build.sh

@@ -28,6 +28,6 @@ find -L "$searchDir" -type f -name "build.sh" | while read -r buildScript; do
 done
 clear
 fancy "\033[1;105m" "Building Fulgens..."
-go build -C "$path" --ldflags "-s -w" -o "$path/fulgens" || exit 1
+go build --ldflags "-s -w" -o "$path/fulgens" || exit 1
 clear
-fancy "\033[1;102m" "Fulgens has been built successfully!"
+fancy "\033[1;102m" "Fulgensfas has been built successfully!"

config.yaml.example

@@ -4,6 +4,10 @@
 global: {
   # IP defines the IP address to bind to.
   ip: "0.0.0.0",
+  # httpPort defines the port to bind to for HTTP.
+  httpPort: "8080",
+  # httpsPort defines the port to bind to for HTTPS (TLS).
+  httpsPort: "8443",
   # serviceDirectory defines the directory to look for services in.
   serviceDirectory: "./services",
   # resourceDirectory defines the directory to look for resources in.
@@ -15,6 +19,13 @@ global: {
     # level defines the compression level to use, possible values are 1-9 for gzip, 0-11 for brotli and 1-22 for zstd.
     level: 5
   },
+  # https defines the HTTPS settings on a global level - per-route settings override these. It is optional.
+  https: {
+    # certificate defines the path to the certificate file (must be a wildcard in order to support multiple subdomains).
+    certificate: "./certs/localhost.crt",
+    # key defines the path to the key file (must be a wildcard in order to support multiple subdomains).
+    key: "./certs/localhost.key"
+  },
   # logging defines the logging settings.
   logging: {
     # enabled defines whether logging is enabled.
@@ -30,23 +41,6 @@ global: {
     path: "./databases",
     # connectionString defines the connection string to use for the database (postgres only).
     connectionString: "postgres://user:password@localhost:5432/database"
-  },
-  # stealth enables stealth mode, which makes the server look like some preset http servers.
-  # stealth mode overrides all proxy preservations and headers.
-  stealth: {
-    # enabled defines whether stealth mode is enabled.
-    enabled: true,
-    # server defines the server to pretend to be, possible values are "nginx" or "net/http".
-    server: "nginx",
-    # php defines if the server should pretend to be running PHP. This should only be used on nginx.
-    php: {
-      # enabled defines whether PHP spoofing is enabled.
-      enabled: true,
-      # version defines the version of PHP to pretend to be.
-      version: "8.2.25"
-    },
-    # aspnet defines if the server should pretend to be running ASP.NET. This should only be used on nginx.
-    aspNet: true
   }
 }
 
@@ -55,8 +49,6 @@ routes: [
   {
     # none is a special subdomain that matches all requests without a subdomain (Host header).
     subdomain: "none",
-    # port defines the port to use for this route. They do not have to be unique.
-    port: "8080",
     # services defines the services to use for this route. Services must be defined on a per-subdomain basis.
     # Each service may not be used more than once globally. The server will fail to start if this is violated.
     services: ["authentication"]
@@ -64,11 +56,7 @@ routes: [
   {
     # any subdomain value that isn't "none" will match that specific subdomain.
     subdomain: "www.localhost",
-    # port defines the port to use for this route. They do not have to be unique.
+    # https defines the HTTPS settings for this route.
-    port: "8443",
-    # https defines the HTTPS settings for this route. If this block is missing, HTTPS will not be enabled for this port.
-    # If https is set once for any subdomain with this port, it will be enabled for all subdomains with this port.
-    # The connection will fail if the above condition is true, but there is not an HTTPS block for that subdomain.
     https: {
       # certificate defines the path to the certificate file.
       certificate: "./certs/localhost.crt",
@@ -78,8 +66,8 @@ routes: [
     # paths defines per-path settings (NOT for services, which MUST be defined on a per-subdomain basis).
     paths: [
       {
-        # paths defines the paths to match. They can contain wildcards.
+        # path defines the path to match. They can contain wildcards.
-        paths: ["/static", "/static/*"],
+        path: "/static/*",
         # static defines the static file serving settings for this path. This conflicts with proxy and redirect.
         # static > proxy > redirect in terms of precedence.
         static: {
@@ -91,41 +79,37 @@ routes: [
         }
       },
       {
-        # paths defines the paths to match. They can contain wildcards.
+        # path defines the path to match. They can contain wildcards.
-        paths: ["/proxy", "/proxy/*"],
+        path: "/proxy/*",
         # proxy defines the proxy settings for this path. This conflicts with static and redirect.
         # static > proxy > redirect in terms of precedence.
         proxy: {
           # url defines the URL to proxy requests to.
           url: "http://localhost:8000",
           # stripPrefix defines whether to strip the prefix from the path before proxying.
-          stripPrefix: true,
+          stripPrefix: true
           headers: {
             # forbid defines the headers to forbid from being sent to the proxied server.
-            forbid: [ "User-Agent" ],
+            forbid: ["Authorization"],
-            # preserveServer defines whether to preserve the server header from the proxied server.
+            # preserve defines the headers to preserve when sending to the client.
-            preserveServer: true,
+            preserve: [X-Powered-By", "Server"]
-            # preserveAltSvc defines whether to preserve the Alt-Svc header from the proxied server.
+            # host defines whether the host / :authority header should be sent to the proxied server.
-            preserveAltSvc: true,
+            host: true,
-            # preserveXPoweredBy defines whether to preserve the X-Powered-By header from the proxied server.
-            preserveXPoweredBy: true,
-            # passHost defines whether the host / :authority header should be sent to the proxied server.
-            passHost: true,
             # xForward defines whether to send the X-Forwarded-For and X-Forwarded-Proto headers.
-            xForward: false
+            xForward: true
           }
         },
-      },
+        {
-      {
+          # path defines the path to match. They can contain wildcards.
-        # paths defines the paths to match. They can contain wildcards.
+          path: "/redirect/*",
-        paths: ["/redirect", "/redirect/*"],
+          # redirect defines the redirect settings for this path. This conflicts with proxy and static.
-        # redirect defines the redirect settings for this path. This conflicts with proxy and static.
+          # static > proxy > redirect in terms of precedence.
-        # static > proxy > redirect in terms of precedence.
+          redirect: {
-        redirect: {
+            # url defines the URL to redirect to.
-          # url defines the URL to redirect to.
+            url: "https://www.google.com",
-          url: "https://www.ailur.dev",
+            # permanent defines whether the redirect is permanent (301) or temporary (302).
-          # permanent defines whether the redirect is permanent (301) or temporary (302).
+            permanent: true
-          permanent: true
+          }
         }
       }
     ]

go.mod

@@ -3,33 +3,33 @@ module git.ailur.dev/ailur/fulgens
 go 1.23.3
 
 require (
-	git.ailur.dev/ailur/fg-library/v3 v3.6.2
+	git.ailur.dev/ailur/fg-library/v2 v2.1.2
-	git.ailur.dev/ailur/fg-nucleus-library v1.2.2
+	git.ailur.dev/ailur/fg-nucleus-library v1.0.5
-	git.ailur.dev/ailur/pow v1.0.3
+	git.ailur.dev/ailur/pow v1.0.2
 	github.com/CAFxX/httpcompression v0.0.9
 	github.com/cespare/xxhash/v2 v2.3.0
-	github.com/go-chi/chi/v5 v5.2.1
+	github.com/go-chi/chi/v5 v5.1.0
-	github.com/go-playground/validator/v10 v10.25.0
+	github.com/go-playground/validator/v10 v10.22.1
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/uuid v1.6.0
-	github.com/klauspost/compress v1.18.0
+	github.com/klauspost/compress v1.17.11
 	github.com/lib/pq v1.10.9
 	github.com/mattn/go-sqlite3 v1.14.24
+	golang.org/x/crypto v0.29.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/andybalholm/brotli v1.1.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
-	github.com/stretchr/testify v1.10.0 // indirect
+	github.com/stretchr/testify v1.9.0 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
-	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )

go.sum

@@ -1,9 +1,9 @@
-git.ailur.dev/ailur/fg-library/v3 v3.6.2 h1:PNJKxpvbel2iDeB9+/rpYRyMoim6JjRHOXPYFYky7Ng=
+git.ailur.dev/ailur/fg-library/v2 v2.1.2 h1:Gk8ztytJfV2GYhsnfTDRWmvTzJ3Cn19V5p2suFCvu4E=
-git.ailur.dev/ailur/fg-library/v3 v3.6.2/go.mod h1:ArNsafpqES2JuxQM5aM+bNe0FwHLIsL6pbjpiWvDwGs=
+git.ailur.dev/ailur/fg-library/v2 v2.1.2/go.mod h1:gBnZQDV70YON6cnuwB+Jawm2EABbf9dGlV0Qw4obtxs=
-git.ailur.dev/ailur/fg-nucleus-library v1.2.2 h1:JbclmxGSoL+ByGZAl0W6PqWRoyBBGTrKrizWDJ7rdI0=
+git.ailur.dev/ailur/fg-nucleus-library v1.0.5 h1:0YVSHFOeydGR/pfq5AfiKQ5gWuxSnx8u2K8mHvEDDTI=
-git.ailur.dev/ailur/fg-nucleus-library v1.2.2/go.mod h1:stxiTyMv3Fa7GzpyLbBUh3ahlb7110p0NnCl8ZTjwBs=
+git.ailur.dev/ailur/fg-nucleus-library v1.0.5/go.mod h1:nKYjJ+zJD1YcrEGWlyyA5r6CrzW8DWHVAnL9hkn2tNw=
-git.ailur.dev/ailur/pow v1.0.3 h1:LjLSol4ax+M+SoajVjbBoDjfmjH6pKu3fDka7bl2KGY=
+git.ailur.dev/ailur/pow v1.0.2 h1:8tb6mXZdyQYjrKRW+AUmWMi5wJoHh9Ch3oRqiJr/ivs=
-git.ailur.dev/ailur/pow v1.0.3/go.mod h1:ClAmIdHQ/N9wTq5S4YWhQ5d9CPUBcEjVuOkT07zBdJ4=
+git.ailur.dev/ailur/pow v1.0.2/go.mod h1:fjFb1z5KtF6V14HRhGWiDmmJKggO8KyAP20Lr5OJI/g=
 github.com/CAFxX/httpcompression v0.0.9 h1:0ue2X8dOLEpxTm8tt+OdHcgA+gbDge0OqFQWGKSqgrg=
 github.com/CAFxX/httpcompression v0.0.9/go.mod h1:XX8oPZA+4IDcfZ0A71Hz0mZsv/YJOgYygkFhizVPilM=
 github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
@@ -15,18 +15,18 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
-github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
-github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8=
+github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
-github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/brotli/go/cbrotli v0.0.0-20230829110029-ed738e842d2f h1:jopqB+UTSdJGEJT8tEqYyE29zN91fi2827oLET8tl7k=
@@ -34,8 +34,8 @@ github.com/google/brotli/go/cbrotli v0.0.0-20230829110029-ed738e842d2f/go.mod h1
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -64,21 +64,21 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/valyala/gozstd v1.20.1 h1:xPnnnvjmaDDitMFfDxmQ4vpx0+3CdTg2o3lALvXTU/g=
 github.com/valyala/gozstd v1.20.1/go.mod h1:y5Ew47GLlP37EkTB+B4s7r6A5rdaeB7ftbl9zoYiIPQ=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

main.go

@@ -1,18 +1,18 @@
 package main
 
 import (
+	library "git.ailur.dev/ailur/fg-library/v2"
+
 	"errors"
-	library "git.ailur.dev/ailur/fg-library/v3"
 	"io"
 	"log"
 	"mime"
 	"os"
-	"os/signal"
 	"plugin"
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
+	"time"
 
 	"crypto/tls"
 	"database/sql"
@@ -39,11 +39,20 @@ import (
 
 type Config struct {
 	Global struct {
-		IP                string              `yaml:"ip" validate:"required,ip_addr"`
+		IP                string `yaml:"ip" validate:"required,ip_addr"`
-		ServiceDirectory  string              `yaml:"serviceDirectory" validate:"required"`
+		HTTPPort          string `yaml:"httpPort" validate:"required"`
-		ResourceDirectory string              `yaml:"resourceDirectory" validate:"required"`
+		HTTPSPort         string `yaml:"httpsPort" validate:"required"`
-		Compression       CompressionSettings `yaml:"compression"`
+		ServiceDirectory  string `yaml:"serviceDirectory" validate:"required"`
-		Logging           struct {
+		ResourceDirectory string `yaml:"resourceDirectory" validate:"required"`
+		Compression       struct {
+			Algorithm string  `yaml:"algorithm" validate:"omitempty,oneof=gzip brotli zstd"`
+			Level     float64 `yaml:"level" validate:"omitempty,min=1,max=22"`
+		} `yaml:"compression"`
+		HTTPS struct {
+			CertificatePath string `yaml:"certificate" validate:"required"`
+			KeyPath         string `yaml:"key" validate:"required"`
+		} `yaml:"https"`
+		Logging struct {
 			Enabled bool   `yaml:"enabled"`
 			File    string `yaml:"file" validate:"required_if=Enabled true"`
 		} `yaml:"logging"`
@@ -62,37 +71,37 @@ type Config struct {
 			ASPNet bool `yaml:"aspNet"`
 		}
 	} `yaml:"global" validate:"required"`
-	Routes   []Route                `yaml:"routes"`
+	Routes []struct {
+		Subdomain string   `yaml:"subdomain" validate:"required"`
+		Services  []string `yaml:"services"`
+		Paths     []struct {
+			Paths []string `yaml:"paths" validate:"required"`
+			Proxy struct {
+				URL         string         `yaml:"url" validate:"required"`
+				StripPrefix bool           `yaml:"stripPrefix"`
+				Headers     HeaderSettings `yaml:"headers"`
+			} `yaml:"proxy" validate:"required_without=Static Redirect"`
+			Static struct {
+				Root             string `yaml:"root" validate:"required,isDirectory"`
+				DirectoryListing bool   `yaml:"directoryListing"`
+			} `yaml:"static" validate:"required_without_all=Proxy Redirect"`
+			Redirect struct {
+				URL       string `yaml:"url" validate:"required"`
+				Permanent bool   `yaml:"permanent"`
+			} `yaml:"redirect" validate:"required_without_all=Proxy Static"`
+		} `yaml:"paths"`
+		HTTPS struct {
+			CertificatePath string `yaml:"certificate" validate:"required"`
+			KeyPath         string `yaml:"key" validate:"required"`
+		} `yaml:"https"`
+		Compression struct {
+			Algorithm string  `yaml:"algorithm" validate:"omitempty,oneof=gzip brotli zstd"`
+			Level     float64 `yaml:"level" validate:"omitempty,min=1,max=22"`
+		} `yaml:"compression"`
+	} `yaml:"routes"`
 	Services map[string]interface{} `yaml:"services"`
 }
 
-type Route struct {
-	Port      string   `yaml:"port" validate:"required"`
-	Subdomain string   `yaml:"subdomain" validate:"required"`
-	Services  []string `yaml:"services"`
-	Paths     []struct {
-		Paths []string `yaml:"paths" validate:"required"`
-		Proxy struct {
-			URL         string         `yaml:"url" validate:"required"`
-			StripPrefix bool           `yaml:"stripPrefix"`
-			Headers     HeaderSettings `yaml:"headers"`
-		} `yaml:"proxy" validate:"required_without=Static Redirect"`
-		Static struct {
-			Root             string `yaml:"root" validate:"required,isDirectory"`
-			DirectoryListing bool   `yaml:"directoryListing"`
-		} `yaml:"static" validate:"required_without_all=Proxy Redirect"`
-		Redirect struct {
-			URL       string `yaml:"url" validate:"required"`
-			Permanent bool   `yaml:"permanent"`
-		} `yaml:"redirect" validate:"required_without_all=Proxy Static"`
-	} `yaml:"paths"`
-	HTTPS struct {
-		CertificatePath string `yaml:"certificate" validate:"required"`
-		KeyPath         string `yaml:"key" validate:"required"`
-	} `yaml:"https"`
-	Compression CompressionSettings `yaml:"compression"`
-}
-
 type HeaderSettings struct {
 	Forbid             []string `yaml:"forbid"`
 	PreserveServer     bool     `yaml:"preserveServer"`
@@ -105,77 +114,27 @@ type HeaderSettings struct {
 type Service struct {
 	ServiceID       uuid.UUID
 	ServiceMetadata library.Service
-	ServiceMainFunc func(*library.ServiceInitializationInformation)
+	ServiceMainFunc func(library.ServiceInitializationInformation)
 	Inbox           chan library.InterServiceMessage
 }
 
 type CompressionSettings struct {
-	Algorithm string `yaml:"algorithm" validate:"omitempty,oneof=gzip brotli zstd"`
+	Level     int
-	Level     int    `yaml:"level" validate:"omitempty,min=1,max=22"`
+	Algorithm string
 }
 
-type RouterAndCompression struct {
+func checkCompressionAlgorithm(algorithm string, handler http.Handler, request *http.Request) http.Handler {
-	Router      *chi.Mux
+	var compressionLevel int
-	Compression CompressionSettings
+	compressionSettings, ok := compression[request.Host]
-}
-
-type PortRouter struct {
-	https struct {
-		enabled      bool
-		httpSettings map[string]*tls.Certificate
-	}
-	routers map[string]RouterAndCompression
-}
-
-func NewPortRouter() *PortRouter {
-	return &PortRouter{
-		routers: make(map[string]RouterAndCompression),
-		https: struct {
-			enabled      bool
-			httpSettings map[string]*tls.Certificate
-		}{enabled: false, httpSettings: make(map[string]*tls.Certificate)},
-	}
-}
-
-func (pr *PortRouter) Register(router *chi.Mux, compression CompressionSettings, subdomain string, certificate ...*tls.Certificate) {
-	pr.routers[subdomain] = RouterAndCompression{Router: router, Compression: compression}
-	if len(certificate) > 0 {
-		pr.https.enabled = true
-		pr.https.httpSettings[subdomain] = certificate[0]
-	}
-}
-
-func (pr *PortRouter) Router(w http.ResponseWriter, r *http.Request) {
-	host := strings.Split(r.Host, ":")[0]
-	router, ok := pr.routers[host]
 	if !ok {
-		router, ok = pr.routers["none"]
+		compressionLevel = int(config.Global.Compression.Level)
-	}
-
-	if router.Compression.Algorithm != "none" {
-		compressRouter(router.Compression, router.Router).ServeHTTP(w, r)
 	} else {
-		router.Router.ServeHTTP(w, r)
+		compressionLevel = compressionSettings.Level
 	}
-}
 
-func (pr *PortRouter) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+	switch algorithm {
-	cert, ok := pr.https.httpSettings[hello.ServerName]
-	if !ok {
-		return nil, errors.New("certificate not found")
-	} else {
-		return cert, nil
-	}
-}
-
-func (pr *PortRouter) HTTPSEnabled() bool {
-	return pr.https.enabled
-}
-
-func compressRouter(settings CompressionSettings, handler http.Handler) http.Handler {
-	switch settings.Algorithm {
 	case "gzip":
-		encoder, err := gzip.New(gzip.Options{Level: settings.Level})
+		encoder, err := gzip.New(gzip.Options{Level: compressionLevel})
 		if err != nil {
 			slog.Error("Error creating gzip encoder: " + err.Error())
 			return handler
@@ -187,7 +146,7 @@ func compressRouter(settings CompressionSettings, handler http.Handler) http.Han
 		}
 		return gzipHandler(handler)
 	case "brotli":
-		encoder, err := brotli.New(brotli.Options{Quality: settings.Level})
+		encoder, err := brotli.New(brotli.Options{Quality: compressionLevel})
 		if err != nil {
 			slog.Error("Error creating brotli encoder: " + err.Error())
 			return handler
@@ -199,7 +158,7 @@ func compressRouter(settings CompressionSettings, handler http.Handler) http.Han
 		}
 		return brotliHandler(handler)
 	case "zstd":
-		encoder, err := zstd.New(kpzstd.WithEncoderLevel(kpzstd.EncoderLevelFromZstd(settings.Level)))
+		encoder, err := zstd.New(kpzstd.WithEncoderLevel(kpzstd.EncoderLevelFromZstd(compressionLevel)))
 		if err != nil {
 			slog.Error("Error creating zstd encoder: " + err.Error())
 			return handler
@@ -392,17 +351,7 @@ func newFileServer(root string, directoryListing bool, path string) http.Handler
 			}
 		}
 
-		absolutePath, err := filepath.Abs(filepath.Join(root, filepath.FromSlash(r.URL.Path)))
+		file, err := os.Open(filepath.Join(root, filepath.FromSlash(r.URL.Path)))
-		if err != nil {
-			serverError(w, 500)
-		}
-
-		if !strings.HasPrefix(absolutePath, root) {
-			serverError(w, 403)
-			return
-		}
-
-		file, err := os.Open(absolutePath)
 		if err != nil {
 			serverError(w, 500)
 			return
@@ -521,18 +470,35 @@ func serverError(w http.ResponseWriter, status int) {
 	}
 }
 
+func hostRouter(w http.ResponseWriter, r *http.Request) {
+	host := strings.Split(r.Host, ":")[0]
+	router, ok := subdomains[host]
+	if !ok {
+		router, ok = subdomains["none"]
+		if !ok {
+			serverError(w, 404)
+			slog.Error("No subdomain found for " + host)
+		}
+
+	}
+
+	compressionSettings, ok := compression[host]
+	if !ok {
+		checkCompressionAlgorithm(config.Global.Compression.Algorithm, router, r).ServeHTTP(w, r)
+	} else {
+		checkCompressionAlgorithm(compressionSettings.Algorithm, router, r).ServeHTTP(w, r)
+	}
+}
+
 var (
 	validate           *validator.Validate
 	lock               sync.RWMutex
 	config             Config
 	registeredServices = make(map[string]Service)
 	activeServices     = make(map[uuid.UUID]Service)
-	portRouters        = make(map[string]*PortRouter)
+	certificates       = make(map[string]*tls.Certificate)
-	broadcastService   = uuid.MustParse("00000000-0000-0000-0000-000000000000")
+	compression        = make(map[string]CompressionSettings)
-	databaseService    = uuid.MustParse("00000000-0000-0000-0000-000000000001")
+	subdomains         = make(map[string]*chi.Mux)
-	logService         = uuid.MustParse("00000000-0000-0000-0000-000000000002")
-	blobService        = uuid.MustParse("00000000-0000-0000-0000-000000000003")
-	authService        = uuid.MustParse("00000000-0000-0000-0000-000000000004")
 )
 
 func loadTLSCertificate(certificatePath, keyPath string) (*tls.Certificate, error) {
@@ -544,113 +510,218 @@ func loadTLSCertificate(certificatePath, keyPath string) (*tls.Certificate, erro
 	}
 }
 
-var globalPGConn *sql.DB
+func getTLSCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
-
+	cert, ok := certificates[hello.ServerName]
-func createPgSchema(id uuid.UUID) error {
+	if !ok {
-	_, err := globalPGConn.Exec("CREATE SCHEMA IF NOT EXISTS \"" + id.String() + "\"")
+		if config.Global.HTTPS.CertificatePath == "" || config.Global.HTTPS.KeyPath == "" {
-	if err != nil {
+			return nil, errors.New("no certificate found")
-		return err
+		} else {
+			return certificates["none"], nil
+		}
+	} else {
+		return cert, nil
 	}
-	return nil
 }
 
 func svInit(message library.InterServiceMessage) {
-	var dummyInfo = &library.ServiceInitializationInformation{Outbox: activeServices[message.ServiceID].Inbox}
+	// Service database initialization message
-	if !activeServices[message.ServiceID].ServiceMetadata.Permissions.Database {
+	// Check if the service has the necessary permissions
-		message.Respond(library.Unauthorized, errors.New("database access not permitted"), dummyInfo)
+	if activeServices[message.ServiceID].ServiceMetadata.Permissions.Database {
-		return
+		// Check if we are using sqlite or postgres
+		if config.Global.Database.Type == "sqlite" {
+			// Open the database and return the connection
+			pluginConn, err := sql.Open("sqlite3", filepath.Join(config.Global.Database.Path, message.ServiceID.String()+".db"))
+			if err != nil {
+				// Report an error
+				activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+					ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+					ForServiceID: message.ServiceID,
+					MessageType:  1,
+					SentAt:       time.Now(),
+					Message:      err,
+				}
+			} else {
+				// Report a successful activation
+				activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+					ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+					ForServiceID: message.ServiceID,
+					MessageType:  2,
+					SentAt:       time.Now(),
+					Message: library.Database{
+						DB:     pluginConn,
+						DBType: library.Sqlite,
+					},
+				}
+			}
+		} else if config.Global.Database.Type == "postgres" {
+			// Connect to the database
+			conn, err := sql.Open("postgres", config.Global.Database.ConnectionString)
+			if err != nil {
+				// Report an error
+				activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+					ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+					ForServiceID: message.ServiceID,
+					MessageType:  1,
+					SentAt:       time.Now(),
+					Message:      err,
+				}
+			} else {
+				// Try to create the schema
+				_, err = conn.Exec("CREATE SCHEMA IF NOT EXISTS \"" + message.ServiceID.String() + "\"")
+				if err != nil {
+					// Report an error
+					activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+						ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+						ForServiceID: message.ServiceID,
+						MessageType:  1,
+						SentAt:       time.Now(),
+						Message:      err,
+					}
+				} else {
+					// Create a new connection to the database
+					var connectionString string
+					if strings.Contains(config.Global.Database.ConnectionString, "?") {
+						connectionString = config.Global.Database.ConnectionString + "&search_path=\"" + message.ServiceID.String() + "\""
+					} else {
+						connectionString = config.Global.Database.ConnectionString + "?search_path=\"" + message.ServiceID.String() + "\""
+					}
+					pluginConn, err := sql.Open("postgres", connectionString)
+					if err != nil {
+						// Report an error
+						activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+							ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+							ForServiceID: message.ServiceID,
+							MessageType:  1,
+							SentAt:       time.Now(),
+							Message:      err,
+						}
+					} else {
+						// Test the connection
+						err = pluginConn.Ping()
+						if err != nil {
+							// Report an error
+							activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+								ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+								ForServiceID: message.ServiceID,
+								MessageType:  1,
+								SentAt:       time.Now(),
+								Message:      err,
+							}
+						} else {
+							// Report a successful activation
+							activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+								ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+								ForServiceID: message.ServiceID,
+								MessageType:  2,
+								SentAt:       time.Now(),
+								Message: library.Database{
+									DB:     pluginConn,
+									DBType: library.Postgres,
+								},
+							}
+						}
+					}
+				}
+			}
+		}
+	} else {
+		// Report an error
+		activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+			ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+			ForServiceID: message.ServiceID,
+			MessageType:  1,
+			SentAt:       time.Now(),
+			Message:      errors.New("database access not permitted"),
+		}
 	}
-
-	var db library.Database
-	switch config.Global.Database.Type {
-	case "sqlite":
-		pluginConn, err := sql.Open("sqlite3", filepath.Join(config.Global.Database.Path, message.ServiceID.String()+".db"))
-		if err != nil {
-			message.Respond(library.InternalError, err, dummyInfo)
-			return
-		}
-
-		_, err = pluginConn.Exec("PRAGMA journal_mode=WAL")
-		if err != nil {
-			message.Respond(library.InternalError, err, dummyInfo)
-			return
-		}
-
-		db = library.Database{
-			DB:     pluginConn,
-			DBType: library.Sqlite,
-		}
-	case "postgres":
-		err := createPgSchema(message.ServiceID)
-		if err != nil {
-			message.Respond(library.InternalError, err, dummyInfo)
-			return
-		}
-
-		connectionString := config.Global.Database.ConnectionString
-		if strings.Contains(config.Global.Database.ConnectionString, "?") {
-			connectionString += "&"
-		} else {
-			connectionString += "?"
-		}
-		connectionString += "search_path=\"" + message.ServiceID.String() + "\""
-
-		pluginConn, err := sql.Open("postgres", connectionString)
-		if err != nil {
-			message.Respond(library.InternalError, err, dummyInfo)
-			return
-		}
-
-		db = library.Database{
-			DB:     pluginConn,
-			DBType: library.Postgres,
-		}
-	default:
-		message.Respond(library.InternalError, errors.New("database type not supported"), dummyInfo)
-		return
-	}
-
-	err := db.DB.Ping()
-	if err != nil {
-		message.Respond(library.InternalError, err, dummyInfo)
-		return
-	}
-
-	message.Respond(library.Success, db, dummyInfo)
 }
 
 func tryAuthAccess(message library.InterServiceMessage) {
+	// We need to check if the service is allowed to access the Authentication service
 	serviceMetadata, ok := activeServices[message.ServiceID]
-	var dummyInfo = &library.ServiceInitializationInformation{Outbox: serviceMetadata.Inbox}
+	if ok && serviceMetadata.ServiceMetadata.Permissions.Authenticate {
-	if !ok || !serviceMetadata.ServiceMetadata.Permissions.Authenticate {
+		// Send message to Authentication service
-		message.Respond(library.Unauthorized, errors.New("authentication not permitted"), dummyInfo)
+		service, ok := activeServices[uuid.MustParse("00000000-0000-0000-0000-000000000004")]
-		return
+		if ok {
+			service.Inbox <- message
+		} else {
+			// Send error message
+			service, ok := activeServices[message.ServiceID]
+			if ok {
+				service.Inbox <- library.InterServiceMessage{
+					ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+					ForServiceID: message.ServiceID,
+					MessageType:  1,
+					SentAt:       time.Now(),
+					Message:      errors.New("authentication service not found"),
+				}
+			} else {
+				// This should never happen
+				slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
+				os.Exit(1)
+			}
+		}
+	} else {
+		// Send error message
+		service, ok := activeServices[message.ServiceID]
+		if ok {
+			service.Inbox <- library.InterServiceMessage{
+				ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+				ForServiceID: message.ServiceID,
+				MessageType:  1,
+				SentAt:       time.Now(),
+				Message:      errors.New("authentication not permitted"),
+			}
+		} else {
+			// This should never happen
+			slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
+			os.Exit(1)
+		}
 	}
-
-	service, ok := activeServices[authService]
-	if !ok {
-		message.Respond(library.InternalError, errors.New("authentication service not found"), dummyInfo)
-		return
-	}
-
-	service.Inbox <- message
 }
 
 func tryStorageAccess(message library.InterServiceMessage) {
+	// We need to check if the service is allowed to access the Blob Storage service
 	serviceMetadata, ok := activeServices[message.ServiceID]
-	var dummyInfo = &library.ServiceInitializationInformation{Outbox: serviceMetadata.Inbox}
+	if ok && serviceMetadata.ServiceMetadata.Permissions.BlobStorage {
-	if !ok || !serviceMetadata.ServiceMetadata.Permissions.BlobStorage {
+		// Send message to Blob Storage service
-		message.Respond(library.Unauthorized, errors.New("storage access not permitted"), dummyInfo)
+		service, ok := activeServices[uuid.MustParse("00000000-0000-0000-0000-000000000003")]
-		return
+		if ok {
+			service.Inbox <- message
+		} else {
+			// Send error message
+			service, ok := activeServices[message.ServiceID]
+			if ok {
+				service.Inbox <- library.InterServiceMessage{
+					ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+					ForServiceID: message.ServiceID,
+					MessageType:  1,
+					SentAt:       time.Now(),
+					Message:      errors.New("blob storage service not found"),
+				}
+			} else {
+				// This should never happen
+				slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
+				os.Exit(1)
+			}
+		}
+	} else {
+		// Send error message
+		service, ok := activeServices[message.ServiceID]
+		if ok {
+			service.Inbox <- library.InterServiceMessage{
+				ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+				ForServiceID: message.ServiceID,
+				MessageType:  1,
+				SentAt:       time.Now(),
+				Message:      errors.New("blob storage is not permitted"),
+			}
+		} else {
+			// This should never happen
+			slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
+			os.Exit(1)
+		}
 	}
-
-	service, ok := activeServices[blobService]
-	if !ok {
-		message.Respond(library.InternalError, errors.New("storage service not found"), dummyInfo)
-		return
-	}
-
-	service.Inbox <- message
 }
 
 func tryLogger(message library.InterServiceMessage) {
@@ -675,38 +746,75 @@ func tryLogger(message library.InterServiceMessage) {
 	}
 }
 
-func processInterServiceMessage(listener library.Listener) {
+func processInterServiceMessage(channel chan library.InterServiceMessage) {
 	for {
-		message := listener.AcceptMessage()
+		message := <-channel
-		switch message.ForServiceID {
+		if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000000") {
-		case broadcastService:
 			// Broadcast message
 			for _, service := range activeServices {
 				service.Inbox <- message
 			}
-		case databaseService:
+		} else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000001") {
-			// Database service
+			// Service initialization service
 			switch message.MessageType {
 			case 0:
+				// This has been deprecated, ignore it
+				// Send "true" back
+				activeServices[message.ServiceID].Inbox <- library.InterServiceMessage{
+					ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+					ForServiceID: message.ServiceID,
+					MessageType:  0,
+					SentAt:       time.Now(),
+					Message:      true,
+				}
+			case 1:
 				svInit(message)
 			}
-		case logService:
+		} else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000002") {
 			tryLogger(message)
-		case blobService:
+		} else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000003") {
 			tryStorageAccess(message)
-		case authService:
+		} else if message.ForServiceID == uuid.MustParse("00000000-0000-0000-0000-000000000004") {
 			tryAuthAccess(message)
-		default:
+		} else {
 			serviceMetadata, ok := activeServices[message.ServiceID]
-			var dummyInfo = &library.ServiceInitializationInformation{Outbox: serviceMetadata.Inbox}
+			if ok && serviceMetadata.ServiceMetadata.Permissions.InterServiceCommunication {
-			if !ok || !serviceMetadata.ServiceMetadata.Permissions.InterServiceCommunication {
+				// Send message to specific service
-				message.Respond(library.Unauthorized, errors.New("inter-service communication not permitted"), dummyInfo)
-			} else {
 				service, ok := activeServices[message.ForServiceID]
 				if !ok {
-					message.Respond(library.BadRequest, errors.New("service not found"), dummyInfo)
+					// Send error message
+					service, ok := activeServices[message.ServiceID]
+					if ok {
+						service.Inbox <- library.InterServiceMessage{
+							ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+							ForServiceID: message.ServiceID,
+							MessageType:  1,
+							SentAt:       time.Now(),
+							Message:      errors.New("requested service not found"),
+						}
+					} else {
+						// This should never happen
+						slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
+						os.Exit(1)
+					}
 				}
 				service.Inbox <- message
+			} else {
+				// Send error message
+				service, ok := activeServices[message.ServiceID]
+				if ok {
+					service.Inbox <- library.InterServiceMessage{
+						ServiceID:    uuid.MustParse("00000000-0000-0000-0000-000000000001"),
+						ForServiceID: message.ServiceID,
+						MessageType:  1,
+						SentAt:       time.Now(),
+						Message:      errors.New("inter-service communication not permitted"),
+					}
+				} else {
+					// This should never happen
+					slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
+					os.Exit(1)
+				}
 			}
 		}
 	}
@@ -773,51 +881,13 @@ func parseConfig(path string) Config {
 	return config
 }
 
-func checkHTTPS(route Route, subdomainRouter *chi.Mux, compressionSettings CompressionSettings) {
-	// Check if HTTPS is enabled
-	if route.HTTPS.KeyPath != "" && route.HTTPS.CertificatePath != "" {
-		certificate, err := loadTLSCertificate(route.HTTPS.CertificatePath, route.HTTPS.KeyPath)
-		if err != nil {
-			slog.Error("Error loading TLS certificate: " + err.Error())
-			os.Exit(1)
-		}
-		portRouters[route.Port].Register(subdomainRouter, compressionSettings, route.Subdomain, certificate)
-	} else {
-		portRouters[route.Port].Register(subdomainRouter, compressionSettings, route.Subdomain)
-	}
-}
-
-func checkServices(route Route, globalOutbox chan library.InterServiceMessage, subdomainRouter *chi.Mux) {
-	// Check the services
-	if route.Services != nil {
-		// Iterate through the services
-		for _, service := range route.Services {
-			// Check if the service is registered
-			registeredService, ok := registeredServices[service]
-			if ok {
-				// Check if the service is already active
-				_, ok := activeServices[registeredService.ServiceMetadata.ServiceID]
-				if ok {
-					slog.Error("Service with ID " + service + " is already active, will not activate again")
-					os.Exit(1)
-				} else {
-					// Initialize the service
-					initializeService(registeredService, globalOutbox, subdomainRouter, &route.Subdomain)
-				}
-			} else {
-				slog.Warn("Service with ID " + service + " is not registered")
-			}
-		}
-	}
-}
-
 func iterateThroughSubdomains(globalOutbox chan library.InterServiceMessage) {
 	for _, route := range config.Routes {
-		var compressionSettings CompressionSettings
+		if route.Compression.Level != 0 {
-		if route.Compression != (CompressionSettings{}) {
+			compression[route.Subdomain] = CompressionSettings{
-			compressionSettings = route.Compression
+				Level:     int(route.Compression.Level),
-		} else {
+				Algorithm: route.Compression.Algorithm,
-			compressionSettings = config.Global.Compression
+			}
 		}
 
 		// Create the subdomain router
@@ -826,17 +896,30 @@ func iterateThroughSubdomains(globalOutbox chan library.InterServiceMessage) {
 			serverError(w, 404)
 		})
 
-		// Set the port router
+		subdomains[route.Subdomain] = subdomainRouter
-		_, ok := portRouters[route.Port]
+		subdomains[route.Subdomain].Use(logger)
-		if !ok {
+		subdomains[route.Subdomain].Use(serverChanger)
-			portRouters[route.Port] = NewPortRouter()
-		}
-
-		// Check if HTTPS is enabled
-		checkHTTPS(route, subdomainRouter, compressionSettings)
 
 		// Check the services
-		checkServices(route, globalOutbox, subdomainRouter)
+		if route.Services != nil {
+			// Iterate through the services
+			for _, service := range route.Services {
+				// Check if the service is registered
+				registeredService, ok := registeredServices[service]
+				if ok {
+					// Check if the service is already active
+					_, ok := activeServices[registeredService.ServiceMetadata.ServiceID]
+					if ok {
+						slog.Error("Service with ID " + service + " is already active, will not activate again")
+						os.Exit(1)
+					}
+					// Initialize the service
+					initializeService(registeredService, globalOutbox, subdomainRouter)
+				} else {
+					slog.Warn("Service with ID " + service + " is not registered")
+				}
+			}
+		}
 
 		// Iterate through the paths
 		for _, pathBlock := range route.Paths {
@@ -870,6 +953,15 @@ func iterateThroughSubdomains(globalOutbox chan library.InterServiceMessage) {
 				}
 			}
 		}
+
+		// Add the TLS certificate
+		if route.HTTPS.CertificatePath != "" && route.HTTPS.KeyPath != "" {
+			certificate, err := loadTLSCertificate(route.HTTPS.CertificatePath, route.HTTPS.KeyPath)
+			if err != nil {
+				slog.Error("Error loading TLS certificate: " + err.Error() + ", TLS will not be available for subdomain " + route.Subdomain)
+			}
+			certificates[route.Subdomain] = certificate
+		}
 	}
 }
 
@@ -892,13 +984,13 @@ func registerServices() (err error) {
 		// Load the service information
 		serviceInformation, err := service.Lookup("ServiceInformation")
 		if err != nil {
-			return errors.New("service " + path + " lacks necessary service information")
+			return errors.New("service lacks necessary information")
 		}
 
 		// Load the main function
 		mainFunc, err := service.Lookup("Main")
 		if err != nil {
-			return errors.New("service " + path + " lacks necessary main function")
+			return errors.New("service lacks necessary main function")
 		}
 
 		// Register the service
@@ -908,7 +1000,7 @@ func registerServices() (err error) {
 			ServiceID:       serviceInformation.(*library.Service).ServiceID,
 			Inbox:           inbox,
 			ServiceMetadata: *serviceInformation.(*library.Service),
-			ServiceMainFunc: mainFunc.(func(*library.ServiceInitializationInformation)),
+			ServiceMainFunc: mainFunc.(func(library.ServiceInitializationInformation)),
 		}
 		lock.Unlock()
 
@@ -921,25 +1013,23 @@ func registerServices() (err error) {
 	return err
 }
 
-func initializeService(service Service, globalOutbox chan library.InterServiceMessage, subdomainRouter *chi.Mux, subdomain *string) {
+func initializeService(service Service, globalOutbox chan library.InterServiceMessage, subdomainRouter *chi.Mux) {
 	// Get the plugin from the map
 	slog.Info("Activating service " + strings.ToLower(service.ServiceMetadata.Name) + " with ID " + service.ServiceMetadata.ServiceID.String())
 
-	serviceInitializationInformation := library.NewServiceInitializationInformation(nil, globalOutbox, service.Inbox, nil, config.Services[strings.ToLower(service.ServiceMetadata.Name)].(map[string]interface{}), nil)
+	serviceInitializationInformation := library.ServiceInitializationInformation{
-
+		Domain:        strings.ToLower(service.ServiceMetadata.Name),
-	serviceInitializationInformation.Service = &service.ServiceMetadata
+		Configuration: config.Services[strings.ToLower(service.ServiceMetadata.Name)].(map[string]interface{}),
+		Outbox:        globalOutbox,
+		Inbox:         service.Inbox,
+		Router:        subdomainRouter,
+	}
 
 	// Check if they want a resource directory
 	if service.ServiceMetadata.Permissions.Resources {
 		serviceInitializationInformation.ResourceDir = os.DirFS(filepath.Join(config.Global.ResourceDirectory, service.ServiceMetadata.ServiceID.String()))
 	}
 
-	// Check if they want a router
-	if service.ServiceMetadata.Permissions.Router {
-		serviceInitializationInformation.Router = subdomainRouter
-		serviceInitializationInformation.Domain = subdomain
-	}
-
 	// Add the service to the active services
 	lock.Lock()
 	activeServices[service.ServiceMetadata.ServiceID] = service
@@ -983,14 +1073,16 @@ func main() {
 			slog.Error("Error creating database directory: " + err.Error())
 			os.Exit(1)
 		}
-	} else {
+	}
-		// Set the global database connection
+
-		var err error
+	// Check if the root TLS certificate exists
-		globalPGConn, err = sql.Open("postgres", config.Global.Database.ConnectionString)
+	if config.Global.HTTPS.CertificatePath != "" && config.Global.HTTPS.KeyPath != "" {
+		certificate, err := loadTLSCertificate(config.Global.HTTPS.CertificatePath, config.Global.HTTPS.KeyPath)
 		if err != nil {
-			slog.Error("Error connecting to database: " + err.Error())
+			slog.Error("Error loading TLS certificate: " + err.Error() + ", TLS will not be available unless specified in the subdomains")
-			os.Exit(1)
 		}
+
+		certificates["none"] = certificate
 	}
 
 	// Walk through the service directory and load the plugins
@@ -1005,47 +1097,39 @@ func main() {
 	// Initialize the service discovery, health-check, and logging services
 	// Since these are core services, always allocate them the service IDs 0, 1, and 2
 	// These are not dynamically loaded, as they are integral to the system functioning
-	go processInterServiceMessage(library.NewListener(globalOutbox))
+	go processInterServiceMessage(globalOutbox)
 
 	// Start the storage service
-	// initializeService(registeredServices["storage"], globalOutbox, nil, nil)
+	initializeService(registeredServices["storage"], globalOutbox, nil)
 
 	// Iterate through the subdomains and create the routers as well as the compression levels and service maps
 	iterateThroughSubdomains(globalOutbox)
 
-	// Start the servers
+	// Start the server
-	slog.Info("Starting servers")
+	slog.Info("Starting server on " + config.Global.IP + " with ports " + config.Global.HTTPPort + " and " + config.Global.HTTPSPort)
-	for port, router := range portRouters {
+	go func() {
-		if !router.HTTPSEnabled() {
+		// Create the TLS server
-			go func() {
+		server := &http.Server{
-				// Start the HTTP server
+			Addr:    config.Global.IP + ":" + config.Global.HTTPSPort,
-				err = http.ListenAndServe(config.Global.IP+":"+port, logger(serverChanger(http.HandlerFunc(router.Router))))
+			Handler: http.HandlerFunc(hostRouter),
-				slog.Error("Error starting server: " + err.Error())
+			TLSConfig: &tls.Config{
-				os.Exit(1)
+				GetCertificate: getTLSCertificate,
-			}()
+			},
-		} else {
-			// Create the TLS server
-			server := &http.Server{
-				Addr:    config.Global.IP + ":" + port,
-				Handler: logger(serverChanger(http.HandlerFunc(router.Router))),
-				TLSConfig: &tls.Config{
-					GetCertificate: router.GetCertificate,
-				},
-			}
-
-			go func() {
-				// Start the TLS server
-				err = server.ListenAndServeTLS("", "")
-				slog.Error("Error starting HTTPS server: " + err.Error())
-				os.Exit(1)
-			}()
 		}
+
+		// Start the TLS server
+		err = server.ListenAndServeTLS("", "")
+		slog.Error("Error starting HTTPS server: " + err.Error())
+		os.Exit(1)
+	}()
+
+	// Start the HTTP server
+	err = http.ListenAndServe(config.Global.IP+":"+config.Global.HTTPPort, http.HandlerFunc(hostRouter))
+	if err != nil {
+		slog.Error("Error starting server: " + err.Error())
+	} else {
+		// This should never happen
+		slog.Error("Bit flip error: Impossible service ID. Move away from radiation or use ECC memory.")
 	}
-
+	os.Exit(1)
-	slog.Info("Servers started. Fulgens is now running. Press Ctrl+C to stop the server.")
-
-	// Wait for a signal to stop the server
-	signalChannel := make(chan os.Signal, 1)
-	signal.Notify(signalChannel, os.Interrupt, syscall.SIGTERM)
-	<-signalChannel
 }

services-src/auth/main.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	// Fulgens libraries
-	library "git.ailur.dev/ailur/fg-library/v3"
+	library "git.ailur.dev/ailur/fg-library/v2"
 	authLibrary "git.ailur.dev/ailur/fg-nucleus-library"
 	"git.ailur.dev/ailur/pow"
 
@@ -25,6 +25,9 @@ import (
 	"io/fs"
 	"net/http"
 
+	// Extra libraries
+	"golang.org/x/crypto/argon2"
+
 	// External libraries
 	"github.com/cespare/xxhash/v2"
 	"github.com/golang-jwt/jwt/v5"
@@ -36,7 +39,6 @@ var ServiceInformation = library.Service{
 	Name: "Authentication",
 	Permissions: library.Permissions{
 		Authenticate:              false, // This service *is* the authentication service
-		Router:                    true,  // This service does require a router
 		Database:                  true,  // This service does require database access
 		BlobStorage:               false, // This service does not require blob storage
 		InterServiceCommunication: true,  // This service does require inter-service communication
@@ -45,34 +47,15 @@ var ServiceInformation = library.Service{
 	ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000004"),
 }
 
-var (
+func logFunc(message string, messageType uint64, information library.ServiceInitializationInformation) {
-	loggerService = uuid.MustParse("00000000-0000-0000-0000-000000000002")
-)
-
-func checkScopes(scopes []string) (bool, string, error) {
-	var clientKeyShare bool
-	for _, scope := range scopes {
-		if scope != "openid" && scope != "clientKeyShare" {
-			return false, "", errors.New("invalid scope")
-		} else {
-			if scope == "clientKeyShare" {
-				clientKeyShare = true
-			}
-		}
-	}
-
-	// Marshal the scopes
-	scopeString, err := json.Marshal(scopes)
-	if err != nil {
-		return clientKeyShare, "", err
-	}
-
-	return clientKeyShare, string(scopeString), nil
-}
-
-func logFunc(message string, messageType library.MessageCode, information *library.ServiceInitializationInformation) {
 	// Log the message to the logger service
-	information.SendISMessage(loggerService, messageType, message)
+	information.Outbox <- library.InterServiceMessage{
+		ServiceID:    ServiceInformation.ServiceID,
+		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000002"), // Logger service
+		MessageType:  messageType,
+		SentAt:       time.Now(),
+		Message:      message,
+	}
 }
 
 func ensureTrailingSlash(url string) string {
@@ -108,7 +91,7 @@ func sha256Base64(s string) string {
 	return encoded
 }
 
-func renderTemplate(statusCode int, w http.ResponseWriter, data map[string]interface{}, templatePath string, information *library.ServiceInitializationInformation) {
+func renderTemplate(statusCode int, w http.ResponseWriter, data map[string]interface{}, templatePath string, information library.ServiceInitializationInformation) {
 	var err error
 	var requestedTemplate *template.Template
 	// Output ls of the resource directory
@@ -133,7 +116,7 @@ func renderTemplate(statusCode int, w http.ResponseWriter, data map[string]inter
 	}
 }
 
-func renderString(statusCode int, w http.ResponseWriter, data string, information *library.ServiceInitializationInformation) {
+func renderString(statusCode int, w http.ResponseWriter, data string, information library.ServiceInitializationInformation) {
 	w.Header().Set("Content-Type", "text/plain")
 	w.WriteHeader(statusCode)
 	_, err := w.Write([]byte(data))
@@ -142,7 +125,7 @@ func renderString(statusCode int, w http.ResponseWriter, data string, informatio
 	}
 }
 
-func renderJSON(statusCode int, w http.ResponseWriter, data map[string]interface{}, information *library.ServiceInitializationInformation) {
+func renderJSON(statusCode int, w http.ResponseWriter, data map[string]interface{}, information library.ServiceInitializationInformation) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(statusCode)
 	err := json.NewEncoder(w).Encode(data)
@@ -188,12 +171,11 @@ func verifyJwt(token string, publicKey ed25519.PublicKey, mem *sql.DB) ([]byte,
 	return userId, claims, true
 }
 
-func Main(information *library.ServiceInitializationInformation) {
+func Main(information library.ServiceInitializationInformation) {
 	var conn library.Database
 	var mem *sql.DB
 	var publicKey ed25519.PublicKey
 	var privateKey ed25519.PrivateKey
-
 	// Load the configuration
 	privacyPolicy := information.Configuration["privacyPolicy"].(string)
 	hostName := information.Configuration["url"].(string)
@@ -205,86 +187,108 @@ func Main(information *library.ServiceInitializationInformation) {
 	identifier := information.Configuration["identifier"].(string)
 	adminKey := information.Configuration["adminKey"].(string)
 
-	// Start the ISM processor
-	go information.StartISProcessor()
-
 	// Initiate a connection to the database
-	conn, err := information.GetDatabase()
+	// Call service ID 1 to get the database connection information
-	if err != nil {
+	information.Outbox <- library.InterServiceMessage{
-		logFunc(err.Error(), 3, information)
+		ServiceID:    ServiceInformation.ServiceID,
+		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"), // Service initialization service
+		MessageType:  1,                                                      // Request connection information
+		SentAt:       time.Now(),
+		Message:      nil,
 	}
-	if conn.DBType == library.Sqlite {
+
-		// Create the global table
+	// Wait for the response
-		// Uniqueness check is a hack to ensure we only have one global row
+	response := <-information.Inbox
-		_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS global (key BLOB NOT NULL, uniquenessCheck BOOLEAN NOT NULL UNIQUE CHECK (uniquenessCheck = true) DEFAULT true)")
+	if response.MessageType == 2 {
+		// This is the connection information
+		// Set up the database connection
+		conn = response.Message.(library.Database)
+		if conn.DBType == library.Sqlite {
+			// Create the global table
+			// Uniqueness check is a hack to ensure we only have one global row
+			_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS global (key BLOB NOT NULL, uniquenessCheck BOOLEAN NOT NULL UNIQUE CHECK (uniquenessCheck = true) DEFAULT true)")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
+			// Create the users table
+			_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BLOB PRIMARY KEY NOT NULL UNIQUE, created INTEGER NOT NULL, username TEXT NOT NULL UNIQUE, publicKey BLOB NOT NULL)")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
+			// Create the oauth table
+			_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS oauth (appId TEXT NOT NULL UNIQUE, secret TEXT, creator BLOB NOT NULL, redirectUri TEXT NOT NULL, name TEXT NOT NULL, keyShareUri TEXT NOT NULL DEFAULT '', scopes TEXT NOT NULL DEFAULT '[\"openid\"]')")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
+		} else {
+			// Create the global table
+			// Uniqueness check is a hack to ensure we only have one global row
+			_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS global (key BYTEA NOT NULL, uniquenessCheck BOOLEAN NOT NULL UNIQUE CHECK (uniquenessCheck = true) DEFAULT true)")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
+			// Create the users table
+			_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BYTEA PRIMARY KEY NOT NULL UNIQUE, created INTEGER NOT NULL, username TEXT NOT NULL UNIQUE, publicKey BYTEA NOT NULL)")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
+			// Create the oauth table
+			_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS oauth (appId TEXT NOT NULL UNIQUE, secret TEXT, creator BYTEA NOT NULL, redirectUri TEXT NOT NULL, name TEXT NOT NULL, keyShareUri TEXT NOT NULL DEFAULT '', scopes TEXT NOT NULL DEFAULT '[\"openid\"]')")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
+		}
+		// Set up the in-memory cache
+		mem, err := sql.Open("sqlite3", "file:"+ServiceInformation.ServiceID.String()+"?mode=memory&cache=shared")
 		if err != nil {
 			logFunc(err.Error(), 3, information)
 		}
-		// Create the users table
+		// Drop the tables if they exist
-		_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BLOB PRIMARY KEY NOT NULL UNIQUE, created INTEGER NOT NULL, username TEXT NOT NULL UNIQUE, publicKey BLOB NOT NULL)")
+		_, err = mem.Exec("DROP TABLE IF EXISTS sessions")
 		if err != nil {
 			logFunc(err.Error(), 3, information)
 		}
-		// Create the oauth table
+		_, err = mem.Exec("DROP TABLE IF EXISTS logins")
-		_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS oauth (appId TEXT NOT NULL UNIQUE, secret TEXT, creator BLOB NOT NULL, redirectUri TEXT NOT NULL, name TEXT NOT NULL, keyShareUri TEXT NOT NULL DEFAULT '', scopes TEXT NOT NULL DEFAULT '[\"openid\"]')")
+		if err != nil {
+			logFunc(err.Error(), 3, information)
+		}
+		_, err = mem.Exec("DROP TABLE IF EXISTS spent")
+		if err != nil {
+			logFunc(err.Error(), 3, information)
+		}
+		_, err = mem.Exec("DROP TABLE IF EXISTS challengeResponse")
+		if err != nil {
+			logFunc(err.Error(), 3, information)
+		}
+		// Create the sessions table
+		_, err = mem.Exec("CREATE TABLE sessions (id BLOB NOT NULL, session TEXT NOT NULL, device TEXT NOT NULL DEFAULT '?')")
+		if err != nil {
+			logFunc(err.Error(), 3, information)
+		}
+		// Create the logins table
+		_, err = mem.Exec("CREATE TABLE logins (appId TEXT NOT NULL, exchangeCode TEXT NOT NULL UNIQUE, pkce TEXT, pkceMethod TEXT, openid BOOLEAN NOT NULL, userId BLOB NOT NULL UNIQUE, nonce TEXT NOT NULL DEFAULT '', token TEXT NOT NULL)")
+		if err != nil {
+			logFunc(err.Error(), 3, information)
+		}
+		// Create the spent PoW table
+		_, err = mem.Exec("CREATE TABLE spent (hash BLOB NOT NULL UNIQUE, expires INTEGER NOT NULL)")
+		if err != nil {
+			logFunc(err.Error(), 3, information)
+		}
+		// Create the challenge-response table
+		_, err = mem.Exec("CREATE TABLE challengeResponse (challenge TEXT NOT NULL UNIQUE, userId BLOB NOT NULL, expires INTEGER NOT NULL)")
 		if err != nil {
 			logFunc(err.Error(), 3, information)
 		}
 	} else {
-		// Create the global table
+		// This is an error message
-		// Uniqueness check is a hack to ensure we only have one global row
+		// Log the error message to the logger service
-		_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS global (key BYTEA NOT NULL, uniquenessCheck BOOLEAN NOT NULL UNIQUE CHECK (uniquenessCheck = true) DEFAULT true)")
+		logFunc(response.Message.(error).Error(), 3, information)
-		if err != nil {
-			logFunc(err.Error(), 3, information)
-		}
-		// Create the users table
-		_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BYTEA PRIMARY KEY NOT NULL UNIQUE, created INTEGER NOT NULL, username TEXT NOT NULL UNIQUE, publicKey BYTEA NOT NULL)")
-		if err != nil {
-			logFunc(err.Error(), 3, information)
-		}
-		// Create the oauth table
-		_, err = conn.DB.Exec("CREATE TABLE IF NOT EXISTS oauth (appId TEXT NOT NULL UNIQUE, secret TEXT, creator BYTEA NOT NULL, redirectUri TEXT NOT NULL, name TEXT NOT NULL, keyShareUri TEXT NOT NULL DEFAULT '', scopes TEXT NOT NULL DEFAULT '[\"openid\"]')")
-		if err != nil {
-			logFunc(err.Error(), 3, information)
-		}
-	}
-	// Set up the in-memory cache
-	mem, err = sql.Open("sqlite3", "file:"+ServiceInformation.ServiceID.String()+"?mode=memory&cache=shared")
-	if err != nil {
-		logFunc(err.Error(), 3, information)
-	}
-	// Drop the tables if they exist
-	_, err = mem.Exec("DROP TABLE IF EXISTS sessions")
-	if err != nil {
-		logFunc(err.Error(), 3, information)
-	}
-	_, err = mem.Exec("DROP TABLE IF EXISTS logins")
-	if err != nil {
-		logFunc(err.Error(), 3, information)
-	}
-	_, err = mem.Exec("DROP TABLE IF EXISTS spent")
-	if err != nil {
-		logFunc(err.Error(), 3, information)
-	}
-	// Create the sessions table
-	_, err = mem.Exec("CREATE TABLE sessions (id BLOB NOT NULL, session TEXT NOT NULL, device TEXT NOT NULL DEFAULT '?')")
-	if err != nil {
-		logFunc(err.Error(), 3, information)
-	}
-	// Create the logins table
-	_, err = mem.Exec("CREATE TABLE logins (appId TEXT NOT NULL, exchangeCode TEXT NOT NULL UNIQUE, pkce TEXT, pkceMethod TEXT, openid BOOLEAN NOT NULL, userId BLOB NOT NULL UNIQUE, nonce TEXT NOT NULL DEFAULT '', token TEXT NOT NULL)")
-	if err != nil {
-		logFunc(err.Error(), 3, information)
-	}
-	// Create the spent PoW table
-	_, err = mem.Exec("CREATE TABLE spent (hash BLOB NOT NULL UNIQUE, expires INTEGER NOT NULL)")
-	if err != nil {
-		logFunc(err.Error(), 3, information)
 	}
 
 	// Set up the signing keys
 	// Check if the global table has the keys
-	err = conn.DB.QueryRow("SELECT key FROM global LIMIT 1").Scan(&privateKey)
+	err := conn.DB.QueryRow("SELECT key FROM global LIMIT 1").Scan(&privateKey)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			// Generate a new key
@@ -313,10 +317,11 @@ func Main(information *library.ServiceInitializationInformation) {
 	}
 
 	if testAppIsInternalApp {
-		_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", ServiceInformation.ServiceID[:], ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester")
+		_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", ServiceInformation.ServiceID, ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester")
 	} else {
 		testAppCreator := uuid.New()
-		_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", testAppCreator[:], ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester")
+
+		_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ('TestApp-DoNotUse', 'none', $1, 'Test App', $2, '[\"openid\", \"clientKeyShare\"]', $3)", testAppCreator, ensureTrailingSlash(hostName)+"testApp", ensureTrailingSlash(hostName)+"keyExchangeTester")
 	}
 	if err != nil {
 		testAppIsAvailable = false
@@ -390,30 +395,56 @@ func Main(information *library.ServiceInitializationInformation) {
 
 	router.Get("/authorize", func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Query().Get("client_id") != "" {
-			var name string
+			if conn.DBType == library.Sqlite {
-			var creator []byte
+				var name string
-			err := conn.DB.QueryRow("SELECT name, creator FROM oauth WHERE appId = $1", r.URL.Query().Get("client_id")).Scan(&name, &creator)
+				var creator []byte
-			if err != nil {
+				err := conn.DB.QueryRow("SELECT name, creator FROM oauth WHERE appId = $1", r.URL.Query().Get("client_id")).Scan(&name, &creator)
-				if errors.Is(err, sql.ErrNoRows) {
+				if err != nil {
-					renderString(404, w, "App not found", information)
+					if errors.Is(err, sql.ErrNoRows) {
-				} else {
+						renderString(404, w, "App not found", information)
-					logFunc(err.Error(), 2, information)
+					} else {
-					renderString(500, w, "Sorry, something went wrong on our end. Error code: 02. Please report to the administrator.", information)
+						logFunc(err.Error(), 2, information)
+						renderString(500, w, "Sorry, something went wrong on our end. Error code: 02. Please report to the administrator.", information)
+					}
+					return
 				}
-				return
-			}
 
-			// Check if the app is internal
+				if !bytes.Equal(creator, ServiceInformation.ServiceID[:]) {
-			if !bytes.Equal(creator, ServiceInformation.ServiceID[:]) {
+					renderTemplate(200, w, map[string]interface{}{
-				renderTemplate(200, w, map[string]interface{}{
+						"identifier": identifier,
-					"identifier": identifier,
+						"name":       name,
-					"name":       name,
+					}, "authorize.html", information)
-				}, "authorize.html", information)
+				} else {
+					renderTemplate(200, w, map[string]interface{}{
+						"identifier": identifier,
+						"name":       name,
+					}, "autoAccept.html", information)
+				}
 			} else {
-				renderTemplate(200, w, map[string]interface{}{
+				var name string
-					"identifier": identifier,
+				var creator uuid.UUID
-					"name":       name,
+				err := conn.DB.QueryRow("SELECT name, creator FROM oauth WHERE appId = $1", r.URL.Query().Get("client_id")).Scan(&name, &creator)
-				}, "autoAccept.html", information)
+				if err != nil {
+					if errors.Is(err, sql.ErrNoRows) {
+						renderString(404, w, "App not found", information)
+					} else {
+						logFunc(err.Error(), 2, information)
+						renderString(500, w, "Sorry, something went wrong on our end. Error code: 03. Please report to the administrator.", information)
+					}
+					return
+				}
+
+				if creator != ServiceInformation.ServiceID {
+					renderTemplate(200, w, map[string]interface{}{
+						"identifier": identifier,
+						"name":       name,
+					}, "authorize.html", information)
+				} else {
+					renderTemplate(200, w, map[string]interface{}{
+						"identifier": identifier,
+						"name":       name,
+					}, "autoAccept.html", information)
+				}
 			}
 		} else {
 			http.Redirect(w, r, "/dashboard", 301)
@@ -489,8 +520,8 @@ func Main(information *library.ServiceInitializationInformation) {
 
 	router.Post("/api/changePassword", func(w http.ResponseWriter, r *http.Request) {
 		type changePassword struct {
-			Session      string `json:"session"`
+			Session     string `json:"session"`
-			NewPublicKey string `json:"newPublicKey"`
+			NewPassword string `json:"newPassword"`
 		}
 		var data changePassword
 		err = json.NewDecoder(r.Body).Decode(&data)
@@ -507,14 +538,34 @@ func Main(information *library.ServiceInitializationInformation) {
 			return
 		}
 
-		// Update the public key
+		// Generate a new salt
-		_, err = conn.DB.Exec("UPDATE users SET publicKey = $1 WHERE id = $2", data.NewPublicKey, userId)
+		// We want it to be binary data, not alphanumerical, so we don't use randomChars
+		salt := make([]byte, 16)
+		_, err = rand.Read(salt)
 		if err != nil {
 			renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "04"}, information)
 			logFunc(err.Error(), 2, information)
 			return
 		}
 
+		// Decode the new password
+		newPassword, err := base64.StdEncoding.DecodeString(data.NewPassword)
+		if err != nil {
+			renderJSON(400, w, map[string]interface{}{"error": "Invalid JSON"}, information)
+			return
+		}
+
+		// Hash the password
+		hashedPassword := argon2.IDKey(newPassword, salt, 64, 4096, 1, 32)
+
+		// Update the password
+		_, err = conn.DB.Exec("UPDATE users SET password = $1, salt = $2 WHERE id = $3", hashedPassword, salt, userId)
+		if err != nil {
+			renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "05"}, information)
+			logFunc(err.Error(), 2, information)
+			return
+		}
+
 		// Invalidate all sessions
 		_, err = mem.Exec("DELETE FROM sessions WHERE id = ?", userId)
 		if err != nil {
@@ -594,7 +645,7 @@ func Main(information *library.ServiceInitializationInformation) {
 			return
 		}
 
-		_, err = conn.DB.Exec("INSERT INTO users (id, created, username, publicKey) VALUES ($1, $2, $3, $4)", userID[:], time.Now().Unix(), data.Username, publicKey)
+		_, err = conn.DB.Exec("INSERT INTO users (id, created, username, publicKey) VALUES ($1, $2, $3, $4)", userID, time.Now().Unix(), data.Username, publicKey)
 		if err != nil {
 			if strings.Contains(err.Error(), "UNIQUE constraint failed") {
 				renderJSON(409, w, map[string]interface{}{"error": "Username already taken"}, information)
@@ -616,13 +667,37 @@ func Main(information *library.ServiceInitializationInformation) {
 		}
 
 		// Insert the session
-		_, err = mem.Exec("INSERT INTO sessions (id, session, device) VALUES (?, ?, ?)", userID[:], session, r.Header.Get("User-Agent"))
+		_, err = mem.Exec("INSERT INTO sessions (id, session, device) VALUES (?, ?, ?)", userID, session, r.Header.Get("User-Agent"))
 
 		// Return success, as well as the session token
 		renderJSON(200, w, map[string]interface{}{"key": session}, information)
 	})
 
 	router.Post("/api/loginChallenge", func(w http.ResponseWriter, r *http.Request) {
+		type login struct {
+			Username string `json:"username"`
+		}
+
+		var data login
+		err = json.NewDecoder(r.Body).Decode(&data)
+		if err != nil {
+			renderJSON(400, w, map[string]interface{}{"error": "Invalid JSON"}, information)
+			return
+		}
+
+		// Get the id for the user
+		var userId []byte
+		err = conn.DB.QueryRow("SELECT id FROM users WHERE username = $1", data.Username).Scan(&userId)
+		if err != nil {
+			if errors.Is(err, sql.ErrNoRows) {
+				renderJSON(401, w, map[string]interface{}{"error": "Invalid username"}, information)
+			} else {
+				renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "12"}, information)
+				logFunc(err.Error(), 2, information)
+			}
+			return
+		}
+
 		// Generate a new challenge
 		challenge, err := randomChars(512)
 		if err != nil {
@@ -631,27 +706,22 @@ func Main(information *library.ServiceInitializationInformation) {
 			return
 		}
 
-		// Issue a new JWT token with the challenge
+		// Insert the challenge with one minute expiration
-		token := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
+		_, err = mem.Exec("INSERT INTO challengeResponse (challenge, userId, expires) VALUES (?, ?, ?)", challenge, userId, time.Now().Unix()+60)
-			"challenge": challenge,
-			"exp":       time.Now().Add(time.Second * 20).Unix(),
-		})
-		tokenString, err := token.SignedString(privateKey)
 		if err != nil {
-			renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "51"}, information)
+			renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "53"}, information)
 			logFunc(err.Error(), 2, information)
 			return
 		}
 
 		// Return the challenge
-		renderJSON(200, w, map[string]interface{}{"challenge": challenge, "verifier": tokenString}, information)
+		renderJSON(200, w, map[string]interface{}{"challenge": challenge}, information)
 	})
 
 	router.Post("/api/login", func(w http.ResponseWriter, r *http.Request) {
 		type login struct {
 			Username  string `json:"username"`
 			Signature string `json:"signature"`
-			Verifier  string `json:"verifier"`
 		}
 
 		var data login
@@ -663,8 +733,8 @@ func Main(information *library.ServiceInitializationInformation) {
 
 		// Try to select the user
 		var userId []byte
-		var userPublicKey []byte
+		var publicKey []byte
-		err = conn.DB.QueryRow("SELECT id, publicKey FROM users WHERE username = $1", data.Username).Scan(&userId, &userPublicKey)
+		err = conn.DB.QueryRow("SELECT id, publicKey FROM users WHERE username = $1", data.Username).Scan(&userId, &publicKey)
 		if err != nil {
 			if errors.Is(err, sql.ErrNoRows) {
 				renderJSON(401, w, map[string]interface{}{"error": "Invalid username"}, information)
@@ -683,43 +753,33 @@ func Main(information *library.ServiceInitializationInformation) {
 		}
 
 		// Verify the challenge
-		token, err := jwt.Parse(data.Verifier, func(token *jwt.Token) (interface{}, error) {
+		// Select the current challenge from the database
-			return publicKey, nil
+		var challenge string
-		})
+		err = mem.QueryRow("SELECT challenge FROM challengeResponse WHERE userId = ?", userId).Scan(&challenge)
 		if err != nil {
-			renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier"}, information)
+			if errors.Is(err, sql.ErrNoRows) {
-			return
+				renderJSON(401, w, map[string]interface{}{"error": "Invalid challenge"}, information)
-		}
+			} else {
-
+				renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "52"}, information)
-		claims, ok := token.Claims.(jwt.MapClaims)
+				logFunc(err.Error(), 2, information)
-		if !ok {
+			}
-			renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier: no claims"}, information)
-			return
-		}
-
-		expired, err := claims.GetExpirationTime()
-		if err != nil {
-			renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier: no expiry"}, information)
-			return
-		}
-
-		if expired.Before(time.Now()) {
-			renderJSON(401, w, map[string]interface{}{"error": "Expired verifier"}, information)
-			return
-		}
-
-		challenge, ok := claims["challenge"].(string)
-		if !ok {
-			renderJSON(401, w, map[string]interface{}{"error": "Invalid verifier: no challenge"}, information)
 			return
 		}
 
 		// Check if the challenge is correct by verifying the signature
-		if !ed25519.Verify(userPublicKey, []byte(challenge), signature) {
+		if !ed25519.Verify(publicKey, []byte(challenge), signature) {
 			renderJSON(401, w, map[string]interface{}{"error": "Invalid signature"}, information)
 			return
 		}
 
+		// Delete the challenge
+		_, err = mem.Exec("DELETE FROM challengeResponse WHERE userId = ?", userId)
+		if err != nil {
+			renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "53"}, information)
+			logFunc(err.Error(), 2, information)
+			return
+		}
+
 		// Create a new session
 		// We want the session token to be somewhat legible, so we use randomChars
 		// As a trade-off for this, we use a longer session token
@@ -1175,6 +1235,7 @@ func Main(information *library.ServiceInitializationInformation) {
 	})
 
 	router.Post("/api/oauth/add", func(w http.ResponseWriter, r *http.Request) {
+
 		// Conveniently, we use this one for ISB as well, so we can re-use the struct
 		var data authLibrary.OAuthInformation
 		err = json.NewDecoder(r.Body).Decode(&data)
@@ -1210,9 +1271,27 @@ func Main(information *library.ServiceInitializationInformation) {
 		}
 
 		// Validate the scopes
-		clientKeyShare, scopes, err := checkScopes(data.Scopes)
+		var clientKeyShare bool
+		for _, scope := range data.Scopes {
+			if scope != "openid" && scope != "clientKeyShare" {
+				renderJSON(400, w, map[string]interface{}{"error": "Invalid scope"}, information)
+				return
+			} else {
+				if scope == "clientKeyShare" {
+					clientKeyShare = true
+				} else if scope != "openid" {
+					logFunc("An impossible logic error has occurred, please move away from radiation or use ECC RAM", 1, information)
+					renderJSON(400, w, map[string]interface{}{"error": "Invalid scope"}, information)
+					return
+				}
+			}
+		}
+
+		// Marshal the scopes
+		scopes, err := json.Marshal(data.Scopes)
 		if err != nil {
-			renderJSON(400, w, map[string]interface{}{"error": err.Error()}, information)
+			renderJSON(500, w, map[string]interface{}{"error": "Internal server error", "code": "36"}, information)
+			logFunc(err.Error(), 2, information)
 			return
 		}
 
@@ -1555,7 +1634,17 @@ func Main(information *library.ServiceInitializationInformation) {
 				if err != nil {
 					logFunc(err.Error(), 1, information)
 				} else {
-					logFunc("Cleanup complete, deleted "+strconv.FormatInt(affectedCount, 10)+" entries", 0, information)
+					affected, err := mem.Exec("DELETE FROM challengeResponse WHERE expires < ?", time.Now().Unix())
+					if err != nil {
+						logFunc(err.Error(), 1, information)
+					} else {
+						affectedCount2, err := affected.RowsAffected()
+						if err != nil {
+							logFunc(err.Error(), 1, information)
+						} else {
+							logFunc("Cleanup complete, deleted "+strconv.FormatInt(affectedCount+affectedCount2, 10)+" entries", 0, information)
+						}
+					}
 				}
 			}
 		}
@@ -1564,78 +1653,136 @@ func Main(information *library.ServiceInitializationInformation) {
 	go func() {
 		for {
 			// Wait for a message
-			message := information.AcceptMessage()
+			message := <-information.Inbox
 
-			// Check the message type
+			if message.ServiceID != uuid.MustParse("00000000-0000-0000-0000-000000000001") {
-			switch message.MessageType {
+				// Check the message type
-			case 0:
+				switch message.MessageType {
-				// A service would like to have the hostname
+				case 0:
-				// Send it to them
+					// A service would like to know our hostname
-				message.Respond(library.Success, hostName, information)
+					// Send it to them
-			case 1:
+					information.Outbox <- library.InterServiceMessage{
-				// A service would like to register a new OAuth entry
+						MessageType:  0,
-				// Validate the scopes
+						ServiceID:    ServiceInformation.ServiceID,
-				clientKeyShare, scopes, err := checkScopes(message.Message.(authLibrary.OAuthInformation).Scopes)
+						ForServiceID: message.ServiceID,
-				if err != nil {
+						Message:      hostName,
-					message.Respond(library.BadRequest, err, information)
+						SentAt:       time.Now(),
-					return
-				}
-
-				// Check if the service already has an OAuth entry
-				var appId, secret string
-				err = conn.DB.QueryRow("SELECT appId, secret FROM oauth WHERE appId = $1", message.ServiceID.String()).Scan(&appId, &secret)
-				if err == nil && appId == message.ServiceID.String() {
-					// Update the entry to thew new scopes and redirect URI
-					if clientKeyShare {
-						_, err = conn.DB.Exec("UPDATE oauth SET name = $1, redirectUri = $2, scopes = $3, keyShareUri = $4 WHERE appId = $5", message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.Message.(authLibrary.OAuthInformation).KeyShareUri, message.ServiceID.String())
-					} else {
-						_, err = conn.DB.Exec("UPDATE oauth SET name = $1, redirectUri = $2, scopes = $3 WHERE appId = $4", message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.ServiceID.String())
 					}
-
+				case 1:
+					// A service would like to register a new OAuth entry
+					// Generate a new secret
+					// It must be able to be sent via JSON, so we can't have pure-binary data
+					secret, err := randomChars(512)
 					if err != nil {
-						message.Respond(library.InternalError, err, information)
+						information.Outbox <- library.InterServiceMessage{
+							MessageType:  1,
+							ServiceID:    ServiceInformation.ServiceID,
+							ForServiceID: message.ServiceID,
+							Message:      "36",
+							SentAt:       time.Now(),
+						}
 						logFunc(err.Error(), 2, information)
 						return
 					}
 
-					message.Respond(library.Success, authLibrary.OAuthResponse{
+					// Generate a new appId
-						AppID:     appId,
+					// It must be able to be sent via JSON, so we can't have pure-binary data
-						SecretKey: secret,
+					appId, err := randomChars(32)
-					}, information)
+					if err != nil {
+						information.Outbox <- library.InterServiceMessage{
+							MessageType:  1,
+							ServiceID:    ServiceInformation.ServiceID,
+							ForServiceID: message.ServiceID,
+							Message:      "37",
+							SentAt:       time.Now(),
+						}
+						logFunc(err.Error(), 2, information)
+						return
+					}
 
-					return
+					// Validate the scopes
-				}
+					var clientKeyShare bool
+					for _, scope := range message.Message.(authLibrary.OAuthInformation).Scopes {
+						if scope != "openid" && scope != "clientKeyShare" {
+							information.Outbox <- library.InterServiceMessage{
+								MessageType:  2,
+								ServiceID:    ServiceInformation.ServiceID,
+								ForServiceID: message.ServiceID,
+								Message:      "Invalid scope",
+								SentAt:       time.Now(),
+							}
+							return
+						} else {
+							if scope == "clientKeyShare" {
+								clientKeyShare = true
+							} else if scope != "openid" {
+								logFunc("An impossible logic error has occurred, please move away from radiation or use ECC RAM", 1, information)
+								information.Outbox <- library.InterServiceMessage{
+									MessageType:  2,
+									ServiceID:    ServiceInformation.ServiceID,
+									ForServiceID: message.ServiceID,
+									Message:      "Invalid scope",
+									SentAt:       time.Now(),
+								}
+								return
+							}
+						}
+					}
 
-				// Generate a new secret
+					// Marshal the scopes
-				// It must be able to be sent via JSON, so we can't have pure-binary data
+					scopes, err := json.Marshal(message.Message.(authLibrary.OAuthInformation).Scopes)
-				secret, err = randomChars(512)
+					if err != nil {
-				if err != nil {
+						information.Outbox <- library.InterServiceMessage{
-					message.Respond(library.InternalError, err, information)
+							MessageType:  1,
-					logFunc(err.Error(), 2, information)
+							ServiceID:    ServiceInformation.ServiceID,
-					return
+							ForServiceID: message.ServiceID,
-				}
+							Message:      "38",
+							SentAt:       time.Now(),
+						}
+						logFunc(err.Error(), 2, information)
+						return
+					}
 
-				// Insert the oauth entry
+					// Insert the oauth entry
-				if clientKeyShare {
+					if clientKeyShare {
-					_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ($1, $2, $3, $4, $5, $6, $7)", message.ServiceID.String(), secret, ServiceInformation.ServiceID[:], message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.Message.(authLibrary.OAuthInformation).KeyShareUri)
+						_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes, keyShareUri) VALUES ($1, $2, $3, $4, $5, $6, $7)", appId, secret, ServiceInformation.ServiceID, message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes, message.Message.(authLibrary.OAuthInformation).KeyShareUri)
-				} else {
+					} else {
-					_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes) VALUES ($1, $2, $3, $4, $5, $6)", message.ServiceID.String(), secret, ServiceInformation.ServiceID[:], message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes)
+						_, err = conn.DB.Exec("INSERT INTO oauth (appId, secret, creator, name, redirectUri, scopes) VALUES ($1, $2, $3, $4, $5, $6)", appId, secret, ServiceInformation.ServiceID, message.Message.(authLibrary.OAuthInformation).Name, message.Message.(authLibrary.OAuthInformation).RedirectUri, scopes)
-				}
+					}
-				if err != nil {
+					if err != nil {
-					message.Respond(library.InternalError, err, information)
+						information.Outbox <- library.InterServiceMessage{
-					logFunc(err.Error(), 2, information)
+							MessageType:  1,
-					return
+							ServiceID:    ServiceInformation.ServiceID,
-				}
+							ForServiceID: message.ServiceID,
+							Message:      "39",
+							SentAt:       time.Now(),
+						}
+						logFunc(err.Error(), 2, information)
+						return
+					}
 
-				// Return the appId and secret
+					// Return the appId and secret
-				message.Respond(library.Success, authLibrary.OAuthResponse{
+					information.Outbox <- library.InterServiceMessage{
-					AppID:     appId,
+						MessageType:  0,
-					SecretKey: secret,
+						ServiceID:    ServiceInformation.ServiceID,
-				}, information)
+						ForServiceID: message.ServiceID,
-			case 2:
+						Message: authLibrary.OAuthResponse{
-				// A service would like to have the public key
+							AppID:     appId,
-				// Send it to them
+							SecretKey: secret,
-				message.Respond(library.Success, publicKey, information)
+						},
+						SentAt: time.Now(),
+					}
+				case 2:
+					// A service would like to have the public key
+					// Send it to them
+					information.Outbox <- library.InterServiceMessage{
+						MessageType:  2,
+						ServiceID:    ServiceInformation.ServiceID,
+						ForServiceID: message.ServiceID,
+						Message:      publicKey,
+						SentAt:       time.Now(),
+					}
+				}
 			}
 		}
 	}()

services-src/auth/resources/static/js/logout.js

@@ -1,8 +1,7 @@
 // @license magnet:?xt=urn:btih:0ef1b8170b3b615170ff270def6427c317705f85&dn=lgpl-3.0.txt LGPL-3.0
 // This sad excuse for a script is used so LibreJS doesn't scream at me
 
-localStorage.removeItem("DONOTSHARE-clientKey")
+localStorage.clear()
-localStorage.removeItem("DONOTSHARE-secretKey")
 window.location.replace("/login" + window.location.search)
 
 // @license-end

services-src/auth/resources/wasm/login/main.go

@@ -192,7 +192,6 @@ func main() {
 					signupBody := map[string]interface{}{
 						"username":  username,
 						"signature": base64.StdEncoding.EncodeToString(signature),
-						"verifier":  responseMap["verifier"].(string),
 					}
 
 					// Marshal the body

services-src/auth/resources/wasm/testApp/main.go

@@ -236,7 +236,7 @@ func main() {
 			// Redirect to the client key exchange endpoint
 			js.Global().Get("swipe").Get("classList").Call("add", "swipe-animate")
 			time.Sleep(sleepTime)
-			//			js.Global().Get("window").Get("location").Call("replace", "/clientKeyShare?ecdhPublicKey="+base64.URLEncoding.EncodeToString(privateKey.PublicKey().Bytes())+"&accessToken="+responseMap["access_token"].(string))
+			js.Global().Get("window").Get("location").Call("replace", "/clientKeyShare?ecdhPublicKey="+base64.URLEncoding.EncodeToString(privateKey.PublicKey().Bytes())+"&accessToken="+responseMap["access_token"].(string))
 			return
 		} else if response.StatusCode != 500 {
 			statusBox.Set("innerText", responseMap["error"].(string))

services-src/storage/main.go

@@ -1,15 +1,14 @@
 package main
 
 import (
-	library "git.ailur.dev/ailur/fg-library/v3"
+	library "git.ailur.dev/ailur/fg-library/v2"
 	nucleusLibrary "git.ailur.dev/ailur/fg-nucleus-library"
-	"io"
 
-	"bytes"
+	"errors"
 	"os"
+	"time"
 
 	"database/sql"
-	"errors"
 	"path/filepath"
 
 	"github.com/google/uuid"
@@ -19,40 +18,47 @@ var ServiceInformation = library.Service{
 	Name: "Storage",
 	Permissions: library.Permissions{
 		Authenticate:              false, // This service does not require authentication
-		Router:                    false, // This service does not serve web pages
 		Database:                  true,  // This service requires database access to store quotas
 		BlobStorage:               false, // This service *is* the blob storage
 		InterServiceCommunication: true,  // This service does require inter-service communication
-		Resources:                 false, // This service does not require access to its resource directory
 	},
 	ServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000003"),
 }
 
-var (
+var conn library.Database
-	loggerService = uuid.MustParse("00000000-0000-0000-0000-000000000002")
-)
 
-func logFunc(message string, messageType library.MessageCode, information *library.ServiceInitializationInformation) {
+func logFunc(message string, messageType uint64, information library.ServiceInitializationInformation) {
-	// Log the message to the logger service
+	// Log the error message to the logger service
-	information.SendISMessage(loggerService, messageType, message)
+	information.Outbox <- library.InterServiceMessage{
+		ServiceID:    ServiceInformation.ServiceID,
+		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000002"), // Logger service
+		MessageType:  messageType,
+		SentAt:       time.Now(),
+		Message:      message,
+	}
 }
 
-func respondError(message library.InterServiceMessage, err error, information *library.ServiceInitializationInformation, myFault bool) {
+func respondError(message string, information library.ServiceInitializationInformation, myFault bool, serviceID uuid.UUID) {
 	// Respond with an error message
-	var errCode = library.BadRequest
+	var err uint64 = 1
 	if myFault {
 		// Log the error message to the logger service
-		logFunc(err.Error(), 2, information)
+		logFunc(message, 2, information)
-		errCode = library.InternalError
+		err = 2
+	}
+	information.Outbox <- library.InterServiceMessage{
+		ServiceID:    ServiceInformation.ServiceID,
+		ForServiceID: serviceID,
+		MessageType:  err,
+		SentAt:       time.Now(),
+		Message:      errors.New(message),
 	}
-
-	message.Respond(errCode, err, information)
 }
 
-func checkUserExists(userID uuid.UUID, conn library.Database) bool {
+func checkUserExists(userID uuid.UUID) bool {
 	// Check if a user exists in the database
 	var userCheck []byte
-	err := conn.DB.QueryRow("SELECT id FROM users WHERE id = $1", userID[:]).Scan(&userCheck)
+	err := conn.DB.QueryRow("SELECT id FROM users WHERE id = $1", userID).Scan(&userCheck)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return false
@@ -60,99 +66,74 @@ func checkUserExists(userID uuid.UUID, conn library.Database) bool {
 			return false
 		}
 	} else {
-		return bytes.Equal(userCheck, userID[:])
+		return uuid.Must(uuid.FromBytes(userCheck)) == userID
 	}
 }
 
 // addQuota can be used with a negative quota to remove quota from a user
-func addQuota(information *library.ServiceInitializationInformation, message library.InterServiceMessage, conn library.Database) {
+func addQuota(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
 	// Add more quota to a user
-	userID := message.Message.(nucleusLibrary.Quota).User
+	if checkUserExists(message.Message.(nucleusLibrary.Quota).User) {
-	if checkUserExists(userID, conn) {
 		_, err := conn.DB.Exec("UPDATE users SET quota = quota + $1 WHERE id = $2", message.Message.(nucleusLibrary.Quota).Bytes, message.Message.(nucleusLibrary.Quota).User)
 		if err != nil {
-			respondError(message, err, information, true)
+			respondError(err.Error(), information, true, message.ServiceID)
 		}
 	} else {
-		_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", userID[:], int64(information.Configuration["defaultQuota"].(int))+message.Message.(nucleusLibrary.Quota).Bytes)
+		_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", message.Message.(nucleusLibrary.Quota).User, int64(information.Configuration["defaultQuota"].(float64))+message.Message.(nucleusLibrary.Quota).Bytes)
 		if err != nil {
-			respondError(message, err, information, true)
+			respondError(err.Error(), information, true, message.ServiceID)
 		}
 	}
-
-	// Success
-	message.Respond(library.Success, nil, information)
 }
 
 // And so does addReserved
-func addReserved(information *library.ServiceInitializationInformation, message library.InterServiceMessage, conn library.Database) {
+func addReserved(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
 	// Add more reserved space to a user
-	userID := message.Message.(nucleusLibrary.Quota).User
+	if checkUserExists(message.Message.(nucleusLibrary.Quota).User) {
-	if checkUserExists(userID, conn) {
 		// Check if the user has enough space
-		quota, err := getQuota(information, userID, conn)
+		quota, err := getQuota(message.Message.(nucleusLibrary.Quota).User)
 		if err != nil {
-			respondError(message, err, information, true)
+			respondError(err.Error(), information, true, message.ServiceID)
 		}
-		used, err := getUsed(userID, information, conn)
+		used, err := getUsed(message.Message.(nucleusLibrary.Quota).User, information)
 		if err != nil {
-			respondError(message, err, information, true)
+			respondError(err.Error(), information, true, message.ServiceID)
 		}
 		if used+message.Message.(nucleusLibrary.Quota).Bytes > quota {
-			respondError(message, errors.New("insufficient storage"), information, false)
+			respondError("insufficient storage", information, false, message.ServiceID)
 			return
 		}
-		_, err = conn.DB.Exec("UPDATE users SET reserved = reserved + $1 WHERE id = $2", message.Message.(nucleusLibrary.Quota).Bytes, userID[:])
+		_, err = conn.DB.Exec("UPDATE users SET reserved = reserved + $1 WHERE id = $2", message.Message.(nucleusLibrary.Quota).Bytes, message.Message.(nucleusLibrary.Quota).User)
 		if err != nil {
-			respondError(message, err, information, true)
+			respondError(err.Error(), information, true, message.ServiceID)
 		}
 	} else {
 		// Check if the user has enough space
-		if int64(information.Configuration["defaultQuota"].(int)) < message.Message.(nucleusLibrary.Quota).Bytes {
+		if int64(information.Configuration["defaultQuota"].(float64)) < message.Message.(nucleusLibrary.Quota).Bytes {
-			respondError(message, errors.New("insufficient storage"), information, false)
+			respondError("insufficient storage", information, false, message.ServiceID)
 			return
 		}
-		_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, $3)", userID[:], int64(information.Configuration["defaultQuota"].(int)), message.Message.(nucleusLibrary.Quota).Bytes)
+		_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, $3)", message.Message.(nucleusLibrary.Quota).User, int64(information.Configuration["defaultQuota"].(float64)), message.Message.(nucleusLibrary.Quota).Bytes)
 		if err != nil {
-			respondError(message, err, information, true)
+			respondError(err.Error(), information, true, message.ServiceID)
 		}
 	}
-
-	// Success
-	message.Respond(library.Success, nil, information)
 }
 
-func getQuota(information *library.ServiceInitializationInformation, userID uuid.UUID, conn library.Database) (int64, error) {
+func getQuota(userID uuid.UUID) (int64, error) {
 	// Get the quota for a user
 	var quota int64
-	err := conn.DB.QueryRow("SELECT quota FROM users WHERE id = $1", userID[:]).Scan(&quota)
+	err := conn.DB.QueryRow("SELECT quota FROM users WHERE id = $1", userID).Scan(&quota)
 	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
+		return 0, err
-			_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", userID[:], int64(information.Configuration["defaultQuota"].(int)))
-			if err != nil {
-				return 0, err
-			}
-			return int64(information.Configuration["defaultQuota"].(int)), nil
-		} else {
-			return 0, err
-		}
 	}
 	return quota, nil
 }
 
-func getUsed(userID uuid.UUID, information *library.ServiceInitializationInformation, conn library.Database) (int64, error) {
+func getUsed(userID uuid.UUID, information library.ServiceInitializationInformation) (int64, error) {
 	// Get the used space for a user by first getting the reserved space from file storage
-	_, err := os.Stat(filepath.Join(information.Configuration["path"].(string), userID.String()))
-	if os.IsNotExist(err) {
-		// Create the directory
-		err = os.Mkdir(filepath.Join(information.Configuration["path"].(string), userID.String()), 0755)
-		if err != nil {
-			return 0, err
-		}
-	}
-
 	var used int64
-	err = filepath.Walk(filepath.Join(information.Configuration["path"].(string), userID.String()), func(path string, entry os.FileInfo, err error) error {
+	err := filepath.Walk(filepath.Join(information.Configuration["path"].(string), userID.String()), func(path string, entry os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
@@ -167,167 +148,147 @@ func getUsed(userID uuid.UUID, information *library.ServiceInitializationInforma
 
 	// Then add the reserved space from the database
 	var reserved int64
-	err = conn.DB.QueryRow("SELECT reserved FROM users WHERE id = $1", userID[:]).Scan(&reserved)
+	err = conn.DB.QueryRow("SELECT reserved FROM users WHERE id = $1", userID).Scan(&reserved)
 	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
+		return 0, err
-			_, err := conn.DB.Exec("INSERT INTO users (id, quota, reserved) VALUES ($1, $2, 0)", userID[:], int64(information.Configuration["defaultQuota"].(int)))
-			if err != nil {
-				return 0, err
-			}
-			return 0, nil
-		} else {
-			return 0, err
-		}
 	}
 
 	return used + reserved, nil
 }
 
-func modifyFile(information *library.ServiceInitializationInformation, message library.InterServiceMessage, conn library.Database) {
+func modifyFile(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
 	// Check if the file already exists
 	path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name)
 
-	logFunc(path, 0, information)
-
 	_, err := os.Stat(path)
-	if err == nil {
+	if os.IsNotExist(err) {
 		// Delete the file
 		err = os.Remove(path)
 		if err != nil {
-			respondError(message, err, information, true)
+			respondError(err.Error(), information, true, message.ServiceID)
 		}
-	} else if !os.IsNotExist(err) {
-		respondError(message, err, information, true)
 	}
 
 	// Check if the user has enough space
-	quota, err := getQuota(information, message.Message.(nucleusLibrary.File).User, conn)
+	quota, err := getQuota(message.Message.(nucleusLibrary.File).User)
 	if err != nil {
-		respondError(message, err, information, true)
+		respondError(err.Error(), information, true, message.ServiceID)
 	}
-	used, err := getUsed(message.Message.(nucleusLibrary.File).User, information, conn)
+	used, err := getUsed(message.Message.(nucleusLibrary.File).User, information)
 	if err != nil {
-		respondError(message, err, information, true)
+		respondError(err.Error(), information, true, message.ServiceID)
 	}
-	if used+message.Message.(nucleusLibrary.File).Reader.N > quota {
+	if used+int64(len(message.Message.(nucleusLibrary.File).Bytes)) > quota {
-		respondError(message, errors.New("insufficient storage"), information, false)
+		respondError("insufficient storage", information, false, message.ServiceID)
 		return
 	}
 
 	// Add a file to the user's storage
 	file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {
-		respondError(message, err, information, true)
+		respondError(err.Error(), information, true, message.ServiceID)
 	}
 
 	// Write the file
-	_, err = io.Copy(file, message.Message.(nucleusLibrary.File).Reader)
+	_, err = file.Write(message.Message.([]byte))
 	if err != nil {
-		respondError(message, err, information, true)
+		respondError(err.Error(), information, true, message.ServiceID)
 	}
 
 	// Close the file
 	err = file.Close()
 	if err != nil {
-		respondError(message, err, information, true)
+		respondError(err.Error(), information, true, message.ServiceID)
 	}
-
-	// Success
-	message.Respond(library.Success, nil, information)
 }
 
-func getFile(information *library.ServiceInitializationInformation, message library.InterServiceMessage) {
+func getFile(information library.ServiceInitializationInformation, message library.InterServiceMessage) {
 	// Check if the file exists
 	path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name)
 
 	_, err := os.Stat(path)
 	if os.IsNotExist(err) {
-		println("file not found: " + path)
+		respondError("file not found", information, false, message.ServiceID)
-		respondError(message, errors.New("file not found"), information, false)
 		return
 	}
 
 	// Open the file
 	file, err := os.Open(path)
 	if err != nil {
-		respondError(message, err, information, true)
+		respondError(err.Error(), information, true, message.ServiceID)
 	}
 
 	// Respond with the file
 	// It's their responsibility to close the file
-	message.Respond(library.Success, file, information)
+	information.Outbox <- library.InterServiceMessage{
-}
+		ServiceID:    ServiceInformation.ServiceID,
-
+		ForServiceID: message.ServiceID,
-func deleteFile(information *library.ServiceInitializationInformation, message library.InterServiceMessage) {
+		MessageType:  1,
-	// Check if the file exists
+		SentAt:       time.Now(),
-	path := filepath.Join(information.Configuration["path"].(string), message.Message.(nucleusLibrary.File).User.String(), message.Message.(nucleusLibrary.File).Name)
+		Message:      file,
-
-	_, err := os.Stat(path)
-	if os.IsNotExist(err) {
-		respondError(message, errors.New("file not found"), information, false)
-		return
 	}
-
-	// Delete the file
-	err = os.Remove(path)
-	if err != nil {
-		respondError(message, err, information, true)
-	}
-
-	// Success
-	message.Respond(library.Success, nil, information)
 }
 
 // processInterServiceMessages listens for incoming messages and processes them
-func processInterServiceMessages(information *library.ServiceInitializationInformation, conn library.Database) {
+func processInterServiceMessages(information library.ServiceInitializationInformation) {
 	// Listen for incoming messages
 	for {
-		message := information.AcceptMessage()
+		message := <-information.Inbox
 		switch message.MessageType {
 		case 1:
 			// Add quota
-			addQuota(information, message, conn)
+			addQuota(information, message)
 		case 2:
 			// Add reserved
-			addReserved(information, message, conn)
+			addReserved(information, message)
 		case 3:
 			// Modify file
-			modifyFile(information, message, conn)
+			modifyFile(information, message)
 		case 4:
 			// Get file
 			getFile(information, message)
-		case 5:
-			deleteFile(information, message)
 		default:
 			// Respond with an error message
-			respondError(message, errors.New("invalid message type"), information, false)
+			respondError("invalid message type", information, false, message.ServiceID)
 		}
 	}
 }
 
-func Main(information *library.ServiceInitializationInformation) {
+func Main(information library.ServiceInitializationInformation) {
-	// Start up the ISM processor
+	// Initiate a connection to the database
-	go information.StartISProcessor()
+	// Call service ID 1 to get the database connection information
-
+	information.Outbox <- library.InterServiceMessage{
-	// Get the database connection
+		ServiceID:    ServiceInformation.ServiceID,
-	conn, err := information.GetDatabase()
+		ForServiceID: uuid.MustParse("00000000-0000-0000-0000-000000000001"), // Service initialization service
-	if err != nil {
+		MessageType:  1,                                                      // Request connection information
-		logFunc(err.Error(), 3, information)
+		SentAt:       time.Now(),
+		Message:      nil,
 	}
 
-	// Create the quotas table if it doesn't exist
+	// Wait for the response
-	if conn.DBType == library.Sqlite {
+	response := <-information.Inbox
-		_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BLOB PRIMARY KEY, quota BIGINT, reserved BIGINT)")
+	if response.MessageType == 2 {
-		if err != nil {
+		// This is the connection information
-			logFunc(err.Error(), 3, information)
+		// Set up the database connection
+		conn = response.Message.(library.Database)
+		// Create the quotas table if it doesn't exist
+		if conn.DBType == library.Sqlite {
+			_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS quotas (id BLOB PRIMARY KEY, quota BIGINT, reserved BIGINT)")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
+		} else {
+			_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id UUID PRIMARY KEY, quota BIGINT, reserved BIGINT)")
+			if err != nil {
+				logFunc(err.Error(), 3, information)
+			}
 		}
 	} else {
-		_, err := conn.DB.Exec("CREATE TABLE IF NOT EXISTS users (id BYTEA PRIMARY KEY, quota BIGINT, reserved BIGINT)")
+		// This is an error message
-		if err != nil {
+		// Log the error message to the logger service
-			logFunc(err.Error(), 3, information)
+		logFunc(response.Message.(error).Error(), 3, information)
-		}
 	}
 
 	// Listen for incoming messages
-	go processInterServiceMessages(information, conn)
+	go processInterServiceMessages(information)
 }