').append(Msg.register_acceptTerms).parent()[0];
+
+        var termsLink = Pages.customURLs.terms;
+        $(tos).find('a').attr({
+            href: termsLink,
+            target: '_blank',
+            tabindex: '-1',
+        });
+
+Msg.recovery_header = "Recover account"; // XXX
+Msg.recovery_totp = "Disable TOTP on your account"; // XXX
+Msg.recovery_totp_description = "If you've locked yourselves out of your CryptPad account because of a TOTP (Time based One Time Password) multi-factor authentication, you can use this form to disable this protection.";
+Msg.recovery_totp_beta = 'The TOTP multi-factor authentication has just been released. To avoid accidentaly locking accounts, the support team will temporarily agree to disable the protection even if you forgot your secret recovery key. <strong>If you forgot your recovery key, please copy the proof of ownership and send it to <a href="mailto:{0}">{0}</a></strong>';
+Msg.recovery_totp_login = "Please enter your login credentials";
+Msg.recovery_totp_secret = "Please enter your secret recovery key";
+Msg.recovery_totp_secret_ph = "Secret recovery key";
+Msg.recovery_totp_proof = "Proof of ownership";
+Msg.recovery_totp_continue = "Continue";
+Msg.recovery_totp_disable = "Disable TOTP";
+
+Msg.recovery_totp_method_email = "Manual recovery by email";
+Msg.recovery_totp_method_secret = "Automatic recovery by secret key";
+
+Msg.recovery_totp_wrong = "Invalid username or password";
+Msg.recovery_totp_error = "Unknown error. Please reload and try again.";
+Msg.recovery_totp_disabled = "Multi-factor authentication is already disabled for this account.";
+
+        var frame = function (content) {
+            return [
+                h('div#cp-main', [
+                    Pages.infopageTopbar(),
+                    h('div.container.cp-container', [
+                        h('div.row.cp-page-title', h('h1', Msg.recovery_header)),
+                    ].concat(content)),
+                    Pages.infopageFooter(),
+                ]),
+            ];
+        };
+
+        if (Config.restrictRegistration) {
+            return frame([
+                h('div.cp-restricted-registration', [
+                    h('p', Msg.register_registrationIsClosed),
+                ])
+            ]);
+        }
+
+        var termsCheck;
+        if (termsLink) {
+            termsCheck = h('div.checkbox-container', tos);
+        }
+
+        return frame([
+            h('div.row.cp-recovery-det', [
+                h('div#userForm.form-group.hidden.col-md-12', [
+                    h('h2', Msg.recovery_totp),
+                    h('div.cp-recovery-desc', [
+                        Msg._getKey('recovery_totp_description', [ Pages.Instance.name ]),
+                    ]),
+                    h('div.cp-recovery-step.step1', [
+                        h('div.alert.alert-danger.wrong-cred.cp-hidden', Msg.recovery_totp_wrong),
+                        h('label', Msg.recovery_totp_login),
+                        h('input.form-control#username', {
+                            type: 'text',
+                            autocomplete: 'off',
+                            autocorrect: 'off',
+                            autocapitalize: 'off',
+                            spellcheck: false,
+                            placeholder: Msg.login_username,
+                            autofocus: true,
+                        }),
+                        h('input.form-control#password', {
+                            type: 'password',
+                            placeholder: Msg.login_password,
+                        }),
+                        h('div.cp-recover-button',
+                            h('button.btn.btn-primary#cp-recover-login', Msg.recovery_totp_continue)
+                        )
+                    ]),
+                    h('div.cp-recovery-step.step2', { style: 'display: none;' }, [
+                        h('div.cp-recovery-method', [
+                            h('h3', Msg.recovery_totp_method_secret),
+                            h('label', Msg.recovery_totp_secret),
+                            h('input.form-control#totprecovery', {
+                                type: 'text',
+                                autocomplete: 'off',
+                                autocorrect: 'off',
+                                autocapitalize: 'off',
+                                spellcheck: false,
+                                placeholder: Msg.recovery_totp_secret_ph,
+                                autofocus: true,
+                            }),
+                            h('div.cp-recover-button',
+                                h('button.btn.btn-primary#cp-recover', Msg.recovery_totp_disable)
+                            )
+                        ]),
+                        h('div.cp-recovery-desc', Msg.settings_kanbanTagsOr),
+                        h('div.cp-recovery-method', [
+                            h('h3', Msg.recovery_totp_method_email),
+                            Config.adminEmail ? UI.setHTML(h('div.alert.alert-warning'),
+                                Msg._getKey('recovery_totp_beta', [Config.adminEmail])) : undefined,
+                            h('label', Msg.recovery_totp_proof),
+                            h('textarea.cp-recover-email', {readonly: 'readonly'}),
+                            h('button.btn.btn-secondary', Msg.copyToClipboard),
+                        ]),
+                    ]),
+                    h('div.cp-recovery-step.step-info', { style: 'display: none;' }, [
+                        h('div.alert.alert-info.cp-hidden.disabled', Msg.recovery_totp_disabled),
+                        h('div.alert.alert-danger.cp-hidden.unknown-error', Msg.recovery_totp_error),
+                    ]),
+                ])
+            ])
+        ]);
+    };
+
+});
+
diff --git a/customize.dist/src/less2/include/infopages.less b/customize.dist/src/less2/include/infopages.less
index 1882ffd6d..d65e62868 100644
--- a/customize.dist/src/less2/include/infopages.less
+++ b/customize.dist/src/less2/include/infopages.less
@@ -20,6 +20,11 @@
 .infopages_main () {
     --LessLoader_require: LessLoader_currentFile();
 }
+
+.cp-loading-noscroll {
+    overflow: hidden;
+}
+
 body.html {
     .font_main();
     @infopages_infobar-height: 64px;
@@ -105,7 +110,7 @@ body.html {
             filter: @cp_static-img-invert-filter;
         }
 
-        button {
+        button:not(.btn) {
             outline: none;
             background-color: @cp_buttons-primary;
             color: @cp_buttons-primary-text;
diff --git a/customize.dist/src/less2/pages/page-recovery.less b/customize.dist/src/less2/pages/page-recovery.less
new file mode 100644
index 000000000..2fe41447b
--- /dev/null
+++ b/customize.dist/src/less2/pages/page-recovery.less
@@ -0,0 +1,99 @@
+@import (reference) "../include/infopages.less";
+@import (reference) "../include/colortheme-all.less";
+@import (reference) "../include/alertify.less";
+@import (reference) "../include/checkmark.less";
+@import (reference) "../include/forms.less";
+
+&.cp-page-recovery {
+    .infopages_main();
+    .forms_main();
+
+    .alertify_main();
+    .checkmark_main(20px);
+
+    .cp-container {
+        .alert {
+            font-size: @colortheme_app-font-size;
+        }
+        .form-group {
+            .cp-recovery-desc {
+                margin-bottom: 10px;
+            }
+            .cp-recovery-desc, .cp-recovery-step {
+                width: 100%;
+            }
+            #register {
+                &.btn {
+                    padding: .5rem .5rem;
+                }
+                margin-top: 16px;
+                font-size: 1.25em;
+                min-width: 30%;
+            }
+        }
+        padding-bottom: 3em;
+        min-height: 5vh;
+        .cp-hidden {
+            display: none;
+        }
+    }
+    .alertify {
+        // workaround for alertify making empty p
+        p:empty {
+            display: none;
+        }
+
+        nav {
+            display: flex;
+            align-items: center;
+            justify-content: flex-end;
+        }
+
+        @media screen and (max-width: 600px) {
+            nav .btn-danger {
+                line-height: inherit;
+            }
+        }
+
+    }
+
+    .cp-recovery-det {
+        .cp-recover-button {
+            text-align: center;
+        }
+        .cp-recovery-method {
+            padding: 5px;
+            border: 1px solid white;
+            border-radius: 5px;
+            &:not(:last-child) {
+                margin-bottom: 10px;
+            }
+            h3 {
+                margin-top: 0;
+            }
+        }
+        .cp-recover-email {
+            height: 164px;
+        }
+        #userForm {
+            padding: 15px;
+            background-color: @cp_static-card-bg;
+            position: relative;
+            z-index: 2;
+            margin-bottom: 100px;
+            border-radius: @infopages-radius-L;
+            .cp-shadow();
+            .form-control {
+                border-radius: @infopages-radius;
+                color: @cryptpad_text_col;
+                background-color: @cp_forms-bg;
+                margin-bottom: 10px;
+                &:focus {
+                    border-color: @cryptpad_color_brand;
+                }
+                .tools_placeholder-color();
+            }
+        }
+    }
+}
+
diff --git a/customize.dist/template.js b/customize.dist/template.js
index 332471630..b5eca8b2f 100644
--- a/customize.dist/template.js
+++ b/customize.dist/template.js
@@ -55,6 +55,8 @@ $(function () {
                 require([ '/register/main.js' ], function () {});
             } else if (/^\/install\//.test(pathname)) {
                 require([ '/install/main.js' ], function () {});
+            } else if (/^\/recovery\//.test(pathname)) {
+                require([ '/recovery/main.js' ], function () {});
             } else if (/^\/login\//.test(pathname)) {
                 require([ '/login/main.js' ], function () {});
             } else if (/^\/($|^\/index\.html$)/.test(pathname)) {
diff --git a/lib/challenge-commands/totp.js b/lib/challenge-commands/totp.js
index 57b5257a6..8fcef5c38 100644
--- a/lib/challenge-commands/totp.js
+++ b/lib/challenge-commands/totp.js
@@ -23,6 +23,16 @@ var isValidOTP = otp => {
         !/\D/.test(otp);
 };
 
+// basic definition of what we'll accept as a recovery key
+// 24 bytes encoded as b64 ==> 32 characters
+var isValidRecoveryKey = otp => {
+    return isString(otp) &&
+        // in the future this could be updated to support 8 digits
+        otp.length === 32 &&
+        // \D is non-digit characters, so this tests that it is exclusively numeric
+        /[A-Za-z0-9+\/]{32}/.test(otp);
+};
+
 // we'll only allow users to set up multi-factor auth
 // for keypairs they control which already have blocks
 // this check doesn't confirm that their id is valid base64
@@ -349,15 +359,15 @@ So, we should:
 // 3. They can produce a valid OTP for that block's TOTP secret
 // 4. They can sign for the block's public key
 const revoke = Commands.TOTP_REVOKE = function (Env, body, cb) {
-    var { publicKey, code } = body;
+    var { publicKey, code, recoveryKey } = body;
 
     // they must provide a valid OTP code
-    if (!isValidOTP(code)) { return void cb('E_INVALID'); }
+    if (!isValidOTP(code) && !isValidRecoveryKey(recoveryKey)) { return void cb('E_INVALID'); }
 
     // they must provide a valid block public key
     if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
 
-    var secret;
+    var secret, recoveryStored;
     nThen(function (w) {
         // check that there is an MFA configuration for the given account
         MFA.read(Env, publicKey, w(function (err, content) {
@@ -378,7 +388,19 @@ const revoke = Commands.TOTP_REVOKE = function (Env, body, cb) {
             }
 
             secret = parsed.secret;
+            recoveryStored = parsed.contact;
         }));
+    }).nThen(function (w) {
+        if (!recoveryKey) { return; }
+        w.abort();
+        if (!/^secret:/.test(recoveryStored)) {
+            return void cb("E_NO_RECOVERY_KEY");
+        }
+        recoveryStored = recoveryStored.slice(7);
+        if (recoveryKey !== recoveryStored) {
+            return void cb("E_WRONG_RECOVERY_KEY");
+        }
+        cb();
     }).nThen(function () {
         let decoded = decode32(secret);
         if (!decoded) {
diff --git a/www/common/common-interface.js b/www/common/common-interface.js
index bd13a1e69..ea9574f34 100644
--- a/www/common/common-interface.js
+++ b/www/common/common-interface.js
@@ -985,6 +985,7 @@ define([
             todo();
         }
 
+        $('html').toggleClass('cp-loading-noscroll', true);
         // Remove the inner placeholder (iframe)
         $('#placeholder').remove();
     };
@@ -1004,6 +1005,7 @@ define([
         $loading.find('.cp-loading-progress').remove(); // Remove the progress list
         setTimeout(cb, 750);
         $('head > link[href^="/customize/src/pre-loading.css"]').remove();
+        $('html').toggleClass('cp-loading-noscroll', false);
     };
     UI.errorLoadingScreen = function (error, transparent, exitable) {
         if (error === 'Error: XDR encoding failure') {
@@ -1044,6 +1046,7 @@ define([
             $(window).keydown(function (e) { // XXX what if they don't have a keyboard?
                 if (e.which === 27) {
                     $loading.hide();
+                    $('html').toggleClass('cp-loading-noscroll', false);
                     if (typeof(exitable) === "function") { exitable(); }
                 }
             });
diff --git a/www/recovery/index.html b/www/recovery/index.html
new file mode 100644
index 000000000..0a4a2242f
--- /dev/null
+++ b/www/recovery/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
+<head>
+    <title data-localization="main_title">CryptPad: Collaboration suite, encrypted and open-source</title>
+    <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+    <link rel="icon" type="image/png" href="/customize/favicon/main-favicon.png" id="favicon"/>
+    <script src="/customize/pre-loading.js?ver=1.1"></script>
+    <link href="/customize/src/pre-loading.css?ver=1.0" rel="stylesheet" type="text/css">
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
+</head>
+<body class="html">
+    <noscript></noscript>
+
diff --git a/www/recovery/main.js b/www/recovery/main.js
new file mode 100644
index 000000000..449752860
--- /dev/null
+++ b/www/recovery/main.js
@@ -0,0 +1,135 @@
+define([
+    'jquery',
+    'json.sortify',
+    '/customize/login.js',
+    '/common/cryptpad-common.js',
+    //'/common/test.js',
+    '/common/common-credential.js',
+    '/common/common-interface.js',
+    '/common/common-util.js',
+    '/common/common-realtime.js',
+    '/common/common-constants.js',
+    '/common/common-feedback.js',
+    '/common/outer/local-store.js',
+    '/common/outer/login-block.js',
+    '/common/outer/http-command.js',
+
+    '/bower_components/tweetnacl/nacl-fast.min.js',
+
+    'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
+], function ($, Sortify, Login, Cryptpad, /*Test,*/ Cred, UI, Util, Realtime, Constants, Feedback,
+    LocalStore, Block, ServerCommand) {
+    if (window.top !== window) { return; }
+
+    var Messages = Cryptpad.Messages;
+    var Nacl = window.nacl;
+
+    $(function () {
+        if (LocalStore.isLoggedIn()) {
+            // already logged in, redirect to drive
+            document.location.href = '/drive/';
+            return;
+        }
+
+        // text and password input fields
+        var $uname = $('#username');
+        var $passwd = $('#password');
+        var $recoveryKey = $('#totprecovery');
+
+        var $step1 = $('.cp-recovery-step.step1');
+        var $step2 = $('.cp-recovery-step.step2');
+        var $stepInfo = $('.cp-recovery-step.step-info');
+        var $totpProof = $('textarea.cp-recover-email');
+
+        [ $uname, $passwd]
+        .some(function ($el) { if (!$el.val()) { $el.focus(); return true; } });
+
+        var totpStep2 = function () {
+            $step1.hide();
+            $step2.show();
+        };
+        var totpStepInfo = function (cls) {
+            $step1.hide();
+            $step2.hide();
+            $stepInfo.find('.alert').toggleClass('cp-hidden', true);
+            $stepInfo.find(cls).toggleClass('cp-hidden', false);
+            $stepInfo.show();
+        };
+
+        $step2.show(); // XXX debug
+
+        var addProof = function (blockKeys) {
+            var pub = blockKeys.sign.publicKey;
+            var sec = blockKeys.sign.secretKey;
+            var toSign = {
+                intent: 'Disable TOTP',
+                date: new Date().toISOString(),
+                blockId: Nacl.util.encodeBase64(pub),
+            };
+            var proof = Nacl.sign.detached(Nacl.util.decodeUTF8(Sortify(toSign)), sec);
+            toSign.proof = Nacl.util.encodeBase64(proof);
+            $totpProof.html(JSON.stringify(toSign, 0, 2));
+        };
+
+        var revokeTOTP = function (blockKeys) {
+            var recoveryKey = $recoveryKey.val().trim();
+            if (!recoveryKey || recoveryKey.length !== 32) {
+                return void UI.warn(Messages.error); // XXX error message?
+            }
+            ServerCommand(blockKeys.sign, {
+                command: 'TOTP_REVOKE',
+                recoveryKey: recoveryKey
+            }, function (err, response) {
+                var success = !err && response && response.success;
+                if (!success) {
+                    console.error(err, response);
+                    return void UI.warn(Messages.error);
+                }
+                // XXX redirect to login?
+                return void UI.log(Messages.ui_success);
+            });
+        };
+
+        var $recoverLogin = $('button#cp-recover-login');
+        var $recoverConfirm = $('button#cp-recover');
+        var blockKeys;
+        $recoverLogin.click(function () {
+            UI.addLoadingScreen({
+                loadingText: Messages.login_hashing
+            });
+            var name = $uname.val();
+            var pw = $passwd.val();
+            setTimeout(function () {
+                Login.Cred.deriveFromPassphrase(name, pw, Login.requiredBytes, function (bytes) {
+                    var result = Login.allocateBytes(bytes);
+                    var blockHash = result.blockHash;
+                    var parsed = Block.parseBlockHash(blockHash);
+                    addProof(result.blockKeys);
+                    blockKeys = result.blockKeys;
+                    Util.getBlock(parsed.href, {}, function (err, v) {
+                        UI.removeLoadingScreen();
+                        if (v && !err) {
+                            return totpStepInfo('.disabled');
+                        }
+                        if (err === 401) {
+                            return totpStep2(result.blockKeys);
+                        }
+                        if (err === 404) {
+                            return $step1.find('.wrong-cred').toggleClass('cp-hidden', false);
+                        }
+                        totpStepInfo('.unknown-error');
+                    });
+                });
+            }, 100);
+        });
+
+        UI.confirmButton($recoverConfirm[0], {
+            multiple: true
+        }, function () {
+            if (!blockKeys) { return; }
+            // XXX disable TOTP automatically
+            revokeTOTP(blockKeys);
+        });
+
+    });
+});
diff --git a/www/settings/inner.js b/www/settings/inner.js
index e19ba65b9..9a599994b 100644
--- a/www/settings/inner.js
+++ b/www/settings/inner.js
@@ -60,6 +60,9 @@ define([
     Messages.settings_totp_tuto = "Scan this QR code with a authenticator application. Obtain a valid authentication code and confirm before it expires."; // XXX
     Messages.settings_totp_confirm = "Enable TOTP with this secret"; // XXX
 
+    Messages.settings_totp_recovery_header = "Recovery code";
+    Messages.settings_totp_recovery = "If you lose access to your authenticator app, you may lock yourselves out of your CryptPad account. <strong>To prevent this, please store the following recovery secret key.</strong> You'll be able to use it to disable the multi-factor authentication. Do not share this key.";
+
     var categories = {
         'account': [ // Msg.settings_cat_account
             'cp-settings-own-drive',
@@ -864,17 +867,15 @@ define([
         var button = h('button.btn.btn-primary', Messages.settings_totp_enable);
         $(button).click(function () {
             $content.empty();
-            var Base32, Block, QRCode, Nacl;
+            var Base32, QRCode, Nacl;
             var blockKeys;
             nThen(function (waitFor) {
                 require([
                     '/auth/base32.js',
-                    '/common/outer/login-block.js',
                     '/lib/qrcode.min.js',
                     '/bower_components/tweetnacl/nacl-fast.min.js',
-                ], waitFor(function (_Base32, _Login, _Block) {
+                ], waitFor(function (_Base32) {
                     Base32 = _Base32;
-                    Block = _Block;
                     QRCode = window.QRCode;
                     Nacl = window.nacl;
                 }));
@@ -943,6 +944,7 @@ define([
                 var updateURI = function (secret) {
                     $container.empty();
 
+                    var recoverySecret = Nacl.util.encodeBase64(Nacl.randomBytes(24));
                     var username = privateData.accountName;
                     var hostname = new URL(privateData.origin).hostname;
                     var label = "CryptPad";
@@ -972,13 +974,16 @@ define([
                         $confirmBtn.attr('disabled', 'disabled');
                         lock = true;
 
+                        var data = {
+                            command: 'TOTP_SETUP',
+                            secret: secret,
+                            contact: "secret:" + recoverySecret, // XXX add other recovery options
+                            code: code,
+                        };
+
                         sframeChan.query("Q_SETTINGS_TOTP_SETUP", {
                             key: blockKeys.sign,
-                            data: {
-                                command: 'TOTP_SETUP',
-                                secret: secret,
-                                code: code,
-                            }
+                            data: data
                         }, function (err, obj) {
                             lock = false;
                             $OTPEntry.val("");
@@ -992,11 +997,18 @@ define([
 
                     });
 
+                    var recoveryBlock = h('div.alert.alert-danger', [
+                        h('h3', Messages.settings_totp_recovery_header),
+                        UI.setHTML(h('p'), Messages.settings_totp_recovery),
+                        UI.dialog.selectable(recoverySecret)
+                    ]);
+
                     $container.append([
                         uriInput,
                         qr,
                         h('br'),
                         description,
+                        recoveryBlock,
                         OTPEntry,
                         confirmOTP
                     ]);
diff --git a/www/settings/main.js b/www/settings/main.js
index f9e00fbc7..f962d639e 100644
--- a/www/settings/main.js
+++ b/www/settings/main.js
@@ -79,7 +79,6 @@ define([
                 ], function (ServerCommand) {
                     ServerCommand(obj.key, obj.data, function (err, response) {
                         cb({ success: Boolean(!err && response && response.bearer) });
-                        console.log(response);
                         if (response && response.bearer) {
                             Utils.LocalStore.setSessionToken(response.bearer);
                         }
@@ -92,7 +91,6 @@ define([
                 ], function (ServerCommand) {
                     ServerCommand(obj.key, obj.data, function (err, response) {
                         cb({ success: Boolean(!err && response && response.success) });
-                        console.error(response);
                         if (response && response.success) {
                             Utils.LocalStore.setSessionToken('');
                         }

From ea25adcf341277e5b3fd4574541fd67a726964dc Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Mon, 15 May 2023 17:39:11 +0200
Subject: [PATCH 49/58] TOTP: fix recovery UI

---
 www/recovery/main.js | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/www/recovery/main.js b/www/recovery/main.js
index 449752860..7dff9745d 100644
--- a/www/recovery/main.js
+++ b/www/recovery/main.js
@@ -50,14 +50,11 @@ define([
         };
         var totpStepInfo = function (cls) {
             $step1.hide();
-            $step2.hide();
             $stepInfo.find('.alert').toggleClass('cp-hidden', true);
             $stepInfo.find(cls).toggleClass('cp-hidden', false);
             $stepInfo.show();
         };
 
-        $step2.show(); // XXX debug
-
         var addProof = function (blockKeys) {
             var pub = blockKeys.sign.publicKey;
             var sec = blockKeys.sign.secretKey;

From 4b5130017482efb15366e597a2c2285bb2cd554f Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Mon, 15 May 2023 18:11:32 +0200
Subject: [PATCH 50/58] TOTP: Fix copy to clipboard button in recovery page

---
 customize.dist/pages/recovery.js |  2 +-
 www/recovery/main.js             | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/customize.dist/pages/recovery.js b/customize.dist/pages/recovery.js
index c5736f4ac..8355e7a81 100644
--- a/customize.dist/pages/recovery.js
+++ b/customize.dist/pages/recovery.js
@@ -112,7 +112,7 @@ Msg.recovery_totp_disabled = "Multi-factor authentication is already disabled fo
                                 Msg._getKey('recovery_totp_beta', [Config.adminEmail])) : undefined,
                             h('label', Msg.recovery_totp_proof),
                             h('textarea.cp-recover-email', {readonly: 'readonly'}),
-                            h('button.btn.btn-secondary', Msg.copyToClipboard),
+                            h('button.btn.btn-secondary#totpcopyproof', Msg.copyToClipboard),
                         ]),
                     ]),
                     h('div.cp-recovery-step.step-info', { style: 'display: none;' }, [
diff --git a/www/recovery/main.js b/www/recovery/main.js
index 7dff9745d..15ac298d9 100644
--- a/www/recovery/main.js
+++ b/www/recovery/main.js
@@ -10,6 +10,7 @@ define([
     '/common/common-realtime.js',
     '/common/common-constants.js',
     '/common/common-feedback.js',
+    '/common/clipboard.js',
     '/common/outer/local-store.js',
     '/common/outer/login-block.js',
     '/common/outer/http-command.js',
@@ -18,7 +19,7 @@ define([
 
     'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
 ], function ($, Sortify, Login, Cryptpad, /*Test,*/ Cred, UI, Util, Realtime, Constants, Feedback,
-    LocalStore, Block, ServerCommand) {
+    Clipboard, LocalStore, Block, ServerCommand) {
     if (window.top !== window) { return; }
 
     var Messages = Cryptpad.Messages;
@@ -35,6 +36,7 @@ define([
         var $uname = $('#username');
         var $passwd = $('#password');
         var $recoveryKey = $('#totprecovery');
+        var $copyProof = $('#totpcopyproof');
 
         var $step1 = $('.cp-recovery-step.step1');
         var $step2 = $('.cp-recovery-step.step2');
@@ -55,6 +57,7 @@ define([
             $stepInfo.show();
         };
 
+        var proofStr;
         var addProof = function (blockKeys) {
             var pub = blockKeys.sign.publicKey;
             var sec = blockKeys.sign.secretKey;
@@ -65,9 +68,19 @@ define([
             };
             var proof = Nacl.sign.detached(Nacl.util.decodeUTF8(Sortify(toSign)), sec);
             toSign.proof = Nacl.util.encodeBase64(proof);
-            $totpProof.html(JSON.stringify(toSign, 0, 2));
+            proofStr = JSON.stringify(toSign, 0, 2);
+            $totpProof.html(proofStr);
         };
 
+        $copyProof.click(function () {
+            if (!proofStr) { return; }
+            if (Clipboard.copy.multiline(proofStr)) {
+                UI.log(Messages.genericCopySuccess);
+            } else {
+                UI.warn(Messages.error);
+            }
+        });
+
         var revokeTOTP = function (blockKeys) {
             var recoveryKey = $recoveryKey.val().trim();
             if (!recoveryKey || recoveryKey.length !== 32) {

From 36a1c604d871a9e819e910f533124cb0cec35648 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 16 May 2023 15:11:43 +0200
Subject: [PATCH 51/58] Auth: Disable TOTP/MFA from the admin panel

---
 lib/challenge-commands/totp.js |  28 +-----
 lib/commands/admin-rpc.js      |  22 +++++
 lib/storage/mfa.js             |  31 +++++++
 www/admin/inner.js             | 153 +++++++++++++++++++++++++++++++++
 4 files changed, 207 insertions(+), 27 deletions(-)

diff --git a/lib/challenge-commands/totp.js b/lib/challenge-commands/totp.js
index 8fcef5c38..d11c06ac3 100644
--- a/lib/challenge-commands/totp.js
+++ b/lib/challenge-commands/totp.js
@@ -442,34 +442,8 @@ So, we should:
 
 1. Revoke the TOTP authentication for their block
 2. Remove all existing sessions
-
 */
     var { publicKey } = body;
-
-    nThen(function (w) {
-        MFA.delete(Env, publicKey, w(function (err) {
-            if (!err) { return; }
-            w.abort();
-            Env.Log.error('TOTP_REVOKE_MFA_DELETE', {
-                error: err,
-                publicKey: publicKey,
-            });
-            cb('MFA_ERROR');
-        }));
-    }).nThen(function () {
-        Sessions.deleteUser(Env, publicKey, function (err) {
-            if (!err) { return; }
-            // If we can't delete the sessions, don't send an erorr, just log to the server.
-            // The MFA will still be correctly disabled as long as the first step is done.
-            Env.Log.error('TOTP_REVOKE_SESSIONS__DELETE', {
-                error: err,
-                publicKey: publicKey,
-            });
-        });
-    }).nThen(function () {
-        cb(void 0, {
-            success: true
-        });
-    });
+    MFA.revoke(Env, publicKey, cb);
 };
 
diff --git a/lib/commands/admin-rpc.js b/lib/commands/admin-rpc.js
index 7200ce49b..f9277cec4 100644
--- a/lib/commands/admin-rpc.js
+++ b/lib/commands/admin-rpc.js
@@ -9,6 +9,7 @@ const Pinning = require("./pin-rpc");
 const Core = require("./core");
 const Channel = require("./channel");
 const BlockStore = require("../storage/block");
+const MFA = require("../storage/mfa");
 
 var Fs = require("fs");
 
@@ -498,6 +499,19 @@ var getDocumentStatus = function (Env, Server, cb, data) {
                 }
                 response.archived = result;
             }));
+            MFA.read(Env, id, w(function (err, v) {
+                if (err === 'ENOENT') {
+                    response.totp = 'DISABLED';
+                } else if (v) {
+                    var parsed = Util.tryParse(v);
+                    response.totp = {
+                        enabled: true,
+                        recovery: parsed.contact && parsed.contact.split(':')[0]
+                    };
+                } else {
+                    response.totp = err
+                }
+            }));
         }).nThen(function () {
             cb(void 0, response);
         });
@@ -539,6 +553,12 @@ var getDocumentStatus = function (Env, Server, cb, data) {
     });
 };
 
+var disableMFA = function (Env, Server, cb, data) {
+    var id = Array.isArray(data) && data[1];
+    if (typeof(id) !== 'string' || id.length !== 44) { return void cb("EINVAL"); }
+    MFA.revoke(Env, id, cb);
+};
+
 var getPinList = function (Env, Server, cb, data) {
     var key = Array.isArray(data) && data[1];
     if (!isValidKey(key)) { return void cb("EINVAL"); }
@@ -746,6 +766,8 @@ var commands = {
     GET_LAST_CHANNEL_TIME: getLastChannelTime,
     GET_DOCUMENT_STATUS: getDocumentStatus,
 
+    DISABLE_MFA: disableMFA,
+
     GET_PIN_LIST: getPinList,
     GET_PIN_HISTORY: getPinHistory,
     ARCHIVE_PIN_LOG: archivePinLog,
diff --git a/lib/storage/mfa.js b/lib/storage/mfa.js
index 0cb957817..c4785803a 100644
--- a/lib/storage/mfa.js
+++ b/lib/storage/mfa.js
@@ -1,6 +1,8 @@
 const Basic = require("./basic");
 const Path = require("node:path");
 const Util  = require("../common-util");
+const Sessions = require("./sessions");
+const nThen = require("nthen");
 
 const MFA = module.exports;
 
@@ -41,3 +43,32 @@ MFA.delete = function (Env, id, cb) {
     Basic.delete(Env, path, cb);
 };
 
+MFA.revoke = function (Env, publicKey, cb) {
+    nThen(function (w) {
+        MFA.delete(Env, publicKey, w(function (err) {
+            if (!err) { return; }
+            w.abort();
+            Env.Log.error('TOTP_REVOKE_MFA_DELETE', {
+                error: err,
+                publicKey: publicKey,
+            });
+            cb('MFA_ERROR');
+        }));
+    }).nThen(function () {
+        Sessions.deleteUser(Env, publicKey, function (err) {
+            if (!err) { return; }
+            // If we can't delete the sessions, don't send an erorr, just log to the server.
+            // The MFA will still be correctly disabled as long as the first step is done.
+            Env.Log.error('TOTP_REVOKE_SESSIONS__DELETE', {
+                error: err,
+                publicKey: publicKey,
+            });
+        });
+    }).nThen(function () {
+        cb(void 0, {
+            success: true
+        });
+    });
+
+
+};
diff --git a/www/admin/inner.js b/www/admin/inner.js
index 9abae7a80..5dcd37c67 100644
--- a/www/admin/inner.js
+++ b/www/admin/inner.js
@@ -15,6 +15,7 @@ define([
     '/common/common-signing-keys.js',
     '/support/ui.js',
     '/common/clipboard.js',
+    'json.sortify',
 
     '/lib/datepicker/flatpickr.js',
     '/bower_components/tweetnacl/nacl-fast.min.js',
@@ -40,6 +41,7 @@ define([
     Keys,
     Support,
     Clipboard,
+    Sortify,
     Flatpickr
     )
 {
@@ -75,6 +77,7 @@ define([
             'cp-admin-account-metadata',
             'cp-admin-document-metadata',
             'cp-admin-block-metadata',
+            'cp-admin-totp-recovery',
         ],
         'stats': [ // Msg.admin_cat_stats
             'cp-admin-refresh-stats',
@@ -1071,6 +1074,7 @@ define([
                 }
                 data.live = res[0].live;
                 data.archived = res[0].archived;
+                data.totp = res[0].totp;
             }));
         }).nThen(function () {
             try {
@@ -1094,6 +1098,9 @@ define([
         row(Messages.admin_blockAvailable, localizeState(data.live));
         row(Messages.admin_blockArchived, localizeState(data.archived));
 
+        row(Messages.admin_totpEnabled, localizeState(data.totp.enabled));
+        row(Messages.admin_totpRecoveryMethod, data.totp.recovery); // XXX localize?
+
         if (data.live) {
             var archiveButton = danger(Messages.ui_archive, function () {
                 justifyArchivalDialog('', reason => {
@@ -1228,6 +1235,152 @@ define([
         return $div;
     };
 
+    Messages.admin_totpEnabled = "TOTP is enabled"; // XXX
+    Messages.admin_totpRecoveryMethod = "TOTP recovery method"; // XXX
+    Messages.admin_totpFailed = "Signature verification failed";
+    Messages.admin_totpCheck = "Signature verification success";
+    Messages.admin_totpDisable = "Disable TOTP for this account";
+    Messages.admin_totpDisableButton = "Disable";
+
+    var renderTOTPData  = function (data) {
+        var tableObj = makeMetadataTable('cp-block-stats');
+        var row = tableObj.row;
+
+        row(Messages.admin_generatedAt, maybeDate(data.generated));
+        row(Messages.admin_blockKey, h('code', data.key));
+        row(Messages.admin_blockAvailable, localizeState(data.live));
+
+        if (!data.live || !data.totp) { return tableObj.table; }
+
+        row(Messages.admin_totpCheck, localizeState(data.totpCheck));
+
+        if (!data.totpCheck) { return tableObj.table; }
+
+        row(Messages.admin_totpEnabled, localizeState(Boolean(data.totp.enabled)));
+        if (data.totp && data.totp.enabled) {
+            row(Messages.admin_totpRecoveryMethod, data.totp.recovery); // XXX localize?
+        }
+
+        if (!data.totpCheck || !data.totp.enabled) { return tableObj.table; }
+
+        // TOTP is enabled and the signature is correct: display "disable TOTP" button
+        var disableButton = h('button.btn.btn-danger', Messages.admin_totpDisableButton);
+        UI.confirmButton(disableButton, { classes: 'btn-danger' }, function () {
+            sframeCommand('DISABLE_MFA', data.key, (err, res) => {
+                if (err) {
+                    console.error(err);
+                    return void UI.warn(Messages.error);
+                }
+                if (!Array.isArray(res) || !res[0] || !res[0].success) {
+                    return UI.warn(Messages.error);
+                }
+                UI.log(Messages.ui_success);
+            });
+
+
+        });
+        row(Messages.admin_totpDisable, disableButton);
+
+        return tableObj.table;
+    };
+
+    var checkTOTPRequest = function (json) {
+        var clone = Util.clone(json);
+        delete clone.proof;
+
+        var msg = Nacl.util.decodeUTF8(Sortify(clone));
+        var sig = Nacl.util.decodeBase64(json.proof);
+        var pub = Nacl.util.decodeBase64(json.blockId)
+        return Nacl.sign.detached.verify(msg, sig, pub);
+    };
+
+    create['totp-recovery'] = function () {
+        var key = 'totp-recovery';
+        // XXX translation keys
+        var $div = makeBlock(key, true); // Msg.admin_totpRecoveryHint.totpRecoveryTitle
+
+        var textarea = h('textarea', {});
+        var $input = $(textarea);
+
+        var box = h('div.cp-admin-setter', [
+            textarea,
+        ]);
+
+        $div.find('.cp-sidebarlayout-description').after(box);
+
+        var results = h('span');
+        $div.append(results);
+        var $btn = $div.find('.btn');
+        $btn.text(Messages.ui_generateReport);
+        disable($btn);
+
+        var pending = false;
+        var getInputState = function () {
+            var val = $input.val().trim();
+            var state = {
+                pending: pending,
+                value: undefined,
+                key: '',
+            };
+
+            var json;
+            try { json = JSON.parse(val); } catch (err) { }
+/*
+Example
+{
+  "intent": "Disable TOTP",
+  "date": "2023-05-15T15:38:40.916Z",
+  "blockId": "+0PdpTuQi9/O2qjoJ8FLcvPEwChLfDWJrYXyPdVGzOo=",
+  "proof": "iDcHy6+ymiyWzK/oYNPQ1ItFNCiTmmJuAyYmcEXNha2U1nUxyBWAf0o7ZXWhygS6XI5BLrjH+DDcbWitfO3bCg=="
+}
+*/
+
+            if (!json || json.intent !== "Disable TOTP" || !json.blockId || json.blockId.length !== 44 ||
+                !json.date || !json.proof) { return state; }
+
+            state.value = json;
+            state.key = json.blockId.replace(/\//g, '-');
+            return state;
+        };
+        var setInterfaceState = function () {
+            var state = getInputState();
+            var all = [$btn, $input];
+
+            if (state.pending) {
+                all.forEach(disable);
+            } else {
+                all.forEach(enable);
+            }
+        };
+
+        setInterfaceState();
+        $btn.click(function () {
+            if (pending) { return; }
+            var state = getInputState();
+            if (!state.value) { return; }
+            pending = true;
+            setInterfaceState();
+            getBlockData(state.key, (err, data) => {
+                pending = false;
+                setInterfaceState();
+                console.warn(data);
+                if (err || !data) {
+                    results.innerHTML = '';
+                    console.log(err, data);
+                    return UI.warn(Messages.error);
+                }
+                var check = checkTOTPRequest(state.value);
+                if (!check) { UI.warn(Messages.admin_totpFailed); }
+                data.totpCheck = check;
+                var table = renderTOTPData(data);
+                results.innerHTML = '';
+                results.appendChild(table);
+            });
+        });
+
+        return $div;
+    };
+
     var makeAdminCheckbox = function (data) {
         return function () {
             var state = data.getState();

From 5b703c8db536c0f3bf794f87cfcceb220d9004af Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 6 Jun 2023 12:34:24 +0200
Subject: [PATCH 52/58] TOTP: improve login UI

---
 customize.dist/login.js        | 38 +++++++++++++---------------
 www/login/main.js              | 46 ++++++++++++++++++++++++++++++++--
 www/settings/app-settings.less |  7 ++++++
 www/settings/inner.js          |  2 +-
 4 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/customize.dist/login.js b/customize.dist/login.js
index 3da608230..967c9ce2f 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -135,7 +135,7 @@ define([
         Exports.mergeAnonDrive = 1;
     };
 
-    Exports.loginOrRegister = function (uname, passwd, isRegister, shouldImport, cb) {
+    Exports.loginOrRegister = function (uname, passwd, isRegister, shouldImport, onOTP, cb) {
         if (typeof(cb) !== 'function') { return; }
 
         // Usernames are all lowercase. No going back on this one
@@ -173,23 +173,19 @@ define([
             // determine where a block for your set of keys would be stored
             blockUrl = Block.getBlockUrl(res.opt.blockKeys);
 
-            var TOTP_prompt = function (cb) {
-                // XXX This should use nice UI elements integrated into
-                // the loading screen. window.prompt is here for prototyping only
-                var code = window.prompt('Enter TOTP');
-                if (!code) {
-                    return void cb("INVALID_TOTP");
-                }
-                ServerCommand(res.opt.blockKeys.sign, {
-                    command: 'TOTP_VALIDATE',
-                    code: code,
-                    // TODO optionally allow the user to specify a lifetime for this session?
-                    // this will require a little bit of server work
-                    // and more UI/UX:
-                    // ie. just a simple "remember me" checkbox?
-                    // allow them to specify a lifetime for the session?
-                    // "log me out after one day"?
-                }, cb);
+            var TOTP_prompt = function (err, cb) {
+                onOTP(err, function (code) {
+                    ServerCommand(res.opt.blockKeys.sign, {
+                        command: 'TOTP_VALIDATE',
+                        code: code,
+                        // TODO optionally allow the user to specify a lifetime for this session?
+                        // this will require a little bit of server work
+                        // and more UI/UX:
+                        // ie. just a simple "remember me" checkbox?
+                        // allow them to specify a lifetime for the session?
+                        // "log me out after one day"?
+                    }, cb);
+                });
             };
 
             var done = waitFor();
@@ -248,7 +244,7 @@ define([
                         return void cb('TOTP_ATTEMPTS_EXHAUSTED');
                     }
                     tries--;
-                    TOTP_prompt(function (err, response) {
+                    TOTP_prompt(tries !== 2, function (err, response) {
                         // ask again until your number of tries are exhausted
                         if (err) {
                             console.error(err);
@@ -558,7 +554,7 @@ define([
     };
 
     var hashing;
-    Exports.loginOrRegisterUI = function (uname, passwd, isRegister, shouldImport, testing, test) {
+    Exports.loginOrRegisterUI = function (uname, passwd, isRegister, shouldImport, onOTP, testing, test) {
         if (hashing) { return void console.log("hashing is already in progress"); }
         hashing = true;
 
@@ -583,7 +579,7 @@ define([
             // We need a setTimeout(cb, 0) otherwise the loading screen is only displayed
             // after hashing the password
             window.setTimeout(function () {
-                Exports.loginOrRegister(uname, passwd, isRegister, shouldImport, function (err, result) {
+                Exports.loginOrRegister(uname, passwd, isRegister, shouldImport, onOTP, function (err, result) {
                     var proxy;
                     if (result) { proxy = result.proxy; }
 
diff --git a/www/login/main.js b/www/login/main.js
index 1a27343fc..44649e534 100644
--- a/www/login/main.js
+++ b/www/login/main.js
@@ -6,10 +6,12 @@ define([
     '/common/common-realtime.js',
     '/common/common-feedback.js',
     '/common/outer/local-store.js',
+    '/common/hyperscript.js',
+    '/customize/messages.js',
     //'/common/test.js',
 
     'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
-], function ($, Cryptpad, Login, UI, Realtime, Feedback, LocalStore /*, Test */) {
+], function ($, Cryptpad, Login, UI, Realtime, Feedback, LocalStore, h, Msg /*, Test */) {
     if (window.top !== window) { return; }
     $(function () {
         var $checkImport = $('#import-recent');
@@ -19,6 +21,11 @@ define([
             return;
         }
 
+    Msg.settings_totp_code = "OTP code"; // XXX KEY ALREADY ADDED IN www/settings/inner.js
+    Msg.login_enter_totp = "This account is protected with MFA. Please enter your OTP code."; // XXX
+    Msg.login_invalid_otp = "Invalid OTP code";
+
+
         /* Log in UI */
         // deferred execution to avoid unnecessary asset loading
         var loginReady = function (cb) {
@@ -44,12 +51,47 @@ define([
             $('button.login').click();
         });
 
+        var onOTP = function (err, cb) {
+            var btn, input;
+            var error;
+            if (err) {
+                console.error(err);
+                error = h('p.cp-password-error', Msg.login_invalid_otp);
+            }
+            var block = h('div#cp-loading-password-prompt', [
+                error,
+                h('p.cp-password-info', Msg.login_enter_totp),
+                h('p.cp-password-form', [
+                    input = h('input', {
+                        placeholder: Msg.settings_totp_code,
+                        autocomplete: 'off',
+                        autocorrect: 'off',
+                        autocapitalize: 'off',
+                        spellcheck: false,
+                    }),
+                    btn = h('button.btn.btn-primary', Msg.ui_confirm)
+                ])
+            ]);
+            var $input = $(input);
+            var $btn = $(btn).click(function () {
+                var val = $input.val();
+                if (!val) { return void onOTP('INVALID_CODE', cb); }
+                cb(val);
+            });
+            $(input).on('keydown', function (e) {
+                if (e.which !== 13) { return; } // enter
+                $btn.click();
+            });
+            UI.errorLoadingScreen(block, false, false);
+        };
+
+
         //var test;
         $('button.login').click(function () {
             var shouldImport = $checkImport[0].checked;
             var uname = $uname.val();
             var passwd = $passwd.val();
-            Login.loginOrRegisterUI(uname, passwd, false, shouldImport, /*Test.testing */ false, function () {
+            Login.loginOrRegisterUI(uname, passwd, false, shouldImport, onOTP, /*Test.testing */ false, function () {
                 /*
                 if (test) {
                     localStorage.clear();
diff --git a/www/settings/app-settings.less b/www/settings/app-settings.less
index 6bd4874dd..c437d2dc3 100644
--- a/www/settings/app-settings.less
+++ b/www/settings/app-settings.less
@@ -103,6 +103,13 @@
                     margin-right: 5px;
                 }
             }
+            .cp-settings-totp {
+                .cp-settings-qr {
+                    img {
+                        border: 10px solid white;
+                    }
+                }
+            }
         }
     }
 
diff --git a/www/settings/inner.js b/www/settings/inner.js
index 9a599994b..58e6fc83b 100644
--- a/www/settings/inner.js
+++ b/www/settings/inner.js
@@ -951,7 +951,7 @@ define([
 
                     var uri = `otpauth://totp/${label}:${username}@${hostname}?secret=${secret}`;
 
-                    var qr = h('div');
+                    var qr = h('div.cp-settings-qr');
                     var uriInput = UI.dialog.selectable(uri);
                     updateQR(uri, qr);
 

From 088891d108f98e55eddaed32d74ffa0ace9a6fbf Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 6 Jun 2023 15:56:20 +0200
Subject: [PATCH 53/58] Fix spacing issues with TOTP code during login

---
 customize.dist/src/less2/pages/page-login.less | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/customize.dist/src/less2/pages/page-login.less b/customize.dist/src/less2/pages/page-login.less
index f6e417c19..b70ac0de5 100644
--- a/customize.dist/src/less2/pages/page-login.less
+++ b/customize.dist/src/less2/pages/page-login.less
@@ -53,6 +53,13 @@
             }
         }
     }
+
+    .cp-password-form {
+        flex-flow: row !important;
+        input:not(:last-child) {
+            margin-right: 10px;
+        }
+    }
     .cp-container {
         padding-top: 3em;
         min-height: 66vh;

From 8b97742ef6136b8a4f0f457785551440d92d9af7 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 6 Jun 2023 16:07:00 +0200
Subject: [PATCH 54/58] TOTP: don't store user hash when using block

---
 customize.dist/login.js         | 16 ++++++----------
 www/common/cryptpad-common.js   |  2 +-
 www/common/outer/local-store.js |  8 ++++----
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/customize.dist/login.js b/customize.dist/login.js
index 967c9ce2f..7be17abf2 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -362,7 +362,7 @@ define([
                     Realtime.whenRealtimeSyncs(rt.realtime, function () {
                         // the following stages are there to initialize a new drive
                         // if you are registering
-                        LocalStore.login(res.userHash, res.userName, function () {
+                        LocalStore.login(res.userHash, undefined, res.userName, function () {
                             setTimeout(function () { cb(void 0, res); });
                         });
                     });
@@ -435,7 +435,6 @@ define([
                 }
 
                 if (!isRegister && !isProxyEmpty(rt.proxy)) {
-                    LocalStore.setBlockHash(blockHash);
                     waitFor.abort();
                     if (shouldImport) {
                         setMergeAnonDrive();
@@ -449,7 +448,7 @@ define([
                     if (res.TOTP_token && res.TOTP_token.bearer) {
                         LocalStore.setSessionToken(res.TOTP_token.bearer);
                     }
-                    return void LocalStore.login(userHash, uname, function () {
+                    return void LocalStore.login(undefined, blockHash, uname, function () {
                         cb(void 0, res);
                     });
                 }
@@ -527,8 +526,7 @@ define([
                 }
 
                 console.log("blockInfo available at:", blockHash);
-                LocalStore.setBlockHash(blockHash);
-                LocalStore.login(userHash, uname, function () {
+                LocalStore.login(undefined, blockHash, uname, function () {
                     cb(void 0, res);
                 });
             }));
@@ -633,11 +631,9 @@ define([
                                             proxy[Constants.displayNameKey] = uname;
                                         }
 
-                                        if (result.blockHash) {
-                                            LocalStore.setBlockHash(result.blockHash);
-                                        }
-
-                                        LocalStore.login(result.userHash, result.userName, function () {
+                                        var block = result.blockHash;
+                                        var user = block ? undefined : result.userHash;
+                                        LocalStore.login(user, block, result.userName, function () {
                                             setTimeout(function () { proceed(result); });
                                         });
                                     });
diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index 135d522f6..38b05c3f7 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -2546,7 +2546,7 @@ define([
                                 return;
                             }
                             userHash = block_info[Constants.userHashKey];
-                            if (!userHash || userHash !== LocalStore.getUserHash()) {
+                            if (!userHash) {
                                 return void LocalStore.logout(function () {
                                     requestLogin();
                                 });
diff --git a/www/common/outer/local-store.js b/www/common/outer/local-store.js
index c7fa13a88..10bd218f7 100644
--- a/www/common/outer/local-store.js
+++ b/www/common/outer/local-store.js
@@ -115,11 +115,11 @@ define([
         safeSet(Constants.isPremiumKey, Boolean(bool));
     };
 
-    LocalStore.login = function (hash, name, cb) {
-        if (!hash) { throw new Error('expected a user hash'); }
+    LocalStore.login = function (userHash, blockHash, name, cb) {
+        if (!userHash && !blockHash) { throw new Error('expected a user hash'); }
         if (!name) { throw new Error('expected a user name'); }
-        hash = Hash.serializeHash(hash);
-        safeSet(Constants.userHashKey, hash);
+        if (userHash) { LocalStore.setUserHash(userHas); }
+        if (blockHash) { LocalStore.setBlockHash(blockHash); }
         safeSet(Constants.userNameKey, name);
         if (cb) { cb(); }
     };

From b3a620edc0c92e14f9e728bb014ad0c856e27d5c Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 6 Jun 2023 16:09:17 +0200
Subject: [PATCH 55/58] lint compliance

---
 lib/commands/admin-rpc.js       | 2 +-
 www/admin/inner.js              | 2 +-
 www/common/outer/local-store.js | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/commands/admin-rpc.js b/lib/commands/admin-rpc.js
index f9277cec4..071ce31f0 100644
--- a/lib/commands/admin-rpc.js
+++ b/lib/commands/admin-rpc.js
@@ -509,7 +509,7 @@ var getDocumentStatus = function (Env, Server, cb, data) {
                         recovery: parsed.contact && parsed.contact.split(':')[0]
                     };
                 } else {
-                    response.totp = err
+                    response.totp = err;
                 }
             }));
         }).nThen(function () {
diff --git a/www/admin/inner.js b/www/admin/inner.js
index 5dcd37c67..4b7484f39 100644
--- a/www/admin/inner.js
+++ b/www/admin/inner.js
@@ -1290,7 +1290,7 @@ define([
 
         var msg = Nacl.util.decodeUTF8(Sortify(clone));
         var sig = Nacl.util.decodeBase64(json.proof);
-        var pub = Nacl.util.decodeBase64(json.blockId)
+        var pub = Nacl.util.decodeBase64(json.blockId);
         return Nacl.sign.detached.verify(msg, sig, pub);
     };
 
diff --git a/www/common/outer/local-store.js b/www/common/outer/local-store.js
index 10bd218f7..25f2fc9ef 100644
--- a/www/common/outer/local-store.js
+++ b/www/common/outer/local-store.js
@@ -118,7 +118,7 @@ define([
     LocalStore.login = function (userHash, blockHash, name, cb) {
         if (!userHash && !blockHash) { throw new Error('expected a user hash'); }
         if (!name) { throw new Error('expected a user name'); }
-        if (userHash) { LocalStore.setUserHash(userHas); }
+        if (userHash) { LocalStore.setUserHash(userHash); }
         if (blockHash) { LocalStore.setBlockHash(blockHash); }
         safeSet(Constants.userNameKey, name);
         if (cb) { cb(); }

From 9aac9d1c2f066d68a729d272895b81018f0e4bb3 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Fri, 9 Jun 2023 15:06:17 +0200
Subject: [PATCH 56/58] TOTP: Use HTTP challenges to write and remove blocks

---
 customize.dist/login.js           |  10 +-
 lib/challenge-commands/base.js    |  76 ++++++
 lib/challenge-commands/totp.js    | 398 ++++++++++++++++++------------
 lib/commands/block.js             |  56 ++---
 lib/http-commands.js              |   9 +
 lib/http-worker.js                |   2 +
 lib/rpc.js                        |   3 -
 lib/storage/mfa.js                |  20 +-
 www/checkup/main.js               |  40 +--
 www/common/common-interface.js    |  39 +++
 www/common/common-util.js         |  11 +-
 www/common/cryptpad-common.js     | 267 ++++++++------------
 www/common/outer/async-store.js   | 166 +++++++------
 www/common/outer/http-command.js  |   4 +-
 www/common/outer/login-block.js   |  59 ++++-
 www/common/outer/store-rpc.js     |   3 +-
 www/common/pinpad.js              |  35 ---
 www/common/sframe-common-outer.js |   8 -
 www/debug/main.js                 |  18 +-
 www/login/main.js                 |  47 +---
 www/settings/inner.js             | 246 +++++++++++++-----
 www/settings/main.js              |  20 +-
 22 files changed, 893 insertions(+), 644 deletions(-)
 create mode 100644 lib/challenge-commands/base.js

diff --git a/customize.dist/login.js b/customize.dist/login.js
index 7be17abf2..c8219ed0b 100644
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@@ -174,7 +174,7 @@ define([
             blockUrl = Block.getBlockUrl(res.opt.blockKeys);
 
             var TOTP_prompt = function (err, cb) {
-                onOTP(err, function (code) {
+                onOTP(function (code) {
                     ServerCommand(res.opt.blockKeys.sign, {
                         command: 'TOTP_VALIDATE',
                         code: code,
@@ -185,7 +185,7 @@ define([
                         // allow them to specify a lifetime for the session?
                         // "log me out after one day"?
                     }, cb);
-                });
+                }, false, err);
             };
 
             var done = waitFor();
@@ -508,8 +508,10 @@ define([
             toPublish[Constants.userHashKey] = userHash;
             toPublish.edPublic = RT.proxy.edPublic;
 
-            var blockRequest = Block.serialize(JSON.stringify(toPublish), res.opt.blockKeys);
-            rpc.writeLoginBlock(blockRequest, waitFor(function (e) {
+            Block.writeLoginBlock({
+                blockKeys: blockKeys,
+                content: toPublish
+            }, waitFor(function (e) {
                 if (e) {
                     console.error(e);
                     waitFor.abort();
diff --git a/lib/challenge-commands/base.js b/lib/challenge-commands/base.js
new file mode 100644
index 000000000..9efbc7d3b
--- /dev/null
+++ b/lib/challenge-commands/base.js
@@ -0,0 +1,76 @@
+const Block = require("../commands/block");
+const MFA = require("../storage/mfa");
+const Util = require("../common-util");
+
+const Commands = module.exports;
+
+var isValidBlockId = Block.isValidBlockId;
+
+// Read the MFA settings for the given public key
+const checkMFA = (Env, publicKey, cb) => {
+    // Success if we can't get the MFA settings
+    MFA.read(Env, publicKey, function (err, content) {
+        if (err) {
+            if (err.code !== "ENOENT") {
+                Env.Log.error('TOTP_VALIDATE_MFA_READ', {
+                    error: err,
+                    publicKey: publicKey,
+                });
+            }
+            return void cb();
+        }
+
+        var parsed = Util.tryParse(content);
+        if (!parsed) { return void cb(); }
+
+        cb("NOT_ALLOWED");
+    });
+};
+
+// Make sure the block is not protected by MFA but don't do anything else
+const check = Commands.MFA_CHECK = function (Env, body, cb) {
+    var { publicKey } = body;
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+    checkMFA(Env, publicKey, cb);
+};
+check.complete = function (Env, body, cb) { cb(); };
+
+// Write a login block IFF
+// 1. You can sign for the block's public key
+// 2. the block is not protected by MFA
+// Note: the internal WRITE_LOGIN_BLOCK will check is you're allowed to create this block
+const writeBlock = Commands.WRITE_BLOCK = function (Env, body, cb) {
+    const { publicKey, content } = body;
+
+    // they must provide a valid block public key
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+    if (publicKey !== content.publicKey) { return void cb("INVALID_KEY"); }
+
+    // check MFA
+    checkMFA(Env, publicKey, cb);
+};
+
+writeBlock.complete = function (Env, body, cb) {
+    const { content } = body;
+    Block.writeLoginBlock(Env, content, cb);
+};
+
+// Remove a login block IFF
+// 1. You can sign for the block's public key
+// 2. the block is not protected by MFA
+const removeBlock = Commands.REMOVE_BLOCK = function (Env, body, cb) {
+    const { publicKey } = body;
+
+    // they must provide a valid block public key
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+
+    // check MFA
+    checkMFA(Env, publicKey, cb);
+};
+
+removeBlock.complete = function (Env, body, cb) {
+    const { publicKey } = body;
+    Block.removeLoginBlock(Env, publicKey, cb);
+};
+
+
diff --git a/lib/challenge-commands/totp.js b/lib/challenge-commands/totp.js
index d11c06ac3..67667df11 100644
--- a/lib/challenge-commands/totp.js
+++ b/lib/challenge-commands/totp.js
@@ -7,7 +7,8 @@ const Util = require("../common-util");
 
 const MFA = require("../storage/mfa");
 const Sessions = require("../storage/sessions");
-const Block = require("../storage/block");
+const BlockStore = require("../storage/block");
+const Block = require("../commands/block");
 
 const  Commands = module.exports;
 
@@ -38,9 +39,7 @@ var isValidRecoveryKey = otp => {
 // this check doesn't confirm that their id is valid base64
 // any attempt relying on this should fail when we can't decode
 // the id they provided.
-var isValidBlockId = id => {
-    return id && isString(id) && id.length === 44;
-};
+var isValidBlockId = Block.isValidBlockId;
 
 // the base32 library can throw when decoding under various conditions.
 // we have some basic requirements for the length of base32 as well,
@@ -83,6 +82,92 @@ var createJWT = function (Env, sessionId, publicKey, cb) {
     });
 };
 
+// Create a session with a token for the given public key
+const makeSession = (Env, publicKey, cb) => {
+    const sessionId = Sessions.randomId();
+    var token;
+    nThen(function (w) {
+        createJWT(Env, sessionId, publicKey, w(function (err, _token) {
+            if (err) {
+                Env.Log.error("TOTP_VALIDATE_JWT_SIGN_ERROR", {
+                    error: Util.serializeError(err),
+                    publicKey: publicKey,
+                });
+                w.abort();
+                return void cb("TOKEN_ERROR");
+            }
+            token = _token;
+        }));
+    }).nThen(function (w) {
+        // store the token
+        Sessions.write(Env, publicKey, sessionId, token, w(function (err) {
+            if (err) {
+                Env.Log.error("TOTP_VALIDATE_SESSION_WRITE", {
+                    error: Util.serializeError(err),
+                    publicKey: publicKey,
+                    sessionId: sessionId,
+                });
+                w.abort();
+                return void cb("SESSION_WRITE_ERROR");
+            }
+            // else continue
+        }));
+    }).nThen(function () {
+        cb(void 0, {
+            bearer: token,
+        });
+    });
+
+};
+// Read the MFA settings for the given public key
+const readMFA = (Env, publicKey, cb) => {
+    // check that there is an MFA configuration for the given account
+    MFA.read(Env, publicKey, function (err, content) {
+        if (err) {
+            Env.Log.error('TOTP_VALIDATE_MFA_READ', {
+                error: err,
+                publicKey: publicKey,
+            });
+            return void cb('NO_MFA_CONFIGURED');
+        }
+
+        var parsed = Util.tryParse(content);
+        if (!parsed) { return void cb("INVALID_CONFIGURATION"); }
+        cb(undefined, parsed);
+    });
+};
+// Check if an OTP code is valid against the provided secret
+const checkCode = (Env, secret, code, publicKey, _cb) => {
+    const cb = Util.mkAsync(_cb);
+
+    let decoded = decode32(secret);
+    if (!decoded) {
+        Env.Log.error("TOTP_VALIDATE_INVALID_SECRET", {
+            publicKey, // log the public key so the admin can investigate further
+            // don't log the problematic secret directly as
+            // logs are likely to be pasted in random places
+        });
+        return void cb("E_INVALID_SECRET");
+    }
+
+    // validate the code
+    var validated = OTP.totp.verify(code, decoded, {
+        window: 1,
+    });
+
+    if (!validated) {
+        // I won't worry about logging these OTPs as they shouldn't leak any useful information
+        Env.Log.error("TOTP_VALIDATE_BAD_OTP", {
+            code,
+        });
+        return void cb("INVALID_OTP");
+    }
+
+    // call back to indicate that their request was well-formed and valid
+    cb();
+};
+
+
 // This command allows clients to configure TOTP as a second factor protecting
 // their login block IFF they:
 // 1. provide a sufficiently strong TOTP secret
@@ -154,11 +239,9 @@ TOTP_SETUP.complete = function (Env, body, cb) {
     // the remainder of the setup is successfully completed.
     // Otherwise they would have to reauthenticate.
     // The session id is used as a reference to this particular session.
-    const sessionId = Sessions.randomId();
-    var token;
     nThen(function (w) {
         // confirm that the block exists
-        Block.check(Env, publicKey, w(function (err) {
+        BlockStore.check(Env, publicKey, w(function (err) {
             if (err) {
                 Env.Log.error("TOTP_SETUP_NO_BLOCK", {
                     publicKey,
@@ -195,43 +278,11 @@ TOTP_SETUP.complete = function (Env, body, cb) {
             }
             // otherwise continue
         }));
-    }).nThen(function (w) {
-        // generate a bearer token and store it
-        createJWT(Env, sessionId, publicKey, w(function (err, _token) {
-            if (err) {
-// we have already stored the MFA data, which will cause access to the resource to be restricted to the provided TOTP secret.
-// we attempt to create a session as a matter of convenience - so if it fails
-// that just means they'll be forced to authenticate
-                Env.Log.error("TOTP_SETUP_JWT_SIGN_ERROR", {
-                    error: err,
-                    publicKey: publicKey,
-                });
-                return void cb('TOKEN_ERROR');
-            }
-            token = _token;
-        }));
-    }).nThen(function (w) {
-        // store the token
-        Sessions.write(Env, publicKey, sessionId, token, w(function (err) {
-            if (err) {
-                // again, if there's a failure here the user should automatically
-                // be forced to reauthenticate because their block is protected
-                // but they will not have a valid JWT allowing them to access it
-                Env.Log.error("TOTP_SETUP_SESSION_WRITE", {
-                    error: err,
-                    publicKey: publicKey,
-                    sessionId: sessionId,
-                });
-                w.abort();
-                return void cb("SESSION_WRITE_ERROR");
-            }
-            // else continue
-        }));
     }).nThen(function () {
-        // respond with the stored token that they can now use to authenticate
-        cb(void 0, {
-            bearer: token,
-        });
+        // we have already stored the MFA data, which will cause access to the resource to be restricted to the provided TOTP secret.
+        // we attempt to create a session as a matter of convenience - so if it fails
+        // that just means they'll be forced to authenticate
+        makeSession(Env, publicKey, cb);
     });
 };
 
@@ -253,51 +304,15 @@ const validate = Commands.TOTP_VALIDATE = function (Env, body, cb) {
     var secret;
     nThen(function (w) {
         // check that there is an MFA configuration for the given account
-        MFA.read(Env, publicKey, w(function (err, content) {
+        readMFA(Env, publicKey, w(function (err, content) {
             if (err) {
                 w.abort();
-                Env.Log.error('TOTP_VALIDATE_MFA_READ', {
-                    error: err,
-                    publicKey: publicKey,
-                });
-                return void cb('NO_MFA_CONFIGURED');
+                return void cb(err);
             }
-
-            var parsed = Util.tryParse(content);
-
-            if (!parsed) {
-                w.abort();
-                return void cb("INVALID_CONFIGURATION");
-            }
-
-            secret = parsed.secret;
+            secret = content.secret;
         }));
     }).nThen(function () {
-        let decoded = decode32(secret);
-        if (!decoded) {
-            Env.Log.error("TOTP_VALIDATE_INVALID_SECRET", {
-                publicKey, // log the public key so the admin can investigate further
-                // don't log the problematic secret directly as
-                // logs are likely to be pasted in random places
-            });
-            return void cb("E_INVALID_SECRET");
-        }
-
-        // validate the code
-        var validated = OTP.totp.verify(code, decoded, {
-            window: 1,
-        });
-
-        if (!validated) {
-            // I won't worry about logging these OTPs as they shouldn't leak any useful information
-            Env.Log.error("TOTP_VALIDATE_BAD_OTP", {
-                code,
-            });
-            return void cb("INVALID_OTP");
-        }
-
-        // call back to indicate that their request was well-formed and valid
-        cb();
+        checkCode(Env, secret, code, publicKey, cb);
     });
 };
 
@@ -316,43 +331,31 @@ So, we should:
 
 */
     var { publicKey } = body;
-
-    const sessionId = Sessions.randomId();
-
-    var token;
-    nThen(function (w) {
-        createJWT(Env, sessionId, publicKey, w(function (err, _token) {
-            if (err) {
-                Env.Log.error("TOTP_VALIDATE_JWT_SIGN_ERROR", {
-                    error: Util.serializeError(err),
-                    publicKey: publicKey,
-                });
-                return void cb("TOKEN_ERROR");
-            }
-            token = _token;
-        }));
-    }).nThen(function (w) {
-        // store the token
-        Sessions.write(Env, publicKey, sessionId, token, w(function (err) {
-            if (err) {
-                Env.Log.error("TOTP_VALIDATE_SESSION_WRITE", {
-                    error: Util.serializeError(err),
-                    publicKey: publicKey,
-                    sessionId: sessionId,
-                });
-                w.abort();
-                return void cb("SESSION_WRITE_ERROR");
-            }
-            // else continue
-        }));
-    }).nThen(function () {
-        cb(void 0, {
-            bearer: token,
-        });
-    });
+    makeSession(Env, publicKey, cb);
 };
 
-// This command is somewhat simpler than TOTP_SETUP
+// Same as TOTP_VALIDATE but without making a session at the end
+const check = Commands.TOTP_CHECK = function (Env, body, cb) {
+    var { publicKey, auth } = body;
+    const code = auth;
+    if (!isValidOTP(code)) { return void cb('E_INVALID'); }
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+    var secret;
+    nThen(function (w) {
+        readMFA(Env, publicKey, w(function (err, content) {
+            if (err) {
+                w.abort();
+                return void cb(err);
+            }
+            secret = content.secret;
+        }));
+    }).nThen(function () {
+        checkCode(Env, secret, code, publicKey, cb);
+    });
+};
+check.complete = function (Env, body, cb) { cb(); };
+
+
 // Revoke a client TOTP secret which will allow them to disable TOTP for a login block IFF:
 // 1. That login block exists
 // 2. That login block is protected by TOTP 2FA
@@ -370,25 +373,13 @@ const revoke = Commands.TOTP_REVOKE = function (Env, body, cb) {
     var secret, recoveryStored;
     nThen(function (w) {
         // check that there is an MFA configuration for the given account
-        MFA.read(Env, publicKey, w(function (err, content) {
+        readMFA(Env, publicKey, w(function (err, content) {
             if (err) {
                 w.abort();
-                Env.Log.error('TOTP_VALIDATE_MFA_READ', {
-                    error: err,
-                    publicKey: publicKey,
-                });
-                return void cb('NO_MFA_CONFIGURED');
+                return void cb(err);
             }
-
-            var parsed = Util.tryParse(content);
-
-            if (!parsed) {
-                w.abort();
-                return void cb("INVALID_CONFIGURATION");
-            }
-
-            secret = parsed.secret;
-            recoveryStored = parsed.contact;
+            secret = content.secret;
+            recoveryStored = content.contact;
         }));
     }).nThen(function (w) {
         if (!recoveryKey) { return; }
@@ -402,31 +393,7 @@ const revoke = Commands.TOTP_REVOKE = function (Env, body, cb) {
         }
         cb();
     }).nThen(function () {
-        let decoded = decode32(secret);
-        if (!decoded) {
-            Env.Log.error("TOTP_VALIDATE_INVALID_SECRET", {
-                publicKey, // log the public key so the admin can investigate further
-                // don't log the problematic secret directly as
-                // logs are likely to be pasted in random places
-            });
-            return void cb("E_INVALID_SECRET");
-        }
-
-        // validate the code
-        var validated = OTP.totp.verify(code, decoded, {
-            window: 1,
-        });
-
-        if (!validated) {
-            // I won't worry about logging these OTPs as they shouldn't leak any useful information
-            Env.Log.error("TOTP_VALIDATE_BAD_OTP", {
-                code,
-            });
-            return void cb("INVALID_OTP");
-        }
-
-        // call back to indicate that their request was well-formed and valid
-        cb();
+        checkCode(Env, secret, code, publicKey, cb);
     });
 };
 
@@ -447,3 +414,116 @@ So, we should:
     MFA.revoke(Env, publicKey, cb);
 };
 
+
+
+// Write a login block using an existing OTP block IFF
+// 1. You can sign for the block's public key
+// 2. You have a proof for the old block
+// 3. The old block is OTP protected
+// 4. The OTP code is valid
+// Note: this is used when users change their password
+const writeBlock = Commands.TOTP_WRITE_BLOCK = function (Env, body, cb) {
+    const { publicKey, content } = body;
+    const code = content.auth;
+    const registrationProof = content.registrationProof;
+
+    // they must provide a valid block public key
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+    if (publicKey !== content.publicKey) { return void cb("INVALID_KEY"); }
+    if (!isValidOTP(code)) { return void cb('E_INVALID'); }
+    if (!registrationProof) { return void cb('MISSING_ANCESTOR'); }
+
+    let secret;
+    let oldKey;
+    nThen(function (w) {
+        Block.validateAncestorProof(Env, registrationProof, w((err, provenKey) => {
+            if (err || !provenKey) {
+                w.abort();
+                return void cb('INVALID_ANCESTOR');
+            }
+            oldKey = provenKey;
+        }));
+    }).nThen(function (w) {
+        // check that there is an MFA configuration for the ancestor account
+        readMFA(Env, oldKey, w(function (err, content) {
+            if (err) {
+                w.abort();
+                return void cb(err);
+            }
+            secret = content.secret;
+        }));
+    }).nThen(function () {
+        // check that the OTP code is valid
+        checkCode(Env, secret, code, oldKey, cb);
+    });
+};
+
+
+
+writeBlock.complete = function (Env, body, cb) {
+    const { publicKey, content } = body;
+    nThen(function (w) {
+        // Write new block
+        Block.writeLoginBlock(Env, content, w((err) => {
+            if (err) {
+                w.abort();
+                return void cb("BLOCK_WRITE_ERROR");
+            }
+        }));
+    }).nThen(function (w) {
+        // Copy MFA settings
+        const proof = Util.tryParse(content.registrationProof);
+        const oldKey = proof && proof[0];
+        if (!oldKey) {
+            w.abort();
+            return void cb('INVALID_ANCESTOR');
+        }
+        MFA.copy(Env, oldKey, publicKey, w());
+    }).nThen(function () {
+        // Create a session for the current user
+        makeSession(Env, publicKey, cb);
+    });
+};
+
+// Remove a login block IFF
+// 1. You can sign for the block's public key
+const removeBlock = Commands.TOTP_REMOVE_BLOCK = function (Env, body, cb) {
+    const { publicKey, auth } = body;
+    const code = auth;
+
+    // they must provide a valid block public key
+    if (!isValidBlockId(publicKey)) { return void cb("INVALID_KEY"); }
+    if (!isValidOTP(code)) { return void cb('E_INVALID'); }
+
+    let secret;
+    nThen(function (w) {
+        // check that there is an MFA configuration for this block
+        readMFA(Env, publicKey, w(function (err, content) {
+            if (err) {
+                w.abort();
+                return void cb(err);
+            }
+            secret = content.secret;
+        }));
+    }).nThen(function () {
+        // check that the OTP code is valid
+        checkCode(Env, secret, code, publicKey, cb);
+    });
+};
+
+removeBlock.complete = function (Env, body, cb) {
+    const { publicKey } = body;
+    nThen(function (w) {
+        // Remove the block
+        Block.removeLoginBlock(Env, publicKey, w((err) => {
+            if (err) {
+                w.abort();
+                return void cb(err);
+            }
+        }));
+    }).nThen(() => {
+        // Delete the MFA settings and sessions
+        MFA.revoke(Env, publicKey, cb);
+    });
+};
+
diff --git a/lib/commands/block.js b/lib/commands/block.js
index bb3114209..bb7150b17 100644
--- a/lib/commands/block.js
+++ b/lib/commands/block.js
@@ -6,6 +6,11 @@ const nThen = require("nthen");
 const Util = require("../common-util");
 const BlockStore = require("../storage/block");
 
+var isString = s => typeof(s) === 'string';
+Block.isValidBlockId = id => {
+    return id && isString(id) && id.length === 44;
+};
+
 /*
     We assume that the server is secured against MitM attacks
     via HTTPS, and that malicious actors do not have code execution
@@ -98,33 +103,24 @@ Block.validateAncestorProof = function (Env, proof, _cb) {
     }
 };
 
-Block.writeLoginBlock = function (Env, safeKey, msg, _cb) {
+Block.writeLoginBlock = function (Env, msg, _cb) {
     var cb = Util.once(Util.mkAsync(_cb));
-    var publicKey = msg[0];
-    var signature = msg[1];
-    var block = msg[2];
-    var registrationProof = msg[3];
-    var previousKey;
+    const { publicKey, signature, ciphertext, registrationProof } = msg;
 
+    var previousKey;
     var validatedBlock, path;
     nThen(function (w) {
-        if (Util.escapeKeyCharacters(publicKey) !== safeKey) {
-            w.abort();
-            return void cb("INCORRECT_KEY");
-        }
-    }).nThen(function (w) {
         if (!Env.restrictRegistration) { return; }
         if (!registrationProof) {
             // we allow users with existing blocks to create new ones
             // call back with error if registration is restricted and no proof of an existing block was provided
             w.abort();
             Env.Log.info("BLOCK_REJECTED_REGISTRATION", {
-                safeKey: safeKey,
                 publicKey: publicKey,
             });
             return cb("E_RESTRICTED");
         }
-        Env.validateAncestorProof(registrationProof, w(function (err, provenKey) {
+        Block.validateAncestorProof(Env, registrationProof, w(function (err, provenKey) {
             if (err || !provenKey) { // double check that a key was validated
                 w.abort();
                 Env.Log.warn('BLOCK_REJECTED_INVALID_ANCESTOR', {
@@ -135,7 +131,7 @@ Block.writeLoginBlock = function (Env, safeKey, msg, _cb) {
             previousKey = provenKey;
         }));
     }).nThen(function (w) {
-        Env.validateLoginBlock(publicKey, signature, block, w(function (e, _validatedBlock) {
+        Block.validateLoginBlock(Env, publicKey, signature, ciphertext, w(function (e, _validatedBlock) {
             if (e) {
                 w.abort();
                 return void cb(e);
@@ -156,7 +152,6 @@ Block.writeLoginBlock = function (Env, safeKey, msg, _cb) {
         }
         BlockStore.write(Env, publicKey, buffer, function (err) {
             Env.Log.info('BLOCK_WRITE_BY_OWNER', {
-                safeKey: safeKey,
                 blockId: publicKey,
                 isChange: Boolean(registrationProof),
                 previousKey: previousKey,
@@ -167,8 +162,6 @@ Block.writeLoginBlock = function (Env, safeKey, msg, _cb) {
     });
 };
 
-const DELETE_BLOCK = Nacl.util.encodeBase64(Nacl.util.decodeUTF8('DELETE_BLOCK'));
-
 /*
     When users write a block, they upload the block, and provide
     a signature proving that they deserve to be able to write to
@@ -179,32 +172,15 @@ const DELETE_BLOCK = Nacl.util.encodeBase64(Nacl.util.decodeUTF8('DELETE_BLOCK')
     information, we can just sign some constant and use that as proof.
 
 */
-Block.removeLoginBlock = function (Env, safeKey, msg, _cb) {
-// XXX respect MFA settings if they exist
-// XXX delete MFA settings if they are able to authenticate
-// XXX clean up any existing sessions when deleting
-// TODO This should probably be converted to run as challenge-response commands
+Block.removeLoginBlock = function (Env, publicKey, _cb) {
     var cb = Util.once(Util.mkAsync(_cb));
 
-    var publicKey = msg[0];
-    var signature = msg[1];
-
-    nThen(function (w) {
-        if (Util.escapeKeyCharacters(publicKey) !== safeKey) {
-            w.abort();
-            return void cb("INCORRECT_KEY");
-        }
-    }).nThen(function () {
-        Env.validateLoginBlock(publicKey, signature, DELETE_BLOCK, function (e) {
-            if (e) { return void cb(e); }
-            BlockStore.archive(Env, publicKey, function (err) {
-                Env.Log.info('ARCHIVAL_BLOCK_BY_OWNER_RPC', {
-                    publicKey: publicKey,
-                    status: err? String(err): 'SUCCESS',
-                });
-                cb(err);
-            });
+    BlockStore.archive(Env, publicKey, function (err) {
+        Env.Log.info('ARCHIVAL_BLOCK_BY_OWNER_RPC', {
+            publicKey: publicKey,
+            status: err? String(err): 'SUCCESS',
         });
+        cb(err);
     });
 };
 
diff --git a/lib/http-commands.js b/lib/http-commands.js
index 04ccf9101..229c27e8b 100644
--- a/lib/http-commands.js
+++ b/lib/http-commands.js
@@ -60,10 +60,19 @@ var COMMANDS = {};
 
 // Methods allowing clients to configure Time-based One-Time Passwords for their login-block,
 // and to authenticate new sessions once a TOTP secret has been associated with their account,
+const NOAUTH = require("./challenge-commands/base.js");
+COMMANDS.MFA_CHECK = NOAUTH.MFA_CHECK;
+COMMANDS.WRITE_BLOCK = NOAUTH.WRITE_BLOCK;
+COMMANDS.REMOVE_BLOCK = NOAUTH.REMOVE_BLOCK;
+
 const TOTP = require("./challenge-commands/totp.js");
 COMMANDS.TOTP_SETUP = TOTP.TOTP_SETUP;
 COMMANDS.TOTP_VALIDATE = TOTP.TOTP_VALIDATE;
+COMMANDS.TOTP_CHECK = TOTP.TOTP_CHECK;
 COMMANDS.TOTP_REVOKE = TOTP.TOTP_REVOKE;
+COMMANDS.TOTP_WRITE_BLOCK = TOTP.TOTP_WRITE_BLOCK;
+COMMANDS.TOTP_REMOVE_BLOCK = TOTP.TOTP_REMOVE_BLOCK;
+
 
 var randomToken = () => Nacl.util.encodeBase64(Nacl.randomBytes(24)).replace(/\//g, '-');
 
diff --git a/lib/http-worker.js b/lib/http-worker.js
index e920a25e7..77cb6909b 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -51,6 +51,7 @@ Logger.levels.forEach(level => {
     };
 });
 Env.Log = Log;
+Env.incrementBytesWritten = function () {};
 
 const EVENTS = {};
 
@@ -58,6 +59,7 @@ EVENTS.ENV_UPDATE = function (data /*, cb */) {
     try {
         Env = JSON.parse(data);
         Env.Log = Log;
+        Env.incrementBytesWritten = function () {};
     } catch (err) {
         Log.error('HTTP_WORKER_ENV_UPDATE', Util.serializeError(err));
     }
diff --git a/lib/rpc.js b/lib/rpc.js
index 811d7f6e0..319876448 100644
--- a/lib/rpc.js
+++ b/lib/rpc.js
@@ -5,7 +5,6 @@ const Core = require("./commands/core");
 const Admin = require("./commands/admin-rpc");
 const Pinning = require("./commands/pin-rpc");
 const Quota = require("./commands/quota");
-const Block = require("./commands/block");
 const Metadata = require("./commands/metadata");
 const Channel = require("./commands/channel");
 const Upload = require("./commands/upload");
@@ -54,8 +53,6 @@ const AUTHENTICATED_USER_TARGETED = {
     UPLOAD_COMPLETE: Upload.complete,
     UPLOAD_CANCEL: Upload.cancel,
     OWNED_UPLOAD_COMPLETE: Upload.complete_owned,
-    WRITE_LOGIN_BLOCK: Block.writeLoginBlock,
-    REMOVE_LOGIN_BLOCK: Block.removeLoginBlock,
     ADMIN: Admin.command,
     SET_METADATA: Metadata.setMetadata,
 };
diff --git a/lib/storage/mfa.js b/lib/storage/mfa.js
index c4785803a..9cc7e2ba5 100644
--- a/lib/storage/mfa.js
+++ b/lib/storage/mfa.js
@@ -57,7 +57,7 @@ MFA.revoke = function (Env, publicKey, cb) {
     }).nThen(function () {
         Sessions.deleteUser(Env, publicKey, function (err) {
             if (!err) { return; }
-            // If we can't delete the sessions, don't send an erorr, just log to the server.
+            // If we can't delete the sessions, don't send an error, just log to the server.
             // The MFA will still be correctly disabled as long as the first step is done.
             Env.Log.error('TOTP_REVOKE_SESSIONS__DELETE', {
                 error: err,
@@ -69,6 +69,20 @@ MFA.revoke = function (Env, publicKey, cb) {
             success: true
         });
     });
-
-
+};
+
+MFA.copy = function (Env, oldKey, newKey, cb) {
+    let content;
+    nThen(function (w) {
+        MFA.read(Env, oldKey, w(function (err, c) {
+            if (err) {
+                // No MFA configured, nothing to copy
+                w.abort();
+                return void cb();
+            }
+            content = c;
+        }));
+    }).nThen(function () {
+        MFA.write(Env, newKey, content, cb);
+    });
 };
diff --git a/www/checkup/main.js b/www/checkup/main.js
index 517c03912..1a2d26de3 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -12,6 +12,7 @@ define([
     '/common/common-util.js',
     '/common/pinpad.js',
     '/common/outer/network-config.js',
+    '/common/outer/login-block.js',
     '/customize/pages.js',
     '/checkup/checkup-tools.js',
     '/customize/application_config.js',
@@ -21,7 +22,7 @@ define([
     'less!/checkup/app-checkup.less',
 ], function ($, ApiConfig, Assertions, h, Messages, DomReady,
             nThen, SFCommonO, Login, Hash, Util, Pinpad,
-            NetConfig, Pages, Tools, AppConfig) {
+            NetConfig, Block, Pages, Tools, AppConfig) {
     window.CHECKUP_MAIN_LOADED = true;
 
     var Assert = Assertions();
@@ -306,9 +307,8 @@ define([
 
         var opt = Login.allocateBytes(bytes);
 
+        var blockKeys = opt.blockKeys;
         var blockUrl = Login.Block.getBlockUrl(opt.blockKeys);
-        var blockRequest = Login.Block.serialize("{}", opt.blockKeys);
-        var removeRequest = Login.Block.remove(opt.blockKeys);
         console.warn('Testing block URL (%s). One 404 is normal.', blockUrl);
 
         var userHash = '/2/drive/edit/000000000000000000000000';
@@ -319,7 +319,7 @@ define([
         var RT, rpc, exists, restricted;
 
         nThen(function (waitFor) {
-            Util.fetch(blockUrl, waitFor(function (err) {
+            Util.getBlock(blockUrl, {}, waitFor(function (err) {
                 if (err) { return; } // No block found
                 exists = true;
             }));
@@ -344,20 +344,13 @@ define([
                 proxy.curvePrivate = opt.curvePrivate;
                 rt.realtime.onSettle(waitFor());
             }));
-        }).nThen(function (waitFor) {
-            // Init RPC
-            Pinpad.create(RT.network, RT.proxy, waitFor(function (e, _rpc) {
-                if (e) {
-                    waitFor.abort();
-                    console.error("Can't initialize RPC", e); // INVALID_KEYS
-                    return void cb(false);
-                }
-                rpc = _rpc;
-            }));
         }).nThen(function (waitFor) {
             // Write block
             if (exists) { return; }
-            rpc.writeLoginBlock(blockRequest, waitFor(function (e) {
+            Block.writeLoginBlock({
+                blockKeys: blockKeys,
+                content: {}
+            }, waitFor(function (e) {
                 // we should tolerate restricted registration
                 // and proceed to clean up after any data we've created
                 if (e === 'E_RESTRICTED') {
@@ -373,7 +366,7 @@ define([
         }).nThen(function (waitFor) {
             if (restricted) { return; }
             // Read block
-            Util.fetch(blockUrl, waitFor(function (e) {
+            Util.getBlock(blockUrl, {}, waitFor(function (e) {
                 if (e) {
                     waitFor.abort();
                     console.error("Can't read login block", e);
@@ -382,15 +375,26 @@ define([
             }));
         }).nThen(function (waitFor) {
             // Remove block
-            rpc.removeLoginBlock(removeRequest, waitFor(function (e) {
+            Block.removeLoginBlock({
+                blockKeys: blockKeys,
+            }, waitFor(function (e) {
                 if (restricted) { return; } // an ENOENT is expected in the case of restricted registration, but we call this anyway to clean up any mess from previous tests.
                 if (e) {
                     waitFor.abort();
                     console.error("Can't remove login block", e);
-                    console.error(blockRequest);
                     return void cb(false);
                 }
             }));
+        }).nThen(function (waitFor) {
+            // Init RPC
+            Pinpad.create(RT.network, RT.proxy, waitFor(function (e, _rpc) {
+                if (e) {
+                    waitFor.abort();
+                    console.error("Can't initialize RPC", e); // INVALID_KEYS
+                    return void cb(false);
+                }
+                rpc = _rpc;
+            }));
         }).nThen(function (waitFor) {
             rpc.removeOwnedChannel(secret.channel, waitFor(function (e) {
                 if (e) {
diff --git a/www/common/common-interface.js b/www/common/common-interface.js
index ea9574f34..35440aec7 100644
--- a/www/common/common-interface.js
+++ b/www/common/common-interface.js
@@ -1506,5 +1506,44 @@ define([
         });
     };
 
+    Messages.settings_otp_code = "OTP code"; // XXX KEY ALREADY ADDED IN www/settings/inner.js
+    Messages.loading_enter_otp = "This account is protected with MFA. Please enter your OTP code."; // XXX
+    Messages.settings_otp_invalid = "Invalid OTP code";
+
+
+    UI.getOTPScreen = function (cb, exitable, err) {
+        var btn, input;
+        var error;
+        if (err) {
+            error = h('p.cp-password-error', Messages.settings_otp_invalid);
+        }
+        var block = h('div#cp-loading-password-prompt', [
+            error,
+            h('p.cp-password-info', Messages.loading_enter_otp),
+            h('p.cp-password-form', [
+                input = h('input', {
+                    placeholder: Messages.settings_otp_code,
+                    autocomplete: 'off',
+                    autocorrect: 'off',
+                    autocapitalize: 'off',
+                    spellcheck: false,
+                }),
+                btn = h('button.btn.btn-primary', Messages.ui_confirm)
+            ])
+        ]);
+        var $input = $(input);
+        var $btn = $(btn).click(function () {
+            var val = $input.val();
+            if (!val) { return void UI.getOTPScreen(cb, exitable, 'INVALID_CODE'); }
+            cb(val);
+        });
+        $(input).on('keydown', function (e) {
+            if (e.which !== 13) { return; } // enter
+            $btn.click();
+        });
+        UI.errorLoadingScreen(block, false, exitable);
+
+    };
+
     return UI;
 });
diff --git a/www/common/common-util.js b/www/common/common-util.js
index 8b730fa60..7e3269ba4 100644
--- a/www/common/common-util.js
+++ b/www/common/common-util.js
@@ -334,7 +334,16 @@
                 // this is resulting in some code duplication
                 return void CB(void 0, response);
             }
-            CB(response.status);
+            if (response.status === 401) {
+                response.json().then((data) => {
+                    CB(401, data);
+                }).catch(() => {
+                    CB(401);
+                });
+
+                return;
+            }
+            CB(response.status, response);
         }).catch(error => {
             CB(error);
         });
diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index 38b05c3f7..ad0150a32 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -12,12 +12,14 @@ define([
     '/common/outer/local-store.js',
     '/common/outer/worker-channel.js',
     '/common/outer/login-block.js',
+    '/common/common-credential.js',
+    '/customize/login.js',
 
     '/customize/application_config.js',
     '/bower_components/nthen/index.js',
 ], function (Config, Messages, Util, Hash, Cache,
             Messaging, Constants, Feedback, Visible, UserObject, LocalStore, Channel, Block,
-            AppConfig, Nthen) {
+            Cred, Login, AppConfig, Nthen) {
 
 /*  This file exposes functionality which is specific to Cryptpad, but not to
     any particular pad type. This includes functions for committing metadata
@@ -616,18 +618,6 @@ define([
         });
     };
 
-    common.writeLoginBlock = function (data, cb) {
-        postMessage('WRITE_LOGIN_BLOCK', data, function (obj) {
-            cb(obj);
-        });
-    };
-
-    common.removeLoginBlock = function (data, cb) {
-        postMessage('REMOVE_LOGIN_BLOCK', data, function (obj) {
-            cb(obj);
-        });
-    };
-
     // ANON RPC
 
     // SFRAME: talk to anon_rpc from the iframe
@@ -1892,80 +1882,29 @@ define([
         });
     };
 
-
-    var getBlockKeys = function (data, cb) {
-        var accountName = LocalStore.getAccountName();
-        var password = data.password;
-        var Cred, Block, Login;
-        var blockKeys;
-
-        var hash = LocalStore.getUserHash();
-        if (!hash) { return void cb({ error: 'E_NOT_LOGGED_IN' }); }
-        var blockHash = LocalStore.getBlockHash();
-
-        Nthen(function (waitFor) {
-            require([
-                '/common/common-credential.js',
-                '/common/outer/login-block.js',
-                '/customize/login.js'
-            ], waitFor(function (_Cred, _Block, _Login) {
-                Cred = _Cred;
-                Block = _Block;
-                Login = _Login;
-            }));
-        }).nThen(function (waitFor) {
-            // confirm that the provided password is correct
-            Cred.deriveFromPassphrase(accountName, password, Login.requiredBytes,
-                                      waitFor(function (bytes) {
-                var allocated = Login.allocateBytes(bytes);
-                blockKeys = allocated.blockKeys;
-                if (blockHash) {
-                    if (blockHash !== allocated.blockHash) {
-                        // incorrect password
-                        console.log("provided password did not yield the correct blockHash");
-                        waitFor.abort();
-                        return void cb({ error: 'INVALID_PASSWORD', });
-                    }
-                } else {
-                    // otherwise they're a legacy user, and we should check against the User_hash
-                    if (hash !== allocated.userHash) {
-                        // incorrect password
-                        console.log("provided password did not yield the correct userHash");
-                        waitFor.abort();
-                        return void cb({ error: 'INVALID_PASSWORD', });
-                    }
-                }
-            }));
-        }).nThen(function () {
-            cb({
-                Cred: Cred,
-                Block: Block,
-                Login: Login,
-                blockKeys: blockKeys
-            });
-        });
-    };
     common.deleteAccount = function (data, cb) {
         data = data || {};
 
-        // Confirm that the provided password is corrct and get the block keys
-        getBlockKeys(data, function (obj) {
-            if (obj && obj.error) { return void cb(obj); }
-            var blockKeys = obj.blockKeys;
-            var removeData = obj.Block.remove(blockKeys);
+        var bytes = data.bytes; // From Scrypt
+        var auth = data.auth; // MFA data
 
-            postMessage("DELETE_ACCOUNT", {
-                keys: Block.keysToRPCFormat(blockKeys),
-                removeData: removeData
-            }, function (obj) {
-                if (obj.state) {
-                    Feedback.send('DELETE_ACCOUNT_AUTOMATIC');
-                } else {
-                    Feedback.send('DELETE_ACCOUNT_MANUAL');
-                }
-                cb(obj);
-            });
-        });
+        var allocated = Login.allocateBytes(bytes);
+        var blockKeys = allocated.blockKeys;
+
+        postMessage("DELETE_ACCOUNT", {
+            keys: blockKeys,
+            auth: auth
+        }, function (obj) {
+            if (obj.state) {
+                Feedback.send('DELETE_ACCOUNT_AUTOMATIC');
+            } else {
+                Feedback.send('DELETE_ACCOUNT_MANUAL');
+            }
+            cb(obj);
+        }, {raw: true});
+    };
+    common.removeOwnedPads = function (data, cb) {
+        postMessage("REMOVE_OWNED_PADS", data, cb);
     };
     common.changeUserPassword = function (Crypt, edPublic, data, cb) {
         if (!edPublic) {
@@ -1973,36 +1912,28 @@ define([
                 error: 'E_NOT_LOGGED_IN'
             });
         }
-        var accountName = LocalStore.getAccountName();
-        var hash = LocalStore.getUserHash();
+        var hash = common.userHash;
         if (!hash) {
             return void cb({
                 error: 'E_NOT_LOGGED_IN'
             });
         }
 
-        var password = data.password; // To remove your old block
-        var newPassword = data.newPassword; // To create your new block
+        var oldBytes = data.oldBytes; // From Scrypt
+        var newBytes = data.newBytes; // From Scrypt
         var secret = Hash.getSecrets('drive', hash);
-        var newHash, newHref, newSecret, blockKeys;
+        var newHash, newHref, newSecret;
         var oldIsOwned = false;
 
         var blockHash = LocalStore.getBlockHash();
-        var oldBlockKeys;
 
-        var Cred, Block, Login;
+        var oldAllocated = Login.allocateBytes(oldBytes);
+        var newAllocated = Login.allocateBytes(newBytes);
+        var oldBlockKeys = oldAllocated.blockKeys;
+        var blockKeys = newAllocated.blockKeys;
+        var auth = data.auth;
+
         Nthen(function (waitFor) {
-            getBlockKeys(data, waitFor(function (obj) {
-                if (obj && obj.error) {
-                    waitFor.abort();
-                    return void cb(obj);
-                }
-                oldBlockKeys = obj.blockKeys;
-                Cred = obj.Cred;
-                Login = obj.Login;
-                Block = obj.Block;
-            }));
-        }).nThen(function (waitFor) {
             // Check if our drive is already owned
             console.log("checking if old drive is owned");
             common.anonRpcMsg('GET_METADATA', secret.channel, waitFor(function (err, obj) {
@@ -2012,6 +1943,17 @@ define([
                     oldIsOwned = true;
                 }
             }));
+        }).nThen(function (waitFor) {
+            Block.checkRights({
+                auth: auth,
+                blockKeys: oldBlockKeys,
+            }, waitFor(function (err) {
+                if (err) {
+                    waitFor.abort();
+                    console.error(err);
+                    return void cb({ error: 'INVALID_CODE' });
+                }
+            }));
         }).nThen(function (waitFor) {
             // Create a new user hash
             // Get the current content, store it in the new user file
@@ -2040,19 +1982,13 @@ define([
                     }
                 }), optsPut);
             }));
-        }).nThen(function (waitFor) {
-            // Drive content copied: get the new block location
-            console.log("deriving new credentials from passphrase");
-            Cred.deriveFromPassphrase(accountName, newPassword, Login.requiredBytes, waitFor(function (bytes) {
-                var allocated = Login.allocateBytes(bytes);
-                blockKeys = allocated.blockKeys;
-            }));
         }).nThen(function (waitFor) {
             var blockUrl = Block.getBlockUrl(blockKeys);
-            // Check whether there is a block at that location
+            // Check whether there is a block at that new location
             Util.fetch(blockUrl, waitFor(function (err, block) {
                 // If there is no block or the block is invalid, continue.
-                if (err) {
+                // error 401 means protected block
+                if (err && err !== 401) {
                     console.log("no block found");
                     return;
                 }
@@ -2069,30 +2005,31 @@ define([
             }));
         }).nThen(function (waitFor) {
             // Write the new login block
-            var temp = {
+            var content = {
                 User_hash: newHash,
                 edPublic: edPublic,
             };
-
-            var content = Block.serialize(JSON.stringify(temp), blockKeys);
-            console.error("OLD AND NEW BLOCK KEYS", oldBlockKeys, blockKeys);
-            content.registrationProof = Block.proveAncestor(oldBlockKeys);
-
-            console.log("writing new login block");
-
-            var data = {
-                keys: Block.keysToRPCFormat(blockKeys),
-                content: content,
-            };
-            common.writeLoginBlock(data, waitFor(function (obj) {
-                if (obj && obj.error) {
+            Block.writeLoginBlock({
+                auth: auth,
+                blockKeys: blockKeys,
+                oldBlockKeys: oldBlockKeys,
+                content: content
+            }, waitFor(function (err, data) {
+                if (err) {
                     waitFor.abort();
-                    return void cb(obj);
+                    return void cb({error: err});
+                }
+                if (data && data.bearer) {
+                    LocalStore.setSessionToken(data.bearer);
                 }
             }));
+
         }).nThen(function (waitFor) {
             var blockUrl = Block.getBlockUrl(blockKeys);
-            Util.fetch(blockUrl, waitFor(function (err /* block */) {
+            var sessionToken = LocalStore.getSessionToken() || undefined;
+            Util.getBlock(blockUrl, {
+                bearer: sessionToken,
+            }, waitFor((err) => {
                 if (err) {
                     console.error(err);
                     waitFor.abort();
@@ -2111,53 +2048,49 @@ define([
             common.pinPads([newSecret.channel], waitFor());
         }).nThen(function (waitFor) {
             // Remove block hash
-            if (blockHash) {
-                console.log('removing old login block');
-                var data = {
-                    keys: Block.keysToRPCFormat(oldBlockKeys), // { edPrivate, edPublic }
-                    content: Block.remove(oldBlockKeys),
-                };
-                common.removeLoginBlock(data, waitFor(function (obj) {
-                    if (obj && obj.error) { return void console.error(obj.error); }
-                }));
-            }
+            if (!blockHash) { return; }
+            console.log('removing old login block');
+            Block.removeLoginBlock({
+                auth: auth,
+                blockKeys: oldBlockKeys,
+            }, waitFor(function (err) {
+                if (err) { return void console.error(err); }
+            }));
         }).nThen(function (waitFor) {
-            if (oldIsOwned) {
-                console.log('removing old drive');
-                common.removeOwnedChannel({
-                    channel: secret.channel,
-                    teamId: null,
-                    force: true
-                }, waitFor(function (obj) {
-                    if (obj && obj.error) {
-                        // Deal with it as if it was not owned
-                        oldIsOwned = false;
-                        return;
-                    }
-                    common.logoutFromAll(waitFor(function () {
-                        postMessage("DISCONNECT");
-                    }));
+            if (!oldIsOwned) { return; }
+            console.log('removing old drive');
+            common.removeOwnedChannel({
+                channel: secret.channel,
+                teamId: null,
+                force: true
+            }, waitFor(function (obj) {
+                if (obj && obj.error) {
+                    // Deal with it as if it was not owned
+                    oldIsOwned = false;
+                    return;
+                }
+                common.logoutFromAll(waitFor(function () {
+                    postMessage("DISCONNECT");
                 }));
-            }
+            }));
         }).nThen(function (waitFor) {
-            if (!oldIsOwned) {
-                console.error('deprecating old drive.');
-                postMessage("SET", {
-                    teamId: data.teamId,
-                    key: [Constants.deprecatedKey],
-                    value: true
-                }, waitFor(function (obj) {
-                    if (obj && obj.error) {
-                        console.error(obj.error);
-                    }
-                    common.logoutFromAll(waitFor(function () {
-                        postMessage("DISCONNECT");
-                    }));
+            if (oldIsOwned) { return; }
+            console.error('deprecating old drive.');
+            postMessage("SET", {
+                teamId: data.teamId,
+                key: [Constants.deprecatedKey],
+                value: true
+            }, waitFor(function (obj) {
+                if (obj && obj.error) {
+                    console.error(obj.error);
+                }
+                common.logoutFromAll(waitFor(function () {
+                    postMessage("DISCONNECT");
                 }));
-            }
+            }));
         }).nThen(function () {
             // We have the new drive, with the new login block
-            var feedbackKey = (password === newPassword)?
+            var feedbackKey = (data.password === data.newPassword)?
                 'OWNED_DRIVE_MIGRATION': 'PASSWORD_CHANGED';
 
             Feedback.send(feedbackKey, undefined, function () {
diff --git a/www/common/outer/async-store.js b/www/common/outer/async-store.js
index 901487dbc..ae35d19cf 100644
--- a/www/common/outer/async-store.js
+++ b/www/common/outer/async-store.js
@@ -21,6 +21,7 @@ define([
     '/common/outer/messenger.js',
     '/common/outer/history.js',
     '/common/outer/calendar.js',
+    '/common/outer/login-block.js',
     '/common/outer/network-config.js',
     '/customize/application_config.js',
 
@@ -34,7 +35,7 @@ define([
 ], function (ApiConfig, Sortify, UserObject, ProxyManager, Migrate, Hash, Util, Constants, Feedback,
              Realtime, Messaging, Pinpad, Cache,
              SF, Cursor, OnlyOffice, Mailbox, Profile, Team, Messenger, History,
-             Calendar, NetConfig, AppConfig,
+             Calendar, Block, NetConfig, AppConfig,
              Crypto, ChainPad, CpNetflux, Listmap, Netflux, nThen, Saferphore) {
 
     var onReadyEvt = Util.mkEvent(true);
@@ -453,38 +454,6 @@ define([
             });
         };
 
-        Store.writeLoginBlock = function (clientId, data, cb) {
-            Pinpad.create(store.network, data && data.keys, function (err, rpc) {
-                if (err) {
-                    return void cb({
-                        error: err,
-                    });
-                }
-                rpc.writeLoginBlock(data && data.content, function (e, res) {
-                    cb({
-                        error: e,
-                        data: res
-                    });
-                });
-            });
-        };
-
-        Store.removeLoginBlock = function (clientId, data, cb) {
-            Pinpad.create(store.network, data && data.keys, function (err, rpc) {
-                if (err) {
-                    return void cb({
-                        error: err,
-                    });
-                }
-                rpc.removeLoginBlock(data && data.content, function (e, res) {
-                    cb({
-                        error: e,
-                        data: res
-                    });
-                });
-            });
-        };
-
         var initRpc = function (clientId, data, cb) {
             if (!store.loggedIn) { return cb(); }
             if (store.rpc) { return void cb(account); }
@@ -751,43 +720,62 @@ define([
             });
         };
 
-        var getOwnedPads = function () {
-            var list = store.manager.getChannelsList('owned');
-            if (store.proxy.todo) {
-                // No password for todo
-                list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo, null));
-            }
-            if (store.proxy.profile && store.proxy.profile.edit) {
-                // No password for profile
-                list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit, null));
-            }
-            if (store.proxy.mailboxes) {
-                Object.keys(store.proxy.mailboxes || {}).forEach(function (id) {
-                    if (id === 'supportadmin') { return; }
-                    var m = store.proxy.mailboxes[id];
-                    list.push(m.channel);
-                });
-            }
-            if (store.proxy.teams) {
-                Object.keys(store.proxy.teams || {}).forEach(function (id) {
-                    var t = store.proxy.teams[id];
-                    if (t.owner) {
-                        list.push(t.channel);
-                        list.push(t.keys.roster.channel);
-                        list.push(t.keys.chat.channel);
-                    }
-                });
+        var getOwnedPads = function (account) {
+            var list = [];
+            if (account) {
+                if (store.proxy.todo) {
+                    // No password for todo
+                    list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo, null));
+                }
+                if (store.proxy.profile && store.proxy.profile.edit) {
+                    // No password for profile
+                    list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit, null));
+                }
+                if (store.proxy.mailboxes) {
+                    Object.keys(store.proxy.mailboxes || {}).forEach(function (id) {
+                        if (id === 'supportadmin') { return; }
+                        var m = store.proxy.mailboxes[id];
+                        list.push(m.channel);
+                    });
+                }
+                // XXX calendars
+            } else {
+                list = store.manager.getChannelsList('owned');
+                /*
+                if (store.proxy.teams) {
+                    Object.keys(store.proxy.teams || {}).forEach(function (id) {
+                        var t = store.proxy.teams[id];
+                        if (t.owner) {
+                            list.push(t.channel);
+                            list.push(t.keys.roster.channel);
+                            list.push(t.keys.chat.channel);
+                        }
+                    });
+                }
+                */
             }
             return list.filter(function (channel) {
                 if (typeof(channel) !== 'string') { return; }
                 return [32, 48].indexOf(channel.length) !== -1;
             });
         };
-        var removeOwnedPads = function (waitFor) {
+        var removeOwnedPads = function (account, waitFor) {
             // Delete owned pads
             var edPublic = Util.find(store, ['proxy', 'edPublic']);
-            var ownedPads = getOwnedPads();
+            var ownedPads = getOwnedPads(account);
             var sem = Saferphore.create(10);
+
+            var deleteChannel = function (c) {
+                // When deleting the whole account, no need to remove from drive
+                if (account) { return; }
+
+                var all = store.manager.findChannel(c);
+                all.forEach(function (d) {
+                    var p = store.manager.findFile(d.id);
+                    store.manager.delete({paths:p});
+                });
+            };
+
             ownedPads.forEach(function (c) {
                 var w = waitFor();
                 sem.take(function (give) {
@@ -805,6 +793,14 @@ define([
                                 return void _w.abort();
                             }
                             var md = obj[0];
+
+                            if (!Object.keys(md || {}).length) {
+                                deleteChannel(c);
+                                give();
+                                w();
+                                return void _w.abort();
+                            }
+
                             var isOwner = md && Array.isArray(md.owners) && md.owners.indexOf(edPublic) !== -1;
                             if (!isOwner) {
                                 give();
@@ -824,7 +820,8 @@ define([
                         }
                         // We're the only owner: delete the pad
                         store.rpc.removeOwnedChannel(c, _w(function (err) {
-                            if (err) { console.error(err); }
+                            if (err) { return void console.error(err); }
+                            deleteChannel(c);
                         }));
                     }).nThen(function () {
                         give();
@@ -834,10 +831,17 @@ define([
             });
         };
 
+        Store.removeOwnedPads = function (clientId, data, cb) {
+            var edPublic = store.proxy.edPublic;
+            if (!edPublic) { return void cb({ error: 'NOT_LOGGED_IN' }); }
+            nThen(function (waitFor) {
+                removeOwnedPads(false, waitFor);
+            }).nThen(cb);
+        };
         Store.deleteAccount = function (clientId, data, cb) {
             var edPublic = store.proxy.edPublic;
-            var removeData = data && data.removeData;
-            var rpcKeys = data && data.keys;
+            var blockKeys = data && data.keys;
+            var auth = data && data.auth;
             Store.anonRpcMsg(clientId, {
                 msg: 'GET_METADATA',
                 data: store.driveChannel
@@ -848,13 +852,22 @@ define([
                     metadata.owners.indexOf(edPublic) !== -1) {
                     var token;
                     nThen(function (waitFor) {
+                        Block.checkRights({
+                            auth: auth,
+                            blockKeys: blockKeys,
+                        }, waitFor(function (err) {
+                            if (err) {
+                                waitFor.abort();
+                                console.error(err);
+                                return void cb({ error: 'INVALID_CODE' });
+                            }
+                        }));
+                    }).nThen(function (waitFor) {
                         self.accountDeletion = clientId;
                         // Log out from other workers
                         var token = Math.floor(Math.random()*Number.MAX_SAFE_INTEGER);
                         store.proxy[Constants.tokenKey] = token;
                         onSync(null, waitFor());
-                    }).nThen(function (waitFor) {
-                        removeOwnedPads(waitFor);
                     }).nThen(function (waitFor) {
                         // Delete Pin Store
                         store.rpc.removePins(waitFor(function (err) {
@@ -867,16 +880,15 @@ define([
                             force: true
                         }, waitFor());
                     }).nThen(function (waitFor) {
-                        if (!removeData) { return; }
-                        var done = waitFor();
-                        Pinpad.create(store.network, rpcKeys, function (err, rpc) {
-                            if (err) {
-                                console.error(err);
-                                return void done();
-                            }
-                            // Delete the block. Don't abort if it fails, it doesn't leak any data.
-                            rpc.removeLoginBlock(removeData, done);
-                        });
+                        if (!blockKeys) { return; }
+                        Block.removeLoginBlock({
+                            auth: auth,
+                            blockKeys: blockKeys,
+                        }, waitFor(function (err) {
+                            if (err) { console.error(err); }
+                        }));
+                    }).nThen(function (waitFor) {
+                        removeOwnedPads(true, waitFor);
                     }).nThen(function () {
                         // Log out current worker
                         postMessage(clientId, "DELETE_ACCOUNT", token, function () {});
@@ -2928,7 +2940,7 @@ define([
                 readOnly: false,
                 validateKey: secret.keys.validateKey || undefined,
                 crypto: Crypto.createEncryptor(secret.keys),
-                Cache: Cache, // ICE drive cache
+                Cache: Cache,
                 userName: 'fs',
                 logLevel: 1,
                 ChainPad: ChainPad,
diff --git a/www/common/outer/http-command.js b/www/common/outer/http-command.js
index cba32f24e..516540f96 100644
--- a/www/common/outer/http-command.js
+++ b/www/common/outer/http-command.js
@@ -18,7 +18,9 @@ define([
             body: JSON.stringify(data),
         }).then(response => {
             if (response.ok) {
-                return void response.json().then(result => { CB(void 0, result); });
+
+                return void response.text().then(result => { CB(void 0, Util.tryParse(result)); }); // XXX checkup error when using .json()
+                //return void response.json().then(result => { CB(void 0, result); });
             }
 
             response.json().then().then(result => {
diff --git a/www/common/outer/login-block.js b/www/common/outer/login-block.js
index c5026c565..67eaaa128 100644
--- a/www/common/outer/login-block.js
+++ b/www/common/outer/login-block.js
@@ -1,8 +1,9 @@
 define([
     '/common/common-util.js',
     '/api/config',
+    '/common/outer/http-command.js',
     '/bower_components/tweetnacl/nacl-fast.min.js',
-], function (Util, ApiConfig) {
+], function (Util, ApiConfig, ServerCommand) {
     var Nacl = window.nacl;
 
     var Block = {};
@@ -113,17 +114,6 @@ define([
         }
     };
 
-    Block.remove = function (keys) {
-        // sign the hash of the text 'DELETE_BLOCK'
-        var sig = Nacl.sign.detached(Nacl.hash(
-            Nacl.util.decodeUTF8('DELETE_BLOCK')), keys.sign.secretKey);
-
-        return {
-            publicKey: Nacl.util.encodeBase64(keys.sign.publicKey),
-            signature: Nacl.util.encodeBase64(sig),
-        };
-    };
-
     var urlSafeB64 = function (u8) {
         return Nacl.util.encodeBase64(u8).replace(/\//g, '-');
     };
@@ -170,5 +160,50 @@ define([
         }
     };
 
+    Block.checkRights = function (data, _cb) {
+        const cb = Util.mkAsync(_cb);
+        const { blockKeys, auth } = data;
+
+        var command = 'MFA_CHECK';
+        if (auth && auth.type === 'TOTP') {
+            command = 'TOTP_CHECK';
+        }
+
+        ServerCommand(blockKeys.sign, {
+            command: command,
+            auth: auth && auth.data
+        }, cb);
+    };
+    Block.writeLoginBlock = function (data, cb) {
+        const { content, blockKeys, oldBlockKeys, auth } = data;
+
+        var command = 'WRITE_BLOCK';
+        if (auth && auth.type === 'TOTP') {
+            command = 'TOTP_WRITE_BLOCK';
+        }
+
+        var block = Block.serialize(JSON.stringify(content), blockKeys);
+        block.auth = auth && auth.data;
+        block.registrationProof = oldBlockKeys && Block.proveAncestor(oldBlockKeys);
+
+        ServerCommand(blockKeys.sign, {
+            command: command,
+            content: block
+        }, cb);
+    };
+    Block.removeLoginBlock = function (data, cb) {
+        const { blockKeys, auth } = data;
+
+        var command = 'REMOVE_BLOCK';
+        if (auth && auth.type === 'TOTP') {
+            command = 'TOTP_REMOVE_BLOCK';
+        }
+
+        ServerCommand(blockKeys.sign, {
+            command: command,
+            auth: auth && auth.data
+        }, cb);
+    };
+
     return Block;
 });
diff --git a/www/common/outer/store-rpc.js b/www/common/outer/store-rpc.js
index f4e88333b..62b281f64 100644
--- a/www/common/outer/store-rpc.js
+++ b/www/common/outer/store-rpc.js
@@ -24,8 +24,6 @@ define([
             UPLOAD_COMPLETE: Store.uploadComplete,
             UPLOAD_STATUS: Store.uploadStatus,
             UPLOAD_CANCEL: Store.uploadCancel,
-            WRITE_LOGIN_BLOCK: Store.writeLoginBlock,
-            REMOVE_LOGIN_BLOCK: Store.removeLoginBlock,
             PIN_PADS: Store.pinPads,
             UNPIN_PADS: Store.unpinPads,
             GET_DELETED_PADS: Store.getDeletedPads,
@@ -93,6 +91,7 @@ define([
             DRIVE_USEROBJECT: Store.userObjectCommand,
             // Settings,
             DELETE_ACCOUNT: Store.deleteAccount,
+            REMOVE_OWNED_PADS: Store.removeOwnedPads,
             // Admin
             ADMIN_RPC: Store.adminRpc,
             ADMIN_ADD_MAILBOX: Store.addAdminMailbox,
diff --git a/www/common/pinpad.js b/www/common/pinpad.js
index 7102be669..ab1a8c8c6 100644
--- a/www/common/pinpad.js
+++ b/www/common/pinpad.js
@@ -205,41 +205,6 @@ var factory = function (Util, Rpc) {
                 });
             };
 
-            exp.writeLoginBlock = function (data, cb) {
-                if (!data) { return void cb('NO_DATA'); }
-                if (!data.publicKey || !data.signature || !data.ciphertext) {
-                    console.log(data);
-                    return void cb("MISSING_PARAMETERS");
-                }
-                if (['string', 'undefined'].indexOf(typeof(data.registrationProof)) === -1) {
-                    return void cb("INVALID_REGISTRATION_PROOF");
-                }
-
-                rpc.send('WRITE_LOGIN_BLOCK', [
-                    data.publicKey,
-                    data.signature,
-                    data.ciphertext,
-                    data.registrationProof || undefined,
-                ], function (e) {
-                    cb(e);
-                });
-            };
-
-            exp.removeLoginBlock = function (data, cb) {
-                if (!data) { return void cb('NO_DATA'); }
-                if (!data.publicKey || !data.signature) {
-                    console.log(data);
-                    return void cb("MISSING_PARAMETERS");
-                }
-
-                rpc.send('REMOVE_LOGIN_BLOCK', [
-                    data.publicKey, // publicKey
-                    data.signature, // signature
-                ], function (e) {
-                    cb(e);
-                });
-            };
-
             // Get data for the admin panel
             exp.setMetadata = function (obj, cb) {
                 rpc.send('SET_METADATA', {
diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js
index 23e776218..b0be9a190 100644
--- a/www/common/sframe-common-outer.js
+++ b/www/common/sframe-common-outer.js
@@ -1733,14 +1733,6 @@ define([
                 Cryptpad.changeUserPassword(Cryptget, edPublic, data, cb);
             });
 
-            sframeChan.on('Q_WRITE_LOGIN_BLOCK', function (data, cb) {
-                Cryptpad.writeLoginBlock(data, cb);
-            });
-
-            sframeChan.on('Q_REMOVE_LOGIN_BLOCK', function (data, cb) {
-                Cryptpad.removeLoginBlock(data, cb);
-            });
-
             // It seems we have performance issues when we open and close a lot of channels over
             // the same network, maybe a memory leak. To fix this, we kill and create a new
             // network every 30 cryptget calls (1 call = 1 channel)
diff --git a/www/debug/main.js b/www/debug/main.js
index 124ea39f9..718412eb9 100644
--- a/www/debug/main.js
+++ b/www/debug/main.js
@@ -32,19 +32,23 @@ define([
     }).nThen(function (waitFor) {
         SFCommonO.initIframe(waitFor);
     }).nThen(function (/*waitFor*/) {
-        var hash = localStorage[Constants.userHashKey] || localStorage[Constants.fileHashKey];
-        var drive = hash && ('#'+hash === window.location.hash);
+        var isDrive = false;
+        var isMyDrive = false;
         if (!window.location.hash) {
-            drive = true;
-            window.location.hash = hash;
+            isDrive = true;
+            isMyDrive = true;
         } else {
             var p = Hash.parsePadUrl('/debug/'+window.location.hash);
             if (p && p.hashData && p.hashData.app === 'drive') {
-                drive = true;
+                isDrive = true;
             }
         }
-        var addData = function (meta) {
-            meta.debugDrive = drive;
+        var addData = function (meta, Cryptpad) {
+            if (isMyDrive) { window.location.hash = Cryptpad.userHash; }
+            window.CryptPad_location.app = "debug";
+            window.CryptPad_location.hash = Cryptpad.userHash;
+            window.CryptPad_location.href = '/debug/#'+Cryptpad.userHash;
+            meta.debugDrive = isDrive;
         };
         SFCommonO.start({
             noDrive: true,
diff --git a/www/login/main.js b/www/login/main.js
index 44649e534..edbc38f16 100644
--- a/www/login/main.js
+++ b/www/login/main.js
@@ -6,12 +6,10 @@ define([
     '/common/common-realtime.js',
     '/common/common-feedback.js',
     '/common/outer/local-store.js',
-    '/common/hyperscript.js',
-    '/customize/messages.js',
     //'/common/test.js',
 
     'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
-], function ($, Cryptpad, Login, UI, Realtime, Feedback, LocalStore, h, Msg /*, Test */) {
+], function ($, Cryptpad, Login, UI, Realtime, Feedback, LocalStore/*, Test */) {
     if (window.top !== window) { return; }
     $(function () {
         var $checkImport = $('#import-recent');
@@ -21,11 +19,6 @@ define([
             return;
         }
 
-    Msg.settings_totp_code = "OTP code"; // XXX KEY ALREADY ADDED IN www/settings/inner.js
-    Msg.login_enter_totp = "This account is protected with MFA. Please enter your OTP code."; // XXX
-    Msg.login_invalid_otp = "Invalid OTP code";
-
-
         /* Log in UI */
         // deferred execution to avoid unnecessary asset loading
         var loginReady = function (cb) {
@@ -51,47 +44,13 @@ define([
             $('button.login').click();
         });
 
-        var onOTP = function (err, cb) {
-            var btn, input;
-            var error;
-            if (err) {
-                console.error(err);
-                error = h('p.cp-password-error', Msg.login_invalid_otp);
-            }
-            var block = h('div#cp-loading-password-prompt', [
-                error,
-                h('p.cp-password-info', Msg.login_enter_totp),
-                h('p.cp-password-form', [
-                    input = h('input', {
-                        placeholder: Msg.settings_totp_code,
-                        autocomplete: 'off',
-                        autocorrect: 'off',
-                        autocapitalize: 'off',
-                        spellcheck: false,
-                    }),
-                    btn = h('button.btn.btn-primary', Msg.ui_confirm)
-                ])
-            ]);
-            var $input = $(input);
-            var $btn = $(btn).click(function () {
-                var val = $input.val();
-                if (!val) { return void onOTP('INVALID_CODE', cb); }
-                cb(val);
-            });
-            $(input).on('keydown', function (e) {
-                if (e.which !== 13) { return; } // enter
-                $btn.click();
-            });
-            UI.errorLoadingScreen(block, false, false);
-        };
-
-
         //var test;
         $('button.login').click(function () {
             var shouldImport = $checkImport[0].checked;
             var uname = $uname.val();
             var passwd = $passwd.val();
-            Login.loginOrRegisterUI(uname, passwd, false, shouldImport, onOTP, /*Test.testing */ false, function () {
+            Login.loginOrRegisterUI(uname, passwd, false, shouldImport,
+                UI.getOTPScreen, /*Test.testing */ false, function () {
                 /*
                 if (test) {
                     localStorage.clear();
diff --git a/www/settings/inner.js b/www/settings/inner.js
index 58e6fc83b..35a56701c 100644
--- a/www/settings/inner.js
+++ b/www/settings/inner.js
@@ -54,8 +54,8 @@ define([
     Messages.settings_totp_enable = "Enable TOTP"; // XXX
     Messages.settings_totp_disable = "Disable TOTP"; // XXX
     Messages.settings_totp_generate = "Generate secret"; // XXX
-    Messages.settings_totp_code = "OTP code"; // XXX
-    Messages.settings_totp_code_invalid = "Invalid OTP code"; // XXX
+    Messages.settings_otp_code = "OTP code"; // XXX
+    Messages.settings_otp_invalid = "Invalid OTP code"; // XXX
 
     Messages.settings_totp_tuto = "Scan this QR code with a authenticator application. Obtain a valid authentication code and confirm before it expires."; // XXX
     Messages.settings_totp_confirm = "Enable TOTP with this secret"; // XXX
@@ -63,6 +63,9 @@ define([
     Messages.settings_totp_recovery_header = "Recovery code";
     Messages.settings_totp_recovery = "If you lose access to your authenticator app, you may lock yourselves out of your CryptPad account. <strong>To prevent this, please store the following recovery secret key.</strong> You'll be able to use it to disable the multi-factor authentication. Do not share this key.";
 
+    Messages.settings_removeOwnedButton = "Destroy documents";
+    Messages.settings_removeOwnedText = "Please wait while your document are being destroyed...";
+
     var categories = {
         'account': [ // Msg.settings_cat_account
             'cp-settings-own-drive',
@@ -70,12 +73,12 @@ define([
             'cp-settings-displayname',
             'cp-settings-language-selector',
             'cp-settings-mediatag-size',
-            'cp-settings-change-password',
-            'cp-settings-delete'
         ],
         'access': [ // Msg.settings_cat_access // XXX
-            // XXX add password change and account deletion here?
-            'cp-settings-totp'
+            'cp-settings-totp',
+            'cp-settings-remove-owned',
+            'cp-settings-change-password',
+            'cp-settings-delete'
         ],
         'security': [ // Msg.settings_cat_security
             'cp-settings-logout-everywhere',
@@ -497,6 +500,40 @@ define([
         });
     }, true);
 
+    var deriveBytes = function (name, password, cb) {
+        Cred.deriveFromPassphrase(name, password, Login.requiredBytes, cb);
+    };
+
+    makeBlock('remove-owned', function(cb) { // Msg.settings_removeOwnedHint, .settings_removeOwnedTitle
+        if (!common.isLoggedIn()) { return cb(false); }
+
+        var button = h('button.btn.btn-danger', Messages.settings_removeOwnedButton);
+        var form = h('div', [
+            button
+        ]);
+        var $button = $(button);
+
+        UI.confirmButton(button, {
+            classes: 'btn-danger',
+            multiple: true
+        }, function() {
+            UI.addLoadingScreen({
+                hideTips: true,
+                loadingText: Messages.settings_removeOwnedText
+            });
+            sframeChan.query("Q_SETTINGS_REMOVE_OWNED_PADS", {}, function (err, data) {
+                UI.removeLoadingScreen();
+                $button.prop('disabled', '');
+                if (data && data.error) {
+                    console.error(data.error);
+                    return void UI.warn(Messages.error);
+                }
+                UI.log(Messages.success);
+            });
+        });
+
+        cb(form);
+    }, true);
     makeBlock('delete', function(cb) { // Msg.settings_deleteHint, .settings_deleteTitle
         if (!common.isLoggedIn()) { return cb(false); }
 
@@ -510,7 +547,6 @@ define([
         ]);
         var $form = $(form);
         var $button = $(button);
-        var spinner = UI.makeSpinner($form);
 
         UI.confirmButton(button, {
             classes: 'btn-danger',
@@ -548,36 +584,81 @@ define([
                 if (!password) {
                     return void UI.warn(Messages.error);
                 }
-                spinner.spin();
-                sframeChan.query("Q_SETTINGS_DELETE_ACCOUNT", {
-                    password: password
-                }, function(err, data) {
-                    if (data && data.error) {
-                        spinner.hide();
-                        $button.prop('disabled', '');
-                        if (data.error === 'INVALID_PASSWORD') {
-                            return void UI.warn(Messages.drive_sfPasswordError);
-                        }
-                        console.error(data.error);
-                        return void UI.warn(Messages.error);
-                    }
-                    // Owned drive
-                    if (data.state === true) {
-                        return void sframeChan.query('Q_SETTINGS_LOGOUT_PROPERLY', null, function() {
-                            UI.alert(Messages.settings_deleted, function() {
-                                common.gotoURL('/');
-                            });
-                            spinner.done();
+
+                UI.addLoadingScreen({
+                    hideTips: true,
+                    loadingText: Messages.settings_deleteTitle
+                });
+                setTimeout(function () {
+                    var name = privateData.accountName;
+                    var bytes;
+                    var auth = {};
+                    nThen(function (w) {
+                        deriveBytes(name, password, w(function (_bytes) {
+                            bytes = _bytes;
+                        }));
+                    }).nThen(function (w) {
+                        var result = Login.allocateBytes(bytes);
+                        sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
+                            blockHash: result.blockHash,
+                            userHash: result.userHash,
+                        }, w(function (err, obj) {
+                            if (!obj || !obj.correct) {
+                                UI.warn(Messages.login_noSuchUser);
+                                w.abort();
+                                UI.removeLoadingScreen();
+                            }
+                        }));
+                    }).nThen(function (w) {
+                        // CHECK MFA
+                        sframeChan.query('Q_SETTINGS_MFA_CHECK', {}, w(function (err, obj) {
+                            // No block? no need for a code
+                            if (err || !obj || (obj && obj.err === 'NOBLOCK')
+                                    || !obj.mfa) { return; }
+                            auth.type = obj.type;
+
+                            if (auth.type === 'TOTP') {
+                                UI.getOTPScreen(w(function (val) {
+                                    UI.addLoadingScreen({ loadingText: Messages.settings_deleteTitle });
+                                    auth.data = val;
+                                }), function () {
+                                    w.abort(); // On exit OTP screen
+                                });
+                            }
+                        }));
+                    }).nThen(function () {
+                        sframeChan.query("Q_SETTINGS_DELETE_ACCOUNT", {
+                            bytes: bytes,
+                            auth: auth
+                        }, function(err, data) {
+                            UI.removeLoadingScreen();
+                            if (data && data.error) {
+                                $button.prop('disabled', '');
+                                if (data.error === 'INVALID_PASSWORD') {
+                                    return void UI.warn(Messages.drive_sfPasswordError);
+                                }
+                                if (data.error === 'INVALID_CODE') {
+                                    return void UI.warn(Messages.settings_otp_invalid);
+                                }
+                                return void UI.warn(Messages.error);
+                            }
+                            // Owned drive
+                            if (data.state === true) {
+                                return void sframeChan.query('Q_SETTINGS_LOGOUT_PROPERLY', null, function() {
+                                    UI.alert(Messages.settings_deleted, function() {
+                                        common.gotoURL('/');
+                                    });
+                                });
+                            }
+                            // Not owned drive
+                            var msg = h('div.cp-app-settings-delete-alert', [
+                                h('p', Messages.settings_deleteModal),
+                                h('pre', JSON.stringify(data, 0, 2))
+                            ]);
+                            UI.alert(msg);
+                            $button.prop('disabled', '');
                         });
-                    }
-                    // Not owned drive
-                    var msg = h('div.cp-app-settings-delete-alert', [
-                        h('p', Messages.settings_deleteModal),
-                        h('pre', JSON.stringify(data, 0, 2))
-                    ]);
-                    UI.alert(msg);
-                    spinner.hide();
-                    $button.prop('disabled', '');
+                    });
                 });
             });
         });
@@ -596,7 +677,6 @@ define([
             .append(Messages.settings_changePasswordHint).appendTo($div);
 
         // var publicKey = privateData.edPublic;
-
         var form = h('div', [
             UI.passwordInput({
                 id: 'cp-settings-change-password-current',
@@ -621,7 +701,7 @@ define([
             sframeChan.query('Q_CHANGE_USER_PASSWORD', data, function(err, obj) {
                 if (err || obj.error) { return void cb({ error: err || obj.error }); }
                 cb(obj);
-            });
+            }, {raw: true});
         };
 
         var todo = function() {
@@ -650,19 +730,69 @@ define([
                 function(yes) {
                     if (!yes) { return; }
 
-                    UI.addLoadingScreen({
-                        hideTips: true,
-                        loadingText: Messages.settings_changePasswordPending,
-                    });
-                    updateBlock({
-                        password: oldPassword,
-                        newPassword: newPassword
-                    }, function(obj) {
-                        UI.removeLoadingScreen();
-                        if (obj && obj.error) {
-                            // TODO more specific error message?
-                            UI.alert(Messages.settings_changePasswordError);
-                        }
+                    UI.addLoadingScreen({ loadingText: Messages.settings_changePasswordPending });
+                    // We're going to derive the bytes in inner in order to ask for the possible
+                    // OTP code after the Scrypt execution. This will make it less likely to
+                    // have the OTP code expire.
+                    setTimeout(function () {
+                        var oldBytes, newBytes;
+                        var auth = {};
+                        nThen(function (w) {
+                            var name = privateData.accountName;
+                            deriveBytes(name, oldPassword, w(function (bytes) {
+                                oldBytes = bytes;
+                            }));
+                            deriveBytes(name, newPassword, w(function (bytes) {
+                                newBytes = bytes;
+                            }));
+                        }).nThen(function (w) {
+                            var result = Login.allocateBytes(oldBytes);
+                            sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
+                                blockHash: result.blockHash,
+                                userHash: result.userHash,
+                            }, w(function (err, obj) {
+                                if (!obj || !obj.correct) {
+                                    UI.warn(Messages.login_noSuchUser);
+                                    w.abort();
+                                    UI.removeLoadingScreen();
+                                }
+                            }));
+                        }).nThen(function (w) {
+                            // CHECK MFA
+                            sframeChan.query('Q_SETTINGS_MFA_CHECK', {}, w(function (err, obj) {
+                                // No block? no need for a code
+                                if (err || !obj || (obj && obj.err === 'NOBLOCK')
+                                        || !obj.mfa) { return; }
+                                auth.type = obj.type;
+
+                                if (auth.type === 'TOTP') {
+                                    UI.getOTPScreen(w(function (val) {
+                                        auth.data = val;
+                                        UI.addLoadingScreen({ loadingText: Messages.settings_changePasswordPending });
+                                    }), function () {
+                                        w.abort(); // On exit OTP screen
+                                    });
+                                }
+                            }));
+                        }).nThen(function () {
+                            updateBlock({
+                                password: oldPassword,
+                                newPassword: newPassword,
+                                oldBytes: oldBytes,
+                                newBytes: newBytes,
+                                auth: auth
+                            }, function(obj) {
+                                UI.removeLoadingScreen();
+                                if (obj && obj.error) {
+                                    if (obj.error === 'INVALID_CODE') {
+                                        return void UI.warn(Messages.settings_otp_invalid);
+                                    }
+                                    // TODO more specific error message?
+                                    console.error(obj.error);
+                                    UI.alert(Messages.settings_changePasswordError);
+                                }
+                            });
+                        });
                     });
                 }, {
                     ok: Messages.register_writtenPassword,
@@ -812,7 +942,7 @@ define([
                     placeholder: Messages.login_password,
                 })),
                 OTPEntry = h('input', {
-                    placeholder: Messages.settings_totp_code
+                    placeholder: Messages.settings_otp_code
                 }),
                 disable
             ]));
@@ -831,7 +961,7 @@ define([
                 setTimeout(function () {
                 Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
                     var result = Login.allocateBytes(bytes);
-                    sframeChan.query("Q_SETTINGS_CHECK_BLOCK", {
+                    sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
                         blockHash: result.blockHash,
                     }, function (err, obj) {
                         if (!obj || !obj.correct) {
@@ -851,7 +981,7 @@ define([
                             $OTPEntry.val("");
                             if (err || !obj || !obj.success) {
                                 $b.removeAttr('disabled');
-                                return void UI.warn(Messages.settings_totp_code_invalid);
+                                return void UI.warn(Messages.settings_otp_invalid);
                             }
                             drawTotp(content, false);
                         }, {raw: true});
@@ -910,7 +1040,7 @@ define([
                     setTimeout(function () {
                         Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
                             var result = Login.allocateBytes(bytes);
-                            sframeChan.query("Q_SETTINGS_CHECK_BLOCK", {
+                            sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
                                 blockHash: result.blockHash,
                             }, function (err, obj) {
                                 BUSY = false;
@@ -956,7 +1086,7 @@ define([
                     updateQR(uri, qr);
 
                     var OTPEntry = h('input', {
-                        placeholder: Messages.settings_totp_code
+                        placeholder: Messages.settings_otp_code
                     });
                     var $OTPEntry = $(OTPEntry);
 
@@ -1028,9 +1158,9 @@ define([
         if (!common.isLoggedIn()) { return void cb(false); }
 
         var content = h('div');
-        sframeChan.query('Q_SETTINGS_TOTP_CHECK', {}, function (err, obj) {
+        sframeChan.query('Q_SETTINGS_MFA_CHECK', {}, function (err, obj) {
             if (err || !obj || (obj && obj.err === 'NOBLOCK')) { return void cb(false); }
-            var enabled = obj && obj.totp;
+            var enabled = obj && obj.mfa && obj.type === 'TOTP';
             drawTotp(content, Boolean(enabled));
             cb(content);
         });
diff --git a/www/settings/main.js b/www/settings/main.js
index f962d639e..2cd216655 100644
--- a/www/settings/main.js
+++ b/www/settings/main.js
@@ -70,8 +70,12 @@ define([
             sframeChan.on('Q_SETTINGS_IMPORT_LOCAL', function (data, cb) {
                 Cryptpad.mergeAnonDrive(cb);
             });
-            sframeChan.on('Q_SETTINGS_CHECK_BLOCK', function (data, cb) {
-                cb({correct: data.blockHash === Utils.LocalStore.getBlockHash() });
+            sframeChan.on('Q_SETTINGS_CHECK_PASSWORD', function (data, cb) {
+                var blockHash = Utils.LocalStore.getBlockHash();
+                var userHash = Utils.LocalStore.getUserHash();
+                var correct = (blockHash && blockHash === data.blockHash) ||
+                              (!blockHash && userHash === data.userHash);
+                cb({correct: correct});
             });
             sframeChan.on('Q_SETTINGS_TOTP_SETUP', function (obj, cb) {
                 require([
@@ -97,18 +101,24 @@ define([
                     });
                 });
             });
-            sframeChan.on('Q_SETTINGS_TOTP_CHECK', function (obj, cb) {
+            sframeChan.on('Q_SETTINGS_MFA_CHECK', function (obj, cb) {
                 require([
                     '/common/outer/login-block.js',
                 ], function (Block) {
                     var blockHash = Utils.LocalStore.getBlockHash();
                     if (!blockHash) { return void cb({ err: 'NOBLOCK' }); }
                     var parsed = Block.parseBlockHash(blockHash);
-                    Utils.Util.getBlock(parsed.href, {}, function (err) {
-                        cb({totp: err === 401});
+                    Utils.Util.getBlock(parsed.href, {}, function (err, data) {
+                        cb({
+                            mfa: err === 401,
+                            type: data && data.method
+                        });
                     });
                 });
             });
+            sframeChan.on('Q_SETTINGS_REMOVE_OWNED_PADS', function (data, cb) {
+                Cryptpad.removeOwnedPads(data, cb);
+            });
             sframeChan.on('Q_SETTINGS_DELETE_ACCOUNT', function (data, cb) {
                 Cryptpad.deleteAccount(data, cb);
             });

From 318202531f22721892c01a9800c3388f5b0fadf3 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 20 Jun 2023 12:52:04 +0200
Subject: [PATCH 57/58] TOTP: UI fixes and improvements

---
 customize.dist/pages/recovery.js              | 120 +++----
 .../src/less2/pages/page-recovery.less        |   9 +-
 www/common/common-interface.js                |   9 +-
 www/recovery/main.js                          |  45 ++-
 www/settings/app-settings.less                |  43 ++-
 www/settings/inner.js                         | 308 ++++++++++--------
 6 files changed, 308 insertions(+), 226 deletions(-)

diff --git a/customize.dist/pages/recovery.js b/customize.dist/pages/recovery.js
index 8355e7a81..b34758bed 100644
--- a/customize.dist/pages/recovery.js
+++ b/customize.dist/pages/recovery.js
@@ -6,35 +6,24 @@ define([
     '/customize/messages.js',
     '/customize/pages.js'
 ], function (Config, $, h, UI, Msg, Pages) {
+
+Msg.recovery_header = "Account recovery"; // XXX
+Msg.recovery_mfa_description = "If you have lost access to your Two-Factor Authentication method you can disable 2FA for your account using your recovery code. Please start by entering your login and password:";
+Msg.recovery_mfa_secret = "Please enter your recovery code to disable 2FA for your account:";
+Msg.recovery_mfa_secret_ph = "Recovery code";
+
+Msg.mfa_disable = "Disable 2FA"; // XXX also in settings
+Msg.continue = "Continue"; // XXX also in settings
+
+Msg.recovery_forgot = 'Forgot recovery code';
+Msg.recovery_forgot_text = 'Please copy the following information and <a href="mailto:{0}">email it</a> toyour instance administrators';
+
+Msg.recovery_mfa_wrong = "Invalid username or password";
+Msg.recovery_mfa_error = "Unknown error. Please reload and try again.";
+Msg.recovery_mfa_disabled = "Multi-factor authentication is already disabled for this account.";
+
     return function () {
-        document.title = Msg.register_header;
-
-        var tos = $(UI.createCheckbox('accept-terms')).find('.cp-checkmark-label').append(Msg.register_acceptTerms).parent()[0];
-
-        var termsLink = Pages.customURLs.terms;
-        $(tos).find('a').attr({
-            href: termsLink,
-            target: '_blank',
-            tabindex: '-1',
-        });
-
-Msg.recovery_header = "Recover account"; // XXX
-Msg.recovery_totp = "Disable TOTP on your account"; // XXX
-Msg.recovery_totp_description = "If you've locked yourselves out of your CryptPad account because of a TOTP (Time based One Time Password) multi-factor authentication, you can use this form to disable this protection.";
-Msg.recovery_totp_beta = 'The TOTP multi-factor authentication has just been released. To avoid accidentaly locking accounts, the support team will temporarily agree to disable the protection even if you forgot your secret recovery key. <strong>If you forgot your recovery key, please copy the proof of ownership and send it to <a href="mailto:{0}">{0}</a></strong>';
-Msg.recovery_totp_login = "Please enter your login credentials";
-Msg.recovery_totp_secret = "Please enter your secret recovery key";
-Msg.recovery_totp_secret_ph = "Secret recovery key";
-Msg.recovery_totp_proof = "Proof of ownership";
-Msg.recovery_totp_continue = "Continue";
-Msg.recovery_totp_disable = "Disable TOTP";
-
-Msg.recovery_totp_method_email = "Manual recovery by email";
-Msg.recovery_totp_method_secret = "Automatic recovery by secret key";
-
-Msg.recovery_totp_wrong = "Invalid username or password";
-Msg.recovery_totp_error = "Unknown error. Please reload and try again.";
-Msg.recovery_totp_disabled = "Multi-factor authentication is already disabled for this account.";
+        document.title = Msg.recovery_header;
 
         var frame = function (content) {
             return [
@@ -48,29 +37,13 @@ Msg.recovery_totp_disabled = "Multi-factor authentication is already disabled fo
             ];
         };
 
-        if (Config.restrictRegistration) {
-            return frame([
-                h('div.cp-restricted-registration', [
-                    h('p', Msg.register_registrationIsClosed),
-                ])
-            ]);
-        }
-
-        var termsCheck;
-        if (termsLink) {
-            termsCheck = h('div.checkbox-container', tos);
-        }
-
         return frame([
             h('div.row.cp-recovery-det', [
-                h('div#userForm.form-group.hidden.col-md-12', [
-                    h('h2', Msg.recovery_totp),
-                    h('div.cp-recovery-desc', [
-                        Msg._getKey('recovery_totp_description', [ Pages.Instance.name ]),
-                    ]),
+                h('div.hidden.col-md-3'),
+                h('div#userForm.form-group.hidden.col-md-6', [
                     h('div.cp-recovery-step.step1', [
-                        h('div.alert.alert-danger.wrong-cred.cp-hidden', Msg.recovery_totp_wrong),
-                        h('label', Msg.recovery_totp_login),
+                        h('p', Msg.recovery_mfa_description),
+                        h('div.alert.alert-danger.wrong-cred.cp-hidden', Msg.recovery_mfa_wrong),
                         h('input.form-control#username', {
                             type: 'text',
                             autocomplete: 'off',
@@ -85,41 +58,40 @@ Msg.recovery_totp_disabled = "Multi-factor authentication is already disabled fo
                             placeholder: Msg.login_password,
                         }),
                         h('div.cp-recover-button',
-                            h('button.btn.btn-primary#cp-recover-login', Msg.recovery_totp_continue)
+                            h('button.btn.btn-primary#cp-recover-login', Msg.continue)
                         )
                     ]),
                     h('div.cp-recovery-step.step2', { style: 'display: none;' }, [
-                        h('div.cp-recovery-method', [
-                            h('h3', Msg.recovery_totp_method_secret),
-                            h('label', Msg.recovery_totp_secret),
-                            h('input.form-control#totprecovery', {
-                                type: 'text',
-                                autocomplete: 'off',
-                                autocorrect: 'off',
-                                autocapitalize: 'off',
-                                spellcheck: false,
-                                placeholder: Msg.recovery_totp_secret_ph,
-                                autofocus: true,
-                            }),
-                            h('div.cp-recover-button',
-                                h('button.btn.btn-primary#cp-recover', Msg.recovery_totp_disable)
-                            )
+                        h('label', Msg.recovery_mfa_secret),
+                        h('input.form-control#mfarecovery', {
+                            type: 'text',
+                            autocomplete: 'off',
+                            autocorrect: 'off',
+                            autocapitalize: 'off',
+                            spellcheck: false,
+                            placeholder: Msg.recovery_mfa_secret_ph,
+                            autofocus: true,
+                        }),
+                        h('div.cp-recovery-forgot', [
+                            h('i.fa.fa-caret-right'),
+                            h('span', Msg.recovery_forgot)
                         ]),
-                        h('div.cp-recovery-desc', Msg.settings_kanbanTagsOr),
-                        h('div.cp-recovery-method', [
-                            h('h3', Msg.recovery_totp_method_email),
-                            Config.adminEmail ? UI.setHTML(h('div.alert.alert-warning'),
-                                Msg._getKey('recovery_totp_beta', [Config.adminEmail])) : undefined,
-                            h('label', Msg.recovery_totp_proof),
+                        h('div.cp-recovery-alt', { style: 'display: none;' }, [
+                            UI.setHTML(h('div'),
+                                Msg._getKey('recovery_forgot_text', [Config.adminEmail || ''])),
                             h('textarea.cp-recover-email', {readonly: 'readonly'}),
-                            h('button.btn.btn-secondary#totpcopyproof', Msg.copyToClipboard),
+                            h('button.btn.btn-secondary#mfacopyproof', Msg.copyToClipboard),
                         ]),
+                        h('div.cp-recover-button',
+                            h('button.btn.btn-primary#cp-recover', Msg.mfa_disable)
+                        )
                     ]),
                     h('div.cp-recovery-step.step-info', { style: 'display: none;' }, [
-                        h('div.alert.alert-info.cp-hidden.disabled', Msg.recovery_totp_disabled),
-                        h('div.alert.alert-danger.cp-hidden.unknown-error', Msg.recovery_totp_error),
+                        h('div.alert.alert-info.cp-hidden.disabled', Msg.recovery_mfa_disabled),
+                        h('div.alert.alert-danger.cp-hidden.unknown-error', Msg.recovery_mfa_error),
                     ]),
-                ])
+                ]),
+                h('div.hidden.col-md-3'),
             ])
         ]);
     };
diff --git a/customize.dist/src/less2/pages/page-recovery.less b/customize.dist/src/less2/pages/page-recovery.less
index 2fe41447b..872707fe7 100644
--- a/customize.dist/src/less2/pages/page-recovery.less
+++ b/customize.dist/src/less2/pages/page-recovery.less
@@ -59,7 +59,14 @@
 
     .cp-recovery-det {
         .cp-recover-button {
-            text-align: center;
+            text-align: right;
+        }
+        .cp-recovery-forgot {
+            cursor: pointer;
+            i {
+                margin-right: 5px;
+                width: 10px;
+            }
         }
         .cp-recovery-method {
             padding: 5px;
diff --git a/www/common/common-interface.js b/www/common/common-interface.js
index 35440aec7..1e1569870 100644
--- a/www/common/common-interface.js
+++ b/www/common/common-interface.js
@@ -1507,8 +1507,10 @@ define([
     };
 
     Messages.settings_otp_code = "OTP code"; // XXX KEY ALREADY ADDED IN www/settings/inner.js
-    Messages.loading_enter_otp = "This account is protected with MFA. Please enter your OTP code."; // XXX
-    Messages.settings_otp_invalid = "Invalid OTP code";
+    Messages.settings_otp_invalid = "Invalid OTP code"; // Same
+
+    Messages.loading_enter_otp = "This account is protected with Two-Factor Authentication. Please enter your verification code."; // XXX
+    Messages.loading_recover = 'Unable to get a code? <a href="/recovery/">Recover your account</a>';
 
 
     UI.getOTPScreen = function (cb, exitable, err) {
@@ -1529,7 +1531,8 @@ define([
                     spellcheck: false,
                 }),
                 btn = h('button.btn.btn-primary', Messages.ui_confirm)
-            ])
+            ]),
+            UI.setHTML(h('p.cp-password-recovery'), Messages.loading_recover)
         ]);
         var $input = $(input);
         var $btn = $(btn).click(function () {
diff --git a/www/recovery/main.js b/www/recovery/main.js
index 15ac298d9..5a0576e15 100644
--- a/www/recovery/main.js
+++ b/www/recovery/main.js
@@ -35,28 +35,36 @@ define([
         // text and password input fields
         var $uname = $('#username');
         var $passwd = $('#password');
-        var $recoveryKey = $('#totprecovery');
-        var $copyProof = $('#totpcopyproof');
+        var $recoveryKey = $('#mfarecovery');
+        var $copyProof = $('#mfacopyproof');
 
         var $step1 = $('.cp-recovery-step.step1');
         var $step2 = $('.cp-recovery-step.step2');
         var $stepInfo = $('.cp-recovery-step.step-info');
-        var $totpProof = $('textarea.cp-recover-email');
+        var $mfaProof = $('textarea.cp-recover-email');
+        var $forgot = $('.cp-recovery-forgot');
+        var $alt = $('.cp-recovery-alt');
 
         [ $uname, $passwd]
         .some(function ($el) { if (!$el.val()) { $el.focus(); return true; } });
 
-        var totpStep2 = function () {
+        var mfaStep2 = function () {
             $step1.hide();
             $step2.show();
         };
-        var totpStepInfo = function (cls) {
+        var mfaStepInfo = function (cls) {
             $step1.hide();
             $stepInfo.find('.alert').toggleClass('cp-hidden', true);
             $stepInfo.find(cls).toggleClass('cp-hidden', false);
             $stepInfo.show();
         };
 
+        $forgot.click(function () {
+            $alt.toggle();
+            if ($alt.is(':visible')) { $forgot.find('i').attr('class', 'fa fa-caret-down'); }
+            else { $forgot.find('i').attr('class', 'fa fa-caret-right'); }
+        });
+
         var proofStr;
         var addProof = function (blockKeys) {
             var pub = blockKeys.sign.publicKey;
@@ -69,7 +77,7 @@ define([
             var proof = Nacl.sign.detached(Nacl.util.decodeUTF8(Sortify(toSign)), sec);
             toSign.proof = Nacl.util.encodeBase64(proof);
             proofStr = JSON.stringify(toSign, 0, 2);
-            $totpProof.html(proofStr);
+            $mfaProof.html(proofStr);
         };
 
         $copyProof.click(function () {
@@ -81,7 +89,9 @@ define([
             }
         });
 
-        var revokeTOTP = function (blockKeys) {
+        var blockKeys, blockHash, uname;
+
+        var revokeTOTP = function () {
             var recoveryKey = $recoveryKey.val().trim();
             if (!recoveryKey || recoveryKey.length !== 32) {
                 return void UI.warn(Messages.error); // XXX error message?
@@ -96,38 +106,40 @@ define([
                     return void UI.warn(Messages.error);
                 }
                 // XXX redirect to login?
-                return void UI.log(Messages.ui_success);
+                UI.log(Messages.ui_success);
+                LocalStore.login(undefined, blockHash, uname, function () {
+                    Login.redirect();
+                });
             });
         };
 
         var $recoverLogin = $('button#cp-recover-login');
         var $recoverConfirm = $('button#cp-recover');
-        var blockKeys;
         $recoverLogin.click(function () {
             UI.addLoadingScreen({
                 loadingText: Messages.login_hashing
             });
-            var name = $uname.val();
+            uname = $uname.val();
             var pw = $passwd.val();
             setTimeout(function () {
-                Login.Cred.deriveFromPassphrase(name, pw, Login.requiredBytes, function (bytes) {
+                Login.Cred.deriveFromPassphrase(uname, pw, Login.requiredBytes, function (bytes) {
                     var result = Login.allocateBytes(bytes);
-                    var blockHash = result.blockHash;
+                    blockHash = result.blockHash;
                     var parsed = Block.parseBlockHash(blockHash);
                     addProof(result.blockKeys);
                     blockKeys = result.blockKeys;
                     Util.getBlock(parsed.href, {}, function (err, v) {
                         UI.removeLoadingScreen();
                         if (v && !err) {
-                            return totpStepInfo('.disabled');
+                            return mfaStepInfo('.disabled');
                         }
                         if (err === 401) {
-                            return totpStep2(result.blockKeys);
+                            return mfaStep2(result.blockKeys);
                         }
                         if (err === 404) {
                             return $step1.find('.wrong-cred').toggleClass('cp-hidden', false);
                         }
-                        totpStepInfo('.unknown-error');
+                        mfaStepInfo('.unknown-error');
                     });
                 });
             }, 100);
@@ -137,8 +149,7 @@ define([
             multiple: true
         }, function () {
             if (!blockKeys) { return; }
-            // XXX disable TOTP automatically
-            revokeTOTP(blockKeys);
+            revokeTOTP();
         });
 
     });
diff --git a/www/settings/app-settings.less b/www/settings/app-settings.less
index c437d2dc3..da3a5ccf1 100644
--- a/www/settings/app-settings.less
+++ b/www/settings/app-settings.less
@@ -86,13 +86,13 @@
                 }
             }
 
-            .cp-settings-change-password, .cp-settings-own-drive, .cp-settings-delete {
+            .cp-password-container {
                 [type="password"], [type="text"] {
                     width: @sidebar_button-width;
                     flex: unset;
                 }
                 button {
-                    margin-top: 5px;
+                    margin-left: 10px;
                 }
             }
             .cp-settings-drive-backup {
@@ -103,10 +103,47 @@
                     margin-right: 5px;
                 }
             }
-            .cp-settings-totp {
+            .cp-settings-mfa {
                 .cp-settings-qr {
                     img {
                         border: 10px solid white;
+                        border-radius: 10px;
+                    }
+                    margin: 10px 20px 20px 0;
+                }
+            }
+            .cp-settings-mfa-hint {
+                color: @cp_sidebar-hint;
+            }
+            .cp-settings-mfa-status {
+                & > i {
+                    margin-right: 5px;
+                }
+                margin: 1em 0;
+            }
+            .cp-settings-mfa {
+                .cp-password-container {
+                    flex-wrap: wrap;
+                    input {
+                        flex-shrink: 1;
+                        max-width: 400px;
+                    }
+                    label {
+                        width: 100%;
+                        font-weight: unset;
+                        margin-bottom: 5px;
+                    }
+                }
+                .cp-settings-qr-container {
+                    display: flex;
+                    align-items: center;
+                    .cp-settings-qr-code {
+                        input {
+                            max-width: 250px;
+                        }
+                        button {
+                            margin-top: 10px
+                        }
                     }
                 }
             }
diff --git a/www/settings/inner.js b/www/settings/inner.js
index 35a56701c..e06766218 100644
--- a/www/settings/inner.js
+++ b/www/settings/inner.js
@@ -49,19 +49,27 @@ define([
     var privateData;
     var sframeChan;
 
-    Messages.settings_totpTitle = "TOTP"; // XXX
+    Messages.settings_mfaTitle = "Two-Factor Authentication (2FA)"; // XXX
+    Messages.settings_mfaHint = "Protect your account..."; // XXX
     Messages.settings_cat_access = "Security"; // XXX
-    Messages.settings_totp_enable = "Enable TOTP"; // XXX
-    Messages.settings_totp_disable = "Disable TOTP"; // XXX
-    Messages.settings_totp_generate = "Generate secret"; // XXX
-    Messages.settings_otp_code = "OTP code"; // XXX
+    Messages.done = "Done";
+    Messages.continue = "Continue";
+    Messages.mfa_setup_label = "To enable 2FA, please begin by entering your account password"; // XXX
+    Messages.mfa_setup_button = "Begin 2FA setup"; // XXX
+    Messages.mfa_revoke_label = "To disable 2FA, please begin by entering your account password"; // XXX
+    Messages.mfa_revoke_button = "Start disable 2FA"; // XXX
+    Messages.mfa_revoke_code = "Please enter your verification code";
+    Messages.mfa_status_on = "2FA is active on this account";
+    Messages.mfa_status_off = "2FA is not active on this account";
+    Messages.mfa_recovery_title = "Save this recovery code now";
+    Messages.mfa_recovery_hint = "If you loose access to your authenticator...........";
+    Messages.mfa_recovery_warning = "This code will not be shown again...........";
+    Messages.mfa_enable = "Enable 2FA";
+    Messages.mfa_disable = "Disable 2FA";
+
+    Messages.settings_otp_code = "Verification code"; // XXX
     Messages.settings_otp_invalid = "Invalid OTP code"; // XXX
-
-    Messages.settings_totp_tuto = "Scan this QR code with a authenticator application. Obtain a valid authentication code and confirm before it expires."; // XXX
-    Messages.settings_totp_confirm = "Enable TOTP with this secret"; // XXX
-
-    Messages.settings_totp_recovery_header = "Recovery code";
-    Messages.settings_totp_recovery = "If you lose access to your authenticator app, you may lock yourselves out of your CryptPad account. <strong>To prevent this, please store the following recovery secret key.</strong> You'll be able to use it to disable the multi-factor authentication. Do not share this key.";
+    Messages.settings_otp_tuto = "Please scan this QR code with your authenticator app and paste the verification code to confirm.";
 
     Messages.settings_removeOwnedButton = "Destroy documents";
     Messages.settings_removeOwnedText = "Please wait while your document are being destroyed...";
@@ -75,7 +83,7 @@ define([
             'cp-settings-mediatag-size',
         ],
         'access': [ // Msg.settings_cat_access // XXX
-            'cp-settings-totp',
+            'cp-settings-mfa',
             'cp-settings-remove-owned',
             'cp-settings-change-password',
             'cp-settings-delete'
@@ -930,46 +938,76 @@ define([
 
     // Account access
 
-    var drawTotp = function (content, enabled) {
+    var drawMfa = function (content, enabled) {
         var $content = $(content).empty();
+        $content.append(h('div.cp-settings-mfa-hint.cp-settings-mfa-status', [
+            h('i.fa' + (enabled ? '.fa-check' : '.fa-times')),
+            h('span', enabled ? Messages.mfa_status_on : Messages.mfa_status_off)
+        ]));
         if (enabled) {
             (function () {
-            var disable = h('button.btn.btn-danger', Messages.settings_totp_disable);
-            var OTPEntry, pwInput;
-            $content.append(h('div', [
-                h('p', pwInput = h('input', {
+            var button = h('button.btn.btn-danger', Messages.mfa_revoke_button);
+            var $mfaRevokeBtn = $(button);
+            var pwInput;
+            var pwContainer = h('div.cp-password-container', [
+                h('label.cp-settings-mfa-hint', { for: 'cp-mfa-password' }, Messages.mfa_revoke_label),
+                pwInput = h('input#cp-mfa-password', {
                     type: 'password',
                     placeholder: Messages.login_password,
-                })),
-                OTPEntry = h('input', {
-                    placeholder: Messages.settings_otp_code
                 }),
-                disable
-            ]));
-            var $b = $(disable);
-            var $OTPEntry = $(OTPEntry);
-            UI.confirmButton(disable, {
-                classes: 'btn-danger',
-                multiple: true
-            }, function () {
-                $b.attr('disabled', 'disabled');
+                button
+            ]);
+            $content.append(pwContainer);
+
+            var spinner = UI.makeSpinner($mfaRevokeBtn);
+            $mfaRevokeBtn.click(function () {
                 var name = privateData.accountName;
                 var password = $(pwInput).val();
+                if (!password) { return void UI.warn(Messages.login_noSuchUser); }
 
-                // scrypt locks up the UI before the DOM has a chance
-                // to update (displaying logs, etc.), so do a set timeout
-                setTimeout(function () {
-                Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
-                    var result = Login.allocateBytes(bytes);
-                    sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
-                        blockHash: result.blockHash,
-                    }, function (err, obj) {
-                        if (!obj || !obj.correct) {
-                            UI.warn(Messages.login_noSuchUser);
-                            $b.removeAttr('disabled');
-                            return;
-                        }
-                        var blockKeys = result.blockKeys;
+                spinner.spin();
+                $(pwInput).prop('disabled', 'disabled');
+                $mfaRevokeBtn.prop('disabled', 'disabled');
+                var blockKeys;
+
+                nThen(function (waitFor) {
+                    var next = waitFor();
+                    // scrypt locks up the UI before the DOM has a chance
+                    // to update (displaying logs, etc.), so do a set timeout
+                    setTimeout(function () {
+                    Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
+                        var result = Login.allocateBytes(bytes);
+                        sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
+                            blockHash: result.blockHash,
+                        }, function (err, obj) {
+                            if (!obj || !obj.correct) {
+                                spinner.hide();
+                                UI.warn(Messages.login_noSuchUser);
+                                $mfaRevokeBtn.removeAttr('disabled');
+                                $(pwInput).removeAttr('disabled');
+                                waitFor.abort();
+                                return;
+                            }
+                            spinner.done();
+                            blockKeys = result.blockKeys;
+                            next();
+                        });
+                    });
+                    }, 100);
+                }).nThen(function () {
+                    $(pwContainer).remove();
+                    var OTPEntry;
+                    var disable = h('button.btn.btn-danger', Messages.mfa_disable);
+                    $content.append(h('div.cp-password-container', [
+                        h('label.cp-settings-mfa-hint', { for: 'cp-mfa-password' }, Messages.mfa_revoke_code),
+                        OTPEntry = h('input', {
+                            placeholder: Messages.settings_otp_code
+                        }),
+                        disable
+                    ]));
+                    var $OTPEntry = $(OTPEntry);
+                    var $d = $(disable).click(function () {
+                        $d.prop('disabled', 'disabled');
                         var code = $OTPEntry.val();
                         sframeChan.query("Q_SETTINGS_TOTP_REVOKE", {
                             key: blockKeys.sign,
@@ -980,25 +1018,44 @@ define([
                         }, function (err, obj) {
                             $OTPEntry.val("");
                             if (err || !obj || !obj.success) {
-                                $b.removeAttr('disabled');
+                                $d.removeAttr('disabled');
                                 return void UI.warn(Messages.settings_otp_invalid);
                             }
-                            drawTotp(content, false);
+                            drawMfa(content, false);
                         }, {raw: true});
+
                     });
                 });
-                }, 1000);
             });
 
             })();
             return;
         }
 
-        var button = h('button.btn.btn-primary', Messages.settings_totp_enable);
+        var button = h('button.btn.btn-primary', Messages.mfa_setup_button);
+        var $mfaSetupBtn = $(button);
+        var pwInput;
+        $content.append(h('div.cp-password-container', [
+            h('label.cp-settings-mfa-hint', { for: 'cp-mfa-password' }, Messages.mfa_setup_label),
+            pwInput = h('input#cp-mfa-password', {
+                type: 'password',
+                placeholder: Messages.login_password,
+            }),
+            button
+        ]));
+        var spinner = UI.makeSpinner($mfaSetupBtn);
         $(button).click(function () {
-            $content.empty();
+            var name = privateData.accountName;
+            var password = $(pwInput).val();
+            if (!password) { return void UI.warn(Messages.login_noSuchUser); }
+
+            spinner.spin();
+            $(pwInput).prop('disabled', 'disabled');
+            $mfaSetupBtn.prop('disabled', 'disabled');
+
             var Base32, QRCode, Nacl;
             var blockKeys;
+            var recoverySecret;
             nThen(function (waitFor) {
                 require([
                     '/auth/base32.js',
@@ -1010,52 +1067,58 @@ define([
                     Nacl = window.nacl;
                 }));
             }).nThen(function (waitFor) {
-                var pwInput;
-                var button = h('button.btn.btn-secondary', Messages.ui_confirm);
-                $content.append(h('div', [
-                    h('p', pwInput = h('input', {
-                        type: 'password',
-                        placeholder: Messages.login_password,
-                    })),
-                    button
-                ]));
                 var next = waitFor();
-                var BUSY = false;
-
-                var spinner = UI.makeSpinner($content);
-                var $b = $(button).click(function () {
-                    if (BUSY) { return; }
-
-                    var name = privateData.accountName;
-                    var password = $(pwInput).val();
-
-                    if (!password) { return void UI.warn(Messages.login_noSuchUser); }
-
-                    spinner.spin();
-                    $b.attr('disabled', 'disabled');
-                    BUSY = true;
-
-                    // scrypt locks up the UI before the DOM has a chance
-                    // to update (displaying logs, etc.), so do a set timeout
-                    setTimeout(function () {
-                        Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
-                            var result = Login.allocateBytes(bytes);
-                            sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
-                                blockHash: result.blockHash,
-                            }, function (err, obj) {
-                                BUSY = false;
-                                if (!obj || !obj.correct) {
-                                    spinner.hide();
-                                    UI.warn(Messages.login_noSuchUser);
-                                    $b.removeAttr('disabled');
-                                    return;
-                                }
-                                spinner.done();
-                                blockKeys = result.blockKeys;
-                                next();
-                            });
+                // scrypt locks up the UI before the DOM has a chance
+                // to update (displaying logs, etc.), so do a set timeout
+                setTimeout(function () {
+                    Login.Cred.deriveFromPassphrase(name, password, Login.requiredBytes, function (bytes) {
+                        var result = Login.allocateBytes(bytes);
+                        sframeChan.query("Q_SETTINGS_CHECK_PASSWORD", {
+                            blockHash: result.blockHash,
+                        }, function (err, obj) {
+                            if (!obj || !obj.correct) {
+                                spinner.hide();
+                                UI.warn(Messages.login_noSuchUser);
+                                $mfaSetupBtn.removeAttr('disabled');
+                                $(pwInput).removeAttr('disabled');
+                                waitFor.abort();
+                                return;
+                            }
+                            spinner.done();
+                            blockKeys = result.blockKeys;
+                            next();
                         });
-                    }, 1000);
+                    });
+                }, 100);
+            }).nThen(function (waitFor) {
+                $content.empty();
+                var next = waitFor();
+                recoverySecret = Nacl.util.encodeBase64(Nacl.randomBytes(24));
+                var button = h('button.btn.btn-primary', [
+                    h('i.fa.fa-check'),
+                    h('span', Messages.done)
+                ]);
+                $content.append(h('div.alert.alert-danger', [
+                    h('h2', Messages.mfa_recovery_title),
+                    h('p', Messages.mfa_recovery_hint),
+                    h('p', Messages.mfa_recovery_warning),
+                    h('div.cp-password-container', [
+                        UI.dialog.selectable(recoverySecret),
+                        button
+                    ])
+                ]));
+
+                var nextButton = h('button.btn.btn-primary', {
+                    'disabled': 'disabled'
+                }, Messages.continue);
+                $(nextButton).click(function () {
+                    next();
+                }).appendTo($content);
+
+                $(button).click(function () {
+                    $content.find('.alert-danger').removeClass('alert-danger').addClass('alert-success');
+                    $(button).prop('disabled', 'disabled');
+                    $(nextButton).removeAttr('disabled');
                 });
             }).nThen(function () {
                 var randomSecret = function () {
@@ -1063,18 +1126,11 @@ define([
                     return Base32.encode(U8);
                 };
                 $content.empty();
-                var generate = h('button.btn.btn-primary', Messages.settings_totp_generate);
-                var secretContainer = h('div');
-                var $container = $(secretContainer);
-                $content.append(secretContainer, h('p', generate));
 
-                var updateQR = Util.throttle(function (uri, target) {
+                var updateQR = Util.mkAsync(function (uri, target) {
                     new QRCode(target, uri);
-                }, 400);
+                });
                 var updateURI = function (secret) {
-                    $container.empty();
-
-                    var recoverySecret = Nacl.util.encodeBase64(Nacl.randomBytes(24));
                     var username = privateData.accountName;
                     var hostname = new URL(privateData.origin).hostname;
                     var label = "CryptPad";
@@ -1090,8 +1146,11 @@ define([
                     });
                     var $OTPEntry = $(OTPEntry);
 
-                    var description = h('p', Messages.settings_totp_tuto);
-                    var confirmOTP = h('button.btn.btn-primary', Messages.settings_totp_confirm);
+                    var description = h('p.cp-settings-mfa-hint', Messages.settings_otp_tuto);
+                    var confirmOTP = h('button.btn.btn-primary', [
+                        h('i.fa.fa-check'),
+                        h('span', Messages.mfa_enable)
+                    ]);
                     var $confirmBtn = $(confirmOTP);
                     var lock = false;
                     UI.confirmButton(confirmOTP, {
@@ -1099,7 +1158,7 @@ define([
                     }, function () {
                         var code = $OTPEntry.val();
                         if (code.length !== 6 || /\D/.test(code)) {
-                            return void UI.warn(Messages.error); // XXX
+                            return void UI.warn(Messages.settings_otp_invalid);
                         }
                         $confirmBtn.attr('disabled', 'disabled');
                         lock = true;
@@ -1107,7 +1166,7 @@ define([
                         var data = {
                             command: 'TOTP_SETUP',
                             secret: secret,
-                            contact: "secret:" + recoverySecret, // XXX add other recovery options
+                            contact: "secret:" + recoverySecret, // TODO other recovery options
                             code: code,
                         };
 
@@ -1122,46 +1181,39 @@ define([
                                 console.error(err);
                                 return void UI.warn(Messages.error);
                             }
-                            drawTotp(content, true);
+                            drawMfa(content, true);
                         }, {raw: true});
 
                     });
 
-                    var recoveryBlock = h('div.alert.alert-danger', [
-                        h('h3', Messages.settings_totp_recovery_header),
-                        UI.setHTML(h('p'), Messages.settings_totp_recovery),
-                        UI.dialog.selectable(recoverySecret)
-                    ]);
-
-                    $container.append([
-                        uriInput,
-                        qr,
-                        h('br'),
+                    $content.append([
                         description,
-                        recoveryBlock,
-                        OTPEntry,
-                        confirmOTP
+                        h('div.cp-settings-qr-container', [
+                            qr,
+                            h('div.cp-settings-qr-code', [
+                                OTPEntry,
+                                h('br'),
+                                confirmOTP
+                            ])
+                        ]),
+                        uriInput
                     ]);
                 };
 
-
-                var $g = $(generate).click(function () {
-                    $g.remove();
-                    var secret = randomSecret();
-                    updateURI(secret);
-                });
+                var secret = randomSecret();
+                updateURI(secret);
             });
 
-        }).appendTo(content);
+        });
     };
-    makeBlock('totp', function (cb) { // Msg.settings_totpTitle
+    makeBlock('mfa', function (cb) { // Msg.settings_mfaTitle, Msg.settings_mfaHint
         if (!common.isLoggedIn()) { return void cb(false); }
 
         var content = h('div');
         sframeChan.query('Q_SETTINGS_MFA_CHECK', {}, function (err, obj) {
             if (err || !obj || (obj && obj.err === 'NOBLOCK')) { return void cb(false); }
             var enabled = obj && obj.mfa && obj.type === 'TOTP';
-            drawTotp(content, Boolean(enabled));
+            drawMfa(content, Boolean(enabled));
             cb(content);
         });
     }, true);

From da5626cbae72cd14b77507ebc7700ed77fe5ad64 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Fri, 23 Jun 2023 18:35:18 +0200
Subject: [PATCH 58/58] TOTP: Use session token instead of JWT to prepare for
 SSO

---
 lib/challenge-commands/totp.js | 13 +++++++----
 lib/http-worker.js             | 40 +++++++++++++++++++++++++++++++++-
 2 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/lib/challenge-commands/totp.js b/lib/challenge-commands/totp.js
index 67667df11..45f2cedd6 100644
--- a/lib/challenge-commands/totp.js
+++ b/lib/challenge-commands/totp.js
@@ -87,7 +87,7 @@ const makeSession = (Env, publicKey, cb) => {
     const sessionId = Sessions.randomId();
     var token;
     nThen(function (w) {
-        createJWT(Env, sessionId, publicKey, w(function (err, _token) {
+        /*createJWT(Env, sessionId, publicKey, w(function (err, _token) {
             if (err) {
                 Env.Log.error("TOTP_VALIDATE_JWT_SIGN_ERROR", {
                     error: Util.serializeError(err),
@@ -97,10 +97,15 @@ const makeSession = (Env, publicKey, cb) => {
                 return void cb("TOKEN_ERROR");
             }
             token = _token;
-        }));
+        }));*/
     }).nThen(function (w) {
         // store the token
-        Sessions.write(Env, publicKey, sessionId, token, w(function (err) {
+        Sessions.write(Env, publicKey, sessionId, JSON.stringify({
+            mfa: {
+                type: 'otp',
+                exp: (+new Date()) + EXPIRATION
+            }
+        }), w(function (err) {
             if (err) {
                 Env.Log.error("TOTP_VALIDATE_SESSION_WRITE", {
                     error: Util.serializeError(err),
@@ -114,7 +119,7 @@ const makeSession = (Env, publicKey, cb) => {
         }));
     }).nThen(function () {
         cb(void 0, {
-            bearer: token,
+            bearer: sessionId,
         });
     });
 
diff --git a/lib/http-worker.js b/lib/http-worker.js
index 77cb6909b..b899eb5b1 100644
--- a/lib/http-worker.js
+++ b/lib/http-worker.js
@@ -343,12 +343,47 @@ app.use('/block/', function (req, res, next) {
         let token = authorization.replace(/^Bearer\s+/, '').trim();
         if (!token) { return void no(); }
 
+        Sessions.read(Env, name, token, function (err, contentStr) {
+            if (err) {
+                Log.error('SESSION_READ_ERROR', err);
+                return res.status(401).json({
+                    method: mfa_params.method,
+                    code: 401,
+                });
+            }
+
+            let content = Util.tryParse(contentStr);
+
+            if (content.mfa && content.mfa.exp && ((+new Date()) > content.mfa.exp)) {
+                Log.error("OTP_SESSION_EXPIRED", payload);
+                Sessions.delete(Env, name, token, function (err) {
+                    if (err) {
+                        Log.error('SESSION_DELETE_EXPIRED_ERROR', err);
+                        return;
+                    }
+                    Log.info('SESSION_DELETE_EXPIRED', err);
+                });
+                return void no();
+            }
+
+            // we could also check whether the content of the file matches the token,
+            // but clients don't have any influence over the reference and can only
+            // request to create tokens that are scoped to a public key they control.
+            // I don' think there's any practical benefit to such a check.
+
+            // So, interpret the existence of a file in that location as the continued
+            // validity of the session. Fall through and let the built-in webserver
+            // handle the 404 or serving the file.
+            next();
+        });
+
         // Otherwise we attempt to validate the token
         // Successful validation implies that the token was issued by the server
         // since only the server should possess the current bearer secret (unless it has leaked).
 
         // It is still possible that the token is not valid for this particular resource,
         // so the algorithm (HMAC SHA512) only asserts its integrity, not its validity.
+        /*
         JWT.verify(token, Env.bearerSecret, {
             algorithm: 'HS512',
         }, w(function (err, payload) {
@@ -405,11 +440,13 @@ app.use('/block/', function (req, res, next) {
             // remember the payload for subsequent asynchronous checks
             jwt_payload = payload;
         }));
+        */
     }).nThen(function () {
         // Finally, even if the JWT itself seems valid, the database
         // is the final authority as to whether the session is still valid,
         // as it might have been revoked
-        Sessions.read(Env, name, jwt_payload.ref, function (err /*, content */) {
+        /*
+        Sessions.read(Env, name, jwt_payload.ref, function (err) {
             if (err) {
                 Log.error('JWT_SESSION_READ_ERROR', err);
                 return res.status(401).json({
@@ -428,6 +465,7 @@ app.use('/block/', function (req, res, next) {
             // handle the 404 or serving the file.
             next();
         });
+        */
     });
 });