From d53114cc20e795755390f2414a2459780eb0974c Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Fri, 14 Feb 2025 23:15:51 +1100
Subject: [PATCH 01/31] Added account page with subpage select

---
 handlers/account.go                     | 25 +++++++++++
 handlers/profile.go                     |  2 +-
 server/routes.go                        | 12 +++++-
 view/component/account/content.templ    | 15 +++++++
 view/component/account/selectmenu.templ | 55 +++++++++++++++++++++++++
 view/page/account.templ                 | 10 +++++
 6 files changed, 117 insertions(+), 2 deletions(-)
 create mode 100644 handlers/account.go
 create mode 100644 view/component/account/content.templ
 create mode 100644 view/component/account/selectmenu.templ
 create mode 100644 view/page/account.templ

diff --git a/handlers/account.go b/handlers/account.go
new file mode 100644
index 0000000..36c180f
--- /dev/null
+++ b/handlers/account.go
@@ -0,0 +1,25 @@
+package handlers
+
+import (
+	"net/http"
+	"projectreshoot/view/component/account"
+	"projectreshoot/view/page"
+)
+
+func HandleAccountPage() http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			page.Account("General").Render(r.Context(), w)
+		},
+	)
+}
+
+func HandleAccountSubpage() http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			r.ParseForm()
+			subpage := r.FormValue("subpage")
+			account.AccountContent(subpage).Render(r.Context(), w)
+		},
+	)
+}
diff --git a/handlers/profile.go b/handlers/profile.go
index 91d21b2..91f381f 100644
--- a/handlers/profile.go
+++ b/handlers/profile.go
@@ -5,7 +5,7 @@ import (
 	"projectreshoot/view/page"
 )
 
-func HandleProfile() http.Handler {
+func HandleProfilePage() http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
 			page.Profile().Render(r.Context(), w)
diff --git a/server/routes.go b/server/routes.go
index 19c87f7..fc54841 100644
--- a/server/routes.go
+++ b/server/routes.go
@@ -63,6 +63,16 @@ func addRoutes(
 	// Profile page
 	mux.Handle("GET /profile",
 		middleware.RequiresLogin(
-			handlers.HandleProfile(),
+			handlers.HandleProfilePage(),
+		))
+
+	// Account page
+	mux.Handle("GET /account",
+		middleware.RequiresLogin(
+			handlers.HandleAccountPage(),
+		))
+	mux.Handle("POST /account-select-page",
+		middleware.RequiresLogin(
+			handlers.HandleAccountSubpage(),
 		))
 }
diff --git a/view/component/account/content.templ b/view/component/account/content.templ
new file mode 100644
index 0000000..2e84536
--- /dev/null
+++ b/view/component/account/content.templ
@@ -0,0 +1,15 @@
+package account
+
+templ AccountContent(subpage string) {
+	<form hx-post="/account-select-page">
+		<div class="flex max-w-200 min-h-100 mx-auto bg-mantle mt-10 rounded-xl">
+			@SelectMenu(subpage)
+			<div class="mt-5">
+				<div class="pl-10 text-2xl text-subtext1 underline">
+					{ subpage }
+				</div>
+				// page content
+			</div>
+		</div>
+	</form>
+}
diff --git a/view/component/account/selectmenu.templ b/view/component/account/selectmenu.templ
new file mode 100644
index 0000000..c8c1ea9
--- /dev/null
+++ b/view/component/account/selectmenu.templ
@@ -0,0 +1,55 @@
+package account
+
+import "fmt"
+
+type MenuItem struct {
+	name string
+	href string
+}
+
+func getMenuItems() []MenuItem {
+	return []MenuItem{
+		{
+			name: "General",
+			href: "general",
+		},
+		{
+			name: "Security",
+			href: "security",
+		},
+		{
+			name: "Preferences",
+			href: "preferences",
+		},
+	}
+}
+
+templ SelectMenu(activePage string) {
+	{{
+	menuItems := getMenuItems()
+	page := fmt.Sprintf("{page:'%s'}", activePage)
+	}}
+	<div class="flex w-fit flex-col border-e bg-surface0 rounded-l-xl">
+		<div class="px-4 py-6">
+			<ul class="mt-6 space-y-1" x-data={ page }>
+				for _, item := range menuItems {
+					{{
+	activebind := fmt.Sprintf("page === '%s' && 'bg-mantle'", item.name)
+					}}
+					<li>
+						<button
+							type="submit"
+							name="subpage"
+							value={ item.name }
+							class="block rounded-lg px-4 py-2 text-md
+                            hover:bg-mantle hover:cursor-pointer"
+							:class={ activebind }
+						>
+							{ item.name }
+						</button>
+					</li>
+				}
+			</ul>
+		</div>
+	</div>
+}
diff --git a/view/page/account.templ b/view/page/account.templ
new file mode 100644
index 0000000..896f657
--- /dev/null
+++ b/view/page/account.templ
@@ -0,0 +1,10 @@
+package page
+
+import "projectreshoot/view/layout"
+import "projectreshoot/view/component/account"
+
+templ Account(subpage string) {
+	@layout.Global() {
+		@account.AccountContent(subpage)
+	}
+}

From eaf40b3d915474a88ab611a5192356b6e14b0fa3 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Fri, 14 Feb 2025 23:19:26 +1100
Subject: [PATCH 02/31] Fixed cursor on profile button hover

---
 view/component/nav/navbarright.templ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/view/component/nav/navbarright.templ b/view/component/nav/navbarright.templ
index 7ed2c11..4d3a114 100644
--- a/view/component/nav/navbarright.templ
+++ b/view/component/nav/navbarright.templ
@@ -35,7 +35,7 @@ templ navRight() {
 					>
 						<button
 							x-on:click="isActive = !isActive"
-							class="h-full py-2 px-4 text-mantle"
+							class="h-full py-2 px-4 text-mantle hover:cursor-pointer"
 						>
 							<span class="sr-only">Profile</span>
 							{ user.Username }

From 87fe03ce9e2993d657a15445d5d9ed84591dd398 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sat, 15 Feb 2025 13:27:10 +1100
Subject: [PATCH 03/31] Added bio to User and reworked file structure for user
 interaction

---
 db/user.go           |  50 +++++++++++++++++
 db/user_functions.go | 108 +++++++++++++++++++++++++++++++++++++
 db/users.go          | 125 -------------------------------------------
 schema.sql           |   3 +-
 4 files changed, 160 insertions(+), 126 deletions(-)
 create mode 100644 db/user.go
 create mode 100644 db/user_functions.go
 delete mode 100644 db/users.go

diff --git a/db/user.go b/db/user.go
new file mode 100644
index 0000000..a330357
--- /dev/null
+++ b/db/user.go
@@ -0,0 +1,50 @@
+package db
+
+import (
+	"database/sql"
+
+	"github.com/pkg/errors"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type User struct {
+	ID            int    // Integer ID (index primary key)
+	Username      string // Username (unique)
+	Password_hash string // Bcrypt password hash
+	Created_at    int64  // Epoch timestamp when the user was added to the database
+	Bio           string // Short byline set by the user
+}
+
+// Uses bcrypt to set the users Password_hash from the given password
+func (user *User) SetPassword(conn *sql.DB, password string) error {
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return errors.Wrap(err, "bcrypt.GenerateFromPassword")
+	}
+	user.Password_hash = string(hashedPassword)
+	query := `UPDATE users SET password_hash = ? WHERE id = ?`
+	_, err = conn.Exec(query, user.Password_hash, user.ID)
+	if err != nil {
+		return errors.Wrap(err, "conn.Exec")
+	}
+	return nil
+}
+
+// Uses bcrypt to check if the given password matches the users Password_hash
+func (user *User) CheckPassword(password string) error {
+	err := bcrypt.CompareHashAndPassword([]byte(user.Password_hash), []byte(password))
+	if err != nil {
+		return errors.Wrap(err, "bcrypt.CompareHashAndPassword")
+	}
+	return nil
+}
+
+// Change the user's username
+func (user *User) ChangeUsername(conn *sql.DB, newUsername string) error {
+	query := `UPDATE users SET username = ? WHERE id = ?`
+	_, err := conn.Exec(query, newUsername, user.ID)
+	if err != nil {
+		return errors.Wrap(err, "conn.Exec")
+	}
+	return nil
+}
diff --git a/db/user_functions.go b/db/user_functions.go
new file mode 100644
index 0000000..3c3623e
--- /dev/null
+++ b/db/user_functions.go
@@ -0,0 +1,108 @@
+package db
+
+import (
+	"database/sql"
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+// Creates a new user in the database and returns a pointer
+func CreateNewUser(conn *sql.DB, username string, password string) (*User, error) {
+	query := `INSERT INTO users (username) VALUES (?)`
+	_, err := conn.Exec(query, username)
+	if err != nil {
+		return nil, errors.Wrap(err, "conn.Exec")
+	}
+	user, err := GetUserFromUsername(conn, username)
+	if err != nil {
+		return nil, errors.Wrap(err, "GetUserFromUsername")
+	}
+	err = user.SetPassword(conn, password)
+	if err != nil {
+		return nil, errors.Wrap(err, "user.SetPassword")
+	}
+	return user, nil
+}
+
+// Fetches data from the users table using "WHERE column = 'value'"
+func fetchUserData(conn *sql.DB, column string, value interface{}) (*sql.Rows, error) {
+	query := fmt.Sprintf(
+		`SELECT 
+            id,
+            username, 
+            password_hash, 
+            created_at,
+            bio
+        FROM users 
+	    WHERE %s = ? COLLATE NOCASE LIMIT 1`,
+		column,
+	)
+	rows, err := conn.Query(query, value)
+	if err != nil {
+		return nil, errors.Wrap(err, "conn.Query")
+	}
+	return rows, nil
+}
+
+// Scan the next row into the provided user pointer. Calls rows.Next() and
+// assumes only row in the result. Providing a rows object with more than 1
+// row may result in undefined behaviour.
+func scanUserRow(user *User, rows *sql.Rows) error {
+	for rows.Next() {
+		err := rows.Scan(
+			&user.ID,
+			&user.Username,
+			&user.Password_hash,
+			&user.Created_at,
+			&user.Bio,
+		)
+		if err != nil {
+			return errors.Wrap(err, "rows.Scan")
+		}
+	}
+	return nil
+}
+
+// Queries the database for a user matching the given username.
+// Query is case insensitive
+func GetUserFromUsername(conn *sql.DB, username string) (*User, error) {
+	rows, err := fetchUserData(conn, "username", username)
+	if err != nil {
+		return nil, errors.Wrap(err, "fetchUserData")
+	}
+	defer rows.Close()
+	var user User
+	err = scanUserRow(&user, rows)
+	if err != nil {
+		return nil, errors.Wrap(err, "scanUserRow")
+	}
+	return &user, nil
+}
+
+// Queries the database for a user matching the given ID.
+func GetUserFromID(conn *sql.DB, id int) (*User, error) {
+	rows, err := fetchUserData(conn, "id", id)
+	if err != nil {
+		return nil, errors.Wrap(err, "fetchUserData")
+	}
+	defer rows.Close()
+	var user User
+	err = scanUserRow(&user, rows)
+	if err != nil {
+		return nil, errors.Wrap(err, "scanUserRow")
+	}
+	return &user, nil
+}
+
+// Checks if the given username is unique. Returns true if not taken
+func CheckUsernameUnique(conn *sql.DB, username string) (bool, error) {
+	query := `SELECT 1 FROM users WHERE username = ? COLLATE NOCASE LIMIT 1`
+	rows, err := conn.Query(query, username)
+	if err != nil {
+		return false, errors.Wrap(err, "conn.Query")
+	}
+	defer rows.Close()
+	taken := rows.Next()
+	return !taken, nil
+}
diff --git a/db/users.go b/db/users.go
deleted file mode 100644
index 23a207e..0000000
--- a/db/users.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package db
-
-import (
-	"database/sql"
-
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/bcrypt"
-)
-
-type User struct {
-	ID            int    // Integer ID (index primary key)
-	Username      string // Username (unique)
-	Password_hash string // Bcrypt password hash
-	Created_at    int64  // Epoch timestamp when the user was added to the database
-}
-
-// Uses bcrypt to set the users Password_hash from the given password
-func (user *User) SetPassword(conn *sql.DB, password string) error {
-	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
-	if err != nil {
-		return errors.Wrap(err, "bcrypt.GenerateFromPassword")
-	}
-	user.Password_hash = string(hashedPassword)
-	query := `UPDATE users SET password_hash = ? WHERE id = ?`
-	result, err := conn.Exec(query, user.Password_hash, user.ID)
-	if err != nil {
-		return errors.Wrap(err, "conn.Exec")
-	}
-	ra, err := result.RowsAffected()
-	if err != nil {
-		return errors.Wrap(err, "result.RowsAffected")
-	}
-	if ra != 1 {
-		return errors.New("Password was not updated")
-	}
-	return nil
-}
-
-// Uses bcrypt to check if the given password matches the users Password_hash
-func (user *User) CheckPassword(password string) error {
-	err := bcrypt.CompareHashAndPassword([]byte(user.Password_hash), []byte(password))
-	if err != nil {
-		return errors.Wrap(err, "bcrypt.CompareHashAndPassword")
-	}
-	return nil
-}
-
-// Creates a new user in the database and returns a pointer
-func CreateNewUser(conn *sql.DB, username string, password string) (*User, error) {
-	query := `INSERT INTO users (username) VALUES (?)`
-	_, err := conn.Exec(query, username)
-	if err != nil {
-		return nil, errors.Wrap(err, "conn.Exec")
-	}
-	user, err := GetUserFromUsername(conn, username)
-	if err != nil {
-		return nil, errors.Wrap(err, "GetUserFromUsername")
-	}
-	err = user.SetPassword(conn, password)
-	if err != nil {
-		return nil, errors.Wrap(err, "user.SetPassword")
-	}
-	return user, nil
-}
-
-// Queries the database for a user matching the given username.
-// Query is case insensitive
-func GetUserFromUsername(conn *sql.DB, username string) (*User, error) {
-	query := `SELECT id, username, password_hash, created_at FROM users 
-	          WHERE username = ? COLLATE NOCASE`
-	rows, err := conn.Query(query, username)
-	if err != nil {
-		return nil, errors.Wrap(err, "conn.Query")
-	}
-	defer rows.Close()
-	var user User
-	for rows.Next() {
-		err := rows.Scan(
-			&user.ID,
-			&user.Username,
-			&user.Password_hash,
-			&user.Created_at,
-		)
-		if err != nil {
-			return nil, errors.Wrap(err, "rows.Scan")
-		}
-	}
-	return &user, nil
-}
-
-// Queries the database for a user matching the given ID.
-func GetUserFromID(conn *sql.DB, id int) (*User, error) {
-	query := `SELECT id, username, password_hash, created_at FROM users 
-	          WHERE id = ?`
-	rows, err := conn.Query(query, id)
-	if err != nil {
-		return nil, errors.Wrap(err, "conn.Query")
-	}
-	defer rows.Close()
-	var user User
-	for rows.Next() {
-		err := rows.Scan(
-			&user.ID,
-			&user.Username,
-			&user.Password_hash,
-			&user.Created_at,
-		)
-		if err != nil {
-			return nil, errors.Wrap(err, "rows.Scan")
-		}
-	}
-	return &user, nil
-}
-
-// Checks if the given username is unique. Returns true if not taken
-func CheckUsernameUnique(conn *sql.DB, username string) (bool, error) {
-	query := `SELECT 1 FROM users WHERE username = ? COLLATE NOCASE LIMIT 1`
-	rows, err := conn.Query(query, username)
-	if err != nil {
-		return false, errors.Wrap(err, "conn.Query")
-	}
-	defer rows.Close()
-	taken := rows.Next()
-	return !taken, nil
-}
diff --git a/schema.sql b/schema.sql
index 80f9970..986d312 100644
--- a/schema.sql
+++ b/schema.sql
@@ -8,7 +8,8 @@ CREATE TABLE IF NOT EXISTS "users" (
     id INTEGER PRIMARY KEY AUTOINCREMENT, 
     username TEXT NOT NULL UNIQUE, 
     password_hash TEXT DEFAULT "", 
-    created_at INTEGER DEFAULT (unixepoch())
+    created_at INTEGER DEFAULT (unixepoch()),
+    bio TEXT DEFAULT ""
 ) STRICT;
 CREATE TRIGGER cleanup_expired_tokens
 AFTER INSERT ON jwtblacklist

From 89e3df68621f5d66900708f3d8e7c1f4bee8770f Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sat, 15 Feb 2025 13:28:24 +1100
Subject: [PATCH 04/31] Added ability to change username

---
 handlers/account.go                         | 39 ++++++++-
 server/routes.go                            |  4 +
 view/component/account/changeusername.templ | 94 +++++++++++++++++++++
 view/component/account/container.templ      | 24 ++++++
 view/component/account/content.templ        | 15 ----
 view/component/account/general.templ        |  7 ++
 view/component/account/selectmenu.templ     | 48 ++++++-----
 view/page/account.templ                     |  2 +-
 8 files changed, 196 insertions(+), 37 deletions(-)
 create mode 100644 view/component/account/changeusername.templ
 create mode 100644 view/component/account/container.templ
 delete mode 100644 view/component/account/content.templ
 create mode 100644 view/component/account/general.templ

diff --git a/handlers/account.go b/handlers/account.go
index 36c180f..08ed745 100644
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -1,9 +1,15 @@
 package handlers
 
 import (
+	"database/sql"
 	"net/http"
+
+	"projectreshoot/contexts"
+	"projectreshoot/db"
 	"projectreshoot/view/component/account"
 	"projectreshoot/view/page"
+
+	"github.com/rs/zerolog"
 )
 
 func HandleAccountPage() http.Handler {
@@ -19,7 +25,38 @@ func HandleAccountSubpage() http.Handler {
 		func(w http.ResponseWriter, r *http.Request) {
 			r.ParseForm()
 			subpage := r.FormValue("subpage")
-			account.AccountContent(subpage).Render(r.Context(), w)
+			account.AccountContainer(subpage).Render(r.Context(), w)
+		},
+	)
+}
+
+func HandleChangeUsername(
+	logger *zerolog.Logger,
+	conn *sql.DB,
+) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			r.ParseForm()
+			newUsername := r.FormValue("username")
+
+			unique, err := db.CheckUsernameUnique(conn, newUsername)
+			if err != nil {
+				logger.Error().Err(err).Msg("Error updating username")
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			if !unique {
+				account.ChangeUsername("Usename is taken", newUsername).Render(r.Context(), w)
+				return
+			}
+			user := contexts.GetUser(r.Context())
+			err = user.ChangeUsername(conn, newUsername)
+			if err != nil {
+				logger.Error().Err(err).Msg("Error updating username")
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			w.Header().Set("HX-Redirect", "/account")
 		},
 	)
 }
diff --git a/server/routes.go b/server/routes.go
index fc54841..2bada29 100644
--- a/server/routes.go
+++ b/server/routes.go
@@ -75,4 +75,8 @@ func addRoutes(
 		middleware.RequiresLogin(
 			handlers.HandleAccountSubpage(),
 		))
+	mux.Handle("POST /change-username",
+		middleware.RequiresLogin(
+			handlers.HandleChangeUsername(logger, conn),
+		))
 }
diff --git a/view/component/account/changeusername.templ b/view/component/account/changeusername.templ
new file mode 100644
index 0000000..d70a2f3
--- /dev/null
+++ b/view/component/account/changeusername.templ
@@ -0,0 +1,94 @@
+package account
+
+import "projectreshoot/contexts"
+
+templ ChangeUsername(err string, username string) {
+	{{
+	user := contexts.GetUser(ctx)
+	if username == "" {
+		username = user.Username
+	}
+	}}
+	<form
+		hx-post="/change-username"
+		hx-swap="outerHTML"
+		class="w-[90%] mx-auto mt-5"
+		x-data={ "{ err: '" + err + "'}" }
+	>
+		<div
+			class="flex"
+			x-data={ "{username: '" + username + "'}" }
+		>
+			<div
+				class="flex items-center relative"
+			>
+				<label
+					for="username"
+					class="text-lg"
+				>Username</label>
+				<input
+					type="text"
+					id="username"
+					name="username"
+					class="py-1 px-4 rounded-lg text-md
+                bg-surface0 border border-surface2
+                disabled:opacity-50 ml-5 disabled:pointer-events-none"
+					required
+					aria-describedby="username-error"
+					x-model="username"
+				/>
+				<div
+					class="absolute inset-y-0 end-0 
+                        pointer-events-none pe-3 pt-2"
+					x-show="err"
+					x-cloak
+				>
+					<svg
+						class="size-5 text-red"
+						width="16"
+						height="16"
+						fill="currentColor"
+						viewBox="0 0 16 16"
+						aria-hidden="true"
+					>
+						<path
+							d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8 
+                                4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0 
+                                0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1 
+                                1 0 1 0 0 2 1 1 0 0 0 0-2z"
+						></path>
+					</svg>
+				</div>
+			</div>
+			<div>
+				<button
+					class="rounded-lg bg-blue py-1 px-2 text-mantle ml-2
+                hover:cursor-pointer hover:bg-blue/75 transition"
+					x-cloak
+					x-show={ "username !=='" + user.Username + "'" }
+					x-transition.opacity.duration.500ms
+				>
+					Update
+				</button>
+				<button
+					class="rounded-lg bg-overlay0 py-1 px-2 text-mantle
+                hover:cursor-pointer hover:bg-surface2 transition"
+					type="button"
+					href="#"
+					x-cloak
+					x-show={ "username !=='" + user.Username + "'" }
+					x-transition.opacity.duration.500ms
+					@click={ "username='" + user.Username + "';err=''" }
+				>
+					Cancel
+				</button>
+			</div>
+		</div>
+		<p
+			class="block text-red ml-24 mt-1 transition"
+			x-cloak
+			x-show="err"
+			x-text="err"
+		></p>
+	</form>
+}
diff --git a/view/component/account/container.templ b/view/component/account/container.templ
new file mode 100644
index 0000000..37b4a0a
--- /dev/null
+++ b/view/component/account/container.templ
@@ -0,0 +1,24 @@
+package account
+
+templ AccountContainer(subpage string) {
+	<div
+		id="account-container"
+		class="flex max-w-200 min-h-100 mx-auto bg-mantle mt-10 rounded-xl"
+	>
+		@SelectMenu(subpage)
+		<div class="mt-5 w-full">
+			<div
+				class="pl-5 text-2xl text-subtext1 border-b 
+                    border-overlay0 w-[90%] mx-auto"
+			>
+				{ subpage }
+			</div>
+			switch subpage {
+				case "General":
+					@AccountGeneral()
+				case "Security":
+					@AccountGeneral()
+			}
+		</div>
+	</div>
+}
diff --git a/view/component/account/content.templ b/view/component/account/content.templ
deleted file mode 100644
index 2e84536..0000000
--- a/view/component/account/content.templ
+++ /dev/null
@@ -1,15 +0,0 @@
-package account
-
-templ AccountContent(subpage string) {
-	<form hx-post="/account-select-page">
-		<div class="flex max-w-200 min-h-100 mx-auto bg-mantle mt-10 rounded-xl">
-			@SelectMenu(subpage)
-			<div class="mt-5">
-				<div class="pl-10 text-2xl text-subtext1 underline">
-					{ subpage }
-				</div>
-				// page content
-			</div>
-		</div>
-	</form>
-}
diff --git a/view/component/account/general.templ b/view/component/account/general.templ
new file mode 100644
index 0000000..c79fe56
--- /dev/null
+++ b/view/component/account/general.templ
@@ -0,0 +1,7 @@
+package account
+
+templ AccountGeneral() {
+	<div>
+		@ChangeUsername("", "")
+	</div>
+}
diff --git a/view/component/account/selectmenu.templ b/view/component/account/selectmenu.templ
index c8c1ea9..c202e39 100644
--- a/view/component/account/selectmenu.templ
+++ b/view/component/account/selectmenu.templ
@@ -29,27 +29,35 @@ templ SelectMenu(activePage string) {
 	menuItems := getMenuItems()
 	page := fmt.Sprintf("{page:'%s'}", activePage)
 	}}
-	<div class="flex w-fit flex-col border-e bg-surface0 rounded-l-xl">
-		<div class="px-4 py-6">
-			<ul class="mt-6 space-y-1" x-data={ page }>
-				for _, item := range menuItems {
-					{{
+	<form
+		class="flex bg-surface0 w-fit border-e border-overlay0
+        rounded-l-xl"
+		hx-post="/account-select-page"
+		hx-target="#account-container"
+		hx-swap="outerHTML"
+	>
+		<div>
+			<div class="px-4 py-6">
+				<ul class="mt-6 space-y-1" x-data={ page }>
+					for _, item := range menuItems {
+						{{
 	activebind := fmt.Sprintf("page === '%s' && 'bg-mantle'", item.name)
-					}}
-					<li>
-						<button
-							type="submit"
-							name="subpage"
-							value={ item.name }
-							class="block rounded-lg px-4 py-2 text-md
+						}}
+						<li>
+							<button
+								type="submit"
+								name="subpage"
+								value={ item.name }
+								class="block rounded-lg px-4 py-2 text-md
                             hover:bg-mantle hover:cursor-pointer"
-							:class={ activebind }
-						>
-							{ item.name }
-						</button>
-					</li>
-				}
-			</ul>
+								:class={ activebind }
+							>
+								{ item.name }
+							</button>
+						</li>
+					}
+				</ul>
+			</div>
 		</div>
-	</div>
+	</form>
 }
diff --git a/view/page/account.templ b/view/page/account.templ
index 896f657..c11b900 100644
--- a/view/page/account.templ
+++ b/view/page/account.templ
@@ -5,6 +5,6 @@ import "projectreshoot/view/component/account"
 
 templ Account(subpage string) {
 	@layout.Global() {
-		@account.AccountContent(subpage)
+		@account.AccountContainer(subpage)
 	}
 }

From 6bee6edd16bf8459e298692c067f6f6dfa21b02a Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sat, 15 Feb 2025 14:32:15 +1100
Subject: [PATCH 05/31] Modified account page to be mobile friendly

---
 view/component/account/changeusername.templ | 18 +++++------
 view/component/account/container.templ      |  4 ++-
 view/component/account/selectmenu.templ     | 36 ++++++++++++++++++---
 view/component/nav/sidenav.templ            |  2 +-
 view/layout/global.templ                    |  2 +-
 5 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/view/component/account/changeusername.templ b/view/component/account/changeusername.templ
index d70a2f3..ddf5223 100644
--- a/view/component/account/changeusername.templ
+++ b/view/component/account/changeusername.templ
@@ -16,11 +16,11 @@ templ ChangeUsername(err string, username string) {
 		x-data={ "{ err: '" + err + "'}" }
 	>
 		<div
-			class="flex"
+			class="flex flex-col sm:flex-row"
 			x-data={ "{username: '" + username + "'}" }
 		>
 			<div
-				class="flex items-center relative"
+				class="flex flex-col sm:flex-row sm:items-center relative"
 			>
 				<label
 					for="username"
@@ -31,15 +31,15 @@ templ ChangeUsername(err string, username string) {
 					id="username"
 					name="username"
 					class="py-1 px-4 rounded-lg text-md
-                bg-surface0 border border-surface2
-                disabled:opacity-50 ml-5 disabled:pointer-events-none"
+                    bg-surface0 border border-surface2 w-50 sm:ml-5
+                    disabled:opacity-50 ml-0 disabled:pointer-events-none"
 					required
 					aria-describedby="username-error"
 					x-model="username"
 				/>
 				<div
-					class="absolute inset-y-0 end-0 
-                        pointer-events-none pe-3 pt-2"
+					class="absolute inset-y-0 sm:start-66 start-43 pt-9
+                        pointer-events-none sm:pe-3 sm:pt-2"
 					x-show="err"
 					x-cloak
 				>
@@ -60,9 +60,9 @@ templ ChangeUsername(err string, username string) {
 					</svg>
 				</div>
 			</div>
-			<div>
+			<div class="mt-2 sm:mt-0">
 				<button
-					class="rounded-lg bg-blue py-1 px-2 text-mantle ml-2
+					class="rounded-lg bg-blue py-1 px-2 text-mantle sm:ml-2
                 hover:cursor-pointer hover:bg-blue/75 transition"
 					x-cloak
 					x-show={ "username !=='" + user.Username + "'" }
@@ -85,7 +85,7 @@ templ ChangeUsername(err string, username string) {
 			</div>
 		</div>
 		<p
-			class="block text-red ml-24 mt-1 transition"
+			class="block text-red sm:ml-24 mt-1 transition"
 			x-cloak
 			x-show="err"
 			x-text="err"
diff --git a/view/component/account/container.templ b/view/component/account/container.templ
index 37b4a0a..f4350d7 100644
--- a/view/component/account/container.templ
+++ b/view/component/account/container.templ
@@ -4,9 +4,11 @@ templ AccountContainer(subpage string) {
 	<div
 		id="account-container"
 		class="flex max-w-200 min-h-100 mx-auto bg-mantle mt-10 rounded-xl"
+		x-data="{big:window.innerWidth >=768, open:false}"
+		@resize.window="big = window.innerWidth >= 768"
 	>
 		@SelectMenu(subpage)
-		<div class="mt-5 w-full">
+		<div class="mt-5 w-full md:ml-[200px] ml-[40px] transition-all duration-300">
 			<div
 				class="pl-5 text-2xl text-subtext1 border-b 
                     border-overlay0 w-[90%] mx-auto"
diff --git a/view/component/account/selectmenu.templ b/view/component/account/selectmenu.templ
index c202e39..a4221ce 100644
--- a/view/component/account/selectmenu.templ
+++ b/view/component/account/selectmenu.templ
@@ -30,14 +30,42 @@ templ SelectMenu(activePage string) {
 	page := fmt.Sprintf("{page:'%s'}", activePage)
 	}}
 	<form
-		class="flex bg-surface0 w-fit border-e border-overlay0
-        rounded-l-xl"
 		hx-post="/account-select-page"
 		hx-target="#account-container"
 		hx-swap="outerHTML"
+		class="relative"
 	>
-		<div>
-			<div class="px-4 py-6">
+		<div
+			class="bg-surface0 border-e border-overlay0 ease-in-out
+            absolute top-0 left-0 z-1
+            rounded-l-xl h-full overflow-hidden transition-all duration-300"
+			x-bind:style="(open || big) ? 'width: 200px;' : 'width: 40px;'"
+		>
+			<div x-show="!big">
+				<button
+					type="button"
+					@click="open = !open"
+					class="block rounded-lg p-2.5 md:hidden transition
+                    bg-surface0 text-subtext0 hover:text-overlay2/75"
+				>
+					<span class="sr-only">Toggle menu</span>
+					<svg
+						xmlns="http://www.w3.org/2000/svg"
+						class="size-5"
+						fill="none"
+						viewBox="0 0 24 24"
+						stroke="currentColor"
+						stroke-width="2"
+					>
+						<path
+							stroke-linecap="round"
+							stroke-linejoin="round"
+							d="M4 6h16M4 12h16M4 18h16"
+						></path>
+					</svg>
+				</button>
+			</div>
+			<div class="px-4 py-6" x-show="(open || big)">
 				<ul class="mt-6 space-y-1" x-data={ page }>
 					for _, item := range menuItems {
 						{{
diff --git a/view/component/nav/sidenav.templ b/view/component/nav/sidenav.templ
index 4487a61..b4bfd62 100644
--- a/view/component/nav/sidenav.templ
+++ b/view/component/nav/sidenav.templ
@@ -8,7 +8,7 @@ templ sideNav(navItems []NavItem) {
 	<div
 		x-show="open"
 		x-transition
-		class="absolute w-full bg-mantle sm:hidden"
+		class="absolute w-full bg-mantle sm:hidden z-10"
 	>
 		<div class="px-4 py-6">
 			<ul class="space-y-1">
diff --git a/view/layout/global.templ b/view/layout/global.templ
index 96bb1f6..248992e 100644
--- a/view/layout/global.templ
+++ b/view/layout/global.templ
@@ -55,7 +55,7 @@ templ Global() {
 				class="flex flex-col h-screen justify-between"
 			>
 				@nav.Navbar()
-				<div id="page-content" class="mb-auto">
+				<div id="page-content" class="mb-auto px-5">
 					{ children... }
 				</div>
 				@footer.Footer()

From 42ea74fd63a8f5615a077e827c760fbffd52f911 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sat, 15 Feb 2025 20:12:30 +1100
Subject: [PATCH 06/31] Added reauthentication (token freshness) and protected
 username change

---
 contexts/user.go                              |  11 +-
 handlers/account.go                           |   3 +
 handlers/reauthenticatate.go                  | 119 ++++++++++++++++++
 middleware/authentication.go                  |  15 ++-
 middleware/reauthentication.go                |  21 ++++
 server/routes.go                              |   8 +-
 view/component/form/confirmpass.templ         |  84 +++++++++++++
 .../popup/confirmPasswordModal.templ          |  20 +++
 view/component/{ => popup}/errorPopup.templ   |   2 +-
 view/layout/global.templ                      |  46 ++++++-
 10 files changed, 315 insertions(+), 14 deletions(-)
 create mode 100644 handlers/reauthenticatate.go
 create mode 100644 middleware/reauthentication.go
 create mode 100644 view/component/form/confirmpass.templ
 create mode 100644 view/component/popup/confirmPasswordModal.templ
 rename view/component/{ => popup}/errorPopup.templ (99%)

diff --git a/contexts/user.go b/contexts/user.go
index 3a752a5..0ef041f 100644
--- a/contexts/user.go
+++ b/contexts/user.go
@@ -5,14 +5,19 @@ import (
 	"projectreshoot/db"
 )
 
+type AuthenticatedUser struct {
+	*db.User
+	Fresh int64
+}
+
 // Return a new context with the user added in
-func SetUser(ctx context.Context, u *db.User) context.Context {
+func SetUser(ctx context.Context, u *AuthenticatedUser) context.Context {
 	return context.WithValue(ctx, contextKeyAuthorizedUser, u)
 }
 
 // Retrieve a user from the given context. Returns nil if not set
-func GetUser(ctx context.Context) *db.User {
-	user, ok := ctx.Value(contextKeyAuthorizedUser).(*db.User)
+func GetUser(ctx context.Context) *AuthenticatedUser {
+	user, ok := ctx.Value(contextKeyAuthorizedUser).(*AuthenticatedUser)
 	if !ok {
 		return nil
 	}
diff --git a/handlers/account.go b/handlers/account.go
index 08ed745..727f8ee 100644
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -12,6 +12,7 @@ import (
 	"github.com/rs/zerolog"
 )
 
+// Renders the account page on the 'General' subpage
 func HandleAccountPage() http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
@@ -20,6 +21,7 @@ func HandleAccountPage() http.Handler {
 	)
 }
 
+// Handles a request to change the subpage for the Account page
 func HandleAccountSubpage() http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
@@ -30,6 +32,7 @@ func HandleAccountSubpage() http.Handler {
 	)
 }
 
+// Handles a request to change the users username
 func HandleChangeUsername(
 	logger *zerolog.Logger,
 	conn *sql.DB,
diff --git a/handlers/reauthenticatate.go b/handlers/reauthenticatate.go
new file mode 100644
index 0000000..9e188d8
--- /dev/null
+++ b/handlers/reauthenticatate.go
@@ -0,0 +1,119 @@
+package handlers
+
+import (
+	"database/sql"
+	"net/http"
+
+	"projectreshoot/config"
+	"projectreshoot/contexts"
+	"projectreshoot/cookies"
+	"projectreshoot/jwt"
+	"projectreshoot/view/component/form"
+
+	"github.com/pkg/errors"
+	"github.com/rs/zerolog"
+)
+
+// Get the tokens from the request
+func getTokens(
+	config *config.Config,
+	conn *sql.DB,
+	r *http.Request,
+) (*jwt.AccessToken, *jwt.RefreshToken, error) {
+	// get the existing tokens from the cookies
+	atStr, rtStr := cookies.GetTokenStrings(r)
+	aT, err := jwt.ParseAccessToken(config, conn, atStr)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "jwt.ParseAccessToken")
+	}
+	rT, err := jwt.ParseRefreshToken(config, conn, rtStr)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "jwt.ParseRefreshToken")
+	}
+	return aT, rT, nil
+}
+
+// Revoke the given token pair
+func revokeTokenPair(
+	conn *sql.DB,
+	aT *jwt.AccessToken,
+	rT *jwt.RefreshToken,
+) error {
+	err := jwt.RevokeToken(conn, aT)
+	if err != nil {
+		return errors.Wrap(err, "jwt.RevokeToken")
+	}
+	err = jwt.RevokeToken(conn, rT)
+	if err != nil {
+		return errors.Wrap(err, "jwt.RevokeToken")
+	}
+	return nil
+}
+
+// Issue new tokens for the user, invalidating the old ones
+func refreshTokens(
+	config *config.Config,
+	conn *sql.DB,
+	w http.ResponseWriter,
+	r *http.Request,
+) error {
+	aT, rT, err := getTokens(config, conn, r)
+	if err != nil {
+		return errors.Wrap(err, "getTokens")
+	}
+	rememberMe := map[string]bool{
+		"session": false,
+		"exp":     true,
+	}[aT.TTL]
+	// issue new tokens for the user
+	user := contexts.GetUser(r.Context())
+	err = cookies.SetTokenCookies(w, r, config, user.User, true, rememberMe)
+	if err != nil {
+		return errors.Wrap(err, "cookies.SetTokenCookies")
+	}
+	err = revokeTokenPair(conn, aT, rT)
+	if err != nil {
+		return errors.Wrap(err, "revokeTokenPair")
+	}
+
+	return nil
+}
+
+// Validate the provided password
+func validatePassword(
+	r *http.Request,
+) error {
+	r.ParseForm()
+	password := r.FormValue("password")
+	user := contexts.GetUser(r.Context())
+	err := user.CheckPassword(password)
+	if err != nil {
+		return errors.Wrap(err, "user.CheckPassword")
+	}
+	return nil
+}
+
+// Handle request to reauthenticate (i.e. make token fresh again)
+func HandleReauthenticate(
+	logger *zerolog.Logger,
+	config *config.Config,
+	conn *sql.DB,
+) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			err := validatePassword(r)
+			if err != nil {
+				w.WriteHeader(445)
+				form.ConfirmPassword("Incorrect password").Render(r.Context(), w)
+				return
+			}
+			err = refreshTokens(config, conn, w, r)
+			if err != nil {
+				logger.Error().Err(err).Msg("Failed to refresh user tokens")
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			w.WriteHeader(http.StatusOK)
+		},
+	)
+}
diff --git a/middleware/authentication.go b/middleware/authentication.go
index 38cabbe..23f40f0 100644
--- a/middleware/authentication.go
+++ b/middleware/authentication.go
@@ -3,6 +3,7 @@ package middleware
 import (
 	"database/sql"
 	"net/http"
+	"time"
 
 	"projectreshoot/config"
 	"projectreshoot/contexts"
@@ -52,7 +53,7 @@ func getAuthenticatedUser(
 	conn *sql.DB,
 	w http.ResponseWriter,
 	r *http.Request,
-) (*db.User, error) {
+) (*contexts.AuthenticatedUser, error) {
 	// Get token strings from cookies
 	atStr, rtStr := cookies.GetTokenStrings(r)
 	// Attempt to parse the access token
@@ -69,14 +70,22 @@ func getAuthenticatedUser(
 			return nil, errors.Wrap(err, "refreshAuthTokens")
 		}
 		// New token pair sent, return the authorized user
-		return user, nil
+		authUser := contexts.AuthenticatedUser{
+			User:  user,
+			Fresh: time.Now().Unix(),
+		}
+		return &authUser, nil
 	}
 	// Access token valid
 	user, err := aT.GetUser(conn)
 	if err != nil {
 		return nil, errors.Wrap(err, "rT.GetUser")
 	}
-	return user, nil
+	authUser := contexts.AuthenticatedUser{
+		User:  user,
+		Fresh: aT.Fresh,
+	}
+	return &authUser, nil
 }
 
 // Attempt to authenticate the user and add their account details
diff --git a/middleware/reauthentication.go b/middleware/reauthentication.go
new file mode 100644
index 0000000..41fad65
--- /dev/null
+++ b/middleware/reauthentication.go
@@ -0,0 +1,21 @@
+package middleware
+
+import (
+	"net/http"
+	"projectreshoot/contexts"
+	"time"
+)
+
+func RequiresFresh(
+	next http.Handler,
+) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		user := contexts.GetUser(r.Context())
+		isFresh := time.Now().Before(time.Unix(user.Fresh, 0))
+		if !isFresh {
+			w.WriteHeader(444)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
diff --git a/server/routes.go b/server/routes.go
index 2bada29..2804a08 100644
--- a/server/routes.go
+++ b/server/routes.go
@@ -77,6 +77,12 @@ func addRoutes(
 		))
 	mux.Handle("POST /change-username",
 		middleware.RequiresLogin(
-			handlers.HandleChangeUsername(logger, conn),
+			middleware.RequiresFresh(
+				handlers.HandleChangeUsername(logger, conn),
+			),
+		))
+	mux.Handle("POST /reauthenticate",
+		middleware.RequiresLogin(
+			handlers.HandleReauthenticate(logger, config, conn),
 		))
 }
diff --git a/view/component/form/confirmpass.templ b/view/component/form/confirmpass.templ
new file mode 100644
index 0000000..6976ddf
--- /dev/null
+++ b/view/component/form/confirmpass.templ
@@ -0,0 +1,84 @@
+package form
+
+import "fmt"
+
+templ ConfirmPassword(err string) {
+	{{
+	xdata := fmt.Sprintf(
+		"{ errMsg: '%s'}",
+		err,
+	)
+	}}
+	<form
+		hx-post="/reauthenticate"
+		x-data="{ submitted: false, buttontext: 'Confirm' }"
+		x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
+	>
+		<div
+			class="grid gap-y-4"
+			x-data={ xdata }
+		>
+			<div class="mt-5">
+				<div class="relative">
+					<input
+						type="password"
+						id="password"
+						name="password"
+						class="py-3 px-4 block w-full rounded-lg text-sm
+                        focus:border-blue focus:ring-blue bg-base
+                        disabled:opacity-50 disabled:pointer-events-none"
+						placeholder="Confirm password"
+						required
+						aria-describedby="password-error"
+					/>
+					<div
+						class="absolute inset-y-0 end-0 
+                        pointer-events-none pe-3 pt-3"
+						x-show="errMsg"
+						x-cloak
+					>
+						<svg
+							class="size-5 text-red"
+							width="16"
+							height="16"
+							fill="currentColor"
+							viewBox="0 0 16 16"
+							aria-hidden="true"
+						>
+							<path
+								d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8 
+                                4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0
+                                0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1
+                                1 0 1 0 0 2 1 1 0 0 0 0-2z"
+							></path>
+						</svg>
+					</div>
+				</div>
+				<p
+					class="text-center text-xs text-red mt-2"
+					id="password-error"
+					x-show="errMsg"
+					x-cloak
+					x-text="errMsg"
+				></p>
+			</div>
+			<button
+				x-bind:disabled="submitted"
+				x-text="buttontext"
+				type="submit"
+				class="w-full py-3 px-4 inline-flex justify-center items-center 
+                gap-x-2 rounded-lg border border-transparent transition
+                bg-blue hover:bg-blue/75 text-mantle hover:cursor-pointer
+                disabled:bg-blue/60 disabled:cursor-default"
+			></button>
+			<button
+				type="button"
+				class="w-full py-3 px-4 inline-flex justify-center items-center 
+                gap-x-2 rounded-lg border border-transparent transition
+                bg-surface2 hover:bg-surface1 hover:cursor-pointer
+                disabled:cursor-default"
+				@click="showConfirmPasswordModal=false"
+			>Cancel</button>
+		</div>
+	</form>
+}
diff --git a/view/component/popup/confirmPasswordModal.templ b/view/component/popup/confirmPasswordModal.templ
new file mode 100644
index 0000000..4179a12
--- /dev/null
+++ b/view/component/popup/confirmPasswordModal.templ
@@ -0,0 +1,20 @@
+
+package popup
+
+import "projectreshoot/view/component/form"
+
+templ ConfirmPasswordModal() {
+	<div
+		class="z-50 absolute bg-overlay0/55 top-0 left-0 right-0 bottom-0"
+		x-show="showConfirmPasswordModal"
+	>
+		<div
+			class="p-5 mt-25 w-fit max-w-100 text-center rounded-lg bg-mantle mx-auto"
+		>
+			<div class="text-xl">
+				To complete this action you need to confirm your password
+			</div>
+			@form.ConfirmPassword("")
+		</div>
+	</div>
+}
diff --git a/view/component/errorPopup.templ b/view/component/popup/errorPopup.templ
similarity index 99%
rename from view/component/errorPopup.templ
rename to view/component/popup/errorPopup.templ
index 968beab..f809230 100644
--- a/view/component/errorPopup.templ
+++ b/view/component/popup/errorPopup.templ
@@ -1,4 +1,4 @@
-package component
+package popup
 
 templ ErrorPopup() {
 	<div
diff --git a/view/layout/global.templ b/view/layout/global.templ
index 248992e..8532ab1 100644
--- a/view/layout/global.templ
+++ b/view/layout/global.templ
@@ -2,7 +2,7 @@ package layout
 
 import "projectreshoot/view/component/nav"
 import "projectreshoot/view/component/footer"
-import "projectreshoot/view/component"
+import "projectreshoot/view/component/popup"
 
 // Global page layout. Includes HTML document settings, header tags
 // navbar and footer
@@ -40,16 +40,50 @@ templ Global() {
 			<script src="https://unpkg.com/alpinejs" defer></script>
 			<script>
                 // uncomment this line to enable logging of htmx events
-                //htmx.logAll();
+                // htmx.logAll();
+            </script>
+			<script>
+                const popups = {
+                    showError: false,
+                    showConfirmPasswordModal: false,
+                    handleHtmxBeforeOnLoad(event) {
+                        const requestPath = event.detail.pathInfo.requestPath;
+                        if (requestPath === "/reauthenticate") {
+                            // handle password incorrect on refresh attempt
+                            if (event.detail.xhr.status === 445) {
+                                event.detail.shouldSwap = true;
+                                event.detail.isError = false;
+                            } else if (event.detail.xhr.status === 200) {
+                                this.showConfirmPasswordModal = false;
+                            }
+                        }
+                    },
+                    // handle errors from the server on HTMX requests
+                    handleHtmxError(event) {
+                        const errorCode = event.detail.errorInfo.error;
+                  
+                        // internal server error 
+                        if (errorCode.includes('Code 500')) {
+                            this.showError = true;
+                            setTimeout(() => this.showError = false, 6000);
+                        }
+                  
+                        // user is authorized but needs to refresh their login
+                        if (errorCode.includes('Code 444')) {
+                            this.showConfirmPasswordModal = true;
+                        }
+                    },
+                };
             </script>
 		</head>
 		<body
 			class="bg-base text-text ubuntu-mono-regular overflow-x-hidden"
-			x-data="{ showError: false }"
-			x-on:htmx:error="if ($event.detail.errorInfo.error.includes('Code 500'))
-            showError = true; setTimeout(() => showError = false, 6000)"
+			x-data="popups"
+			x-on:htmx:error="handleHtmxError($event)"
+			x-on:htmx:before-on-load="handleHtmxBeforeOnLoad($event)"
 		>
-			@component.ErrorPopup()
+			@popup.ErrorPopup()
+			@popup.ConfirmPasswordModal()
 			<div
 				id="main-content"
 				class="flex flex-col h-screen justify-between"

From 07453b0f0259573d52b12d76f241548bd88d5d65 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 10:44:04 +1100
Subject: [PATCH 07/31] Added ability for user to change their bio

---
 db/user.go                                  |  10 ++
 handlers/account.go                         |  32 +++++-
 server/routes.go                            |  10 +-
 view/component/account/changebio.templ      | 117 ++++++++++++++++++++
 view/component/account/changeusername.templ |   8 +-
 view/component/account/general.templ        |   1 +
 6 files changed, 170 insertions(+), 8 deletions(-)
 create mode 100644 view/component/account/changebio.templ

diff --git a/db/user.go b/db/user.go
index a330357..fe62349 100644
--- a/db/user.go
+++ b/db/user.go
@@ -48,3 +48,13 @@ func (user *User) ChangeUsername(conn *sql.DB, newUsername string) error {
 	}
 	return nil
 }
+
+// Change the user's bio
+func (user *User) ChangeBio(conn *sql.DB, newBio string) error {
+	query := `UPDATE users SET bio = ? WHERE id = ?`
+	_, err := conn.Exec(query, newBio, user.ID)
+	if err != nil {
+		return errors.Wrap(err, "conn.Exec")
+	}
+	return nil
+}
diff --git a/handlers/account.go b/handlers/account.go
index 727f8ee..4ebac66 100644
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -49,7 +49,8 @@ func HandleChangeUsername(
 				return
 			}
 			if !unique {
-				account.ChangeUsername("Usename is taken", newUsername).Render(r.Context(), w)
+				account.ChangeUsername("Username is taken", newUsername).
+					Render(r.Context(), w)
 				return
 			}
 			user := contexts.GetUser(r.Context())
@@ -59,7 +60,34 @@ func HandleChangeUsername(
 				w.WriteHeader(http.StatusInternalServerError)
 				return
 			}
-			w.Header().Set("HX-Redirect", "/account")
+			w.Header().Set("HX-Refresh", "true")
+		},
+	)
+}
+
+// Handles a request to change the users bio
+func HandleChangeBio(
+	logger *zerolog.Logger,
+	conn *sql.DB,
+) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			r.ParseForm()
+			newBio := r.FormValue("bio")
+			leng := len([]rune(newBio))
+			if leng > 128 {
+				account.ChangeBio("Bio limited to 128 characters", newBio).
+					Render(r.Context(), w)
+				return
+			}
+			user := contexts.GetUser(r.Context())
+			err := user.ChangeBio(conn, newBio)
+			if err != nil {
+				logger.Error().Err(err).Msg("Error updating bio")
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			w.Header().Set("HX-Refresh", "true")
 		},
 	)
 }
diff --git a/server/routes.go b/server/routes.go
index 2804a08..c89272a 100644
--- a/server/routes.go
+++ b/server/routes.go
@@ -60,6 +60,12 @@ func addRoutes(
 	// Logout
 	mux.Handle("POST /logout", handlers.HandleLogout(config, logger, conn))
 
+	// Reauthentication request
+	mux.Handle("POST /reauthenticate",
+		middleware.RequiresLogin(
+			handlers.HandleReauthenticate(logger, config, conn),
+		))
+
 	// Profile page
 	mux.Handle("GET /profile",
 		middleware.RequiresLogin(
@@ -81,8 +87,8 @@ func addRoutes(
 				handlers.HandleChangeUsername(logger, conn),
 			),
 		))
-	mux.Handle("POST /reauthenticate",
+	mux.Handle("POST /change-bio",
 		middleware.RequiresLogin(
-			handlers.HandleReauthenticate(logger, config, conn),
+			handlers.HandleChangeBio(logger, conn),
 		))
 }
diff --git a/view/component/account/changebio.templ b/view/component/account/changebio.templ
new file mode 100644
index 0000000..e48d5c4
--- /dev/null
+++ b/view/component/account/changebio.templ
@@ -0,0 +1,117 @@
+package account
+
+import "projectreshoot/contexts"
+
+templ ChangeBio(err string, bio string) {
+	{{
+	user := contexts.GetUser(ctx)
+	if bio == "" {
+		bio = user.Bio
+	}
+	}}
+	<form
+		hx-post="/change-bio"
+		hx-swap="outerHTML"
+		class="w-[90%] mx-auto mt-5"
+		x-data={ templ.JSFuncCall("bioComponent", bio, user.Bio, err).CallInline }
+	>
+		<div
+			class="flex flex-col"
+		>
+			<div
+				class="flex flex-col sm:flex-row sm:items-center relative"
+			>
+				<label
+					for="bio"
+					class="text-lg w-20"
+				>Bio</label>
+				<div
+					class="relative sm:ml-5 ml-0 w-fit"
+				>
+					<textarea
+						type="text"
+						id="bio"
+						name="bio"
+						class="py-1 px-4 rounded-lg text-md
+                        bg-surface0 border border-surface2 w-60
+                        disabled:opacity-50 disabled:pointer-events-none"
+						required
+						aria-describedby="bio-error"
+						x-model="bio"
+						x-ref="bio"
+						@input="updateTextArea()"
+						maxlength="128"
+					></textarea>
+					<span
+						class="absolute right-0 pr-2 bottom-0 pb-2"
+						x-text="bioLenText"
+					></span>
+				</div>
+			</div>
+			<div class="mt-2 sm:ml-25">
+				<button
+					class="rounded-lg bg-blue py-1 px-2 text-mantle 
+                    hover:cursor-pointer hover:bg-blue/75 transition"
+					x-cloak
+					x-show="bio !== initialBio"
+					x-transition.opacity.duration.500ms
+				>
+					Update
+				</button>
+				<button
+					class="rounded-lg bg-overlay0 py-1 px-2 text-mantle
+                    hover:cursor-pointer hover:bg-surface2 transition"
+					type="button"
+					href="#"
+					x-cloak
+					x-show="bio !== initialBio"
+					x-transition.opacity.duration.500ms
+					@click="resetBio()"
+				>
+					Cancel
+				</button>
+			</div>
+		</div>
+		<p
+			class="block text-red sm:ml-26 mt-1 transition"
+			x-cloak
+			x-show="err"
+			x-text="err"
+		></p>
+		<script>
+            function bioComponent(newBio, oldBio, err) {
+                return {
+                    bio: newBio,
+                    initialBio: oldBio, 
+                    err: err,
+                    bioLenText: '', 
+                    updateTextArea() {
+                        this.$nextTick(() => {
+                            if (this.$refs.bio) {
+                                this.$refs.bio.style.height = 'auto';
+                                this.$refs.bio.style.height = `
+                                    ${this.$refs.bio.scrollHeight+20}px`;
+                            };
+                            this.bioLenText = `${this.bio.length}/128`;
+                        });
+                    },
+                    resetBio() {
+                        this.bio = this.initialBio;
+                        this.err = "",
+                        this.updateTextArea();
+                    },
+                    init() {
+                        this.$nextTick(() => {
+                            // this timeout makes sure the textarea resizes on 
+                            // page render correctly. seems 20ms is the sweet
+                            // spot between a noticable delay and not working
+                            setTimeout(() => {
+                                this.updateTextArea();
+                            }, 20);
+                        });
+                    }
+                };
+            }
+        </script>
+	</form>
+}
diff --git a/view/component/account/changeusername.templ b/view/component/account/changeusername.templ
index ddf5223..00e5bf5 100644
--- a/view/component/account/changeusername.templ
+++ b/view/component/account/changeusername.templ
@@ -24,7 +24,7 @@ templ ChangeUsername(err string, username string) {
 			>
 				<label
 					for="username"
-					class="text-lg"
+					class="text-lg w-20"
 				>Username</label>
 				<input
 					type="text"
@@ -38,8 +38,8 @@ templ ChangeUsername(err string, username string) {
 					x-model="username"
 				/>
 				<div
-					class="absolute inset-y-0 sm:start-66 start-43 pt-9
-                        pointer-events-none sm:pe-3 sm:pt-2"
+					class="absolute inset-y-0 sm:start-68 start-43 pt-9
+                        pointer-events-none sm:pt-2"
 					x-show="err"
 					x-cloak
 				>
@@ -85,7 +85,7 @@ templ ChangeUsername(err string, username string) {
 			</div>
 		</div>
 		<p
-			class="block text-red sm:ml-24 mt-1 transition"
+			class="block text-red sm:ml-26 mt-1 transition"
 			x-cloak
 			x-show="err"
 			x-text="err"
diff --git a/view/component/account/general.templ b/view/component/account/general.templ
index c79fe56..c8946c9 100644
--- a/view/component/account/general.templ
+++ b/view/component/account/general.templ
@@ -3,5 +3,6 @@ package account
 templ AccountGeneral() {
 	<div>
 		@ChangeUsername("", "")
+		@ChangeBio("", "")
 	</div>
 }

From fa64b0541503015d36a3fa0fe9cd31b53aec60d3 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 11:26:57 +1100
Subject: [PATCH 08/31] Refactored alpinejs in forms for better maintainability

---
 view/component/account/changebio.templ      | 70 ++++++++++-----------
 view/component/account/changeusername.templ | 24 +++++--
 view/component/form/confirmpass.templ       | 29 +++++----
 view/component/form/loginform.templ         | 35 ++++++-----
 view/component/form/registerform.templ      | 44 +++++++------
 view/layout/global.templ                    |  4 +-
 6 files changed, 120 insertions(+), 86 deletions(-)

diff --git a/view/component/account/changebio.templ b/view/component/account/changebio.templ
index e48d5c4..ba79b7b 100644
--- a/view/component/account/changebio.templ
+++ b/view/component/account/changebio.templ
@@ -15,6 +15,41 @@ templ ChangeBio(err string, bio string) {
 		class="w-[90%] mx-auto mt-5"
 		x-data={ templ.JSFuncCall("bioComponent", bio, user.Bio, err).CallInline }
 	>
+		<script>
+            function bioComponent(newBio, oldBio, err) {
+                return {
+                    bio: newBio,
+                    initialBio: oldBio, 
+                    err: err,
+                    bioLenText: '', 
+                    updateTextArea() {
+                        this.$nextTick(() => {
+                            if (this.$refs.bio) {
+                                this.$refs.bio.style.height = 'auto';
+                                this.$refs.bio.style.height = `
+                                    ${this.$refs.bio.scrollHeight+20}px`;
+                            };
+                            this.bioLenText = `${this.bio.length}/128`;
+                        });
+                    },
+                    resetBio() {
+                        this.bio = this.initialBio;
+                        this.err = "",
+                        this.updateTextArea();
+                    },
+                    init() {
+                        this.$nextTick(() => {
+                            // this timeout makes sure the textarea resizes on 
+                            // page render correctly. seems 20ms is the sweet
+                            // spot between a noticable delay and not working
+                            setTimeout(() => {
+                                this.updateTextArea();
+                            }, 20);
+                        });
+                    }
+                };
+            }
+        </script>
 		<div
 			class="flex flex-col"
 		>
@@ -78,40 +113,5 @@ templ ChangeBio(err string, bio string) {
 			x-show="err"
 			x-text="err"
 		></p>
-		<script>
-            function bioComponent(newBio, oldBio, err) {
-                return {
-                    bio: newBio,
-                    initialBio: oldBio, 
-                    err: err,
-                    bioLenText: '', 
-                    updateTextArea() {
-                        this.$nextTick(() => {
-                            if (this.$refs.bio) {
-                                this.$refs.bio.style.height = 'auto';
-                                this.$refs.bio.style.height = `
-                                    ${this.$refs.bio.scrollHeight+20}px`;
-                            };
-                            this.bioLenText = `${this.bio.length}/128`;
-                        });
-                    },
-                    resetBio() {
-                        this.bio = this.initialBio;
-                        this.err = "",
-                        this.updateTextArea();
-                    },
-                    init() {
-                        this.$nextTick(() => {
-                            // this timeout makes sure the textarea resizes on 
-                            // page render correctly. seems 20ms is the sweet
-                            // spot between a noticable delay and not working
-                            setTimeout(() => {
-                                this.updateTextArea();
-                            }, 20);
-                        });
-                    }
-                };
-            }
-        </script>
 	</form>
 }
diff --git a/view/component/account/changeusername.templ b/view/component/account/changeusername.templ
index 00e5bf5..25cc151 100644
--- a/view/component/account/changeusername.templ
+++ b/view/component/account/changeusername.templ
@@ -13,11 +13,25 @@ templ ChangeUsername(err string, username string) {
 		hx-post="/change-username"
 		hx-swap="outerHTML"
 		class="w-[90%] mx-auto mt-5"
-		x-data={ "{ err: '" + err + "'}" }
+		x-data={ templ.JSFuncCall(
+                    "usernameComponent", username, user.Username, err,
+                    ).CallInline }
 	>
+		<script>
+            function usernameComponent(newUsername, oldUsername, err) {
+                return {
+                    username: newUsername,
+                    initialUsername: oldUsername, 
+                    err: err,
+                    resetUsername() {
+                        this.username = this.initialUsername;
+                        this.err = "";
+                    },
+                };
+            }
+        </script>
 		<div
 			class="flex flex-col sm:flex-row"
-			x-data={ "{username: '" + username + "'}" }
 		>
 			<div
 				class="flex flex-col sm:flex-row sm:items-center relative"
@@ -65,7 +79,7 @@ templ ChangeUsername(err string, username string) {
 					class="rounded-lg bg-blue py-1 px-2 text-mantle sm:ml-2
                 hover:cursor-pointer hover:bg-blue/75 transition"
 					x-cloak
-					x-show={ "username !=='" + user.Username + "'" }
+					x-show="username !== initialUsername"
 					x-transition.opacity.duration.500ms
 				>
 					Update
@@ -76,9 +90,9 @@ templ ChangeUsername(err string, username string) {
 					type="button"
 					href="#"
 					x-cloak
-					x-show={ "username !=='" + user.Username + "'" }
+					x-show="username !== initialUsername"
 					x-transition.opacity.duration.500ms
-					@click={ "username='" + user.Username + "';err=''" }
+					@click="resetUsername()"
 				>
 					Cancel
 				</button>
diff --git a/view/component/form/confirmpass.templ b/view/component/form/confirmpass.templ
index 6976ddf..90bb192 100644
--- a/view/component/form/confirmpass.templ
+++ b/view/component/form/confirmpass.templ
@@ -1,22 +1,27 @@
 package form
 
-import "fmt"
-
 templ ConfirmPassword(err string) {
-	{{
-	xdata := fmt.Sprintf(
-		"{ errMsg: '%s'}",
-		err,
-	)
-	}}
 	<form
 		hx-post="/reauthenticate"
-		x-data="{ submitted: false, buttontext: 'Confirm' }"
+		x-data={ templ.JSFuncCall(
+                "confirmPassData", err,
+                ).CallInline }
 		x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
 	>
+		<script>
+            function usernameComponent(err) {
+                return {
+                    submitted: false,
+                    buttontext: 'Confirm', 
+                    err: err,
+                    reset() {
+                        this.err = "";
+                    },
+                };
+            }
+        </script>
 		<div
 			class="grid gap-y-4"
-			x-data={ xdata }
 		>
 			<div class="mt-5">
 				<div class="relative">
@@ -30,6 +35,7 @@ templ ConfirmPassword(err string) {
 						placeholder="Confirm password"
 						required
 						aria-describedby="password-error"
+						@input="reset()"
 					/>
 					<div
 						class="absolute inset-y-0 end-0 
@@ -52,7 +58,8 @@ templ ConfirmPassword(err string) {
                                 1 0 1 0 0 2 1 1 0 0 0 0-2z"
 							></path>
 						</svg>
-					</div>
+					</div> - change username
+					- confirm password
 				</div>
 				<p
 					class="text-center text-xs text-red mt-2"
diff --git a/view/component/form/loginform.templ b/view/component/form/loginform.templ
index 3380320..d6fa4a8 100644
--- a/view/component/form/loginform.templ
+++ b/view/component/form/loginform.templ
@@ -1,31 +1,34 @@
 package form
 
-import "fmt"
-
 // Login Form. If loginError is not an empty string, it will display the
 // contents of loginError to the user.
 // If loginError is "Username or password incorrect" it will also show
 // error icons on the username and password field
 templ LoginForm(loginError string) {
-	{{
-	errCreds := "false"
-	if loginError == "Username or password incorrect" {
-		errCreds = "true"
-	}
-	xdata := fmt.Sprintf(
-		"{credentialError: %s, errorMessage: '%s'}",
-		errCreds,
-		loginError,
-	)
-	}}
+	{{ credErr := "Username or password incorrect" }}
 	<form
 		hx-post="/login"
-		x-data="{ submitted: false, buttontext: 'Login' }"
+		x-data={ templ.JSFuncCall(
+                "loginFormData", loginError, credErr,
+                ).CallInline }
 		x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
 	>
+		<script>
+            function loginFormData(err, credError) {
+                return {
+                    submitted: false,
+                    buttontext: 'Login',
+                    errorMessage: err, 
+                    credentialError: err === credError ? true : false,
+                    resetErr() {
+                        this.errorMessage = "";
+                        this.credentialError = false;
+                    },
+                };
+            }
+        </script>
 		<div
 			class="grid gap-y-4"
-			x-data={ xdata }
 		>
 			<!-- Form Group -->
 			<div>
@@ -44,6 +47,7 @@ templ LoginForm(loginError string) {
                         disabled:pointer-events-none"
 						required
 						aria-describedby="username-error"
+						@input="resetErr()"
 					/>
 					<div
 						class="absolute inset-y-0 end-0 
@@ -93,6 +97,7 @@ templ LoginForm(loginError string) {
                         disabled:opacity-50 disabled:pointer-events-none"
 						required
 						aria-describedby="password-error"
+						@input="resetErr()"
 					/>
 					<div
 						class="absolute inset-y-0 end-0 
diff --git a/view/component/form/registerform.templ b/view/component/form/registerform.templ
index f2a9da4..7344b00 100644
--- a/view/component/form/registerform.templ
+++ b/view/component/form/registerform.templ
@@ -1,36 +1,41 @@
 package form
 
-import "fmt"
-
 // Login Form. If loginError is not an empty string, it will display the
 // contents of loginError to the user.
 templ RegisterForm(registerError string) {
 	{{
-	errUsername := "false"
-	errPasswords := "false"
-	if registerError == "Username is taken" {
-		errUsername = "true"
-	} else if registerError == "Passwords do not match" ||
-		registerError == "Password exceeds maximum length of 72 bytes" {
-		errPasswords = "true"
+	usernameErr := "Username is taken"
+	passErrs := []string{
+		"Password exceeds maximum length of 72 bytes",
+		"Passwords do not match",
 	}
-	xdata := fmt.Sprintf(
-		"{errUsername: %s, errPasswords: %s, errorMessage: '%s'}",
-		errUsername,
-		errPasswords,
-		registerError,
-	)
 	}}
 	<form
 		hx-post="/register"
-		x-data="{ submitted: false, buttontext: 'Login' }"
+		x-data={ templ.JSFuncCall(
+                "registerFormData", registerError, usernameErr, passErrs,
+                ).CallInline }
 		x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
 	>
+		<script>
+            function registerFormData(err, usernameErr, passErrs) {
+                return {
+                    submitted: false,
+                    buttontext: 'Register',
+                    errorMessage: err, 
+                    errUsername: err === usernameErr ? true : false, 
+                    errPasswords: passErrs.includes(err) ? true : false,
+                    resetErr() {
+                        this.errorMessage = "";
+                        this.errUsername = false;
+                        this.errPasswords = false;
+                    },
+                };
+            }
+        </script>
 		<div
 			class="grid gap-y-4"
-			x-data={ xdata }
 		>
-			<!-- Form Group -->
 			<div>
 				<label
 					for="email"
@@ -47,6 +52,7 @@ templ RegisterForm(registerError string) {
                         disabled:pointer-events-none"
 						required
 						aria-describedby="username-error"
+						@input="resetErr()"
 					/>
 					<div
 						class="absolute inset-y-0 end-0 
@@ -96,6 +102,7 @@ templ RegisterForm(registerError string) {
                         disabled:opacity-50 disabled:pointer-events-none"
 						required
 						aria-describedby="password-error"
+						@input="resetErr()"
 					/>
 					<div
 						class="absolute inset-y-0 end-0 
@@ -138,6 +145,7 @@ templ RegisterForm(registerError string) {
                             disabled:opacity-50 disabled:pointer-events-none"
 						required
 						aria-describedby="confirm-password-error"
+						@input="resetErr()"
 					/>
 					<div
 						class="absolute inset-y-0 end-0 
diff --git a/view/layout/global.templ b/view/layout/global.templ
index 8532ab1..0b5c155 100644
--- a/view/layout/global.templ
+++ b/view/layout/global.templ
@@ -43,7 +43,7 @@ templ Global() {
                 // htmx.logAll();
             </script>
 			<script>
-                const popups = {
+                const bodyData = {
                     showError: false,
                     showConfirmPasswordModal: false,
                     handleHtmxBeforeOnLoad(event) {
@@ -78,7 +78,7 @@ templ Global() {
 		</head>
 		<body
 			class="bg-base text-text ubuntu-mono-regular overflow-x-hidden"
-			x-data="popups"
+			x-data="bodyData"
 			x-on:htmx:error="handleHtmxError($event)"
 			x-on:htmx:before-on-load="handleHtmxBeforeOnLoad($event)"
 		>

From cb6f4184f82bd9de7ab5e86097be1a08ec3ef155 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 12:30:19 +1100
Subject: [PATCH 09/31] Added SetCookie method to cookies package

---
 cookies/delete.go    | 18 ------------------
 cookies/functions.go | 37 +++++++++++++++++++++++++++++++++++++
 cookies/pagefrom.go  |  3 +--
 3 files changed, 38 insertions(+), 20 deletions(-)
 delete mode 100644 cookies/delete.go
 create mode 100644 cookies/functions.go

diff --git a/cookies/delete.go b/cookies/delete.go
deleted file mode 100644
index d847b65..0000000
--- a/cookies/delete.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package cookies
-
-import (
-	"net/http"
-	"time"
-)
-
-// Tell the browser to delete the cookie matching the name provided
-// Path must match the original set cookie for it to delete
-func DeleteCookie(w http.ResponseWriter, name string, path string) {
-	http.SetCookie(w, &http.Cookie{
-		Name:    name,
-		Value:   "",
-		Path:    path,
-		Expires: time.Unix(0, 0), // Expire in the past
-		MaxAge:  -1,              // Immediately expire
-	})
-}
diff --git a/cookies/functions.go b/cookies/functions.go
new file mode 100644
index 0000000..8e33212
--- /dev/null
+++ b/cookies/functions.go
@@ -0,0 +1,37 @@
+package cookies
+
+import (
+	"net/http"
+	"time"
+)
+
+// Tell the browser to delete the cookie matching the name provided
+// Path must match the original set cookie for it to delete
+func DeleteCookie(w http.ResponseWriter, name string, path string) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     name,
+		Value:    "",
+		Path:     path,
+		Expires:  time.Unix(0, 0), // Expire in the past
+		MaxAge:   -1,              // Immediately expire
+		HttpOnly: true,
+	})
+}
+
+// Set a cookie with the given name, path and value. maxAge directly relates
+// to cookie MaxAge (0 for no max age, >0 for TTL in seconds)
+func SetCookie(
+	w http.ResponseWriter,
+	name string,
+	path string,
+	value string,
+	maxAge int,
+) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     name,
+		Value:    value,
+		Path:     path,
+		HttpOnly: true,
+		MaxAge:   maxAge,
+	})
+}
diff --git a/cookies/pagefrom.go b/cookies/pagefrom.go
index 906db61..fa4cb0b 100644
--- a/cookies/pagefrom.go
+++ b/cookies/pagefrom.go
@@ -32,6 +32,5 @@ func SetPageFrom(w http.ResponseWriter, r *http.Request, trustedHost string) {
 	} else {
 		pageFrom = parsedURL.Path
 	}
-	pageFromCookie := &http.Cookie{Name: "pagefrom", Value: pageFrom, Path: "/"}
-	http.SetCookie(w, pageFromCookie)
+	SetCookie(w, "pagefrom", "/", pageFrom, 0)
 }

From ec3d34b86e4331cd1ba54a666501c34e5125aa34 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 12:30:34 +1100
Subject: [PATCH 10/31] Made account page remember what subpage user was on
 using cookies

---
 handlers/account.go | 48 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 46 insertions(+), 2 deletions(-)

diff --git a/handlers/account.go b/handlers/account.go
index 4ebac66..be79910 100644
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -5,10 +5,12 @@ import (
 	"net/http"
 
 	"projectreshoot/contexts"
+	"projectreshoot/cookies"
 	"projectreshoot/db"
 	"projectreshoot/view/component/account"
 	"projectreshoot/view/page"
 
+	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 )
 
@@ -16,17 +18,23 @@ import (
 func HandleAccountPage() http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
-			page.Account("General").Render(r.Context(), w)
+			cookie, err := r.Cookie("subpage")
+			subpage := cookie.Value
+			if err != nil {
+				subpage = "General"
+			}
+			page.Account(subpage).Render(r.Context(), w)
 		},
 	)
 }
 
-// Handles a request to change the subpage for the Account page
+// Handles a request to change the subpage for the Accou/accountnt page
 func HandleAccountSubpage() http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
 			r.ParseForm()
 			subpage := r.FormValue("subpage")
+			cookies.SetCookie(w, "subpage", "/account", subpage, 300)
 			account.AccountContainer(subpage).Render(r.Context(), w)
 		},
 	)
@@ -91,3 +99,39 @@ func HandleChangeBio(
 		},
 	)
 }
+func validateChangePassword(conn *sql.DB, r *http.Request) (string, error) {
+	r.ParseForm()
+	formPassword := r.FormValue("password")
+	formConfirmPassword := r.FormValue("confirm-password")
+	if formPassword != formConfirmPassword {
+		return "", errors.New("Passwords do not match")
+	}
+	if len(formPassword) > 72 {
+		return "", errors.New("Password exceeds maximum length of 72 bytes")
+	}
+	return formPassword, nil
+}
+
+// Handles a request to change the users password
+func HandleChangePassword(
+	logger *zerolog.Logger,
+	conn *sql.DB,
+) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			newPass, err := validateChangePassword(conn, r)
+			if err != nil {
+				account.ChangePassword(err.Error()).Render(r.Context(), w)
+				return
+			}
+			user := contexts.GetUser(r.Context())
+			err = user.SetPassword(conn, newPass)
+			if err != nil {
+				logger.Error().Err(err).Msg("Error updating password")
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			w.Header().Set("HX-Refresh", "true")
+		},
+	)
+}

From 97404fff1b3a7eee95b63de0939e2b964482b480 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 12:38:07 +1100
Subject: [PATCH 11/31] Added change password functionality

---
 server/routes.go                              |   6 +
 view/component/account/changepassword.templ   | 141 ++++++++++++++++++
 view/component/account/container.templ        |   2 +-
 view/component/account/security.templ         |   7 +
 view/component/form/confirmpass.templ         |   7 +-
 .../popup/confirmPasswordModal.templ          |   1 +
 6 files changed, 159 insertions(+), 5 deletions(-)
 create mode 100644 view/component/account/changepassword.templ
 create mode 100644 view/component/account/security.templ

diff --git a/server/routes.go b/server/routes.go
index c89272a..606036e 100644
--- a/server/routes.go
+++ b/server/routes.go
@@ -91,4 +91,10 @@ func addRoutes(
 		middleware.RequiresLogin(
 			handlers.HandleChangeBio(logger, conn),
 		))
+	mux.Handle("POST /change-password",
+		middleware.RequiresLogin(
+			middleware.RequiresFresh(
+				handlers.HandleChangePassword(logger, conn),
+			),
+		))
 }
diff --git a/view/component/account/changepassword.templ b/view/component/account/changepassword.templ
new file mode 100644
index 0000000..6c368d3
--- /dev/null
+++ b/view/component/account/changepassword.templ
@@ -0,0 +1,141 @@
+package account
+
+templ ChangePassword(err string) {
+	<form
+		hx-post="/change-password"
+		hx-swap="outerHTML"
+		class="w-[90%] mx-auto mt-5"
+		x-data={ templ.JSFuncCall(
+                    "passwordComponent", err,
+                    ).CallInline }
+	>
+		<script>
+            function passwordComponent(err) {
+                return {
+                    password: "",
+                    confirmPassword: "",
+                    err: err,
+                    reset() {
+                        this.err = "";
+                        this.password = "";
+                        this.confirmPassword = "";
+                    },
+                };
+            }
+        </script>
+		<div
+			class="flex flex-col"
+		>
+			<div
+				class="flex flex-col sm:flex-row sm:items-center relative w-fit"
+			>
+				<label
+					for="password"
+					class="text-lg w-40"
+				>New Password</label>
+				<input
+					type="password"
+					id="password"
+					name="password"
+					class="py-1 px-4 rounded-lg text-md
+                    bg-surface0 border border-surface2 w-50 sm:ml-5
+                    disabled:opacity-50 ml-0 disabled:pointer-events-none"
+					required
+					aria-describedby="password-error"
+					x-model="password"
+				/>
+				<div
+					class="absolute inset-y-0 end-0 pt-9
+                        pointer-events-none sm:pt-2 pe-2"
+					x-show="err"
+					x-cloak
+				>
+					<svg
+						class="size-5 text-red"
+						width="16"
+						height="16"
+						fill="currentColor"
+						viewBox="0 0 16 16"
+						aria-hidden="true"
+					>
+						<path
+							d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8 
+                                4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0 
+                                0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1 
+                                1 0 1 0 0 2 1 1 0 0 0 0-2z"
+						></path>
+					</svg>
+				</div>
+			</div>
+			<div
+				class="flex flex-col sm:flex-row sm:items-center relative mt-2 w-fit"
+			>
+				<label
+					for="confirm-password"
+					class="text-lg w-40"
+				>Confirm Password</label>
+				<input
+					type="password"
+					id="confirm-password"
+					name="confirm-password"
+					class="py-1 px-4 rounded-lg text-md
+                    bg-surface0 border border-surface2 w-50 sm:ml-5
+                    disabled:opacity-50 ml-0 disabled:pointer-events-none"
+					required
+					aria-describedby="password-error"
+					x-model="confirmPassword"
+				/>
+				<div
+					class="absolute inset-y-0 pe-2 end-0 pt-9
+                        pointer-events-none sm:pt-2"
+					x-show="err"
+					x-cloak
+				>
+					<svg
+						class="size-5 text-red"
+						width="16"
+						height="16"
+						fill="currentColor"
+						viewBox="0 0 16 16"
+						aria-hidden="true"
+					>
+						<path
+							d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8 
+                                4a.905.905 0 0 0-.9.995l.35 3.507a.552.552 0 0 
+                                0 1.1 0l.35-3.507A.905.905 0 0 0 8 4zm.002 6a1 
+                                1 0 1 0 0 2 1 1 0 0 0 0-2z"
+						></path>
+					</svg>
+				</div>
+			</div>
+			<div class="mt-2 sm:ml-43">
+				<button
+					class="rounded-lg bg-blue py-1 px-2 text-mantle sm:ml-2
+                    hover:cursor-pointer hover:bg-blue/75 transition"
+					x-cloak
+					x-show="password !== '' || confirmPassword !== ''"
+					x-transition.opacity.duration.500ms
+				>
+					Update
+				</button>
+				<button
+					class="rounded-lg bg-overlay0 py-1 px-2 text-mantle
+                hover:cursor-pointer hover:bg-surface2 transition"
+					type="button"
+					x-cloak
+					x-show="password !== '' || confirmPassword !== ''"
+					x-transition.opacity.duration.500ms
+					@click="reset()"
+				>
+					Cancel
+				</button>
+			</div>
+		</div>
+		<p
+			class="block text-red sm:ml-45 mt-1 transition"
+			x-cloak
+			x-show="err"
+			x-text="err"
+		></p>
+	</form>
+}
diff --git a/view/component/account/container.templ b/view/component/account/container.templ
index f4350d7..f065949 100644
--- a/view/component/account/container.templ
+++ b/view/component/account/container.templ
@@ -19,7 +19,7 @@ templ AccountContainer(subpage string) {
 				case "General":
 					@AccountGeneral()
 				case "Security":
-					@AccountGeneral()
+					@AccountSecurity()
 			}
 		</div>
 	</div>
diff --git a/view/component/account/security.templ b/view/component/account/security.templ
new file mode 100644
index 0000000..e61ead8
--- /dev/null
+++ b/view/component/account/security.templ
@@ -0,0 +1,7 @@
+package account
+
+templ AccountSecurity() {
+	<div>
+		@ChangePassword("")
+	</div>
+}
diff --git a/view/component/form/confirmpass.templ b/view/component/form/confirmpass.templ
index 90bb192..a19e9a6 100644
--- a/view/component/form/confirmpass.templ
+++ b/view/component/form/confirmpass.templ
@@ -9,11 +9,11 @@ templ ConfirmPassword(err string) {
 		x-on:htmx:xhr:loadstart="submitted=true;buttontext='Loading...'"
 	>
 		<script>
-            function usernameComponent(err) {
+            function confirmPassData(err) {
                 return {
                     submitted: false,
                     buttontext: 'Confirm', 
-                    err: err,
+                    errMsg: err,
                     reset() {
                         this.err = "";
                     },
@@ -58,8 +58,7 @@ templ ConfirmPassword(err string) {
                                 1 0 1 0 0 2 1 1 0 0 0 0-2z"
 							></path>
 						</svg>
-					</div> - change username
-					- confirm password
+					</div>
 				</div>
 				<p
 					class="text-center text-xs text-red mt-2"
diff --git a/view/component/popup/confirmPasswordModal.templ b/view/component/popup/confirmPasswordModal.templ
index 4179a12..7c2daef 100644
--- a/view/component/popup/confirmPasswordModal.templ
+++ b/view/component/popup/confirmPasswordModal.templ
@@ -7,6 +7,7 @@ templ ConfirmPasswordModal() {
 	<div
 		class="z-50 absolute bg-overlay0/55 top-0 left-0 right-0 bottom-0"
 		x-show="showConfirmPasswordModal"
+		x-cloak
 	>
 		<div
 			class="p-5 mt-25 w-fit max-w-100 text-center rounded-lg bg-mantle mx-auto"

From 840c595cf5db56f920a00066b34c1f532b6236c1 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 12:40:31 +1100
Subject: [PATCH 12/31] Made bio charcount darker

---
 view/component/account/changebio.templ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/view/component/account/changebio.templ b/view/component/account/changebio.templ
index ba79b7b..cb85013 100644
--- a/view/component/account/changebio.templ
+++ b/view/component/account/changebio.templ
@@ -78,7 +78,7 @@ templ ChangeBio(err string, bio string) {
 						maxlength="128"
 					></textarea>
 					<span
-						class="absolute right-0 pr-2 bottom-0 pb-2"
+						class="absolute right-0 pr-2 bottom-0 pb-2 text-overlay2"
 						x-text="bioLenText"
 					></span>
 				</div>

From 9994bed47e034aef99497ca3abb95f996cbbdf15 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 13:54:44 +1100
Subject: [PATCH 13/31] Fixed nil pointer derefence due accessing account page
 if cookie not set

---
 handlers/account.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/handlers/account.go b/handlers/account.go
index be79910..365a283 100644
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -19,9 +19,9 @@ func HandleAccountPage() http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
 			cookie, err := r.Cookie("subpage")
-			subpage := cookie.Value
-			if err != nil {
-				subpage = "General"
+			subpage := "General"
+			if err == nil {
+				subpage = cookie.Value
 			}
 			page.Account(subpage).Render(r.Context(), w)
 		},

From deaeddb53332ee26a3c0b2253a7b478ad80123d7 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 14:16:32 +1100
Subject: [PATCH 14/31] Made authentication test more robust

---
 Makefile                          |  1 +
 middleware/authentication_test.go | 76 ++++++++++++++++++-------------
 testdata.sql                      |  4 +-
 3 files changed, 48 insertions(+), 33 deletions(-)

diff --git a/Makefile b/Makefile
index c056648..a2f26e2 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,7 @@ tester:
 	go run . --port 3232 --test --loglevel trace
 
 test:
+	rm -f **/.projectreshoot-test-database.db
 	go mod tidy && \
 	go test . -v
 	go test ./middleware -v
diff --git a/middleware/authentication_test.go b/middleware/authentication_test.go
index 8465ca0..a5143c8 100644
--- a/middleware/authentication_test.go
+++ b/middleware/authentication_test.go
@@ -8,8 +8,6 @@ import (
 	"testing"
 
 	"projectreshoot/contexts"
-	"projectreshoot/db"
-	"projectreshoot/jwt"
 	"projectreshoot/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -45,27 +43,7 @@ func TestAuthenticationMiddleware(t *testing.T) {
 	server := httptest.NewServer(authHandler)
 	defer server.Close()
 
-	// Setup the user and tokens to test with
-	user, err := db.GetUserFromID(conn, 1)
-	require.NoError(t, err)
-
-	// Good tokens
-	atStr, _, err := jwt.GenerateAccessToken(cfg, user, false, false)
-	require.NoError(t, err)
-	rtStr, _, err := jwt.GenerateRefreshToken(cfg, user, false)
-	require.NoError(t, err)
-
-	// Create a token and revoke it for testing
-	expStr, _, err := jwt.GenerateAccessToken(cfg, user, false, false)
-	require.NoError(t, err)
-	expT, err := jwt.ParseAccessToken(cfg, conn, expStr)
-	require.NoError(t, err)
-	err = jwt.RevokeToken(conn, expT)
-	require.NoError(t, err)
-
-	// Make sure it actually got revoked
-	expT, err = jwt.ParseAccessToken(cfg, conn, expStr)
-	require.Error(t, err)
+	tokens := getTokens()
 
 	tests := []struct {
 		name         string
@@ -75,29 +53,48 @@ func TestAuthenticationMiddleware(t *testing.T) {
 		expectedCode int
 	}{
 		{
-			name:         "Valid Access Token",
+			name:         "Valid Access Token (Fresh)",
 			id:           1,
-			accessToken:  atStr,
+			accessToken:  tokens["accessFresh"],
 			refreshToken: "",
 			expectedCode: http.StatusOK,
 		},
+		{
+			name:         "Valid Access Token (Unfresh)",
+			id:           1,
+			accessToken:  tokens["accessUnfresh"],
+			refreshToken: tokens["refreshExpired"],
+			expectedCode: http.StatusOK,
+		},
 		{
 			name:         "Valid Refresh Token (Triggers Refresh)",
 			id:           1,
-			accessToken:  expStr,
-			refreshToken: rtStr,
+			accessToken:  tokens["accessExpired"],
+			refreshToken: tokens["refreshValid"],
 			expectedCode: http.StatusOK,
 		},
 		{
-			name:         "Refresh token revoked (after refresh)",
-			accessToken:  expStr,
-			refreshToken: rtStr,
+			name:         "Both tokens expired",
+			accessToken:  tokens["accessExpired"],
+			refreshToken: tokens["refreshExpired"],
+			expectedCode: http.StatusUnauthorized,
+		},
+		{
+			name:         "Access token revoked",
+			accessToken:  tokens["accessRevoked"],
+			refreshToken: "",
+			expectedCode: http.StatusUnauthorized,
+		},
+		{
+			name:         "Refresh token revoked",
+			accessToken:  "",
+			refreshToken: tokens["refreshRevoked"],
 			expectedCode: http.StatusUnauthorized,
 		},
 		{
 			name:         "Invalid Tokens",
-			accessToken:  expStr,
-			refreshToken: expStr,
+			accessToken:  tokens["invalid"],
+			refreshToken: tokens["invalid"],
 			expectedCode: http.StatusUnauthorized,
 		},
 		{
@@ -130,3 +127,18 @@ func TestAuthenticationMiddleware(t *testing.T) {
 		})
 	}
 }
+
+// get the tokens to test with
+func getTokens() map[string]string {
+	tokens := map[string]string{
+		"accessFresh":    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjQ4OTU2NzIyMTAsImZyZXNoIjo0ODk1NjcyMjEwLCJpYXQiOjE3Mzk2NzIyMTAsImlzcyI6IjEyNy4wLjAuMSIsImp0aSI6ImE4Njk2YWM4LTg3OWMtNDdkNC1iZWM2LTRlY2Y4MTRiZThiZiIsInNjb3BlIjoiYWNjZXNzIiwic3ViIjoxLCJ0dGwiOiJzZXNzaW9uIn0.6nAquDY0JBLPdaJ9q_sMpKj1ISG4Vt2U05J57aoPue8",
+		"accessUnfresh":  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjMzMjk5Njc1NjcxLCJmcmVzaCI6MTczOTY3NTY3MSwiaWF0IjoxNzM5Njc1NjcxLCJpc3MiOiIxMjcuMC4wLjEiLCJqdGkiOiJjOGNhZmFjNy0yODkzLTQzNzMtOTI4ZS03MGUwODJkYmM2MGIiLCJzY29wZSI6ImFjY2VzcyIsInN1YiI6MSwidHRsIjoic2Vzc2lvbiJ9.plWQVFwHlhXUYI5utS7ny1JfXjJSFrigkq-PnTHD5VY",
+		"accessExpired":  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3Mzk2NzIyNDgsImZyZXNoIjoxNzM5NjcyMjQ4LCJpYXQiOjE3Mzk2NzIyNDgsImlzcyI6IjEyNy4wLjAuMSIsImp0aSI6IjgxYzA1YzBjLTJhOGItNGQ2MC04Yzc4LWY2ZTQxODYxZDFmNCIsInNjb3BlIjoiYWNjZXNzIiwic3ViIjoxLCJ0dGwiOiJzZXNzaW9uIn0.iI1f17kKTuFDEMEYltJRIwRYgYQ-_nF9Wsn0KR6x77Q",
+		"refreshValid":   "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjQ4OTU2NzE5MjIsImlhdCI6MTczOTY3MTkyMiwiaXNzIjoiMTI3LjAuMC4xIiwianRpIjoiZTUxMTY3ZWEtNDA3OS00ZTczLTkzZDQtNTgwZDMzODRjZDU4Iiwic2NvcGUiOiJyZWZyZXNoIiwic3ViIjoxLCJ0dGwiOiJzZXNzaW9uIn0.tvtqQ8Z4WrYWHHb0MaEPdsU2FT2KLRE1zHOv3ipoFyc",
+		"refreshExpired": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3Mzk2NzIyNDgsImlhdCI6MTczOTY3MjI0OCwiaXNzIjoiMTI3LjAuMC4xIiwianRpIjoiZTg5YTc5MTYtZGEzYi00YmJhLWI3ZDMtOWI1N2ViNjRhMmU0Iiwic2NvcGUiOiJyZWZyZXNoIiwic3ViIjoxLCJ0dGwiOiJzZXNzaW9uIn0.rH_fytC7Duxo598xacu820pQKF9ELbG8674h_bK_c4I",
+		"accessRevoked":  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjQ4OTU2NzE5MjIsImZyZXNoIjoxNzM5NjcxOTIyLCJpYXQiOjE3Mzk2NzE5MjIsImlzcyI6IjEyNy4wLjAuMSIsImp0aSI6IjBhNmIzMzhlLTkzMGEtNDNmZS04ZjcwLTFhNmRhZWQyNTZmYSIsInNjb3BlIjoiYWNjZXNzIiwic3ViIjoxLCJ0dGwiOiJzZXNzaW9uIn0.mZLuCp9amcm2_CqYvbHPlk86nfiuy_Or8TlntUCw4Qs",
+		"refreshRevoked": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjMzMjk5Njc1NjcxLCJpYXQiOjE3Mzk2NzU2NzEsImlzcyI6IjEyNy4wLjAuMSIsImp0aSI6ImI3ZmE1MWRjLTg1MzItNDJlMS04NzU2LTVkMjViZmIyMDAzYSIsInNjb3BlIjoicmVmcmVzaCIsInN1YiI6MSwidHRsIjoic2Vzc2lvbiJ9.5Q9yDZN5FubfCWHclUUZEkJPOUHcOEpVpgcUK-ameHo",
+		"invalid":        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODUxNDA5ODQsImlhdCI6MTQ4NTEzNzM4NCwiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiIyOWFjMGMxOC0wYjRhLTQyY2YtODJmYy0wM2Q1NzAzMThhMWQiLCJhcHBsaWNhdGlvbklkIjoiNzkxMDM3MzQtOTdhYi00ZDFhLWFmMzctZTAwNmQwNWQyOTUyIiwicm9sZXMiOltdfQ.Mp0Pcwsz5VECK11Kf2ZZNF_SMKu5CgBeLN9ZOP04kZo",
+	}
+	return tokens
+}
diff --git a/testdata.sql b/testdata.sql
index 6b05c97..be1ee04 100644
--- a/testdata.sql
+++ b/testdata.sql
@@ -1 +1,3 @@
-INSERT INTO users VALUES(1,'testuser','hashedpassword',1738995274);
+INSERT INTO users VALUES(1,'testuser','hashedpassword',1738995274, 'bio');
+INSERT INTO jwtblacklist VALUES('0a6b338e-930a-43fe-8f70-1a6daed256fa', 33299675344);
+INSERT INTO jwtblacklist VALUES('b7fa51dc-8532-42e1-8756-5d25bfb2003a', 33299675344);

From 31f1b83da424b302e4c9fbaecf9d775f119b3983 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 15:15:52 +1100
Subject: [PATCH 15/31] Added page protection and reauthentication tests

---
 Makefile                            |  4 +-
 middleware/pageprotection.go        |  1 +
 middleware/pageprotection_test.go   | 81 ++++++++++++++++++++++++++
 middleware/reauthentication_test.go | 88 +++++++++++++++++++++++++++++
 4 files changed, 172 insertions(+), 2 deletions(-)
 create mode 100644 middleware/pageprotection_test.go
 create mode 100644 middleware/reauthentication_test.go

diff --git a/Makefile b/Makefile
index a2f26e2..68d12a7 100644
--- a/Makefile
+++ b/Makefile
@@ -21,8 +21,8 @@ tester:
 test:
 	rm -f **/.projectreshoot-test-database.db
 	go mod tidy && \
-	go test . -v
-	go test ./middleware -v
+	go test .
+	go test ./middleware
 
 clean:
 	go clean
diff --git a/middleware/pageprotection.go b/middleware/pageprotection.go
index 64ef4da..f5537b2 100644
--- a/middleware/pageprotection.go
+++ b/middleware/pageprotection.go
@@ -11,6 +11,7 @@ func RequiresLogin(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		user := contexts.GetUser(r.Context())
 		if user == nil {
+			w.WriteHeader(http.StatusUnauthorized)
 			page.Error(
 				"401",
 				"Unauthorized",
diff --git a/middleware/pageprotection_test.go b/middleware/pageprotection_test.go
new file mode 100644
index 0000000..de79975
--- /dev/null
+++ b/middleware/pageprotection_test.go
@@ -0,0 +1,81 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"projectreshoot/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPageLoginRequired(t *testing.T) {
+	// Basic setup
+	cfg, err := tests.TestConfig()
+	require.NoError(t, err)
+	logger := tests.NilLogger()
+	conn, err := tests.SetupTestDB()
+	require.NoError(t, err)
+	require.NotNil(t, conn)
+	defer tests.DeleteTestDB()
+
+	// Handler to check outcome of Authentication middleware
+	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+
+	// Add the middleware and create the server
+	loginRequiredHandler := RequiresLogin(testHandler)
+	authHandler := Authentication(logger, cfg, conn, loginRequiredHandler)
+	server := httptest.NewServer(authHandler)
+	defer server.Close()
+
+	tokens := getTokens()
+
+	tests := []struct {
+		name         string
+		accessToken  string
+		refreshToken string
+		expectedCode int
+	}{
+		{
+			name:         "Valid Login",
+			accessToken:  tokens["accessFresh"],
+			refreshToken: "",
+			expectedCode: http.StatusOK,
+		},
+		{
+			name:         "Expired login",
+			accessToken:  tokens["accessExpired"],
+			refreshToken: tokens["refreshExpired"],
+			expectedCode: http.StatusUnauthorized,
+		},
+		{
+			name:         "No login",
+			accessToken:  "",
+			refreshToken: "",
+			expectedCode: http.StatusUnauthorized,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{}
+
+			req, _ := http.NewRequest(http.MethodGet, server.URL, nil)
+
+			// Add cookies if provided
+			if tt.accessToken != "" {
+				req.AddCookie(&http.Cookie{Name: "access", Value: tt.accessToken})
+			}
+			if tt.refreshToken != "" {
+				req.AddCookie(&http.Cookie{Name: "refresh", Value: tt.refreshToken})
+			}
+
+			resp, err := client.Do(req)
+			assert.NoError(t, err)
+			assert.Equal(t, tt.expectedCode, resp.StatusCode)
+		})
+	}
+}
diff --git a/middleware/reauthentication_test.go b/middleware/reauthentication_test.go
new file mode 100644
index 0000000..63017cb
--- /dev/null
+++ b/middleware/reauthentication_test.go
@@ -0,0 +1,88 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"projectreshoot/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionReauthRequired(t *testing.T) {
+	// Basic setup
+	cfg, err := tests.TestConfig()
+	require.NoError(t, err)
+	logger := tests.NilLogger()
+	conn, err := tests.SetupTestDB()
+	require.NoError(t, err)
+	require.NotNil(t, conn)
+	defer tests.DeleteTestDB()
+
+	// Handler to check outcome of Authentication middleware
+	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+
+	// Add the middleware and create the server
+	reauthRequiredHandler := RequiresFresh(testHandler)
+	loginRequiredHandler := RequiresLogin(reauthRequiredHandler)
+	authHandler := Authentication(logger, cfg, conn, loginRequiredHandler)
+	server := httptest.NewServer(authHandler)
+	defer server.Close()
+
+	tokens := getTokens()
+
+	tests := []struct {
+		name         string
+		accessToken  string
+		refreshToken string
+		expectedCode int
+	}{
+		{
+			name:         "Fresh Login",
+			accessToken:  tokens["accessFresh"],
+			refreshToken: "",
+			expectedCode: http.StatusOK,
+		},
+		{
+			name:         "Unfresh Login",
+			accessToken:  tokens["accessUnfresh"],
+			refreshToken: "",
+			expectedCode: 444,
+		},
+		{
+			name:         "Expired login",
+			accessToken:  tokens["accessExpired"],
+			refreshToken: tokens["refreshExpired"],
+			expectedCode: http.StatusUnauthorized,
+		},
+		{
+			name:         "No login",
+			accessToken:  "",
+			refreshToken: "",
+			expectedCode: http.StatusUnauthorized,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{}
+
+			req, _ := http.NewRequest(http.MethodGet, server.URL, nil)
+
+			// Add cookies if provided
+			if tt.accessToken != "" {
+				req.AddCookie(&http.Cookie{Name: "access", Value: tt.accessToken})
+			}
+			if tt.refreshToken != "" {
+				req.AddCookie(&http.Cookie{Name: "refresh", Value: tt.refreshToken})
+			}
+
+			resp, err := client.Do(req)
+			assert.NoError(t, err)
+			assert.Equal(t, tt.expectedCode, resp.StatusCode)
+		})
+	}
+}

From fafb9b436f135ed77582c0fa633a4b208d74f1c6 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 17:57:27 +1100
Subject: [PATCH 16/31] Fixed static file embedding

---
 handlers/static.go       |  4 ++--
 main.go                  | 31 +++++++++++++++++++++++++++----
 middleware/excluded.go   | 25 -------------------------
 middleware/favicon.go    | 17 -----------------
 server/routes.go         |  3 ++-
 server/server.go         |  6 ++----
 view/layout/global.templ |  1 +
 7 files changed, 34 insertions(+), 53 deletions(-)
 delete mode 100644 middleware/excluded.go
 delete mode 100644 middleware/favicon.go

diff --git a/handlers/static.go b/handlers/static.go
index 768e6e1..bc198dd 100644
--- a/handlers/static.go
+++ b/handlers/static.go
@@ -42,10 +42,10 @@ func (f neuteredReaddirFile) Readdir(count int) ([]os.FileInfo, error) {
 
 // Handles requests for static files, without allowing access to the
 // directory viewer and returning 404 if an exact file is not found
-func HandleStatic() http.Handler {
+func HandleStatic(staticFS *http.FileSystem) http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
-			nfs := justFilesFilesystem{http.Dir("static")}
+			nfs := justFilesFilesystem{*staticFS}
 			fs := http.FileServer(nfs)
 			fs.ServeHTTP(w, r)
 		},
diff --git a/main.go b/main.go
index 1bcf240..84ed2fd 100644
--- a/main.go
+++ b/main.go
@@ -6,6 +6,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"io/fs"
 	"net"
 	"net/http"
 	"os"
@@ -22,6 +23,26 @@ import (
 	"github.com/pkg/errors"
 )
 
+//go:embed static/*
+var embeddedStatic embed.FS
+
+// Gets the static files
+func getStaticFiles() (http.FileSystem, error) {
+	if _, err := os.Stat("static"); err == nil {
+		// Use actual filesystem in development
+		fmt.Println("Using filesystem for static files")
+		return http.Dir("static"), nil
+	} else {
+		// Use embedded filesystem in production
+		fmt.Println("Using embedded static files")
+		subFS, err := fs.Sub(embeddedStatic, "static")
+		if err != nil {
+			return nil, errors.Wrap(err, "fs.Sub")
+		}
+		return http.FS(subFS), nil
+	}
+}
+
 // Initializes and runs the server
 func run(ctx context.Context, w io.Writer, args map[string]string) error {
 	ctx, cancel := signal.NotifyContext(ctx, os.Interrupt)
@@ -62,7 +83,12 @@ func run(ctx context.Context, w io.Writer, args map[string]string) error {
 	}
 	defer conn.Close()
 
-	srv := server.NewServer(config, logger, conn)
+	staticFS, err := getStaticFiles()
+	if err != nil {
+		return errors.Wrap(err, "getStaticFiles")
+	}
+
+	srv := server.NewServer(config, logger, conn, &staticFS)
 	httpServer := &http.Server{
 		Addr:              net.JoinHostPort(config.Host, config.Port),
 		Handler:           srv,
@@ -101,9 +127,6 @@ func run(ctx context.Context, w io.Writer, args map[string]string) error {
 	return nil
 }
 
-//go:embed static/*
-var static embed.FS
-
 // Start of runtime. Parse commandline arguments & flags, Initializes context
 // and starts the server
 func main() {
diff --git a/middleware/excluded.go b/middleware/excluded.go
deleted file mode 100644
index cc31749..0000000
--- a/middleware/excluded.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-	"strings"
-)
-
-var excludedFiles = map[string]bool{
-	"/static/css/output.css": true,
-}
-
-// Checks is path requested if for an excluded file and returns the file
-// instead of passing the request onto the next middleware
-func ExcludedFiles(next http.Handler) http.Handler {
-	return http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			if excludedFiles[r.URL.Path] {
-				filePath := strings.TrimPrefix(r.URL.Path, "/")
-				http.ServeFile(w, r, filePath)
-			} else {
-				next.ServeHTTP(w, r)
-			}
-		},
-	)
-}
diff --git a/middleware/favicon.go b/middleware/favicon.go
deleted file mode 100644
index 41385fa..0000000
--- a/middleware/favicon.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-)
-
-func Favicon(next http.Handler) http.Handler {
-	return http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			if r.URL.Path == "/favicon.ico" {
-				http.ServeFile(w, r, "static/favicon.ico")
-			} else {
-				next.ServeHTTP(w, r)
-			}
-		},
-	)
-}
diff --git a/server/routes.go b/server/routes.go
index 606036e..a92885f 100644
--- a/server/routes.go
+++ b/server/routes.go
@@ -18,12 +18,13 @@ func addRoutes(
 	logger *zerolog.Logger,
 	config *config.Config,
 	conn *sql.DB,
+	staticFS *http.FileSystem,
 ) {
 	// Health check
 	mux.HandleFunc("GET /healthz", func(http.ResponseWriter, *http.Request) {})
 
 	// Static files
-	mux.Handle("GET /static/", http.StripPrefix("/static/", handlers.HandleStatic()))
+	mux.Handle("GET /static/", http.StripPrefix("/static/", handlers.HandleStatic(staticFS)))
 
 	// Index page and unhandled catchall (404)
 	mux.Handle("GET /", handlers.HandleRoot())
diff --git a/server/server.go b/server/server.go
index e460546..648082f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -15,6 +15,7 @@ func NewServer(
 	config *config.Config,
 	logger *zerolog.Logger,
 	conn *sql.DB,
+	staticFS *http.FileSystem,
 ) http.Handler {
 	mux := http.NewServeMux()
 	addRoutes(
@@ -22,6 +23,7 @@ func NewServer(
 		logger,
 		config,
 		conn,
+		staticFS,
 	)
 	var handler http.Handler = mux
 	// Add middleware here, must be added in reverse order of execution
@@ -29,10 +31,6 @@ func NewServer(
 	handler = middleware.Logging(logger, handler)
 	handler = middleware.Authentication(logger, config, conn, handler)
 
-	// Serve the favicon and exluded files before any middleware is added
-	handler = middleware.ExcludedFiles(handler)
-	handler = middleware.Favicon(handler)
-
 	// Gzip
 	handler = middleware.Gzip(handler, config.GZIP)
 
diff --git a/view/layout/global.templ b/view/layout/global.templ
index 0b5c155..17f58eb 100644
--- a/view/layout/global.templ
+++ b/view/layout/global.templ
@@ -34,6 +34,7 @@ templ Global() {
 			<meta charset="UTF-8"/>
 			<meta name="viewport" content="width=device-width, initial-scale=1"/>
 			<title>Project Reshoot</title>
+			<link rel="icon" type="image/x-icon" href="/static/favicon.ico"/>
 			<link href="/static/css/output.css" rel="stylesheet"/>
 			<script src="https://unpkg.com/htmx.org@2.0.4" integrity="sha384-HGfztofotfshcF7+8n44JQL2oJmowVChPTg48S+jvZoztPfvwD79OC/LTtG6dMp+" crossorigin="anonymous"></script>
 			<script defer src="https://cdn.jsdelivr.net/npm/@alpinejs/persist@3.x.x/dist/cdn.min.js"></script>

From a39776b526c879d1e0327f7f4dcc765d18eaffb4 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 18:30:48 +1100
Subject: [PATCH 17/31] Added service file for deployment

---
 deploy/systemd/production.service | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 deploy/systemd/production.service

diff --git a/deploy/systemd/production.service b/deploy/systemd/production.service
new file mode 100644
index 0000000..0c4cacb
--- /dev/null
+++ b/deploy/systemd/production.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=Project Reshoot
+After=network.target
+
+[Service]
+ExecStart=/home/deploy/production/projectreshoot
+WorkingDirectory=/home/deploy/production
+User=deploy
+Group=deploy
+Environment="HOST=0.0.0.0"
+Environment="PORT=3000"
+Environment="TRUSTED_HOST=projectreshoot.com"
+Environment="SSL=true"
+Environment="GZIP=true"
+Environment="LOG_LEVEL=info"
+Environment="LOG_DIR=/home/deploy/production/logs"
+LimitNOFILE=65536
+Restart=on-failure
+TimeoutSec=30
+PrivateTmp=true
+NoNewPrivilages=true
+AmbientCapabilites=CAP_NET_BIND_SERVICE
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

From 93e9f4ef01a513e97c1800826303fcd023bcfacb Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 18:48:45 +1100
Subject: [PATCH 18/31] Added envfile to service file

---
 deploy/systemd/production.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/deploy/systemd/production.service b/deploy/systemd/production.service
index 0c4cacb..dfc1e11 100644
--- a/deploy/systemd/production.service
+++ b/deploy/systemd/production.service
@@ -7,6 +7,7 @@ ExecStart=/home/deploy/production/projectreshoot
 WorkingDirectory=/home/deploy/production
 User=deploy
 Group=deploy
+EnvironmentFile=/etc/env/projectreshoot.env
 Environment="HOST=0.0.0.0"
 Environment="PORT=3000"
 Environment="TRUSTED_HOST=projectreshoot.com"

From fb1168a7cc5ff200041f58e4db293688839dd286 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 21:07:13 +1100
Subject: [PATCH 19/31] Updated service files

---
 deploy/systemd/production.service |  3 ++-
 deploy/systemd/staging.service    | 29 +++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 deploy/systemd/staging.service

diff --git a/deploy/systemd/production.service b/deploy/systemd/production.service
index dfc1e11..616dc37 100644
--- a/deploy/systemd/production.service
+++ b/deploy/systemd/production.service
@@ -8,12 +8,13 @@ WorkingDirectory=/home/deploy/production
 User=deploy
 Group=deploy
 EnvironmentFile=/etc/env/projectreshoot.env
-Environment="HOST=0.0.0.0"
+Environment="HOST=127.0.0.1"
 Environment="PORT=3000"
 Environment="TRUSTED_HOST=projectreshoot.com"
 Environment="SSL=true"
 Environment="GZIP=true"
 Environment="LOG_LEVEL=info"
+Environment="LOG_OUTPUT=file"
 Environment="LOG_DIR=/home/deploy/production/logs"
 LimitNOFILE=65536
 Restart=on-failure
diff --git a/deploy/systemd/staging.service b/deploy/systemd/staging.service
new file mode 100644
index 0000000..566aa56
--- /dev/null
+++ b/deploy/systemd/staging.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Project Reshoot Staging
+After=network.target
+
+[Service]
+ExecStart=/home/deploy/staging/projectreshoot
+WorkingDirectory=/home/deploy/staging
+User=deploy
+Group=deploy
+EnvironmentFile=/etc/env/staging.projectreshoot.env
+Environment="HOST=127.0.0.1"
+Environment="PORT=3005"
+Environment="TRUSTED_HOST=staging.projectreshoot.com"
+Environment="SSL=true"
+Environment="GZIP=true"
+Environment="LOG_LEVEL=debug"
+Environment="LOG_OUTPUT=both"
+Environment="LOG_DIR=/home/deploy/staging/logs"
+LimitNOFILE=65536
+Restart=on-failure
+TimeoutSec=30
+PrivateTmp=true
+NoNewPrivilages=true
+AmbientCapabilites=CAP_NET_BIND_SERVICE
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

From 5892d6a7e6d9929d82db445a36585cb7c96e5433 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 22:22:30 +1100
Subject: [PATCH 20/31] Added deployment scripts

---
 .github/workflows/deploy_staging.yaml | 55 ++++++++++++++++
 Makefile                              |  4 +-
 deploy/deploy_staging.sh              | 94 +++++++++++++++++++++++++++
 deploy/systemd/production@.service    | 29 +++++++++
 deploy/systemd/staging@.service       | 29 +++++++++
 5 files changed, 209 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/deploy_staging.yaml
 create mode 100644 deploy/deploy_staging.sh
 create mode 100644 deploy/systemd/production@.service
 create mode 100644 deploy/systemd/staging@.service

diff --git a/.github/workflows/deploy_staging.yaml b/.github/workflows/deploy_staging.yaml
new file mode 100644
index 0000000..21f7705
--- /dev/null
+++ b/.github/workflows/deploy_staging.yaml
@@ -0,0 +1,55 @@
+name: Deploy Staging to Server
+
+on:
+  push:
+    branches:
+      - staging
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24.x'
+
+      - name: Install Templ
+        run: go install github.com/a-h/templ/cmd/templ@latest
+
+      - name: Install tailwindcsscli
+        run: |
+          curl -fsSL -o tailwindcss https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64
+          chmod +x tailwindcss
+          sudo mv tailwindcss /usr/local/bin/
+
+      - name: Run tests
+        run: make test
+
+      - name: Build the binary
+        run: make build
+
+      - name: Deploy to Server
+        env:
+          USER: deploy
+          HOST: projectreshoot.com
+          DIR: /home/deploy/releases/staging
+          DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$DEPLOY_SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+
+          echo "Host *" > ~/.ssh/config
+          echo "  StrictHostKeyChecking no" >> ~/.ssh/config
+          echo "  UserKnownHostsFile /dev/null" >> ~/.ssh/config
+
+          ssh -i ~/.ssh/id_ed25519 $USER@$HOST mkdir -p $DIR
+
+          scp -i ~/.ssh/id_ed25519 projectreshoot-${GITHUB_SHA} $USER@$HOST:$DIR
+
+          ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy.sh $GITHUB_SHA
diff --git a/Makefile b/Makefile
index 68d12a7..7c92eaf 100644
--- a/Makefile
+++ b/Makefile
@@ -21,8 +21,8 @@ tester:
 test:
 	rm -f **/.projectreshoot-test-database.db
 	go mod tidy && \
-	go test .
-	go test ./middleware
+	go generate && \
+	go test ./...
 
 clean:
 	go clean
diff --git a/deploy/deploy_staging.sh b/deploy/deploy_staging.sh
new file mode 100644
index 0000000..e7c77bf
--- /dev/null
+++ b/deploy/deploy_staging.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# Exit on error
+set -e
+
+# Check if commit hash is passed as an argument
+if [ -z "$1" ]; then
+  echo "Usage: $0 <commit-hash>"
+  exit 1
+fi
+
+COMMIT_HASH=$1
+RELEASES_DIR="/home/deploy/releases/staging"
+DEPLOY_BIN="/home/deploy/staging/projectreshoot"
+SERVICE_NAME="staging.projectreshoot"
+BINARY_NAME="projectreshoot-${COMMIT_HASH}"
+declare -a PORTS=("3005" "3006" "3007")
+
+# Check if the binary exists
+if [ ! -f "${RELEASES_DIR}/${BINARY_NAME}" ]; then
+  echo "Binary ${BINARY_NAME} not found in ${RELEASES_DIR}"
+  exit 1
+fi
+
+# Keep a reference to the previous binary from the symlink
+if [ -L "${DEPLOY_BIN}" ]; then
+  PREVIOUS=$(readlink -f $DEPLOY_BIN)
+  echo "Current binary is ${PREVIOUS}, saved for rollback."
+else
+  echo "No symbolic link found, no previous binary to backup."
+  PREVIOUS=""
+fi
+
+rollback_deployment() {
+  if [ -n "$PREVIOUS" ]; then
+    echo "Rolling back to previous binary: ${PREVIOUS}"
+    ln -sfn "${PREVIOUS}" "${DEPLOY_BIN}"
+  else
+    echo "No previous binary to roll back to."
+  fi
+
+  # wait to restart the services
+  sleep 10
+
+  # Restart all services with the previous binary
+  for port in "${PORTS[@]}"; do
+    SERVICE="${SERVICE_NAME}@${port}.service"
+    echo "Restarting $SERVICE..."
+    sudo systemctl restart $SERVICE
+  done
+
+  echo "Rollback completed."
+}
+
+# Copy the binary to the deployment directory
+echo "Promoting ${BINARY_NAME} to ${DEPLOY_BIN}..."
+ln -sf "${RELEASES_DIR}/${BINARY_NAME}" "${DEPLOY_BIN}"
+
+WAIT_TIME=5
+restart_service() {
+  local port=$1
+  local SERVICE="${SERVICE_NAME}@${port}.service"
+  echo "Restarting ${SERVICE}..."
+
+  # Restart the service
+  if ! sudo systemctl restart "$SERVICE"; then
+    echo "Error: Failed to restart ${SERVICE}. Rolling back deployment."
+
+    # Call the rollback function
+    rollback_deployment
+    exit 1
+  fi
+
+  # Wait a few seconds to allow the service to fully start
+  echo "Waiting for ${SERVICE} to fully start..."
+  sleep $WAIT_TIME
+
+  # Check the status of the service
+  if ! systemctl is-active --quiet "${SERVICE}"; then
+    echo "Error: ${SERVICE} failed to start correctly. Rolling back deployment."
+
+    # Call the rollback function
+    rollback_deployment
+    exit 1
+  fi
+
+  echo "${SERVICE}.service restarted successfully."
+}
+
+for port in "${PORTS[@]}"; do
+  restart_service $port
+done
+
+echo "Deployment completed successfully."
diff --git a/deploy/systemd/production@.service b/deploy/systemd/production@.service
new file mode 100644
index 0000000..84e3f2d
--- /dev/null
+++ b/deploy/systemd/production@.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Project Reshoot %i
+After=network.target
+
+[Service]
+ExecStart=/home/deploy/production/projectreshoot
+WorkingDirectory=/home/deploy/production
+User=deploy
+Group=deploy
+EnvironmentFile=/etc/env/projectreshoot.env
+Environment="HOST=127.0.0.1"
+Environment="PORT=%i"
+Environment="TRUSTED_HOST=projectreshoot.com"
+Environment="SSL=true"
+Environment="GZIP=true"
+Environment="LOG_LEVEL=info"
+Environment="LOG_OUTPUT=file"
+Environment="LOG_DIR=/home/deploy/production/logs"
+LimitNOFILE=65536
+Restart=on-failure
+TimeoutSec=30
+PrivateTmp=true
+NoNewPrivilages=true
+AmbientCapabilites=CAP_NET_BIND_SERVICE
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
diff --git a/deploy/systemd/staging@.service b/deploy/systemd/staging@.service
new file mode 100644
index 0000000..8dad36f
--- /dev/null
+++ b/deploy/systemd/staging@.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Project Reshoot Staging %i
+After=network.target
+
+[Service]
+ExecStart=/home/deploy/staging/projectreshoot
+WorkingDirectory=/home/deploy/staging
+User=deploy
+Group=deploy
+EnvironmentFile=/etc/env/staging.projectreshoot.env
+Environment="HOST=127.0.0.1"
+Environment="PORT=%i"
+Environment="TRUSTED_HOST=staging.projectreshoot.com"
+Environment="SSL=true"
+Environment="GZIP=true"
+Environment="LOG_LEVEL=debug"
+Environment="LOG_OUTPUT=both"
+Environment="LOG_DIR=/home/deploy/staging/logs"
+LimitNOFILE=65536
+Restart=on-failure
+TimeoutSec=30
+PrivateTmp=true
+ProtectSystem=full
+ProtectHome=yes
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target

From 9b0c41c34b5447a47fa693b4016362777e75eb21 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 22:27:13 +1100
Subject: [PATCH 21/31] Fixed deployment scripts

---
 .github/workflows/deploy_staging.yaml | 3 +++
 Makefile                              | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/.github/workflows/deploy_staging.yaml b/.github/workflows/deploy_staging.yaml
index 21f7705..c5af658 100644
--- a/.github/workflows/deploy_staging.yaml
+++ b/.github/workflows/deploy_staging.yaml
@@ -27,6 +27,9 @@ jobs:
           chmod +x tailwindcss
           sudo mv tailwindcss /usr/local/bin/
 
+      - name: Run init
+        run: make init
+
       - name: Run tests
         run: make test
 
diff --git a/Makefile b/Makefile
index 7c92eaf..99a6fd7 100644
--- a/Makefile
+++ b/Makefile
@@ -26,3 +26,9 @@ test:
 
 clean:
 	go clean
+
+
+init:
+	go mod init projectreshoot
+	go mod tidy
+	go generate

From 9da261aae2f5f87dbf411a65accb0c0726c6197f Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 22:30:34 +1100
Subject: [PATCH 22/31] Revert "Fixed deployment scripts"

---
 .github/workflows/deploy_staging.yaml | 3 ---
 Makefile                              | 6 ------
 2 files changed, 9 deletions(-)

diff --git a/.github/workflows/deploy_staging.yaml b/.github/workflows/deploy_staging.yaml
index c5af658..21f7705 100644
--- a/.github/workflows/deploy_staging.yaml
+++ b/.github/workflows/deploy_staging.yaml
@@ -27,9 +27,6 @@ jobs:
           chmod +x tailwindcss
           sudo mv tailwindcss /usr/local/bin/
 
-      - name: Run init
-        run: make init
-
       - name: Run tests
         run: make test
 
diff --git a/Makefile b/Makefile
index 99a6fd7..7c92eaf 100644
--- a/Makefile
+++ b/Makefile
@@ -26,9 +26,3 @@ test:
 
 clean:
 	go clean
-
-
-init:
-	go mod init projectreshoot
-	go mod tidy
-	go generate

From 50140529738650093ebbf941babf4d97a5694b49 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 22:37:26 +1100
Subject: [PATCH 23/31] Fixed makefile test command

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 7c92eaf..77c65c4 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,7 @@ tester:
 test:
 	rm -f **/.projectreshoot-test-database.db
 	go mod tidy && \
+   	templ generate && \
 	go generate && \
 	go test ./...
 

From 8ca99bca675ef6b588d429e425e9f3e54c37dd7f Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 22:42:21 +1100
Subject: [PATCH 24/31] Changed default port to 3010

---
 config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/config.go b/config/config.go
index da62d0d..25654d6 100644
--- a/config/config.go
+++ b/config/config.go
@@ -53,7 +53,7 @@ func GetConfig(args map[string]string) (*Config, error) {
 	if args["port"] != "" {
 		port = args["port"]
 	} else {
-		port = GetEnvDefault("PORT", "3333")
+		port = GetEnvDefault("PORT", "3010")
 	}
 	if args["loglevel"] != "" {
 		logLevel = logging.GetLogLevel(args["loglevel"])

From 2be0e68646c703dbe643bd7bc3b6f2837f8023ec Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 22:51:07 +1100
Subject: [PATCH 25/31] Update Makefile

---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 77c65c4..ba2a67a 100644
--- a/Makefile
+++ b/Makefile
@@ -19,11 +19,11 @@ tester:
 	go run . --port 3232 --test --loglevel trace
 
 test:
-	rm -f **/.projectreshoot-test-database.db
+	rm -f **/.projectreshoot-test-database.db && \
 	go mod tidy && \
    	templ generate && \
 	go generate && \
-	go test ./...
+	go test ./middleware
 
 clean:
 	go clean

From ad2f09457c428dbcd573320d4969c0a8e52bbb14 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 22:58:57 +1100
Subject: [PATCH 26/31] Fixes to deployment

---
 .github/workflows/deploy_staging.yaml | 2 +-
 Makefile                              | 6 +++---
 deploy/deploy_staging.sh              | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/deploy_staging.yaml b/.github/workflows/deploy_staging.yaml
index 21f7705..cbfa863 100644
--- a/.github/workflows/deploy_staging.yaml
+++ b/.github/workflows/deploy_staging.yaml
@@ -31,7 +31,7 @@ jobs:
         run: make test
 
       - name: Build the binary
-        run: make build
+        run: make build SUFFIX=-staging-$GITHUB_SHA
 
       - name: Deploy to Server
         env:
diff --git a/Makefile b/Makefile
index 77c65c4..a8dc81f 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ build:
 	go mod tidy && \
    	templ generate && \
 	go generate && \
-	go build -ldflags="-w -s" -o ${BINARY_NAME}
+	go build -ldflags="-w -s" -o ${BINARY_NAME}${SUFFIX}
 
 dev:
 	templ generate --watch &\
@@ -19,11 +19,11 @@ tester:
 	go run . --port 3232 --test --loglevel trace
 
 test:
-	rm -f **/.projectreshoot-test-database.db
+	rm -f **/.projectreshoot-test-database.db && \
 	go mod tidy && \
    	templ generate && \
 	go generate && \
-	go test ./...
+	go test ./middleware
 
 clean:
 	go clean
diff --git a/deploy/deploy_staging.sh b/deploy/deploy_staging.sh
index e7c77bf..3ada4c5 100644
--- a/deploy/deploy_staging.sh
+++ b/deploy/deploy_staging.sh
@@ -13,7 +13,7 @@ COMMIT_HASH=$1
 RELEASES_DIR="/home/deploy/releases/staging"
 DEPLOY_BIN="/home/deploy/staging/projectreshoot"
 SERVICE_NAME="staging.projectreshoot"
-BINARY_NAME="projectreshoot-${COMMIT_HASH}"
+BINARY_NAME="projectreshoot-staging-${COMMIT_HASH}"
 declare -a PORTS=("3005" "3006" "3007")
 
 # Check if the binary exists

From 0ff2f22b277c5416a2787cbd1a7e28e50f9d4c45 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 23:02:25 +1100
Subject: [PATCH 27/31] Fixed branch not in scp command

---
 .github/workflows/deploy_staging.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy_staging.yaml b/.github/workflows/deploy_staging.yaml
index cbfa863..18525bb 100644
--- a/.github/workflows/deploy_staging.yaml
+++ b/.github/workflows/deploy_staging.yaml
@@ -50,6 +50,6 @@ jobs:
 
           ssh -i ~/.ssh/id_ed25519 $USER@$HOST mkdir -p $DIR
 
-          scp -i ~/.ssh/id_ed25519 projectreshoot-${GITHUB_SHA} $USER@$HOST:$DIR
+          scp -i ~/.ssh/id_ed25519 projectreshoot-staging-${GITHUB_SHA} $USER@$HOST:$DIR
 
           ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy.sh $GITHUB_SHA

From 4cb704e95c3f5b69f6897fca7a6ebfd7ef28e600 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 23:06:26 +1100
Subject: [PATCH 28/31] Fixed wrong path to deploy script

---
 .github/workflows/deploy_staging.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy_staging.yaml b/.github/workflows/deploy_staging.yaml
index 18525bb..aab9831 100644
--- a/.github/workflows/deploy_staging.yaml
+++ b/.github/workflows/deploy_staging.yaml
@@ -52,4 +52,4 @@ jobs:
 
           scp -i ~/.ssh/id_ed25519 projectreshoot-staging-${GITHUB_SHA} $USER@$HOST:$DIR
 
-          ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy.sh $GITHUB_SHA
+          ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy_staging.sh $GITHUB_SHA

From 66daa33f224c95b37850b792f6889b9d20ff35b2 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 23:27:07 +1100
Subject: [PATCH 29/31] Fixed tailwind not generated on build

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index a8dc81f..72a5804 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,7 @@
 BINARY_NAME=projectreshoot
 
 build:
+	tailwindcss -i ./static/css/input.css -o ./static/css/output.css && \
 	go mod tidy && \
    	templ generate && \
 	go generate && \

From 694f5682759bd90c00f610cfd19e1b0364bd2b41 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 23:28:42 +1100
Subject: [PATCH 30/31] Made an update to the index page to test staging
 rolling release

---
 view/page/index.templ | 1 +
 1 file changed, 1 insertion(+)

diff --git a/view/page/index.templ b/view/page/index.templ
index e4e78a6..4fa1163 100644
--- a/view/page/index.templ
+++ b/view/page/index.templ
@@ -8,6 +8,7 @@ templ Index() {
 		<div class="text-center mt-24">
 			<div class="text-4xl lg:text-6xl">Project Reshoot</div>
 			<div>A better way to discover and rate films</div>
+			<div>If you're seeing this text, you're my favourite :)</div>
 		</div>
 	}
 }

From 0aa0228c632243ce935c2d17eda751ad569bc033 Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Sun, 16 Feb 2025 23:55:02 +1100
Subject: [PATCH 31/31] Added deploy scripts for master/production

---
 .github/workflows/deploy_production.yaml | 55 ++++++++++++++
 deploy/caddy/Caddyfile                   | 12 +++
 deploy/deploy_production.sh              | 94 ++++++++++++++++++++++++
 deploy/systemd/production.service        | 29 --------
 deploy/systemd/production@.service       |  2 -
 deploy/systemd/staging.service           | 29 --------
 6 files changed, 161 insertions(+), 60 deletions(-)
 create mode 100644 .github/workflows/deploy_production.yaml
 create mode 100644 deploy/caddy/Caddyfile
 create mode 100644 deploy/deploy_production.sh
 delete mode 100644 deploy/systemd/production.service
 delete mode 100644 deploy/systemd/staging.service

diff --git a/.github/workflows/deploy_production.yaml b/.github/workflows/deploy_production.yaml
new file mode 100644
index 0000000..576ee4d
--- /dev/null
+++ b/.github/workflows/deploy_production.yaml
@@ -0,0 +1,55 @@
+name: Deploy Staging to Server
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24.x'
+
+      - name: Install Templ
+        run: go install github.com/a-h/templ/cmd/templ@latest
+
+      - name: Install tailwindcsscli
+        run: |
+          curl -fsSL -o tailwindcss https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64
+          chmod +x tailwindcss
+          sudo mv tailwindcss /usr/local/bin/
+
+      - name: Run tests
+        run: make test
+
+      - name: Build the binary
+        run: make build SUFFIX=-production-$GITHUB_SHA
+
+      - name: Deploy to Server
+        env:
+          USER: deploy
+          HOST: projectreshoot.com
+          DIR: /home/deploy/releases/production
+          DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$DEPLOY_SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+
+          echo "Host *" > ~/.ssh/config
+          echo "  StrictHostKeyChecking no" >> ~/.ssh/config
+          echo "  UserKnownHostsFile /dev/null" >> ~/.ssh/config
+
+          ssh -i ~/.ssh/id_ed25519 $USER@$HOST mkdir -p $DIR
+
+          scp -i ~/.ssh/id_ed25519 projectreshoot-production-${GITHUB_SHA} $USER@$HOST:$DIR
+
+          ssh -i ~/.ssh/id_ed25519 $USER@$HOST 'bash -s' < ./deploy/deploy_production.sh $GITHUB_SHA
diff --git a/deploy/caddy/Caddyfile b/deploy/caddy/Caddyfile
new file mode 100644
index 0000000..7f29089
--- /dev/null
+++ b/deploy/caddy/Caddyfile
@@ -0,0 +1,12 @@
+projectreshoot.com {
+    reverse_proxy localhost:3000 localhost:3001 localhost:3002 {
+        health_uri /healthz
+            fail_duration 30s
+    }
+}
+staging.projectreshoot.com {
+    reverse_proxy localhost:3005 localhost:3006 localhost:3007 {
+        health_uri /healthz
+            fail_duration 30s
+    }
+}
diff --git a/deploy/deploy_production.sh b/deploy/deploy_production.sh
new file mode 100644
index 0000000..bc47915
--- /dev/null
+++ b/deploy/deploy_production.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# Exit on error
+set -e
+
+# Check if commit hash is passed as an argument
+if [ -z "$1" ]; then
+  echo "Usage: $0 <commit-hash>"
+  exit 1
+fi
+
+COMMIT_HASH=$1
+RELEASES_DIR="/home/deploy/releases/production"
+DEPLOY_BIN="/home/deploy/production/projectreshoot"
+SERVICE_NAME="projectreshoot"
+BINARY_NAME="projectreshoot-production-${COMMIT_HASH}"
+declare -a PORTS=("3000" "3001" "3002")
+
+# Check if the binary exists
+if [ ! -f "${RELEASES_DIR}/${BINARY_NAME}" ]; then
+  echo "Binary ${BINARY_NAME} not found in ${RELEASES_DIR}"
+  exit 1
+fi
+
+# Keep a reference to the previous binary from the symlink
+if [ -L "${DEPLOY_BIN}" ]; then
+  PREVIOUS=$(readlink -f $DEPLOY_BIN)
+  echo "Current binary is ${PREVIOUS}, saved for rollback."
+else
+  echo "No symbolic link found, no previous binary to backup."
+  PREVIOUS=""
+fi
+
+rollback_deployment() {
+  if [ -n "$PREVIOUS" ]; then
+    echo "Rolling back to previous binary: ${PREVIOUS}"
+    ln -sfn "${PREVIOUS}" "${DEPLOY_BIN}"
+  else
+    echo "No previous binary to roll back to."
+  fi
+
+  # wait to restart the services
+  sleep 10
+
+  # Restart all services with the previous binary
+  for port in "${PORTS[@]}"; do
+    SERVICE="${SERVICE_NAME}@${port}.service"
+    echo "Restarting $SERVICE..."
+    sudo systemctl restart $SERVICE
+  done
+
+  echo "Rollback completed."
+}
+
+# Copy the binary to the deployment directory
+echo "Promoting ${BINARY_NAME} to ${DEPLOY_BIN}..."
+ln -sf "${RELEASES_DIR}/${BINARY_NAME}" "${DEPLOY_BIN}"
+
+WAIT_TIME=5
+restart_service() {
+  local port=$1
+  local SERVICE="${SERVICE_NAME}@${port}.service"
+  echo "Restarting ${SERVICE}..."
+
+  # Restart the service
+  if ! sudo systemctl restart "$SERVICE"; then
+    echo "Error: Failed to restart ${SERVICE}. Rolling back deployment."
+
+    # Call the rollback function
+    rollback_deployment
+    exit 1
+  fi
+
+  # Wait a few seconds to allow the service to fully start
+  echo "Waiting for ${SERVICE} to fully start..."
+  sleep $WAIT_TIME
+
+  # Check the status of the service
+  if ! systemctl is-active --quiet "${SERVICE}"; then
+    echo "Error: ${SERVICE} failed to start correctly. Rolling back deployment."
+
+    # Call the rollback function
+    rollback_deployment
+    exit 1
+  fi
+
+  echo "${SERVICE}.service restarted successfully."
+}
+
+for port in "${PORTS[@]}"; do
+  restart_service $port
+done
+
+echo "Deployment completed successfully."
diff --git a/deploy/systemd/production.service b/deploy/systemd/production.service
deleted file mode 100644
index 616dc37..0000000
--- a/deploy/systemd/production.service
+++ /dev/null
@@ -1,29 +0,0 @@
-[Unit]
-Description=Project Reshoot
-After=network.target
-
-[Service]
-ExecStart=/home/deploy/production/projectreshoot
-WorkingDirectory=/home/deploy/production
-User=deploy
-Group=deploy
-EnvironmentFile=/etc/env/projectreshoot.env
-Environment="HOST=127.0.0.1"
-Environment="PORT=3000"
-Environment="TRUSTED_HOST=projectreshoot.com"
-Environment="SSL=true"
-Environment="GZIP=true"
-Environment="LOG_LEVEL=info"
-Environment="LOG_OUTPUT=file"
-Environment="LOG_DIR=/home/deploy/production/logs"
-LimitNOFILE=65536
-Restart=on-failure
-TimeoutSec=30
-PrivateTmp=true
-NoNewPrivilages=true
-AmbientCapabilites=CAP_NET_BIND_SERVICE
-StandardOutput=journal
-StandardError=journal
-
-[Install]
-WantedBy=multi-user.target
diff --git a/deploy/systemd/production@.service b/deploy/systemd/production@.service
index 84e3f2d..7a49b82 100644
--- a/deploy/systemd/production@.service
+++ b/deploy/systemd/production@.service
@@ -20,8 +20,6 @@ LimitNOFILE=65536
 Restart=on-failure
 TimeoutSec=30
 PrivateTmp=true
-NoNewPrivilages=true
-AmbientCapabilites=CAP_NET_BIND_SERVICE
 StandardOutput=journal
 StandardError=journal
 
diff --git a/deploy/systemd/staging.service b/deploy/systemd/staging.service
deleted file mode 100644
index 566aa56..0000000
--- a/deploy/systemd/staging.service
+++ /dev/null
@@ -1,29 +0,0 @@
-[Unit]
-Description=Project Reshoot Staging
-After=network.target
-
-[Service]
-ExecStart=/home/deploy/staging/projectreshoot
-WorkingDirectory=/home/deploy/staging
-User=deploy
-Group=deploy
-EnvironmentFile=/etc/env/staging.projectreshoot.env
-Environment="HOST=127.0.0.1"
-Environment="PORT=3005"
-Environment="TRUSTED_HOST=staging.projectreshoot.com"
-Environment="SSL=true"
-Environment="GZIP=true"
-Environment="LOG_LEVEL=debug"
-Environment="LOG_OUTPUT=both"
-Environment="LOG_DIR=/home/deploy/staging/logs"
-LimitNOFILE=65536
-Restart=on-failure
-TimeoutSec=30
-PrivateTmp=true
-NoNewPrivilages=true
-AmbientCapabilites=CAP_NET_BIND_SERVICE
-StandardOutput=journal
-StandardError=journal
-
-[Install]
-WantedBy=multi-user.target