added incestoma compatibility

also add sharkey to the fediverse URL endpoint
Merge branch 'badeline/pronouns.cc:main'
2024-04-02 19:13:05 +13:00 · 2024-02-13 17:29:50 +01:00 · 2024-02-13 17:28:56 +01:00 · 2024-02-13 17:28:43 +01:00 · 2024-02-13 17:13:03 +01:00 · 2024-01-17 17:54:15 +00:00
44 changed files with 111 additions and 1378 deletions
--- a/backend/common/common.go
+++ b/backend/common/common.go
@ -1,11 +1,7 @@
 // Package common contains functions and types common to all (or most) packages.
 package common

-import (
-	"crypto/rand"
-	"encoding/base64"
-	"unicode/utf8"
-)
+import "unicode/utf8"

 func StringLength(s *string) int {
 	if s == nil {
@ -13,14 +9,3 @@ func StringLength(s *string) int {
 	}
 	return utf8.RuneCountInString(*s)
 }
-
-// RandBase64 returns a string of random bytes encoded in raw base 64.
-func RandBase64(size int) string {
-	b := make([]byte, size)
-	_, err := rand.Read(b)
-	if err != nil {
-		panic(err)
-	}
-
-	return base64.RawURLEncoding.EncodeToString(b)
-}
--- a/backend/common/snowflake_types.go
+++ b/backend/common/snowflake_types.go
@ -37,15 +37,3 @@ func (id FlagID) Increment() uint16 { return Snowflake(id).Increment() }

 func (id FlagID) MarshalJSON() ([]byte, error)    { return Snowflake(id).MarshalJSON() }
 func (id *FlagID) UnmarshalJSON(src []byte) error { return (*Snowflake)(id).UnmarshalJSON(src) }
-
-type EmailID Snowflake
-
-func (id EmailID) String() string    { return Snowflake(id).String() }
-func (id EmailID) Time() time.Time   { return Snowflake(id).Time() }
-func (id EmailID) IsValid() bool     { return Snowflake(id).IsValid() }
-func (id EmailID) Worker() uint8     { return Snowflake(id).Worker() }
-func (id EmailID) PID() uint8        { return Snowflake(id).PID() }
-func (id EmailID) Increment() uint16 { return Snowflake(id).Increment() }
-
-func (id EmailID) MarshalJSON() ([]byte, error)    { return Snowflake(id).MarshalJSON() }
-func (id *EmailID) UnmarshalJSON(src []byte) error { return (*Snowflake)(id).UnmarshalJSON(src) }
--- a/backend/db/email.go
+++ b/backend/db/email.go
@ -1,125 +0,0 @@
-package db
-
-import (
-	"context"
-	"crypto/rand"
-
-	"github.com/jackc/pgx/v5"
-	"github.com/jackc/pgx/v5/pgconn"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
-	"emperror.dev/errors"
-	"github.com/georgysavva/scany/v2/pgxscan"
-)
-
-type UserEmail struct {
-	ID           common.EmailID
-	UserID       common.UserID
-	EmailAddress string
-}
-
-func (db *DB) UserEmails(ctx context.Context, userID common.UserID) (es []UserEmail, err error) {
-	return db.UserEmailsTx(ctx, db, userID)
-}
-
-func (db *DB) UserEmailsTx(ctx context.Context, q pgxscan.Querier, userID common.UserID) (es []UserEmail, err error) {
-	sql, args, err := sq.Select("*").From("user_emails").Where("user_id = ?", userID).OrderBy("id").ToSql()
-	if err != nil {
-		return nil, errors.Wrap(err, "building query")
-	}
-
-	err = pgxscan.Select(ctx, q, &es, sql, args...)
-	if err != nil {
-		return nil, errors.Wrap(err, "executing query")
-	}
-
-	return NotNull(es), nil
-}
-
-// UserByEmail gets a user by their email address.
-func (db *DB) UserByEmail(ctx context.Context, email string) (u User, err error) {
-	sql, args, err := sq.Select("users.*").
-		From("user_emails").
-		Join("users ON user_emails.user_id = users.snowflake_id").
-		Where("email_address = ?", email).
-		ToSql()
-	if err != nil {
-		return u, errors.Wrap(err, "building query")
-	}
-
-	err = pgxscan.Get(ctx, db, &u, sql, args...)
-	if err != nil {
-		if errors.Cause(err) == pgx.ErrNoRows {
-			return u, ErrUserNotFound
-		}
-		return u, errors.Wrap(err, "executing query")
-	}
-	return u, nil
-}
-
-// EmailExists returns whether an email address already exists. It does not need to be comfirmed.
-func (db *DB) EmailExists(ctx context.Context, email string) (exists bool, err error) {
-	err = db.QueryRow(ctx, "select exists(SELECT * FROM user_emails WHERE email_address = $1)", email).Scan(&exists)
-	return exists, err
-}
-
-func (db *DB) EmailExistsTx(ctx context.Context, tx pgx.Tx, email string) (exists bool, err error) {
-	err = tx.QueryRow(ctx, "select exists(SELECT * FROM user_emails WHERE email_address = $1)", email).Scan(&exists)
-	return exists, err
-}
-
-const ErrEmailInUse = errors.Sentinel("email already in use")
-
-// AddEmail adds a new email to the database.
-func (db *DB) AddEmail(ctx context.Context, q pgxscan.Querier, userID common.UserID, email string) (e UserEmail, err error) {
-	sql, args, err := sq.Insert("user_emails").SetMap(map[string]any{
-		"id":            common.GenerateID(),
-		"user_id":       userID,
-		"email_address": email,
-	}).Suffix("RETURNING *").ToSql()
-	if err != nil {
-		return e, errors.Wrap(err, "building query")
-	}
-
-	err = pgxscan.Get(ctx, q, &e, sql, args...)
-	if err != nil {
-		pge := &pgconn.PgError{}
-		if errors.As(err, &pge) {
-			// unique constraint violation
-			if pge.Code == uniqueViolation {
-				return e, ErrEmailInUse
-			}
-		}
-
-		return e, errors.Wrap(err, "executing query")
-	}
-	return e, nil
-}
-
-func (db *DB) SetPassword(ctx context.Context, tx pgx.Tx, userID common.UserID, password string) (err error) {
-	salt := make([]byte, 16)
-	_, err = rand.Read(salt)
-	if err != nil {
-		return errors.Wrap(err, "creating salt")
-	}
-
-	hash := hashPassword([]byte(password), salt)
-
-	sql, args, err := sq.Update("users").Set("password", hash).Set("salt", salt).Where("snowflake_id = ?", userID).ToSql()
-	if err != nil {
-		return errors.Wrap(err, "building sql")
-	}
-
-	_, err = tx.Exec(ctx, sql, args...)
-	return errors.Wrap(err, "executing query")
-}
-
-func (db *DB) RemoveEmails(ctx context.Context, tx pgx.Tx, userID common.UserID) (err error) {
-	sql, args, err := sq.Delete("user_emails").Where("user_id = ?", userID).ToSql()
-	if err != nil {
-		return errors.Wrap(err, "building sql")
-	}
-
-	_, err = tx.Exec(ctx, sql, args...)
-	return errors.Wrap(err, "executing query")
-}
--- a/backend/db/fediverse.go
+++ b/backend/db/fediverse.go
@ -48,11 +48,11 @@ func (f FediverseApp) ClientConfig() *oauth2.Config {
 }

 func (f FediverseApp) MastodonCompatible() bool {
-	return f.InstanceType == "mastodon" || f.InstanceType == "pleroma" || f.InstanceType == "akkoma" || f.InstanceType == "pixelfed" || f.InstanceType == "gotosocial"
+	return f.InstanceType == "mastodon" || f.InstanceType == "pleroma" || f.InstanceType == "akkoma" || f.InstanceType == "incestoma" || f.InstanceType == "pixelfed" || f.InstanceType == "gotosocial"
 }

 func (f FediverseApp) Misskey() bool {
-	return f.InstanceType == "misskey" || f.InstanceType == "foundkey" || f.InstanceType == "calckey" || f.InstanceType == "firefish"
+	return f.InstanceType == "misskey" || f.InstanceType == "foundkey" || f.InstanceType == "calckey" || f.InstanceType == "firefish" || f.InstanceType == "sharkey"
 }

 const ErrNoInstanceApp = errors.Sentinel("instance doesn't have an app")
--- a/backend/db/tokens.go
+++ b/backend/db/tokens.go
@ -64,7 +64,7 @@ func (db *DB) Tokens(ctx context.Context, userID xid.ID) (ts []Token, err error)
 const TokenExpiryTime = 3 * 30 * 24 * time.Hour

 // SaveToken saves a token to the database.
-func (db *DB) SaveToken(ctx context.Context, q pgxscan.Querier, userID xid.ID, tokenID xid.ID, apiOnly, readOnly bool) (t Token, err error) {
+func (db *DB) SaveToken(ctx context.Context, userID xid.ID, tokenID xid.ID, apiOnly, readOnly bool) (t Token, err error) {
 	sql, args, err := sq.Insert("tokens").
 		SetMap(map[string]any{
 			"user_id":   userID,
@ -79,7 +79,7 @@ func (db *DB) SaveToken(ctx context.Context, q pgxscan.Querier, userID xid.ID, t
 		return t, errors.Wrap(err, "building sql")
 	}

-	err = pgxscan.Get(ctx, q, &t, sql, args...)
+	err = pgxscan.Get(ctx, db, &t, sql, args...)
 	if err != nil {
 		return t, errors.Wrap(err, "inserting token")
 	}
--- a/backend/db/user.go
+++ b/backend/db/user.go
@ -3,7 +3,6 @@ package db
 import (
 	"context"
 	"crypto/sha256"
-	"crypto/subtle"
 	"encoding/hex"
 	"fmt"
 	"regexp"
@ -19,7 +18,6 @@ import (
 	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/rs/xid"
-	"golang.org/x/crypto/argon2"
 )

 type User struct {
@ -58,8 +56,6 @@ type User struct {
 	LastSIDReroll time.Time `db:"last_sid_reroll"`
 	Timezone      *string
 	Settings      UserSettings
-	Password      []byte
-	Salt          []byte

 	DeletedAt    *time.Time
 	SelfDelete   *bool
@ -105,10 +101,7 @@ const (
 	PreferenceSizeSmall  PreferenceSize = "small"
 )

-func (u User) NumProviders(emails []UserEmail) (numProviders int) {
-	if len(emails) > 0 {
-		numProviders++
-	}
+func (u User) NumProviders() (numProviders int) {
 	if u.Discord != nil {
 		numProviders++
 	}
@ -139,19 +132,6 @@ func (u User) UTCOffset() (offset int, ok bool) {
 	return offset, true
 }

-func (u User) VerifyPassword(input string) bool {
-	if u.Password == nil || u.Salt == nil {
-		return false
-	}
-
-	inputHash := hashPassword([]byte(input), u.Salt)
-	return subtle.ConstantTimeCompare(inputHash, u.Password) == 1
-}
-
-func hashPassword(password, salt []byte) []byte {
-	return argon2.IDKey(password, salt, 1, 65536, 4, 16)
-}
-
 type Badge int32

 const (
--- a/backend/routes.go
+++ b/backend/routes.go
@ -6,10 +6,11 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/meta"
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/mod"
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/user"
-	auth2 "codeberg.org/pronounscc/pronouns.cc/backend/routes/v2/auth"
 	user2 "codeberg.org/pronounscc/pronouns.cc/backend/routes/v2/user"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"github.com/go-chi/chi/v5"
+
+	_ "embed"
 )

 // mountRoutes mounts all API routes on the server's router.
@ -25,6 +26,5 @@ func mountRoutes(s *server.Server) {

 	s.Router.Route("/v2", func(r chi.Router) {
 		user2.Mount(s, r)
-		auth2.Mount(s, r)
 	})
 }
--- a/backend/routes/v1/auth/discord.go
+++ b/backend/routes/v1/auth/discord.go
@ -5,7 +5,6 @@ import (
 	"os"
 	"time"

-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@ -120,7 +119,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 		}

 		// save token to database
-		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@ -143,7 +142,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 	}

 	// no user found, so save a ticket + save their Discord info in Redis
-	ticket := common.RandBase64(32)
+	ticket := RandBase64(32)
 	err = s.DB.SetJSON(ctx, "discord:"+ticket, du, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Discord user for ticket %q: %v", ticket, err)
@ -235,13 +234,8 @@ func (s *Server) discordUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}

-	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
-	if err != nil {
-		return errors.Wrap(err, "getting user emails")
-	}
-
 	// cannot unlink last auth provider
-	if u.NumProviders(emails) <= 1 {
+	if u.NumProviders() <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}

@ -366,6 +360,12 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}

+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@ -375,17 +375,11 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
 	}

 	// save token to database
-	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}

-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),
--- a/backend/routes/v1/auth/fedi_mastodon.go
+++ b/backend/routes/v1/auth/fedi_mastodon.go
@ -6,7 +6,6 @@ import (
 	"net/http"
 	"time"

-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@ -141,7 +140,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 		}

 		// save token to database
-		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@ -164,7 +163,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 	}

 	// no user found, so save a ticket + save their Mastodon info in Redis
-	ticket := common.RandBase64(32)
+	ticket := RandBase64(32)
 	err = s.DB.SetJSON(ctx, "mastodon:"+ticket, mu, "EX", "600")
 	if err != nil {
 		log.Errorf("setting mastoAPI user for ticket %q: %v", ticket, err)
@ -262,13 +261,8 @@ func (s *Server) mastodonUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}

-	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
-	if err != nil {
-		return errors.Wrap(err, "getting user emails")
-	}
-
 	// cannot unlink last auth provider
-	if u.NumProviders(emails) <= 1 {
+	if u.NumProviders() <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}

@ -394,6 +388,12 @@ func (s *Server) mastodonSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}

+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@ -403,17 +403,11 @@ func (s *Server) mastodonSignup(w http.ResponseWriter, r *http.Request) error {
 	}

 	// save token to database
-	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}

-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),
--- a/backend/routes/v1/auth/fedi_misskey.go
+++ b/backend/routes/v1/auth/fedi_misskey.go
@ -7,7 +7,6 @@ import (
 	"io"
 	"net/http"

-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@ -120,7 +119,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 		}

 		// save token to database
-		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@ -143,7 +142,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 	}

 	// no user found, so save a ticket + save their Misskey info in Redis
-	ticket := common.RandBase64(32)
+	ticket := RandBase64(32)
 	err = s.DB.SetJSON(ctx, "misskey:"+ticket, mu.User, "EX", "600")
 	if err != nil {
 		log.Errorf("setting misskey user for ticket %q: %v", ticket, err)
@ -317,6 +316,12 @@ func (s *Server) misskeySignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}

+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@ -326,17 +331,11 @@ func (s *Server) misskeySignup(w http.ResponseWriter, r *http.Request) error {
 	}

 	// save token to database
-	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}

-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),
--- a/backend/routes/v1/auth/fediverse.go
+++ b/backend/routes/v1/auth/fediverse.go
@ -68,13 +68,10 @@ func (s *Server) noAppFediverseURL(ctx context.Context, w http.ResponseWriter, r
 	case "iceshrimp":
 		softwareName = "firefish"
 		fallthrough
-	case "misskey", "foundkey", "calckey", "firefish":
+	case "misskey", "foundkey", "calckey", "firefish", "sharkey":
 		return s.noAppMisskeyURL(ctx, w, r, softwareName, instance)
-	case "mastodon", "pleroma", "akkoma", "pixelfed", "gotosocial":
+	case "mastodon", "pleroma", "akkoma", "incestoma", "pixelfed", "gotosocial":
 	case "glitchcafe", "hometown":
-		// plural.cafe (potentially other instances too?) runs Mastodon but changes the software name
-		// Hometown is a lightweight fork of Mastodon so we can just treat it the same
-		// changing it back to mastodon here for consistency
 		softwareName = "mastodon"
 	default:
 		return server.APIError{Code: server.ErrUnsupportedInstance}
--- a/backend/routes/v1/auth/google.go
+++ b/backend/routes/v1/auth/google.go
@ -5,7 +5,6 @@ import (
 	"os"
 	"time"

-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@ -139,7 +138,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 		}

 		// save token to database
-		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@ -162,7 +161,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 	}

 	// no user found, so save a ticket + save their Google info in Redis
-	ticket := common.RandBase64(32)
+	ticket := RandBase64(32)
 	err = s.DB.SetJSON(ctx, "google:"+ticket, partialGoogleUser{ID: googleID, Email: googleUsername}, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Google user for ticket %q: %v", ticket, err)
@ -250,13 +249,8 @@ func (s *Server) googleUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}

-	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
-	if err != nil {
-		return errors.Wrap(err, "getting user emails")
-	}
-
 	// cannot unlink last auth provider
-	if u.NumProviders(emails) <= 1 {
+	if u.NumProviders() <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}

@ -369,6 +363,12 @@ func (s *Server) googleSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}

+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@ -378,17 +378,11 @@ func (s *Server) googleSignup(w http.ResponseWriter, r *http.Request) error {
 	}

 	// save token to database
-	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}

-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),
--- a/backend/routes/v1/auth/oauth.go
+++ b/backend/routes/v1/auth/oauth.go
@ -2,8 +2,9 @@ package auth

 import (
 	"context"
+	"crypto/rand"
+	"encoding/base64"

-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"github.com/mediocregopher/radix/v4"
 )

@ -13,7 +14,7 @@ const numStates = "1000"

 // setCSRFState generates a random string to use as state, then stores that in Redis.
 func (s *Server) setCSRFState(ctx context.Context) (string, error) {
-	state := common.RandBase64(32)
+	state := RandBase64(32)

 	err := s.DB.MultiCmd(ctx,
 		radix.Cmd(nil, "LPUSH", "csrf", state),
@ -31,3 +32,14 @@ func (s *Server) validateCSRFState(ctx context.Context, state string) (matched b
 	}
 	return num > 0, nil
 }
+
+// RandBase64 returns a string of random bytes encoded in raw base 64.
+func RandBase64(size int) string {
+	b := make([]byte, size)
+	_, err := rand.Read(b)
+	if err != nil {
+		panic(err)
+	}
+
+	return base64.RawURLEncoding.EncodeToString(b)
+}
--- a/backend/routes/v1/auth/tokens.go
+++ b/backend/routes/v1/auth/tokens.go
@ -115,7 +115,7 @@ func (s *Server) createToken(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "creating token")
 	}

-	t, err := s.DB.SaveToken(ctx, s.DB, claims.UserID, tokenID, true, readOnly)
+	t, err := s.DB.SaveToken(ctx, claims.UserID, tokenID, true, readOnly)
 	if err != nil {
 		return errors.Wrap(err, "saving token")
 	}
--- a/backend/routes/v1/auth/tumblr.go
+++ b/backend/routes/v1/auth/tumblr.go
@ -7,7 +7,6 @@ import (
 	"os"
 	"time"

-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@ -172,7 +171,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 		}

 		// save token to database
-		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@ -195,7 +194,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 	}

 	// no user found, so save a ticket + save their Tumblr info in Redis
-	ticket := common.RandBase64(32)
+	ticket := RandBase64(32)
 	err = s.DB.SetJSON(ctx, "tumblr:"+ticket, tumblrUserInfo{ID: tumblrID, Name: tumblrName}, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Tumblr user for ticket %q: %v", ticket, err)
@ -283,13 +282,8 @@ func (s *Server) tumblrUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}

-	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
-	if err != nil {
-		return errors.Wrap(err, "getting user emails")
-	}
-
 	// cannot unlink last auth provider
-	if u.NumProviders(emails) <= 1 {
+	if u.NumProviders() <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}

@ -402,6 +396,12 @@ func (s *Server) tumblrSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}

+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@ -411,17 +411,11 @@ func (s *Server) tumblrSignup(w http.ResponseWriter, r *http.Request) error {
 	}

 	// save token to database
-	_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}

-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),
--- a/backend/routes/v1/meta/meta.go
+++ b/backend/routes/v1/meta/meta.go
@ -13,17 +13,10 @@ import (

 type Server struct {
 	*server.Server
-
-	requireInvite bool
-	emailSignup   bool
 }

 func Mount(srv *server.Server, r chi.Router) {
-	s := &Server{
-		Server:        srv,
-		requireInvite: os.Getenv("REQUIRE_INVITE") == "true",
-		emailSignup:   os.Getenv("EMAIL_SMTP_ADDRESS") != "",
-	}
+	s := &Server{Server: srv}

 	r.Get("/meta", server.WrapHandler(s.meta))
 }
@ -34,7 +27,6 @@ type MetaResponse struct {
 	Users         MetaUsers   `json:"users"`
 	Members       int64       `json:"members"`
 	RequireInvite bool        `json:"require_invite"`
-	EmailSignup   bool        `json:"email_signup"`
 	Notice        *MetaNotice `json:"notice"`
 }

@ -77,8 +69,7 @@ func (s *Server) meta(w http.ResponseWriter, r *http.Request) error {
 			ActiveDay:   activeDay,
 		},
 		Members:       numMembers,
-		RequireInvite: s.requireInvite,
-		EmailSignup:   s.emailSignup,
+		RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",
 		Notice:        notice,
 	})
 	return nil
--- a/backend/routes/v2/auth/email_signup.go
+++ b/backend/routes/v2/auth/email_signup.go
@ -1,192 +0,0 @@
-package auth
-
-import (
-	"net/http"
-	"strings"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
-	"codeberg.org/pronounscc/pronouns.cc/backend/db"
-	"codeberg.org/pronounscc/pronouns.cc/backend/server"
-	"emperror.dev/errors"
-	"github.com/go-chi/render"
-	"github.com/mediocregopher/radix/v4"
-	"github.com/rs/xid"
-)
-
-type postEmailSignupRequest struct {
-	Email string `json:"email"`
-}
-
-func (s *Server) postEmailSignup(w http.ResponseWriter, r *http.Request) (err error) {
-	ctx := r.Context()
-	var req postEmailSignupRequest
-	err = render.Decode(r, &req)
-	if err != nil {
-		return server.APIError{Code: server.ErrBadRequest}
-	}
-
-	if !strings.Contains(req.Email, "@") {
-		return server.APIError{Code: server.ErrBadRequest, Details: "Email seems to be invalid"}
-	}
-
-	ticket := common.RandBase64(48)
-	err = s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET", emailSignupTicketKey(ticket), req.Email, "EX", "3600"))
-	if err != nil {
-		return errors.Wrap(err, "setting email signup key")
-	}
-
-	// if the email address already exists, pretend we sent an email and return
-	// to prevent people from discovering valid email addresses
-	exists, err := s.DB.EmailExists(ctx, req.Email)
-	if err != nil {
-		return errors.Wrap(err, "checking if email exists")
-	}
-	if exists {
-		render.NoContent(w, r)
-		return nil
-	}
-
-	go s.SendEmail(req.Email, "Confirm your email address", "signup", map[string]any{
-		"Ticket": ticket,
-	})
-
-	render.NoContent(w, r)
-	return nil
-}
-
-func emailSignupTicketKey(ticket string) string {
-	return "email-signup:" + ticket
-}
-
-type postEmailSignupConfirmRequest struct {
-	Ticket   string `json:"ticket"`
-	Username string `json:"username"`
-	Password string `json:"password"`
-}
-
-func (s *Server) postEmailSignupConfirm(w http.ResponseWriter, r *http.Request) (err error) {
-	ctx := r.Context()
-	var req postEmailSignupConfirmRequest
-	err = render.Decode(r, &req)
-	if err != nil {
-		return server.APIError{Code: server.ErrBadRequest}
-	}
-
-	var email string
-	err = s.DB.Redis.Do(ctx, radix.Cmd(&email, "GET", emailSignupTicketKey(req.Ticket)))
-	if err != nil {
-		return errors.Wrap(err, "getting email signup key")
-	}
-	if email == "" {
-		return server.APIError{Code: server.ErrBadRequest, Details: "Unknown ticket"}
-	}
-
-	tx, err := s.DB.Begin(ctx)
-	if err != nil {
-		return errors.Wrap(err, "starting transaction")
-	}
-	defer func() { _ = tx.Rollback(ctx) }()
-
-	u, err := s.DB.CreateUser(ctx, tx, req.Username)
-	if err != nil {
-		switch err {
-		case db.ErrUsernameTaken:
-			return server.APIError{Code: server.ErrUsernameTaken}
-		case db.ErrUsernameTooShort:
-			return server.APIError{Code: server.ErrBadRequest, Details: "Username is too short"}
-		case db.ErrUsernameTooLong:
-			return server.APIError{Code: server.ErrBadRequest, Details: "Username is too long"}
-		case db.ErrInvalidUsername:
-			return server.APIError{Code: server.ErrBadRequest, Details: "Username contains invalid characters"}
-		case db.ErrBannedUsername:
-			return server.APIError{Code: server.ErrBadRequest, Details: "Username is not allowed"}
-		default:
-			return errors.Wrap(err, "creating user")
-		}
-	}
-
-	_, err = s.DB.AddEmail(ctx, tx, u.SnowflakeID, email)
-	if err != nil {
-		if err == db.ErrEmailInUse {
-			// This should only happen if the email was *not* taken when the ticket was sent, but was taken in the meantime.
-			// i.e. unless another person has access to the mailbox, the user will know what happened
-			return server.APIError{Code: server.ErrBadRequest, Details: "Email is already in use"}
-		}
-
-		return errors.Wrap(err, "adding email to user")
-	}
-
-	err = s.DB.SetPassword(ctx, tx, u.SnowflakeID, req.Password)
-	if err != nil {
-		return errors.Wrap(err, "setting password for user")
-	}
-
-	// create token
-	tokenID := xid.New()
-	token, err := s.Auth.CreateToken(u.ID, tokenID, false, false, true)
-	if err != nil {
-		return errors.Wrap(err, "creating token")
-	}
-
-	// save token to database
-	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
-	if err != nil {
-		return errors.Wrap(err, "saving token to database")
-	}
-
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
-	render.JSON(w, r, signupResponse{
-		User:  *dbUserToUserResponse(u, nil),
-		Token: token,
-	})
-
-	return nil
-}
-
-type userResponse struct {
-	ID          common.UserID     `json:"id"`
-	Username    string            `json:"name"`
-	DisplayName *string           `json:"display_name"`
-	Bio         *string           `json:"bio"`
-	Avatar      *string           `json:"avatar"`
-	Links       []string          `json:"links"`
-	Names       []db.FieldEntry   `json:"names"`
-	Pronouns    []db.PronounEntry `json:"pronouns"`
-	Fields      []db.Field        `json:"fields"`
-
-	Discord         *string `json:"discord"`
-	DiscordUsername *string `json:"discord_username"`
-
-	Tumblr         *string `json:"tumblr"`
-	TumblrUsername *string `json:"tumblr_username"`
-
-	Google         *string `json:"google"`
-	GoogleUsername *string `json:"google_username"`
-
-	Fediverse         *string `json:"fediverse"`
-	FediverseUsername *string `json:"fediverse_username"`
-	FediverseInstance *string `json:"fediverse_instance"`
-}
-
-func dbUserToUserResponse(u db.User, fields []db.Field) *userResponse {
-	return &userResponse{
-		ID:          u.SnowflakeID,
-		Username:    u.Username,
-		DisplayName: u.DisplayName,
-		Bio:         u.Bio,
-		Avatar:      u.Avatar,
-		Links:       db.NotNull(u.Links),
-		Names:       db.NotNull(u.Names),
-		Pronouns:    db.NotNull(u.Pronouns),
-		Fields:      db.NotNull(fields),
-	}
-}
-
-type signupResponse struct {
-	User  userResponse `json:"user"`
-	Token string       `json:"token"`
-}
--- a/backend/routes/v2/auth/get_emails.go
+++ b/backend/routes/v2/auth/get_emails.go
@ -1,53 +0,0 @@
-package auth
-
-import (
-	"net/http"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
-	"codeberg.org/pronounscc/pronouns.cc/backend/db"
-	"codeberg.org/pronounscc/pronouns.cc/backend/log"
-	"codeberg.org/pronounscc/pronouns.cc/backend/server"
-	"emperror.dev/errors"
-	"github.com/go-chi/render"
-)
-
-type EmailResponse struct {
-	ID    common.EmailID `json:"id"`
-	Email string         `json:"email"`
-}
-
-func dbEmailToResponse(e db.UserEmail) EmailResponse {
-	return EmailResponse{
-		ID:    e.ID,
-		Email: e.EmailAddress,
-	}
-}
-
-func (s *Server) getEmails(w http.ResponseWriter, r *http.Request) error {
-	ctx := r.Context()
-	claims, _ := server.ClaimsFromContext(ctx)
-	if claims.APIToken {
-		return server.APIError{Code: server.ErrMissingPermissions, Details: "This endpoint cannot be used by API tokens"}
-	}
-
-	u, err := s.DB.User(ctx, claims.UserID)
-	if err != nil {
-		// this should never fail
-		log.Errorf("getting user: %v", err)
-		return errors.Wrap(err, "getting user")
-	}
-
-	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
-	if err != nil {
-		log.Errorf("getting user emails: %v", err)
-		return errors.Wrap(err, "getting user emails")
-	}
-
-	out := make([]EmailResponse, len(emails))
-	for i := range emails {
-		out[i] = dbEmailToResponse(emails[i])
-	}
-
-	render.JSON(w, r, out)
-	return nil
-}
--- a/backend/routes/v2/auth/login.go
+++ b/backend/routes/v2/auth/login.go
@ -1,62 +0,0 @@
-package auth
-
-import (
-	"net/http"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/server"
-	"emperror.dev/errors"
-	"github.com/go-chi/render"
-	"github.com/rs/xid"
-)
-
-type postLoginRequest struct {
-	Email    string `json:"email"`
-	Password string `json:"password"`
-}
-
-type postLoginResponse struct {
-	User  *userResponse `json:"user,omitempty"`
-	Token string        `json:"token,omitempty"`
-}
-
-func (s *Server) postLogin(w http.ResponseWriter, r *http.Request) (err error) {
-	ctx := r.Context()
-	var req postLoginRequest
-	err = render.Decode(r, &req)
-	if err != nil {
-		return server.APIError{Code: server.ErrBadRequest}
-	}
-
-	u, err := s.DB.UserByEmail(ctx, req.Email)
-	if err != nil {
-		return server.APIError{Code: server.ErrForbidden, Details: "Invalid email or password"}
-	}
-
-	if !u.VerifyPassword(req.Password) {
-		return server.APIError{Code: server.ErrForbidden, Details: "Invalid email or password"}
-	}
-
-	tokenID := xid.New()
-	token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
-	if err != nil {
-		return errors.Wrap(err, "creating token")
-	}
-
-	// save token to database
-	_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
-	if err != nil {
-		return errors.Wrap(err, "saving token to database")
-	}
-
-	fields, err := s.DB.UserFields(ctx, u.ID)
-	if err != nil {
-		return errors.Wrap(err, "querying fields")
-	}
-
-	render.JSON(w, r, postLoginResponse{
-		Token: token,
-		User:  dbUserToUserResponse(u, fields),
-	})
-
-	return nil
-}
--- a/backend/routes/v2/auth/put_email.go
+++ b/backend/routes/v2/auth/put_email.go
@ -1,225 +0,0 @@
-package auth
-
-import (
-	"fmt"
-	"net/http"
-	"strings"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/common"
-	"codeberg.org/pronounscc/pronouns.cc/backend/db"
-	"codeberg.org/pronounscc/pronouns.cc/backend/log"
-	"codeberg.org/pronounscc/pronouns.cc/backend/server"
-	"emperror.dev/errors"
-	"github.com/go-chi/render"
-	"github.com/jackc/pgx/v5"
-	"github.com/mediocregopher/radix/v4"
-)
-
-type putEmailRequest struct {
-	Email    string `json:"email"`
-	Password string `json:"password"`
-}
-
-func (s *Server) putEmail(w http.ResponseWriter, r *http.Request) error {
-	ctx := r.Context()
-	claims, _ := server.ClaimsFromContext(ctx)
-	if claims.APIToken {
-		return server.APIError{Code: server.ErrMissingPermissions, Details: "This endpoint cannot be used by API tokens"}
-	}
-
-	var req putEmailRequest
-	err := render.Decode(r, &req)
-	if err != nil {
-		return server.APIError{Code: server.ErrBadRequest}
-	}
-
-	u, err := s.DB.User(ctx, claims.UserID)
-	if err != nil {
-		// this should never fail
-		log.Errorf("getting user: %v", err)
-		return errors.Wrap(err, "getting user")
-	}
-
-	tx, err := s.DB.Begin(ctx)
-	if err != nil {
-		return errors.Wrap(err, "beginning transaction")
-	}
-	defer func() {
-		_ = tx.Rollback(ctx)
-	}()
-
-	emails, err := s.DB.UserEmailsTx(ctx, tx, u.SnowflakeID)
-	if err != nil {
-		log.Errorf("getting user emails: %v", err)
-		return errors.Wrap(err, "getting user emails")
-	}
-
-	if len(emails) > 0 {
-		if emails[0].EmailAddress == req.Email {
-			return server.APIError{Code: server.ErrBadRequest, Details: "New email address cannot be the same as the current one"}
-		}
-
-		return s.putEmailExisting(w, r, tx, u, req)
-	}
-
-	ticket := common.RandBase64(48)
-	err = s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET",
-		emailChangeTicketKey(ticket), emailChangeTicketValue(req.Email, u.SnowflakeID), "EX", "3600"))
-	if err != nil {
-		return errors.Wrap(err, "setting email change key")
-	}
-
-	// if the email address already exists, pretend we sent an email and return
-	exists, err := s.DB.EmailExistsTx(ctx, tx, req.Email)
-	if err != nil {
-		return errors.Wrap(err, "checking if email exists")
-	}
-	if exists {
-		render.NoContent(w, r)
-		return nil
-	}
-
-	// set the user's password, this won't do anything unless the email address is actually confirmed
-	err = s.DB.SetPassword(ctx, tx, u.SnowflakeID, req.Password)
-	if err != nil {
-		return errors.Wrap(err, "setting user password")
-	}
-
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
-	// send the email
-	go s.SendEmail(req.Email, "Confirm your email address", "change", map[string]any{
-		"Ticket":   ticket,
-		"Username": u.Username,
-	})
-
-	render.NoContent(w, r)
-	return nil
-}
-
-func (s *Server) putEmailExisting(
-	w http.ResponseWriter, r *http.Request, tx pgx.Tx, u db.User, req putEmailRequest,
-) error {
-	ctx := r.Context()
-
-	if !u.VerifyPassword(req.Password) {
-		return server.APIError{Code: server.ErrForbidden, Details: "Invalid password"}
-	}
-
-	ticket := common.RandBase64(48)
-	err := s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET",
-		emailChangeTicketKey(ticket), emailChangeTicketValue(req.Email, u.SnowflakeID), "EX", "3600"))
-	if err != nil {
-		return errors.Wrap(err, "setting email change key")
-	}
-
-	// if the email address already exists, pretend we sent an email and return
-	exists, err := s.DB.EmailExistsTx(ctx, tx, req.Email)
-	if err != nil {
-		return errors.Wrap(err, "checking if email exists")
-	}
-	if exists {
-		render.NoContent(w, r)
-		return nil
-	}
-
-	go s.SendEmail(req.Email, "Confirm your email address", "change", map[string]any{
-		"Ticket":   ticket,
-		"Username": u.Username,
-	})
-
-	render.NoContent(w, r)
-	return nil
-}
-
-type putEmailConfirmRequest struct {
-	Ticket string `json:"ticket"`
-}
-
-type putEmailConfirmResponse struct {
-	Email string       `json:"email"`
-	User  userResponse `json:"user"`
-}
-
-func (s *Server) putEmailConfim(w http.ResponseWriter, r *http.Request) (err error) {
-	ctx := r.Context()
-	var req putEmailConfirmRequest
-	err = render.Decode(r, &req)
-	if err != nil {
-		return server.APIError{Code: server.ErrBadRequest}
-	}
-
-	var ticket string
-	err = s.DB.Redis.Do(ctx, radix.Cmd(&ticket, "GET", emailChangeTicketKey(req.Ticket)))
-	if err != nil {
-		return errors.Wrap(err, "getting email change key")
-	}
-	if ticket == "" {
-		return server.APIError{Code: server.ErrBadRequest, Details: "Unknown ticket"}
-	}
-
-	email, userID, ok := parseEmailChangeTicket(ticket)
-	if !ok {
-		return fmt.Errorf("invalid email change ticket %q", ticket)
-	}
-
-	u, err := s.DB.UserBySnowflake(ctx, userID)
-	if err != nil {
-		return errors.Wrap(err, "getting user")
-	}
-
-	tx, err := s.DB.Begin(ctx)
-	if err != nil {
-		return errors.Wrap(err, "beginning transaction")
-	}
-	defer func() {
-		_ = tx.Rollback(ctx)
-	}()
-
-	err = s.DB.RemoveEmails(ctx, tx, userID)
-	if err != nil {
-		return errors.Wrapf(err, "removing existing email addresses for user %v", userID)
-	}
-
-	dbEmail, err := s.DB.AddEmail(ctx, s.DB, userID, email)
-	if err != nil {
-		if err == db.ErrEmailInUse {
-			// This should only happen if the email was *not* taken when the ticket was sent, but was taken in the meantime.
-			// i.e. unless another person has access to the mailbox, the user will know what happened
-			return server.APIError{Code: server.ErrBadRequest, Details: "Email is already in use"}
-		}
-
-		return errors.Wrap(err, "adding email to user")
-	}
-
-	render.JSON(w, r, putEmailConfirmResponse{
-		Email: dbEmail.EmailAddress,
-		User:  *dbUserToUserResponse(u, nil),
-	})
-	return nil
-}
-
-func emailChangeTicketKey(ticket string) string {
-	return "email-change:" + ticket
-}
-
-func emailChangeTicketValue(email string, userID common.UserID) string {
-	return email + ":" + userID.String()
-}
-
-func parseEmailChangeTicket(v string) (email string, userID common.UserID, ok bool) {
-	before, after, ok := strings.Cut(v, ":")
-	if !ok {
-		return "", common.UserID(common.NullSnowflake), false
-	}
-
-	id, err := common.ParseSnowflake(after)
-	if err != nil {
-		return "", common.UserID(common.NullSnowflake), false
-	}
-
-	return before, common.UserID(id), true
-}
--- a/backend/routes/v2/auth/routes.go
+++ b/backend/routes/v2/auth/routes.go
@ -1,53 +0,0 @@
-package auth
-
-import (
-	"net/smtp"
-	"os"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/server"
-	"github.com/go-chi/chi/v5"
-	"github.com/jordan-wright/email"
-)
-
-type Server struct {
-	*server.Server
-
-	emailPool    *email.Pool
-	emailAddress string
-	baseURL      string
-}
-
-func Mount(srv *server.Server, r chi.Router) {
-	s := &Server{
-		Server:       srv,
-		emailAddress: os.Getenv("EMAIL_ADDRESS"), // The address used for sending email
-		baseURL:      os.Getenv("BASE_URL"),      // The frontend base URL
-	}
-
-	// Only mount email routes if email is set up
-	if os.Getenv("EMAIL_SMTP_ADDRESS") != "" {
-		// This function will never return an error
-		s.emailPool, _ = email.NewPool(
-			os.Getenv("EMAIL_SMTP_ADDRESS"), // This should be the SMTP server host, like "example.com:587"
-			4, smtp.PlainAuth("",
-				os.Getenv("EMAIL_USERNAME"), // This should be the account name, like "noreply@pronouns.cc"
-				os.Getenv("EMAIL_PASSWORD"), // This should be the account pass, like "6GzW3dY6"
-				os.Getenv("EMAIL_HOST"),     // This should be the email host (seems to be SMTP server without the port?)
-			))
-
-		r.Route("/auth/email", func(r chi.Router) {
-			r.With(server.MustAuth).Get("/", server.WrapHandler(s.getEmails))
-			r.With(server.MustAuth).Put("/", server.WrapHandler(s.putEmail))
-			r.With(server.MustAuth).Delete("/{id}", nil) // Remove existing email from account, <no body>
-
-			r.Post("/login", server.WrapHandler(s.postLogin))                       // Log in to account, { username, password }
-			r.Post("/signup", server.WrapHandler(s.postEmailSignup))                // Create account, { email }
-			r.Post("/signup/confirm", server.WrapHandler(s.postEmailSignupConfirm)) // Create account, { ticket, username, password }
-			r.Post("/confirm", server.WrapHandler(s.putEmailConfim))                // Confirm email address, { ticket }
-
-			r.Patch("/password", nil)        // Update password
-			r.Post("/password/forgot", nil)  // Forgot/reset password, { email }
-			r.Post("/password/confirm", nil) // Confirm resetting password, { ticket, new_password }
-		})
-	}
-}
--- a/backend/routes/v2/auth/send_email.go
+++ b/backend/routes/v2/auth/send_email.go
@ -1,55 +0,0 @@
-package auth
-
-import (
-	"bytes"
-	"embed"
-	"html/template"
-	"time"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/log"
-	"emperror.dev/errors"
-	"github.com/jordan-wright/email"
-)
-
-func (s *Server) SendEmail(to, title, template string, data map[string]any) {
-	e := email.NewEmail()
-	e.From = s.emailAddress
-	e.To = []string{to}
-	e.Subject = title
-
-	text, html, err := s.Template(template, data)
-	if err != nil {
-		log.Errorf("executing templates: %v", err)
-		return
-	}
-	e.Text = text
-	e.HTML = html
-
-	err = s.emailPool.Send(e, 10*time.Second)
-	if err != nil {
-		log.Errorf("sending email: %v", err)
-	}
-}
-
-//go:embed templates/*
-var fs embed.FS
-var tmpl = template.Must(template.ParseFS(fs, "templates/*"))
-
-func (s *Server) Template(template string, data map[string]any) (text, html []byte, err error) {
-	data["BaseURL"] = s.baseURL
-
-	textWriter := new(bytes.Buffer)
-	htmlWriter := new(bytes.Buffer)
-
-	err = tmpl.ExecuteTemplate(textWriter, template+".txt", data)
-	if err != nil {
-		return nil, nil, errors.Wrap(err, "executing text template")
-	}
-
-	err = tmpl.ExecuteTemplate(htmlWriter, template+".html", data)
-	if err != nil {
-		return nil, nil, errors.Wrap(err, "executing HTML template")
-	}
-
-	return textWriter.Bytes(), htmlWriter.Bytes(), nil
-}
--- a/backend/routes/v2/auth/templates/change.html
+++ b/backend/routes/v2/auth/templates/change.html
@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <style>
-      body {
-        font-family: sans-serif;
-      }
-    </style>
-  </head>
-
-  <body>
-    <p>
-      To change <b>@{{.Username}}</b>'s email address, press the following link:
-      <br />
-      <a href="{{.BaseURL}}/auth/email/confirm/{{.Ticket}}">Confirm your new email address</a>
-      <br />
-      Note that this link will expire in one hour.
-    </p>
-    <p>
-      If you didn't mean to change your email address, feel free to ignore this email.
-    </p>
-  </body>
-</html>
--- a/backend/routes/v2/auth/templates/change.txt
+++ b/backend/routes/v2/auth/templates/change.txt
@ -1,5 +0,0 @@
-To change @{{.Username}}'s email address, press the following link:
-{{.BaseURL}}/auth/email/confirm/{{.Ticket}}
-This link will expire in one hour.
-
-If you didn't mean to change your email address, feel free to ignore this email.
--- a/backend/routes/v2/auth/templates/signup.html
+++ b/backend/routes/v2/auth/templates/signup.html
@ -1,24 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <style>
-      body {
-        font-family: sans-serif;
-      }
-    </style>
-  </head>
-
-  <body>
-    <p>
-      Please continue creating a new pronouns.cc account by using the following link:
-      <br />
-      <a href="{{.BaseURL}}/auth/signup/confirm/{{.Ticket}}">Confirm your email address</a>
-      <br />
-      Note that this link will expire in one hour.
-    </p>
-    <p>
-      If you didn't mean to create a new account, feel free to ignore this email.
-    </p>
-  </body>
-</html>
--- a/backend/routes/v2/auth/templates/signup.txt
+++ b/backend/routes/v2/auth/templates/signup.txt
@ -1,5 +0,0 @@
-Please continue creating a new pronouns.cc account by using the following link:
-{{.BaseURL}}/auth/signup/confirm/{{.Ticket}}
-This link will expire in one hour.
-
-If you didn't mean to create a new account, feel free to ignore this email.
--- a/frontend/src/lib/api/entities.ts
+++ b/frontend/src/lib/api/entities.ts
@ -151,11 +151,6 @@ export interface Warning {
  read: boolean;
 }

-export interface Email {
-  id: string;
-  email: string;
-}
-
 export interface APIError {
  code: ErrorCode;
  message?: string;
--- a/frontend/src/lib/api/responses.ts
+++ b/frontend/src/lib/api/responses.ts
@ -11,7 +11,6 @@ export interface MetaResponse {
  users: MetaUsers;
  members: number;
  require_invite: boolean;
-  email_signup: boolean;
  notice: { id: number; notice: string } | null;
 }

--- a/frontend/src/lib/components/FallbackImage.svelte
+++ b/frontend/src/lib/components/FallbackImage.svelte
@ -4,6 +4,7 @@
  export let urls: string[];
  export let alt: string;
  export let width = 300;
+  export let lazyLoad = false;

  const contentTypeFor = (url: string) => {
    if (url.endsWith(".webp")) {
@ -31,6 +32,7 @@
      src={urls[0] || defaultAvatars[0]}
      {alt}
      class="rounded-circle img-fluid"
+      loading={lazyLoad ? "lazy" : "eager"}
    />
  </picture>
 {:else}
--- a/frontend/src/lib/components/PartialMemberCard.svelte
+++ b/frontend/src/lib/components/PartialMemberCard.svelte
@ -46,7 +46,12 @@

 <div>
  <a href="/@{user.name}/{member.name}">
-    <FallbackImage urls={memberAvatars(member)} width={200} alt="Avatar for {member.name}" />
+    <FallbackImage
+      urls={memberAvatars(member)}
+      width={200}
+      lazyLoad
+      alt="Avatar for {member.name}"
+    />
  </a>
  <p class="m-2">
    <a class="text-reset fs-5 text-break" href="/@{user.name}/{member.name}">
--- a/frontend/src/routes/auth/email/confirm/[ticket]/+page.server.ts
+++ b/frontend/src/routes/auth/email/confirm/[ticket]/+page.server.ts
@ -1,15 +0,0 @@
-import type { APIError, User } from "$lib/api/entities";
-import { apiFetch } from "$lib/api/fetch";
-
-export const load = async ({ params }) => {
-  try {
-    const resp = await apiFetch<{ email: string; user: User }>("/auth/email/confirm", {
-      method: "POST",
-      version: 2,
-      body: { ticket: params.ticket },
-    });
-    return { error: null, email: resp.email, user: resp.user };
-  } catch (e) {
-    return { error: e as APIError, email: null, user: null };
-  }
-};
--- a/frontend/src/routes/auth/email/confirm/[ticket]/+page.svelte
+++ b/frontend/src/routes/auth/email/confirm/[ticket]/+page.svelte
@ -1,25 +0,0 @@
-<script lang="ts">
-  // TODO: improve this page's layout, it's very empty right now
-
-  import type { PageData } from "./$types";
-
-  export let data: PageData;
-</script>
-
-{#if !data.error}
-  <h1>Email confirmed!</h1>
-
-  <p>
-    The email address <strong>{data.email}</strong> is now linked to
-    <strong>@{data.user.name}</strong>, and can be used to log in.
-  </p>
-{:else}
-  <h1>Error confirming email</h1>
-
-  <p>
-    <strong>{data.error.code}</strong>: {data.error.message}
-    {#if data.error.details}{data.error.details}{/if}
-  </p>
-
-  <p>Please <a href="/settings/auth">try again</a>.</p>
-{/if}
--- a/frontend/src/routes/auth/login/+page.server.ts
+++ b/frontend/src/routes/auth/login/+page.server.ts
@ -1,7 +1,6 @@
 import { apiFetch } from "$lib/api/fetch";
 import { PUBLIC_BASE_URL } from "$env/static/public";
 import type { UrlsResponse } from "$lib/api/responses";
-import type { APIError, MeUser } from "$lib/api/entities";

 export const load = async () => {
  const resp = await apiFetch<UrlsResponse>("/auth/urls", {
@ -13,29 +12,3 @@ export const load = async () => {

  return resp;
 };
-
-interface LoginResponse {
-  user?: MeUser;
-  token: string;
-}
-
-export const actions = {
-  default: async ({ request }) => {
-    const data = await request.formData();
-
-    try {
-      const resp = await apiFetch<LoginResponse>("/auth/email/login", {
-        method: "POST",
-        version: 2,
-        body: {
-          email: data.get("email"),
-          password: data.get("password"),
-        },
-      });
-
-      return { data: resp };
-    } catch (e) {
-      return { error: e as APIError };
-    }
-  },
-};
--- a/frontend/src/routes/auth/login/+page.svelte
+++ b/frontend/src/routes/auth/login/+page.svelte
@ -1,5 +1,4 @@
 <script lang="ts">
-  import { enhance } from "$app/forms";
  import { goto } from "$app/navigation";
  import type { APIError } from "$lib/api/entities";
  import { apiFetch } from "$lib/api/fetch";
@ -9,7 +8,6 @@
  import { onMount } from "svelte";
  import {
    Button,
-    FormGroup,
    Icon,
    Input,
    ListGroup,
@ -18,21 +16,9 @@
    ModalBody,
    ModalFooter,
  } from "@sveltestrap/sveltestrap";
-  import type { PageData, ActionData } from "./$types";
+  import type { PageData } from "./$types";

  export let data: PageData;
-  export let form: ActionData;
-
-  $: loginCallback(form);
-  const loginCallback = (form: ActionData) => {
-    if (!form?.data?.user) return;
-
-    localStorage.setItem("pronouns-token", form.data.token);
-    localStorage.setItem("pronouns-user", JSON.stringify(form.data.user));
-    userStore.set(form.data.user);
-    addToast({ header: "Logged in", body: "Successfully logged in!" });
-    goto(`/@${form.data.user.name}`);
-  };

  let error: APIError | null = null;
  let instance = "";
@ -73,31 +59,7 @@
 <div class="container">
  <h1>Log in or sign up</h1>
  <div class="row">
-    <div class="col-md">
-      {#if data.email_signup}
-        {#if form?.error}
-          <ErrorAlert error={form?.error} />
-        {/if}
-
-        <form method="POST" use:enhance>
-          <FormGroup class="m-1" floating label="Email">
-            <Input name="email" type="email" required />
-          </FormGroup>
-          <FormGroup class="m-1" floating label="Password">
-            <Input name="password" type="password" required />
-          </FormGroup>
-          <p class="m-1">
-            <Button color="primary" type="submit">Log in</Button>
-            <Button href="/auth/signup">Sign up</Button>
-          </p>
-        </form>
-      {:else}
-        <p>
-          <b>Choose an authentication provider to get started.</b> You can add more providers later.
-        </p>
-      {/if}
-    </div>
-    <div class="col-md">
+    <div class="col-md-4 mb-1">
      <ListGroup>
        <ListGroupItem tag="button" on:click={toggleModal}>Log in with the Fediverse</ListGroupItem>
        {#if data.discord}
@ -139,5 +101,10 @@
        a token in your browser to identify your account.
      </p>
    </div>
+    <div class="col-md">
+      <p>
+        <b>Choose an authentication provider to get started.</b> You can add more providers later.
+      </p>
+    </div>
  </div>
 </div>
--- a/frontend/src/routes/auth/signup/+page.server.ts
+++ b/frontend/src/routes/auth/signup/+page.server.ts
@ -1,57 +0,0 @@
-import { PUBLIC_BASE_URL } from "$env/static/public";
-import { ErrorCode, type APIError } from "$lib/api/entities";
-import { apiFetch, fastFetch } from "$lib/api/fetch";
-import type { UrlsResponse } from "$lib/api/responses";
-import { error, redirect } from "@sveltejs/kit";
-
-export const load = async ({ parent }) => {
-  const data = await parent();
-  if (!data.email_signup) {
-    redirect(303, "/auth/login");
-  }
-
-  const resp = await apiFetch<UrlsResponse>("/auth/urls", {
-    method: "POST",
-    body: {
-      callback_domain: PUBLIC_BASE_URL,
-    },
-  });
-
-  return resp;
-};
-
-export const actions = {
-  signup: async ({ request }) => {
-    const data = await request.formData();
-    const email = data.get("email");
-
-    try {
-      await fastFetch("/auth/email/signup", {
-        method: "POST",
-        version: 2,
-        body: { email },
-      });
-
-      return { status: "ok", email };
-    } catch (e) {
-      return { status: "error", error: e as APIError };
-    }
-  },
-
-  fedi: async ({ request }) => {
-    const data = await request.formData();
-    const instance = data.get("instance");
-    if (!instance) error(400, { code: ErrorCode.BadRequest, message: "Empty instance domain" });
-
-    let resp: { url: string };
-    try {
-      resp = await apiFetch<{ url: string }>(
-        `/auth/urls/fediverse?instance=${encodeURIComponent(instance as string)}`,
-        {},
-      );
-    } catch (e) {
-      return { status: "error", error: e as APIError };
-    }
-    redirect(303, resp.url);
-  },
-};
--- a/frontend/src/routes/auth/signup/+page.svelte
+++ b/frontend/src/routes/auth/signup/+page.svelte
@ -1,83 +0,0 @@
-<script lang="ts">
-  import { enhance } from "$app/forms";
-  import { Alert, Button, FormGroup, Input, InputGroup } from "@sveltestrap/sveltestrap";
-  import type { ActionData, PageData } from "./$types";
-  import { onMount } from "svelte";
-  import { userStore } from "$lib/store";
-  import { addToast } from "$lib/toast";
-  import { goto } from "$app/navigation";
-  import ErrorAlert from "$lib/components/ErrorAlert.svelte";
-
-  export let data: PageData;
-  export let form: ActionData;
-  $: ok = form?.status === "ok";
-
-  onMount(() => {
-    if ($userStore) {
-      addToast({ header: "Error", body: "You are already logged in." });
-      goto("/");
-    }
-  });
-</script>
-
-<svelte:head>
-  <title>Sign up - pronouns.ccc</title>
-</svelte:head>
-
-<h1>Sign up</h1>
-
-<p>
-  Enter your email address to get started. After confirming it, you can choose a username and
-  password.
-</p>
-
-<form method="POST" use:enhance action="?/signup">
-  {#if form?.error}
-    <ErrorAlert error={form.error} />
-  {/if}
-
-  {#if ok}
-    <Alert class="mx-1">
-      <h4 class="alert-heading">Check your email</h4>
-      Check your email to continue signing up!
-    </Alert>
-  {/if}
-
-  <FormGroup class="m-1" floating label="Email">
-    {#if !ok}
-      <Input name="email" type="email" required />
-    {:else}
-      <Input name="email" type="email" disabled value={form?.email || undefined} />
-    {/if}
-  </FormGroup>
-  <p class="mt-3 mx-1">
-    <Button color="primary" type="submit" disabled={ok}>Sign up</Button>
-  </p>
-</form>
-
-<hr />
-
-<p>Or, if you would rather sign up using another provider:</p>
-
-<div class="d-flex flex-column flex-lg-row">
-  <div class="d-flex flex-row my-1">
-    {#if data.discord}
-      <Button class="mx-1" href={data.discord}>Log in with Discord</Button>
-    {/if}
-    {#if data.tumblr}
-      <Button class="mx-1" href={data.tumblr}>Log in with Tumblr</Button>
-    {/if}
-    {#if data.google}
-      <Button class="mx-1" href={data.google}>Log in with Google</Button>
-    {/if}
-  </div>
-
-  <div class="m-1">
-    <form method="POST" use:enhance action="?/fedi">
-      <InputGroup>
-        <Input style="max-width: 200px" name="instance" placeholder="Server" required />
-        <Button type="submit">Log in with the fediverse</Button>
-      </InputGroup>
-    </form>
-  </div>
-</div>
--- a/frontend/src/routes/auth/signup/confirm/[ticket]/+page.server.ts
+++ b/frontend/src/routes/auth/signup/confirm/[ticket]/+page.server.ts
@ -1,35 +0,0 @@
-import { ErrorCode, type APIError, type MeUser } from "$lib/api/entities";
-import { apiFetch } from "$lib/api/fetch";
-
-interface SignupConfirmData {
-  user: MeUser;
-  token: string;
-}
-
-export const actions = {
-  default: async ({ request, params }) => {
-    const data = await request.formData();
-    const username = data.get("username");
-    const password = data.get("password");
-    const password2 = data.get("password2");
-
-    if (password !== password2) {
-      return {
-        status: "error",
-        error: { code: ErrorCode.BadRequest, message: "Passwords do not match" } as APIError,
-      };
-    }
-
-    try {
-      const resp = await apiFetch<SignupConfirmData>("/auth/email/signup/confirm", {
-        method: "POST",
-        version: 2,
-        body: { username, password, ticket: params.ticket },
-      });
-
-      return { status: "ok", data: resp };
-    } catch (e) {
-      return { status: "error", error: e as APIError };
-    }
-  },
-};
--- a/frontend/src/routes/auth/signup/confirm/[ticket]/+page.svelte
+++ b/frontend/src/routes/auth/signup/confirm/[ticket]/+page.svelte
@ -1,47 +0,0 @@
-<script lang="ts">
-  import { enhance } from "$app/forms";
-  import { Button, FormGroup, Input } from "@sveltestrap/sveltestrap";
-  import type { ActionData } from "./$types";
-  import ErrorAlert from "$lib/components/ErrorAlert.svelte";
-  import { userStore } from "$lib/store";
-  import { addToast } from "$lib/toast";
-  import { goto } from "$app/navigation";
-
-  export let form: ActionData;
-
-  $: signupCallback(form);
-  const signupCallback = (form: ActionData) => {
-    if (!form?.data?.user) return;
-
-    localStorage.setItem("pronouns-token", form.data.token);
-    localStorage.setItem("pronouns-user", JSON.stringify(form.data.user));
-    userStore.set(form.data.user);
-    addToast({ header: "Signed up", body: "Successfully created account!" });
-    goto(`/@${form.data.user.name}`);
-  };
-</script>
-
-<svelte:head>
-  <title>Sign up - pronouns.cc</title>
-</svelte:head>
-
-<h1>Sign up</h1>
-
-<form method="POST" use:enhance>
-  {#if form?.error}
-    <ErrorAlert error={form.error} />
-  {/if}
-
-  <FormGroup class="m-1" floating label="Username">
-    <Input name="username" type="text" required />
-  </FormGroup>
-  <FormGroup class="m-1" floating label="Password">
-    <Input name="password" type="password" required />
-  </FormGroup>
-  <FormGroup class="m-1" floating label="Password (again)">
-    <Input name="password2" type="password" required />
-  </FormGroup>
-  <p class="m-1">
-    <Button color="primary" type="submit">Sign up</Button>
-  </p>
-</form>
--- a/frontend/src/routes/settings/auth/+page.svelte
+++ b/frontend/src/routes/settings/auth/+page.svelte
@ -21,7 +21,7 @@
  let canUnlink = false;

  $: canUnlink =
-    [data.emails?.[0] || null, data.user.discord, data.user.fediverse, data.user.tumblr, data.user.google]
+    [data.user.discord, data.user.fediverse, data.user.tumblr, data.user.google]
      .map<number>((entry) => (entry === null ? 0 : 1))
      .reduce((prev, current) => prev + current) >= 2;

@ -30,19 +30,19 @@
  let fediDisabled = false;

  let fediLinkModalOpen = false;
-  const toggleFediLinkModal = () => (fediLinkModalOpen = !fediLinkModalOpen);
+  let toggleFediLinkModal = () => (fediLinkModalOpen = !fediLinkModalOpen);

  let fediUnlinkModalOpen = false;
-  const toggleFediUnlinkModal = () => (fediUnlinkModalOpen = !fediUnlinkModalOpen);
+  let toggleFediUnlinkModal = () => (fediUnlinkModalOpen = !fediUnlinkModalOpen);

  let discordUnlinkModalOpen = false;
-  const toggleDiscordUnlinkModal = () => (discordUnlinkModalOpen = !discordUnlinkModalOpen);
+  let toggleDiscordUnlinkModal = () => (discordUnlinkModalOpen = !discordUnlinkModalOpen);

  let tumblrUnlinkModalOpen = false;
-  const toggleTumblrUnlinkModal = () => (tumblrUnlinkModalOpen = !tumblrUnlinkModalOpen);
+  let toggleTumblrUnlinkModal = () => (tumblrUnlinkModalOpen = !tumblrUnlinkModalOpen);

  let googleUnlinkModalOpen = false;
-  const toggleGoogleUnlinkModal = () => (googleUnlinkModalOpen = !googleUnlinkModalOpen);
+  let toggleGoogleUnlinkModal = () => (googleUnlinkModalOpen = !googleUnlinkModalOpen);

  const fediLogin = async (e: Event) => {
    e.preventDefault();
@ -107,26 +107,7 @@
 </script>

 <div>
-  <h1>Authentication</h1>
-
-  {#if data.email_signup}
-    <h2>Email address</h2>
-    {#if data.emails && data.emails.length > 0}
-      <p>Your current email address is <strong>{data.emails[0].email}</strong>.</p>
-      <p>
-        <Button>Change email address</Button>
-        <Button>Change password</Button>
-        <Button outline color="danger" disabled={!canUnlink}>Remove email address</Button>
-      </p>
-    {:else}
-      <p>You currently do not have an email address set.</p>
-      <p>
-        <Button>Add email address</Button>
-      </p>
-    {/if}
-  {/if}
-
-  <h2>Third-party providers</h2>
+  <h1>Authentication providers</h1>

  <div>
    <div class="my-2">
--- a/frontend/src/routes/settings/auth/+page.ts
+++ b/frontend/src/routes/settings/auth/+page.ts
@ -1,15 +1,8 @@
 import { PUBLIC_BASE_URL } from "$env/static/public";
-import type { Email } from "$lib/api/entities";
-import { apiFetch, apiFetchClient } from "$lib/api/fetch";
+import { apiFetch } from "$lib/api/fetch";
 import type { UrlsResponse } from "$lib/api/responses";

-export const load = async ({ parent }) => {
-  const data = await parent();
-  let emails: Array<Email> | undefined = undefined;
-  if (data.email_signup) {
-    emails = await apiFetchClient<Array<Email>>("/auth/email", "GET", undefined, 2);
-  }
-
+export const load = async () => {
  const resp = await apiFetch<UrlsResponse>("/auth/urls", {
    method: "POST",
    body: {
@ -17,5 +10,5 @@ export const load = async ({ parent }) => {
    },
  });

-  return { urls: resp, emails };
+  return { urls: resp };
 };
--- a/frontend/svelte.config.js
+++ b/frontend/svelte.config.js
@ -13,9 +13,6 @@ const config = {
    version: {
      name: child_process.execSync("git describe --tags --long --always").toString().trim(),
    },
-    csrf: {
-      checkOrigin: process.env.NODE_ENV !== "development",
-    },
  },
 };

--- a/go.mod
+++ b/go.mod
@ -19,7 +19,6 @@ require (
 	github.com/google/uuid v1.4.0
 	github.com/jackc/pgx/v5 v5.4.3
 	github.com/joho/godotenv v1.5.1
-	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
 	github.com/mediocregopher/radix/v4 v4.1.4
 	github.com/minio/minio-go/v7 v7.0.63
 	github.com/prometheus/client_golang v1.17.0
@ -28,7 +27,6 @@ require (
 	github.com/toshi0607/chi-prometheus v0.1.4
 	github.com/urfave/cli/v2 v2.25.7
 	go.uber.org/zap v1.26.0
-	golang.org/x/crypto v0.19.0
 	golang.org/x/oauth2 v0.13.0
 	google.golang.org/api v0.148.0
 	gopkg.in/yaml.v3 v3.0.1
@ -72,11 +70,12 @@ require (
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
 	golang.org/x/image v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
 	google.golang.org/grpc v1.59.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -109,8 +109,6 @@ github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk
 github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
-github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
-github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
@ -207,8 +205,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/image v0.5.0/go.mod h1:FVC7BI/5Ym8R25iw5OLsgshdUBbT1h5jZTpA+mvAdZ4=
 golang.org/x/image v0.13.0 h1:3cge/F/QTkNLauhf2QoE9zp+7sr+ZcL4HnoZmdwg9sg=
@ -248,19 +246,19 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
--- a/scripts/migrate/023_email.sql
+++ b/scripts/migrate/023_email.sql
@ -1,19 +0,0 @@
-- 2023-10-28: Add email/password login
-
-- +migrate Up
-
-alter table users add column password bytea null;
-alter table users add column salt bytea null;
-
-create table user_emails (
-    id                 bigint primary key,
-    user_id            bigint not null references users (snowflake_id) on delete cascade,
-    email_address      text not null unique
-);
-
-- +migrate Down
-
-alter table users drop column password;
-alter table users drop column salt;
-
-drop table user_emails;
Author	SHA1	Message	Date
ulith	8f34367d1a	added incestoma compatibility	2024-04-02 19:13:05 +13:00
sam	5fcd87a94a	also add sharkey to the fediverse URL endpoint	2024-02-13 17:29:50 +01:00
sam	0633a32f64	Merge branch 'badeline/pronouns.cc:main'	2024-02-13 17:28:56 +01:00
sam	623cdb545e	Merge branch 'main' of https://codeberg.org/badeline/pronouns.cc into badeline-main	2024-02-13 17:28:43 +01:00
sam	4745a1c04b	feat: lazy load member avatars on user pages	2024-02-13 17:13:03 +01:00
badeline	4e78d36eff	recognize sharkey as a misskey fork untested but it will probably work(TM)	2024-01-17 17:54:15 +00:00