added incestoma compatibility

untested but it will probably work(TM)

.air.toml

@@ -6,7 +6,7 @@ tmp_dir = "tmp"
   bin = "./tmp/main"
   cmd = "go build -o ./tmp/main ."
   delay = 1000
-  exclude_dir = ["docs", "frontend", "prns", "pronounslib", "tmp", "target"]
+  exclude_dir = ["docs", "frontend", "prns", "pronounslib", "tmp", "target", "node_modules"]
   exclude_file = []
   exclude_regex = ["_test.go"]
   exclude_unchanged = false

.gitignore

@@ -13,3 +13,4 @@ vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
 target
 tmp
+seed.yaml

.woodpecker/.backend.yml

@@ -0,0 +1,13 @@
+when:
+  branch:
+    exclude: stable
+
+steps:
+  check:
+    image: golang:alpine
+    commands:
+      - apk update && apk add curl vips-dev build-base
+      - make backend
+      # Install golangci-lint
+      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
+      - golangci-lint run

.woodpecker/.frontend.yml

@@ -0,0 +1,20 @@
+when:
+  branch:
+    exclude: stable
+
+steps:
+  check:
+    image: node
+    directory: frontend
+    environment: # SvelteKit expects these in the environment during build time.
+      - PRIVATE_SENTRY_DSN=
+      - PUBLIC_BASE_URL=http://pronouns.localhost
+      - PUBLIC_MEDIA_URL=http://pronouns.localhost/media
+      - PUBLIC_SHORT_BASE=http://prns.localhost
+      - PUBLIC_HCAPTCHA_SITEKEY=non_existent_sitekey
+    commands:
+      - corepack enable
+      - pnpm install
+      - pnpm check
+      - pnpm lint
+      - pnpm build

Makefile

@@ -2,7 +2,7 @@ all: generate backend frontend
 
 .PHONY: backend
 backend:
-	go build -v -o pronouns -ldflags="-buildid= -X codeberg.org/pronounscc/pronouns.cc/backend/server.Revision=`git rev-parse --short HEAD` -X codeberg.org/pronounscc/pronouns.cc/backend/server.Tag=`git describe --tags --long`" .
+	go build -v -o pronouns -ldflags="-buildid= -X codeberg.org/pronounscc/pronouns.cc/backend/server.Revision=`git rev-parse --short HEAD` -X codeberg.org/pronounscc/pronouns.cc/backend/server.Tag=`git describe --tags --long --always`" .
 
 .PHONY: generate
 generate:

README.md

@@ -26,19 +26,25 @@ Requirements:
 - Redis 6.0 or later
 - Node.js (latest version)
 - MinIO **if using avatars, flags, or data exports** (_not_ required otherwise)
+- [Air](https://github.com/cosmtrek/air) for live reloading the backend
 
 ### Setup
 
-1. Create a PostgreSQL user and database (the user should own the database).  
+1. Create a PostgreSQL user and database (the user should own the database).
    For example: `create user pronouns with password 'password'; create database pronouns with owner pronouns;`
 2. Copy `.env.example` in the repository root to a new file named `.env` and fill out the required options.
-3. Run `go run -v . database migrate` to initialize the database, then optionally `go run -v . database seed` to insert a test user.
-4. Run `go run -v . web` to run the backend.
-5. Copy `frontend/.env.example` into `frontend/.env` and tweak as necessary.
-6. cd into the `frontend` directory and run `pnpm dev` to run the frontend.
+3. Copy `frontend/.env.example` to `frontend/env` and fill out the required options.
+4. Run `go run -v . database migrate` to initialize the database, then optionally `go run -v . database seed` to insert a test user.
+5. Run `pnpm dev`. Alternatively, if you don't want the backend to live reload, run `go run -v . web`,
+   then change to the `frontend/` directory and run `pnpm dev`.
 
 See [`docs/production.md`](/docs/production.md#configuration) for more information about keys in the backend and frontend `.env` files.
 
+### Seeding
+
+To seed the database with some data, create a `seed.yaml` file, then use `go run -v . database seed`.
+For the file format, refer to the `Seed` struct in `scripts/seeddb`.
+
 ## License
 
     Copyright (C) 2022  Sam <u1f320>

backend/db/export.go

@@ -79,7 +79,7 @@ func (db *DB) CreateExport(ctx context.Context, userID xid.ID, filename string,
 		return de, errors.Wrap(err, "building query")
 	}
 
-	pgxscan.Get(ctx, db, &de, sql, args...)
+	err = pgxscan.Get(ctx, db, &de, sql, args...)
 	if err != nil {
 		return de, errors.Wrap(err, "executing sql")
 	}

backend/db/fediverse.go

@@ -48,11 +48,11 @@ func (f FediverseApp) ClientConfig() *oauth2.Config {
 }
 
 func (f FediverseApp) MastodonCompatible() bool {
-	return f.InstanceType == "mastodon" || f.InstanceType == "pleroma" || f.InstanceType == "akkoma" || f.InstanceType == "pixelfed" || f.InstanceType == "gotosocial"
+	return f.InstanceType == "mastodon" || f.InstanceType == "pleroma" || f.InstanceType == "akkoma" || f.InstanceType == "incestoma" || f.InstanceType == "pixelfed" || f.InstanceType == "gotosocial"
 }
 
 func (f FediverseApp) Misskey() bool {
-	return f.InstanceType == "misskey" || f.InstanceType == "foundkey" || f.InstanceType == "calckey" || f.InstanceType == "firefish"
+	return f.InstanceType == "misskey" || f.InstanceType == "foundkey" || f.InstanceType == "calckey" || f.InstanceType == "firefish" || f.InstanceType == "sharkey"
 }
 
 const ErrNoInstanceApp = errors.Sentinel("instance doesn't have an app")

backend/db/field.go

@@ -43,7 +43,10 @@ func (f Field) Validate(custom CustomPreferences) string {
 		}
 
 		if !entry.Status.Valid(custom) {
-			return fmt.Sprintf("entries.%d: status is invalid", i)
+			if entry.Status == "missing" {
+				return fmt.Sprintf("didn't select a status for entries.%d. make sure to select it to the right of the field", i)
+			}
+			return fmt.Sprintf("entries.%d status: '%s' is invalid", i, entry.Status)
 		}
 	}
 

backend/db/invites.go

@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"time"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"emperror.dev/errors"
 	"github.com/georgysavva/scany/v2/pgxscan"
 	"github.com/jackc/pgx/v5"
@@ -43,7 +44,12 @@ func (db *DB) CreateInvite(ctx context.Context, userID xid.ID) (i Invite, err er
 	if err != nil {
 		return i, errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	var maxInvites, inviteCount int
 	err = tx.QueryRow(ctx, "SELECT max_invites FROM users WHERE id = $1", userID).Scan(&maxInvites)

backend/db/member.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"codeberg.org/pronounscc/pronouns.cc/backend/common"
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"emperror.dev/errors"
 	"github.com/Masterminds/squirrel"
 	"github.com/georgysavva/scany/v2/pgxscan"
@@ -41,12 +42,14 @@ const (
 )
 
 // member names must match this regex
-var memberNameRegex = regexp.MustCompile("^[^@\\?!#/\\\\[\\]\"\\{\\}'$%&()+<=>^|~`,]{1,100}$")
+var memberNameRegex = regexp.MustCompile("^[^@\\?!#/\\\\[\\]\"\\{\\}'$%&()+<=>^|~`,\\*]{1,100}$")
 
 // List of member names that cannot be used because they would break routing or be inaccessible due to page conflicts.
 var invalidMemberNames = []string{
+	// these break routing outright
 	".",
 	"..",
+	// the user edit page lives at `/@{username}/edit`, so a member named "edit" would be inaccessible
 	"edit",
 }
 
@@ -285,7 +288,12 @@ func (db *DB) RerollMemberSID(ctx context.Context, userID, memberID xid.ID) (new
 	if err != nil {
 		return "", errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	sql, args, err := sq.Update("members").
 		Set("sid", squirrel.Expr("find_free_member_sid()")).

backend/db/notice.go

@@ -0,0 +1,66 @@
+package db
+
+import (
+	"context"
+	"time"
+
+	"emperror.dev/errors"
+	"github.com/georgysavva/scany/v2/pgxscan"
+	"github.com/jackc/pgx/v5"
+)
+
+type Notice struct {
+	ID        int
+	Notice    string
+	StartTime time.Time
+	EndTime   time.Time
+}
+
+func (db *DB) Notices(ctx context.Context) (ns []Notice, err error) {
+	sql, args, err := sq.Select("*").From("notices").OrderBy("id DESC").ToSql()
+	if err != nil {
+		return nil, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Select(ctx, db, &ns, sql, args...)
+	if err != nil {
+		return nil, errors.Wrap(err, "executing query")
+	}
+	return NotNull(ns), nil
+}
+
+func (db *DB) CreateNotice(ctx context.Context, notice string, start, end time.Time) (n Notice, err error) {
+	sql, args, err := sq.Insert("notices").SetMap(map[string]any{
+		"notice":     notice,
+		"start_time": start,
+		"end_time":   end,
+	}).Suffix("RETURNING *").ToSql()
+	if err != nil {
+		return n, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Get(ctx, db, &n, sql, args...)
+	if err != nil {
+		return n, errors.Wrap(err, "executing query")
+	}
+	return n, nil
+}
+
+const ErrNoNotice = errors.Sentinel("no current notice")
+
+func (db *DB) CurrentNotice(ctx context.Context) (n Notice, err error) {
+	sql, args, err := sq.Select("*").From("notices").Where("end_time > ?", time.Now()).OrderBy("id DESC").Limit(1).ToSql()
+	if err != nil {
+		return n, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Get(ctx, db, &n, sql, args...)
+	if err != nil {
+		if errors.Cause(err) == pgx.ErrNoRows {
+			return n, ErrNoNotice
+		}
+
+		return n, errors.Wrap(err, "executing query")
+	}
+	return n, nil
+}

backend/db/user.go

@@ -825,3 +825,24 @@ func (db *DB) CleanUser(ctx context.Context, id xid.ID) error {
 	}
 	return nil
 }
+
+const inactiveUsersSQL = `select id, snowflake_id from users
+where last_active < now() - '30 days'::interval
+and display_name is null and bio is null and timezone is null
+and links is null and avatar is null and member_title is null
+and names = '[]' and pronouns = '[]'
+and (select count(m.id) from members m where user_id = users.id) = 0
+and (select count(f.id) from user_fields f where user_id = users.id) = 0;`
+
+// InactiveUsers gets the list of inactive users from the database.
+// "Inactive" is defined as:
+// - not logged in for 30 days or more
+// - no display name, bio, avatar, names, pronouns, profile links, or profile fields
+// - no members
+func (db *DB) InactiveUsers(ctx context.Context, tx pgx.Tx) (us []User, err error) {
+	err = pgxscan.Select(ctx, tx, &us, inactiveUsersSQL)
+	if err != nil {
+		return nil, errors.Wrap(err, "executing query")
+	}
+	return us, nil
+}

backend/db/user_settings.go

@@ -10,6 +10,7 @@ import (
 type UserSettings struct {
 	ReadChangelog      string `json:"read_changelog"`
 	ReadSettingsNotice string `json:"read_settings_notice"`
+	ReadGlobalNotice   int    `json:"read_global_notice"`
 }
 
 func (db *DB) UpdateUserSettings(ctx context.Context, id xid.ID, us UserSettings) error {

backend/main.go

@@ -11,6 +11,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 
 	"github.com/davidbyttow/govips/v2/vips"
+	"github.com/getsentry/sentry-go"
 	"github.com/go-chi/render"
 	_ "github.com/joho/godotenv/autoload"
 	"github.com/urfave/cli/v2"
@@ -23,6 +24,19 @@ var Command = &cli.Command{
 }
 
 func run(c *cli.Context) error {
+	// initialize sentry
+	if dsn := os.Getenv("SENTRY_DSN"); dsn != "" {
+		// We don't need to check the error here--it's fine if no DSN is set.
+		_ = sentry.Init(sentry.ClientOptions{
+			Dsn:                dsn,
+			Debug:              os.Getenv("DEBUG") == "true",
+			Release:            server.Tag,
+			EnableTracing:      os.Getenv("SENTRY_TRACING") == "true",
+			TracesSampleRate:   0.05,
+			ProfilesSampleRate: 0.05,
+		})
+	}
+
 	// set vips log level to WARN, else it will spam logs on info level
 	vips.LoggingSettings(nil, vips.LogLevelWarning)
 

backend/routes.go

@@ -1,10 +1,7 @@
 package backend
 
 import (
-	"net/http"
-
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/auth"
-	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/bot"
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/member"
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/meta"
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/mod"
@@ -12,14 +9,10 @@ import (
 	user2 "codeberg.org/pronounscc/pronouns.cc/backend/routes/v2/user"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"github.com/go-chi/chi/v5"
-	"github.com/go-chi/render"
 
 	_ "embed"
 )
 
-//go:embed openapi.html
-var openapi string
-
 // mountRoutes mounts all API routes on the server's router.
 // they are all mounted under /v1/
 func mountRoutes(s *server.Server) {
@@ -27,7 +20,6 @@ func mountRoutes(s *server.Server) {
 		auth.Mount(s, r)
 		user.Mount(s, r)
 		member.Mount(s, r)
-		bot.Mount(s, r)
 		meta.Mount(s, r)
 		mod.Mount(s, r)
 	})
@@ -35,9 +27,4 @@ func mountRoutes(s *server.Server) {
 	s.Router.Route("/v2", func(r chi.Router) {
 		user2.Mount(s, r)
 	})
-
-	// API docs
-	s.Router.Get("/", func(w http.ResponseWriter, r *http.Request) {
-		render.HTML(w, r, openapi)
-	})
 }

backend/routes/v1/auth/discord.go

@@ -11,6 +11,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/bwmarrin/discordgo"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/mediocregopher/radix/v4"
 	"github.com/rs/xid"
 	"golang.org/x/oauth2"
@@ -61,7 +62,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 	// if the state can't be validated, return
 	if valid, err := s.validateCSRFState(ctx, decoded.State); !valid {
 		if err != nil {
-			return err
+			return errors.Wrap(err, "validating state")
 		}
 
 		return server.APIError{Code: server.ErrInvalidState}
@@ -79,7 +80,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 	dg, _ := discordgo.New(token.Type() + " " + token.AccessToken)
 	du, err := dg.User("@me")
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting discord user")
 	}
 
 	u, err := s.DB.DiscordUser(ctx, du.ID)
@@ -90,7 +91,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 			err = s.saveUndeleteToken(ctx, u.ID, token)
 			if err != nil {
 				log.Errorf("saving undelete token: %v", err)
-				return err
+				return errors.Wrap(err, "saving undelete token")
 			}
 
 			render.JSON(w, r, discordCallbackResponse{
@@ -114,7 +115,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 		tokenID := xid.New()
 		token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
 		if err != nil {
-			return err
+			return errors.Wrap(err, "creating token")
 		}
 
 		// save token to database
@@ -137,7 +138,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 		return nil
 
 	} else if err != db.ErrUserNotFound { // internal error
-		return err
+		return errors.Wrap(err, "getting user")
 	}
 
 	// no user found, so save a ticket + save their Discord info in Redis
@@ -145,7 +146,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 	err = s.DB.SetJSON(ctx, "discord:"+ticket, du, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Discord user for ticket %q: %v", ticket, err)
-		return err
+		return errors.Wrap(err, "caching discord user for ticket")
 	}
 
 	render.JSON(w, r, discordCallbackResponse{
@@ -278,7 +279,7 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
 
 	valid, taken, err := s.DB.UsernameTaken(ctx, req.Username)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "checking if username is taken")
 	}
 	if !valid {
 		return server.APIError{Code: server.ErrInvalidUsername}
@@ -291,7 +292,12 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	du := new(discordgo.User)
 	err = s.DB.GetJSON(ctx, "discord:"+req.Ticket, &du)

backend/routes/v1/auth/fedi_mastodon.go

@@ -11,6 +11,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/mediocregopher/radix/v4"
 	"github.com/rs/xid"
 )
@@ -54,7 +55,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 	// if the state can't be validated, return
 	if valid, err := s.validateCSRFState(ctx, decoded.State); !valid {
 		if err != nil {
-			return err
+			return errors.Wrap(err, "validating state")
 		}
 
 		return server.APIError{Code: server.ErrInvalidState}
@@ -111,7 +112,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 			err = s.saveUndeleteToken(ctx, u.ID, token)
 			if err != nil {
 				log.Errorf("saving undelete token: %v", err)
-				return err
+				return errors.Wrap(err, "saving undelete token")
 			}
 
 			render.JSON(w, r, fediCallbackResponse{
@@ -135,7 +136,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 		tokenID := xid.New()
 		token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
 		if err != nil {
-			return err
+			return errors.Wrap(err, "creating token")
 		}
 
 		// save token to database
@@ -158,7 +159,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 		return nil
 
 	} else if err != db.ErrUserNotFound { // internal error
-		return err
+		return errors.Wrap(err, "getting user")
 	}
 
 	// no user found, so save a ticket + save their Mastodon info in Redis
@@ -166,7 +167,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 	err = s.DB.SetJSON(ctx, "mastodon:"+ticket, mu, "EX", "600")
 	if err != nil {
 		log.Errorf("setting mastoAPI user for ticket %q: %v", ticket, err)
-		return err
+		return errors.Wrap(err, "setting user for ticket")
 	}
 
 	render.JSON(w, r, fediCallbackResponse{
@@ -306,7 +307,7 @@ func (s *Server) mastodonSignup(w http.ResponseWriter, r *http.Request) error {
 
 	valid, taken, err := s.DB.UsernameTaken(ctx, req.Username)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "checking if username is taken")
 	}
 	if !valid {
 		return server.APIError{Code: server.ErrInvalidUsername}
@@ -319,7 +320,12 @@ func (s *Server) mastodonSignup(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	mu := new(partialMastodonAccount)
 	err = s.DB.GetJSON(ctx, "mastodon:"+req.Ticket, &mu)

backend/routes/v1/auth/fedi_misskey.go

@@ -12,6 +12,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/mediocregopher/radix/v4"
 	"github.com/rs/xid"
 )
@@ -90,7 +91,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 			err = s.saveUndeleteToken(ctx, u.ID, token)
 			if err != nil {
 				log.Errorf("saving undelete token: %v", err)
-				return err
+				return errors.Wrap(err, "saving undelete token")
 			}
 
 			render.JSON(w, r, fediCallbackResponse{
@@ -114,7 +115,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 		tokenID := xid.New()
 		token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
 		if err != nil {
-			return err
+			return errors.Wrap(err, "creating token")
 		}
 
 		// save token to database
@@ -137,7 +138,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 		return nil
 
 	} else if err != db.ErrUserNotFound { // internal error
-		return err
+		return errors.Wrap(err, "getting user")
 	}
 
 	// no user found, so save a ticket + save their Misskey info in Redis
@@ -145,7 +146,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 	err = s.DB.SetJSON(ctx, "misskey:"+ticket, mu.User, "EX", "600")
 	if err != nil {
 		log.Errorf("setting misskey user for ticket %q: %v", ticket, err)
-		return err
+		return errors.Wrap(err, "setting user for ticket")
 	}
 
 	render.JSON(w, r, fediCallbackResponse{
@@ -234,7 +235,7 @@ func (s *Server) misskeySignup(w http.ResponseWriter, r *http.Request) error {
 
 	valid, taken, err := s.DB.UsernameTaken(ctx, req.Username)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "checking if username is taken")
 	}
 	if !valid {
 		return server.APIError{Code: server.ErrInvalidUsername}
@@ -247,7 +248,12 @@ func (s *Server) misskeySignup(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	mu := new(partialMisskeyAccount)
 	err = s.DB.GetJSON(ctx, "misskey:"+req.Ticket, &mu)

backend/routes/v1/auth/fediverse.go

@@ -65,13 +65,13 @@ func (s *Server) noAppFediverseURL(ctx context.Context, w http.ResponseWriter, r
 	}
 
 	switch softwareName {
-	case "misskey", "foundkey", "calckey", "firefish":
+	case "iceshrimp":
+		softwareName = "firefish"
+		fallthrough
+	case "misskey", "foundkey", "calckey", "firefish", "sharkey":
 		return s.noAppMisskeyURL(ctx, w, r, softwareName, instance)
-	case "mastodon", "pleroma", "akkoma", "pixelfed", "gotosocial":
+	case "mastodon", "pleroma", "akkoma", "incestoma", "pixelfed", "gotosocial":
 	case "glitchcafe", "hometown":
-		// plural.cafe (potentially other instances too?) runs Mastodon but changes the software name
-		// Hometown is a lightweight fork of Mastodon so we can just treat it the same
-		// changing it back to mastodon here for consistency
 		softwareName = "mastodon"
 	default:
 		return server.APIError{Code: server.ErrUnsupportedInstance}

backend/routes/v1/auth/google.go

@@ -10,6 +10,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/mediocregopher/radix/v4"
 	"github.com/rs/xid"
 	"golang.org/x/oauth2"
@@ -60,7 +61,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 	// if the state can't be validated, return
 	if valid, err := s.validateCSRFState(ctx, decoded.State); !valid {
 		if err != nil {
-			return err
+			return errors.Wrap(err, "validating state")
 		}
 
 		return server.APIError{Code: server.ErrInvalidState}
@@ -109,7 +110,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 			err = s.saveUndeleteToken(ctx, u.ID, token)
 			if err != nil {
 				log.Errorf("saving undelete token: %v", err)
-				return err
+				return errors.Wrap(err, "saving undelete token")
 			}
 
 			render.JSON(w, r, googleCallbackResponse{
@@ -133,7 +134,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 		tokenID := xid.New()
 		token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
 		if err != nil {
-			return err
+			return errors.Wrap(err, "creating token")
 		}
 
 		// save token to database
@@ -156,7 +157,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 		return nil
 
 	} else if err != db.ErrUserNotFound { // internal error
-		return err
+		return errors.Wrap(err, "getting user")
 	}
 
 	// no user found, so save a ticket + save their Google info in Redis
@@ -164,7 +165,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 	err = s.DB.SetJSON(ctx, "google:"+ticket, partialGoogleUser{ID: googleID, Email: googleUsername}, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Google user for ticket %q: %v", ticket, err)
-		return err
+		return errors.Wrap(err, "setting user for ticket")
 	}
 
 	render.JSON(w, r, googleCallbackResponse{
@@ -281,7 +282,7 @@ func (s *Server) googleSignup(w http.ResponseWriter, r *http.Request) error {
 
 	valid, taken, err := s.DB.UsernameTaken(ctx, req.Username)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "checking if username is taken")
 	}
 	if !valid {
 		return server.APIError{Code: server.ErrInvalidUsername}
@@ -294,7 +295,12 @@ func (s *Server) googleSignup(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	gu := new(partialGoogleUser)
 	err = s.DB.GetJSON(ctx, "google:"+req.Ticket, &gu)

backend/routes/v1/auth/routes.go

@@ -185,7 +185,7 @@ func (s *Server) oauthURLs(w http.ResponseWriter, r *http.Request) error {
 	if googleOAuthConfig.ClientID != "" {
 		googleCfg := googleOAuthConfig
 		googleCfg.RedirectURL = req.CallbackDomain + "/auth/login/google"
-		resp.Google = googleCfg.AuthCodeURL(state)
+		resp.Google = googleCfg.AuthCodeURL(state) + "&prompt=select_account"
 	}
 
 	render.JSON(w, r, resp)

backend/routes/v1/auth/tokens.go

@@ -5,9 +5,11 @@ import (
 	"time"
 
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/rs/xid"
 )
 
@@ -63,7 +65,12 @@ func (s *Server) deleteToken(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	err = s.DB.InvalidateAllTokens(ctx, tx, claims.UserID)
 	if err != nil {

backend/routes/v1/auth/tumblr.go

@@ -12,6 +12,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/mediocregopher/radix/v4"
 	"github.com/rs/xid"
 	"golang.org/x/oauth2"
@@ -77,7 +78,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 	// if the state can't be validated, return
 	if valid, err := s.validateCSRFState(ctx, decoded.State); !valid {
 		if err != nil {
-			return err
+			return errors.Wrap(err, "validating state")
 		}
 
 		return server.APIError{Code: server.ErrInvalidState}
@@ -142,7 +143,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 			err = s.saveUndeleteToken(ctx, u.ID, token)
 			if err != nil {
 				log.Errorf("saving undelete token: %v", err)
-				return err
+				return errors.Wrap(err, "saving undelete token")
 			}
 
 			render.JSON(w, r, tumblrCallbackResponse{
@@ -166,7 +167,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 		tokenID := xid.New()
 		token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
 		if err != nil {
-			return err
+			return errors.Wrap(err, "creating token")
 		}
 
 		// save token to database
@@ -189,7 +190,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 		return nil
 
 	} else if err != db.ErrUserNotFound { // internal error
-		return err
+		return errors.Wrap(err, "getting user")
 	}
 
 	// no user found, so save a ticket + save their Tumblr info in Redis
@@ -197,7 +198,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 	err = s.DB.SetJSON(ctx, "tumblr:"+ticket, tumblrUserInfo{ID: tumblrID, Name: tumblrName}, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Tumblr user for ticket %q: %v", ticket, err)
-		return err
+		return errors.Wrap(err, "setting user for ticket")
 	}
 
 	render.JSON(w, r, tumblrCallbackResponse{
@@ -314,7 +315,7 @@ func (s *Server) tumblrSignup(w http.ResponseWriter, r *http.Request) error {
 
 	valid, taken, err := s.DB.UsernameTaken(ctx, req.Username)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "checking if username is taken")
 	}
 	if !valid {
 		return server.APIError{Code: server.ErrInvalidUsername}
@@ -327,7 +328,12 @@ func (s *Server) tumblrSignup(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	tui := new(tumblrUserInfo)
 	err = s.DB.GetJSON(ctx, "tumblr:"+req.Ticket, &tui)

backend/routes/v1/bot/bot.go

@@ -1,183 +0,0 @@
-package bot
-
-import (
-	"crypto/ed25519"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"os"
-
-	"codeberg.org/pronounscc/pronouns.cc/backend/db"
-	"codeberg.org/pronounscc/pronouns.cc/backend/log"
-	"codeberg.org/pronounscc/pronouns.cc/backend/server"
-	"github.com/bwmarrin/discordgo"
-	"github.com/go-chi/chi/v5"
-	"github.com/go-chi/render"
-)
-
-type Bot struct {
-	*server.Server
-
-	publicKey ed25519.PublicKey
-	baseURL   string
-}
-
-func (bot *Bot) UserAvatarURL(u db.User) string {
-	if u.Avatar == nil {
-		return ""
-	}
-
-	return bot.baseURL + "/media/users/" + u.ID.String() + "/" + *u.Avatar + ".webp"
-}
-
-func Mount(srv *server.Server, r chi.Router) {
-	publicKey, err := hex.DecodeString(os.Getenv("DISCORD_PUBLIC_KEY"))
-	if err != nil {
-		return
-	}
-
-	b := &Bot{
-		Server:    srv,
-		publicKey: publicKey,
-		baseURL:   os.Getenv("BASE_URL"),
-	}
-
-	r.HandleFunc("/interactions", b.handle)
-}
-
-func (bot *Bot) handle(w http.ResponseWriter, r *http.Request) {
-	if !discordgo.VerifyInteraction(r, bot.publicKey) {
-		http.Error(w, "Forbidden", http.StatusForbidden)
-		return
-	}
-
-	var ev *discordgo.InteractionCreate
-
-	if err := json.NewDecoder(r.Body).Decode(&ev); err != nil {
-		http.Error(w, "Bad Request", http.StatusBadRequest)
-	}
-
-	// we can always respond to ping with pong
-	if ev.Type == discordgo.InteractionPing {
-		log.Debug("received ping interaction")
-		render.JSON(w, r, discordgo.InteractionResponse{
-			Type: discordgo.InteractionResponsePong,
-		})
-		return
-	}
-
-	if ev.Type != discordgo.InteractionApplicationCommand {
-		return
-	}
-	data := ev.ApplicationCommandData()
-
-	switch data.Name {
-	case "Show user's pronouns":
-		bot.userPronouns(w, r, ev)
-	case "Show author's pronouns":
-	}
-}
-
-func (bot *Bot) userPronouns(w http.ResponseWriter, r *http.Request, ev *discordgo.InteractionCreate) {
-	ctx := r.Context()
-
-	var du *discordgo.User
-	for _, user := range ev.ApplicationCommandData().Resolved.Users {
-		du = user
-		break
-	}
-	if du == nil {
-		return
-	}
-
-	u, err := bot.DB.DiscordUser(ctx, du.ID)
-	if err != nil {
-		if err == db.ErrUserNotFound {
-			respond(w, r, &discordgo.MessageEmbed{
-				Description: du.String() + " does not have any pronouns set.",
-			})
-			return
-		}
-
-		log.Errorf("getting discord user: %v", err)
-		return
-	}
-
-	avatarURL := du.AvatarURL("")
-	if url := bot.UserAvatarURL(u); url != "" {
-		avatarURL = url
-	}
-	name := u.Username
-	if u.DisplayName != nil {
-		name = fmt.Sprintf("%s (%s)", *u.DisplayName, u.Username)
-	}
-	url := bot.baseURL
-	if url != "" {
-		url += "/@" + u.Username
-	}
-
-	e := &discordgo.MessageEmbed{
-		Author: &discordgo.MessageEmbedAuthor{
-			Name:    name,
-			IconURL: avatarURL,
-			URL:     url,
-		},
-	}
-
-	if u.Bio != nil {
-		e.Fields = append(e.Fields, &discordgo.MessageEmbedField{
-			Name:  "Bio",
-			Value: *u.Bio,
-		})
-	}
-
-	fields, err := bot.DB.UserFields(ctx, u.ID)
-	if err != nil {
-		respond(w, r, e)
-
-		log.Errorf("getting user fields: %v", err)
-		return
-	}
-
-	for _, field := range fields {
-		var favs []db.FieldEntry
-
-		for _, e := range field.Entries {
-			if e.Status == "favourite" {
-				favs = append(favs, e)
-			}
-		}
-
-		if len(favs) == 0 {
-			continue
-		}
-
-		var value string
-		for _, fav := range favs {
-			if len(fav.Value) > 500 {
-				break
-			}
-
-			value += fav.Value + "\n"
-		}
-
-		e.Fields = append(e.Fields, &discordgo.MessageEmbedField{
-			Name:   field.Name,
-			Value:  value,
-			Inline: true,
-		})
-	}
-
-	respond(w, r, e)
-}
-
-func respond(w http.ResponseWriter, r *http.Request, embeds ...*discordgo.MessageEmbed) {
-	render.JSON(w, r, discordgo.InteractionResponse{
-		Type: discordgo.InteractionResponseChannelMessageWithSource,
-		Data: &discordgo.InteractionResponseData{
-			Embeds: embeds,
-			Flags:  discordgo.MessageFlagsEphemeral,
-		},
-	})
-}

backend/routes/v1/member/create_member.go

@@ -11,6 +11,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 )
 
 type CreateMemberRequest struct {
@@ -119,7 +120,12 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
 	if err != nil {
 		return errors.Wrap(err, "starting transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	m, err := s.DB.CreateMember(ctx, tx, claims.UserID, cmr.Name, cmr.DisplayName, cmr.Bio, cmr.Links)
 	if err != nil {
@@ -127,14 +133,14 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
 			return server.APIError{Code: server.ErrMemberNameInUse}
 		}
 
-		return err
+		return errors.Wrap(err, "creating member")
 	}
 
 	// set names, pronouns, fields
 	err = s.DB.SetMemberNamesPronouns(ctx, tx, m.ID, db.NotNull(cmr.Names), db.NotNull(cmr.Pronouns))
 	if err != nil {
 		log.Errorf("setting names and pronouns for member %v: %v", m.ID, err)
-		return err
+		return errors.Wrap(err, "setting names/pronouns")
 	}
 	m.Names = cmr.Names
 	m.Pronouns = cmr.Pronouns
@@ -142,7 +148,7 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
 	err = s.DB.SetMemberFields(ctx, tx, m.ID, cmr.Fields)
 	if err != nil {
 		log.Errorf("setting fields for member %v: %v", m.ID, err)
-		return err
+		return errors.Wrap(err, "setting fields")
 	}
 
 	if cmr.Avatar != "" {
@@ -161,13 +167,13 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
 			}
 
 			log.Errorf("converting member avatar: %v", err)
-			return err
+			return errors.Wrap(err, "converting avatar")
 		}
 
 		hash, err := s.DB.WriteMemberAvatar(ctx, m.ID, webp, jpg)
 		if err != nil {
 			log.Errorf("uploading member avatar: %v", err)
-			return err
+			return errors.Wrap(err, "uploading avatar")
 		}
 
 		err = tx.QueryRow(ctx, "UPDATE members SET avatar = $1 WHERE id = $2", hash, m.ID).Scan(&m.Avatar)
@@ -180,7 +186,7 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
 	err = s.DB.UpdateActiveTime(ctx, tx, claims.UserID)
 	if err != nil {
 		log.Errorf("updating last active time for user %v: %v", claims.UserID, err)
-		return err
+		return errors.Wrap(err, "updating last active time")
 	}
 
 	err = tx.Commit(ctx)

backend/routes/v1/member/delete_member.go

@@ -66,7 +66,7 @@ func (s *Server) deleteMember(w http.ResponseWriter, r *http.Request) (err error
 	err = s.DB.UpdateActiveTime(ctx, s.DB, claims.UserID)
 	if err != nil {
 		log.Errorf("updating last active time for user %v: %v", claims.UserID, err)
-		return err
+		return errors.Wrap(err, "updating last active time")
 	}
 
 	render.NoContent(w, r)

backend/routes/v1/member/get_member.go

@@ -105,7 +105,7 @@ func (s *Server) getMember(w http.ResponseWriter, r *http.Request) (err error) {
 
 	u, err := s.DB.User(ctx, m.UserID)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting user")
 	}
 
 	if u.DeletedAt != nil {
@@ -119,12 +119,12 @@ func (s *Server) getMember(w http.ResponseWriter, r *http.Request) (err error) {
 
 	fields, err := s.DB.MemberFields(ctx, m.ID)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting member fields")
 	}
 
 	flags, err := s.DB.MemberFlags(ctx, m.ID)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting member flags")
 	}
 
 	render.JSON(w, r, dbMemberToMember(u, m, fields, flags, isOwnMember))
@@ -159,12 +159,12 @@ func (s *Server) getUserMember(w http.ResponseWriter, r *http.Request) error {
 
 	fields, err := s.DB.MemberFields(ctx, m.ID)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting member fields")
 	}
 
 	flags, err := s.DB.MemberFlags(ctx, m.ID)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting member flags")
 	}
 
 	render.JSON(w, r, dbMemberToMember(u, m, fields, flags, isOwnMember))
@@ -189,12 +189,12 @@ func (s *Server) getMeMember(w http.ResponseWriter, r *http.Request) error {
 
 	fields, err := s.DB.MemberFields(ctx, m.ID)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting member fields")
 	}
 
 	flags, err := s.DB.MemberFlags(ctx, m.ID)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting member flags")
 	}
 
 	render.JSON(w, r, dbMemberToMember(u, m, fields, flags, true))

backend/routes/v1/member/get_members.go

@@ -6,6 +6,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
 	"github.com/rs/xid"
@@ -74,7 +75,7 @@ func (s *Server) getUserMembers(w http.ResponseWriter, r *http.Request) error {
 
 	ms, err := s.DB.UserMembers(ctx, u.ID, isSelf)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting members")
 	}
 
 	render.JSON(w, r, membersToMemberList(ms, isSelf))
@@ -87,7 +88,7 @@ func (s *Server) getMeMembers(w http.ResponseWriter, r *http.Request) error {
 
 	ms, err := s.DB.UserMembers(ctx, claims.UserID, true)
 	if err != nil {
-		return err
+		return errors.Wrap(err, "getting members")
 	}
 
 	render.JSON(w, r, membersToMemberList(ms, true))

backend/routes/v1/member/patch_member.go

@@ -13,6 +13,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/rs/xid"
 )
 
@@ -58,13 +59,9 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 	} else {
 		id, err := common.ParseSnowflake(chi.URLParam(r, "memberRef"))
 		if err != nil {
-			log.Debugf("%v/%v is not valid snowflake", chi.URLParam(r, "memberRef"), id)
-
 			return server.APIError{Code: server.ErrMemberNotFound}
 		}
 
-		log.Debugf("%v/%v is valid snowflake", chi.URLParam(r, "memberRef"), id)
-
 		m, err = s.DB.MemberBySnowflake(ctx, common.MemberID(id))
 		if err != nil {
 			if err == db.ErrMemberNotFound {
@@ -224,13 +221,13 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 				}
 
 				log.Errorf("converting member avatar: %v", err)
-				return err
+				return errors.Wrap(err, "converting member avatar")
 			}
 
 			hash, err := s.DB.WriteMemberAvatar(ctx, m.ID, webp, jpg)
 			if err != nil {
 				log.Errorf("uploading member avatar: %v", err)
-				return err
+				return errors.Wrap(err, "writing member avatar")
 			}
 			avatarHash = &hash
 
@@ -248,9 +245,14 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 	tx, err := s.DB.Begin(ctx)
 	if err != nil {
 		log.Errorf("creating transaction: %v", err)
-		return err
+		return errors.Wrap(err, "creating transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	m, err = s.DB.UpdateMember(ctx, tx, m.ID, req.Name, req.DisplayName, req.Bio, req.Unlisted, req.Links, avatarHash)
 	if err != nil {
@@ -279,7 +281,7 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 		err = s.DB.SetMemberNamesPronouns(ctx, tx, m.ID, names, pronouns)
 		if err != nil {
 			log.Errorf("setting names for member %v: %v", m.ID, err)
-			return err
+			return errors.Wrap(err, "setting names/pronouns")
 		}
 		m.Names = names
 		m.Pronouns = pronouns
@@ -290,14 +292,14 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 		err = s.DB.SetMemberFields(ctx, tx, m.ID, *req.Fields)
 		if err != nil {
 			log.Errorf("setting fields for member %v: %v", m.ID, err)
-			return err
+			return errors.Wrap(err, "setting fields")
 		}
 		fields = *req.Fields
 	} else {
 		fields, err = s.DB.MemberFields(ctx, m.ID)
 		if err != nil {
 			log.Errorf("getting fields for member %v: %v", m.ID, err)
-			return err
+			return errors.Wrap(err, "getting fields")
 		}
 	}
 
@@ -310,7 +312,7 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 			}
 
 			log.Errorf("updating flags for member %v: %v", m.ID, err)
-			return err
+			return errors.Wrap(err, "updating flags")
 		}
 	}
 
@@ -318,20 +320,20 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 	err = s.DB.UpdateActiveTime(ctx, tx, claims.UserID)
 	if err != nil {
 		log.Errorf("updating last active time for user %v: %v", claims.UserID, err)
-		return err
+		return errors.Wrap(err, "updating last active time")
 	}
 
 	err = tx.Commit(ctx)
 	if err != nil {
 		log.Errorf("committing transaction: %v", err)
-		return err
+		return errors.Wrap(err, "committing transaction")
 	}
 
 	// get flags to return (we need to return full flag objects, not the array of IDs in the request body)
 	flags, err := s.DB.MemberFlags(ctx, m.ID)
 	if err != nil {
 		log.Errorf("getting user flags: %v", err)
-		return err
+		return errors.Wrap(err, "getting flags")
 	}
 
 	// echo the updated member back on success

backend/routes/v1/meta/meta.go

@@ -4,6 +4,8 @@ import (
 	"net/http"
 	"os"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/db"
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
@@ -20,11 +22,17 @@ func Mount(srv *server.Server, r chi.Router) {
 }
 
 type MetaResponse struct {
-	GitRepository string    `json:"git_repository"`
-	GitCommit     string    `json:"git_commit"`
-	Users         MetaUsers `json:"users"`
-	Members       int64     `json:"members"`
-	RequireInvite bool      `json:"require_invite"`
+	GitRepository string      `json:"git_repository"`
+	GitCommit     string      `json:"git_commit"`
+	Users         MetaUsers   `json:"users"`
+	Members       int64       `json:"members"`
+	RequireInvite bool        `json:"require_invite"`
+	Notice        *MetaNotice `json:"notice"`
+}
+
+type MetaNotice struct {
+	ID     int    `json:"id"`
+	Notice string `json:"notice"`
 }
 
 type MetaUsers struct {
@@ -39,6 +47,18 @@ func (s *Server) meta(w http.ResponseWriter, r *http.Request) error {
 
 	numUsers, numMembers, activeDay, activeWeek, activeMonth := s.DB.Counts(ctx)
 
+	var notice *MetaNotice
+	if n, err := s.DB.CurrentNotice(ctx); err != nil {
+		if err != db.ErrNoNotice {
+			log.Errorf("getting notice: %v", err)
+		}
+	} else {
+		notice = &MetaNotice{
+			ID:     n.ID,
+			Notice: n.Notice,
+		}
+	}
+
 	render.JSON(w, r, MetaResponse{
 		GitRepository: server.Repository,
 		GitCommit:     server.Revision,
@@ -50,6 +70,7 @@ func (s *Server) meta(w http.ResponseWriter, r *http.Request) error {
 		},
 		Members:       numMembers,
 		RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",
+		Notice:        notice,
 	})
 	return nil
 }

backend/routes/v1/mod/notices.go

@@ -0,0 +1,55 @@
+package mod
+
+import (
+	"net/http"
+	"time"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
+	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
+	"github.com/aarondl/opt/omit"
+	"github.com/go-chi/render"
+)
+
+type createNoticeRequest struct {
+	Notice string              `json:"notice"`
+	Start  omit.Val[time.Time] `json:"start"`
+	End    time.Time           `json:"end"`
+}
+
+type noticeResponse struct {
+	ID        int       `json:"id"`
+	Notice    string    `json:"notice"`
+	StartTime time.Time `json:"start"`
+	EndTime   time.Time `json:"end"`
+}
+
+func (s *Server) createNotice(w http.ResponseWriter, r *http.Request) error {
+	var req createNoticeRequest
+	err := render.Decode(r, &req)
+	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	if common.StringLength(&req.Notice) > 2000 {
+		return server.APIError{Code: server.ErrBadRequest, Details: "Notice is too long, max 2000 characters"}
+	}
+
+	start := req.Start.GetOr(time.Now())
+	if req.End.IsZero() {
+		return server.APIError{Code: server.ErrBadRequest, Details: "`end` is missing or invalid"}
+	}
+
+	n, err := s.DB.CreateNotice(r.Context(), req.Notice, start, req.End)
+	if err != nil {
+		return errors.Wrap(err, "creating notice")
+	}
+
+	render.JSON(w, r, noticeResponse{
+		ID:        n.ID,
+		Notice:    n.Notice,
+		StartTime: n.StartTime,
+		EndTime:   n.EndTime,
+	})
+	return nil
+}

backend/routes/v1/mod/resolve_report.go

@@ -10,6 +10,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 )
 
 type resolveReportRequest struct {
@@ -43,7 +44,12 @@ func (s *Server) resolveReport(w http.ResponseWriter, r *http.Request) error {
 		log.Errorf("creating transaction: %v", err)
 		return errors.Wrap(err, "creating transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	report, err := s.DB.Report(ctx, tx, id)
 	if err != nil {

backend/routes/v1/mod/routes.go

@@ -22,6 +22,8 @@ func Mount(srv *server.Server, r chi.Router) {
 		r.Get("/reports/by-reporter/{id}", server.WrapHandler(s.getReportsByReporter))
 
 		r.Patch("/reports/{id}", server.WrapHandler(s.resolveReport))
+
+		r.Post("/notices", server.WrapHandler(s.createNotice))
 	})
 
 	r.With(MustAdmin).Handle("/metrics", promhttp.Handler())

backend/routes/v1/user/delete_user.go

@@ -3,9 +3,11 @@ package user
 import (
 	"net/http"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 )
 
 func (s *Server) deleteUser(w http.ResponseWriter, r *http.Request) error {
@@ -20,7 +22,12 @@ func (s *Server) deleteUser(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "creating transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	err = s.DB.DeleteUser(ctx, tx, claims.UserID, true, "")
 	if err != nil {

backend/routes/v1/user/export.go

@@ -7,6 +7,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
 	"github.com/go-chi/render"
 )
 
@@ -71,7 +72,7 @@ func (s *Server) getExport(w http.ResponseWriter, r *http.Request) error {
 		}
 
 		log.Errorf("getting export for user %v: %v", claims.UserID, err)
-		return err
+		return errors.Wrap(err, "getting export")
 	}
 
 	render.JSON(w, r, dataExportResponse{

backend/routes/v1/user/flags.go

@@ -13,6 +13,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
 	"github.com/rs/xid"
 )
 
@@ -80,7 +81,12 @@ func (s *Server) postUserFlag(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "starting transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	flag, err := s.DB.CreateFlag(ctx, tx, claims.UserID, req.Name, req.Description)
 	if err != nil {
@@ -192,7 +198,12 @@ func (s *Server) patchUserFlag(w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return errors.Wrap(err, "beginning transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	flag, err = s.DB.EditFlag(ctx, tx, flag.ID, req.Name, req.Description, nil)
 	if err != nil {

backend/routes/v1/user/get_user.go

@@ -8,6 +8,7 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
 	"github.com/rs/xid"
@@ -146,7 +147,7 @@ func (s *Server) getUser(w http.ResponseWriter, r *http.Request) (err error) {
 			}
 		} else if err != nil {
 			log.Errorf("Error getting user by username: %v", err)
-			return err
+			return errors.Wrap(err, "getting user")
 		}
 	}
 
@@ -162,13 +163,13 @@ func (s *Server) getUser(w http.ResponseWriter, r *http.Request) (err error) {
 	fields, err := s.DB.UserFields(ctx, u.ID)
 	if err != nil {
 		log.Errorf("Error getting user fields: %v", err)
-		return err
+		return errors.Wrap(err, "getting fields")
 	}
 
 	flags, err := s.DB.UserFlags(ctx, u.ID)
 	if err != nil {
 		log.Errorf("getting user flags: %v", err)
-		return err
+		return errors.Wrap(err, "getting flags")
 	}
 
 	var members []db.Member
@@ -176,7 +177,7 @@ func (s *Server) getUser(w http.ResponseWriter, r *http.Request) (err error) {
 		members, err = s.DB.UserMembers(ctx, u.ID, isSelf)
 		if err != nil {
 			log.Errorf("Error getting user members: %v", err)
-			return err
+			return errors.Wrap(err, "getting user members")
 		}
 	}
 
@@ -191,25 +192,25 @@ func (s *Server) getMeUser(w http.ResponseWriter, r *http.Request) error {
 	u, err := s.DB.User(ctx, claims.UserID)
 	if err != nil {
 		log.Errorf("Error getting user: %v", err)
-		return err
+		return errors.Wrap(err, "getting users")
 	}
 
 	fields, err := s.DB.UserFields(ctx, u.ID)
 	if err != nil {
 		log.Errorf("Error getting user fields: %v", err)
-		return err
+		return errors.Wrap(err, "getting fields")
 	}
 
 	members, err := s.DB.UserMembers(ctx, u.ID, true)
 	if err != nil {
 		log.Errorf("Error getting user members: %v", err)
-		return err
+		return errors.Wrap(err, "getting members")
 	}
 
 	flags, err := s.DB.UserFlags(ctx, u.ID)
 	if err != nil {
 		log.Errorf("getting user flags: %v", err)
-		return err
+		return errors.Wrap(err, "getting flags")
 	}
 
 	render.JSON(w, r, GetMeResponse{

backend/routes/v1/user/patch_user.go

@@ -12,6 +12,7 @@ import (
 	"emperror.dev/errors"
 	"github.com/go-chi/render"
 	"github.com/google/uuid"
+	"github.com/jackc/pgx/v5"
 	"github.com/rs/xid"
 )
 
@@ -195,13 +196,13 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 				}
 
 				log.Errorf("converting user avatar: %v", err)
-				return err
+				return errors.Wrap(err, "converting avatar")
 			}
 
 			hash, err := s.DB.WriteUserAvatar(ctx, claims.UserID, webp, jpg)
 			if err != nil {
 				log.Errorf("uploading user avatar: %v", err)
-				return err
+				return errors.Wrap(err, "uploading avatar")
 			}
 			avatarHash = &hash
 
@@ -219,9 +220,14 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 	tx, err := s.DB.Begin(ctx)
 	if err != nil {
 		log.Errorf("creating transaction: %v", err)
-		return err
+		return errors.Wrap(err, "creating transaction")
 	}
-	defer tx.Rollback(ctx)
+	defer func() {
+		err := tx.Rollback(ctx)
+		if err != nil && !errors.Is(err, pgx.ErrTxClosed) {
+			log.Error("rolling back transaction:", err)
+		}
+	}()
 
 	// update username
 	if req.Username != nil && *req.Username != u.Username {
@@ -243,7 +249,7 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 	u, err = s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.MemberTitle, req.ListPrivate, req.Links, avatarHash, req.Timezone, req.CustomPreferences)
 	if err != nil && errors.Cause(err) != db.ErrNothingToUpdate {
 		log.Errorf("updating user: %v", err)
-		return err
+		return errors.Wrap(err, "updating user")
 	}
 
 	if req.Names != nil || req.Pronouns != nil {
@@ -260,7 +266,7 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 		err = s.DB.SetUserNamesPronouns(ctx, tx, claims.UserID, names, pronouns)
 		if err != nil {
 			log.Errorf("setting names for member %v: %v", claims.UserID, err)
-			return err
+			return errors.Wrap(err, "setting names/pronouns")
 		}
 		u.Names = names
 		u.Pronouns = pronouns
@@ -271,14 +277,14 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 		err = s.DB.SetUserFields(ctx, tx, claims.UserID, *req.Fields)
 		if err != nil {
 			log.Errorf("setting fields for user %v: %v", claims.UserID, err)
-			return err
+			return errors.Wrap(err, "setting fields")
 		}
 		fields = *req.Fields
 	} else {
 		fields, err = s.DB.UserFields(ctx, claims.UserID)
 		if err != nil {
 			log.Errorf("getting fields for user %v: %v", claims.UserID, err)
-			return err
+			return errors.Wrap(err, "getting fields")
 		}
 	}
 
@@ -291,7 +297,7 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 			}
 
 			log.Errorf("updating flags for user %v: %v", claims.UserID, err)
-			return err
+			return errors.Wrap(err, "updating flags")
 		}
 	}
 
@@ -299,13 +305,13 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 	err = s.DB.UpdateActiveTime(ctx, tx, claims.UserID)
 	if err != nil {
 		log.Errorf("updating last active time for user %v: %v", claims.UserID, err)
-		return err
+		return errors.Wrap(err, "updating last active time")
 	}
 
 	err = tx.Commit(ctx)
 	if err != nil {
 		log.Errorf("committing transaction: %v", err)
-		return err
+		return errors.Wrap(err, "committing transaction")
 	}
 
 	// get fedi instance name if the user has a linked fedi account
@@ -321,7 +327,7 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 	flags, err := s.DB.UserFlags(ctx, u.ID)
 	if err != nil {
 		log.Errorf("getting user flags: %v", err)
-		return err
+		return errors.Wrap(err, "getting flags")
 	}
 
 	// echo the updated user back on success

backend/routes/v2/user/get_settings.go

@@ -5,6 +5,7 @@ import (
 
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
 	"github.com/go-chi/render"
 )
 
@@ -13,7 +14,7 @@ func (s *Server) GetSettings(w http.ResponseWriter, r *http.Request) (err error)
 	u, err := s.DB.User(r.Context(), claims.UserID)
 	if err != nil {
 		log.Errorf("getting user: %v", err)
-		return err
+		return errors.Wrap(err, "getting user")
 	}
 
 	render.JSON(w, r, u.Settings)

backend/routes/v2/user/patch_settings.go

@@ -12,6 +12,7 @@ import (
 type PatchSettingsRequest struct {
 	ReadChangelog      omitnull.Val[string] `json:"read_changelog"`
 	ReadSettingsNotice omitnull.Val[string] `json:"read_settings_notice"`
+	ReadGlobalNotice   omitnull.Val[int]    `json:"read_global_notice"`
 }
 
 func (s *Server) PatchSettings(w http.ResponseWriter, r *http.Request) (err error) {
@@ -34,6 +35,9 @@ func (s *Server) PatchSettings(w http.ResponseWriter, r *http.Request) (err erro
 	if !req.ReadSettingsNotice.IsUnset() {
 		u.Settings.ReadSettingsNotice = req.ReadSettingsNotice.GetOrZero()
 	}
+	if !req.ReadGlobalNotice.IsUnset() {
+		u.Settings.ReadGlobalNotice = req.ReadGlobalNotice.GetOrZero()
+	}
 
 	err = s.DB.UpdateUserSettings(ctx, u.ID, u.Settings)
 	if err != nil {

backend/server/errors.go

@@ -1,10 +1,14 @@
 package server
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
+	"emperror.dev/errors"
+	"github.com/getsentry/sentry-go"
+	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
 )
 
@@ -12,6 +16,11 @@ import (
 // The inner HandlerFunc additionally returns an error.
 func WrapHandler(hn func(w http.ResponseWriter, r *http.Request) error) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		hub := sentry.GetHubFromContext(r.Context())
+		if hub == nil {
+			hub = sentry.CurrentHub().Clone()
+		}
+
 		err := hn(w, r)
 		if err != nil {
 			// if the function returned an API error, just render that verbatim
@@ -24,10 +33,20 @@ func WrapHandler(hn func(w http.ResponseWriter, r *http.Request) error) http.Han
 				return
 			}
 
-			// otherwise, we log the error and return an internal server error message
-			log.Errorf("error in http handler: %v", err)
+			rctx := chi.RouteContext(r.Context())
+			hub.ConfigureScope(func(scope *sentry.Scope) {
+				scope.SetTag("method", rctx.RouteMethod)
+				scope.SetTag("path", rctx.RoutePattern())
+			})
 
-			apiErr := APIError{Code: ErrInternalServerError}
+			var eventID *sentry.EventID = nil
+			if isExpectedError(err) {
+				log.Infof("expected error in handler for %v %v, ignoring", rctx.RouteMethod, rctx.RoutePattern())
+			} else {
+				log.Errorf("error in handler for %v %v: %v", rctx.RouteMethod, rctx.RoutePattern(), err)
+				eventID = hub.CaptureException(err)
+			}
+			apiErr := APIError{ID: eventID, Code: ErrInternalServerError}
 			apiErr.prepare()
 
 			render.Status(r, apiErr.Status)
@@ -36,12 +55,17 @@ func WrapHandler(hn func(w http.ResponseWriter, r *http.Request) error) http.Han
 	}
 }
 
+func isExpectedError(err error) bool {
+	return errors.Is(err, context.Canceled)
+}
+
 // APIError is an object returned by the API when an error occurs.
 // It implements the error interface and can be returned by handlers.
 type APIError struct {
-	Code    int    `json:"code"`
-	Message string `json:"message,omitempty"`
-	Details string `json:"details,omitempty"`
+	Code    int             `json:"code"`
+	ID      *sentry.EventID `json:"id,omitempty"`
+	Message string          `json:"message,omitempty"`
+	Details string          `json:"details,omitempty"`
 
 	RatelimitReset *int `json:"ratelimit_reset,omitempty"`
 

backend/server/sentry.go

@@ -0,0 +1,89 @@
+package server
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/getsentry/sentry-go"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+)
+
+func (s *Server) sentry(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
+
+		ctx := r.Context()
+		hub := sentry.GetHubFromContext(ctx)
+		if hub == nil {
+			hub = sentry.CurrentHub().Clone()
+			ctx = sentry.SetHubOnContext(ctx, hub)
+		}
+
+		options := []sentry.SpanOption{
+			sentry.WithOpName("http.server"),
+			sentry.ContinueFromRequest(r),
+			sentry.WithTransactionSource(sentry.SourceURL),
+		}
+		// We don't mind getting an existing transaction back so we don't need to
+		// check if it is.
+		transaction := sentry.StartTransaction(ctx,
+			fmt.Sprintf("%s %s", r.Method, r.URL.Path),
+			options...,
+		)
+		defer transaction.Finish()
+		r = r.WithContext(transaction.Context())
+		hub.Scope().SetRequest(r)
+		defer recoverWithSentry(hub, r)
+		handler.ServeHTTP(ww, r)
+
+		transaction.Status = httpStatusToSentryStatus(ww.Status())
+		rctx := chi.RouteContext(r.Context())
+		transaction.Name = rctx.RouteMethod + " " + rctx.RoutePattern()
+	})
+}
+
+func recoverWithSentry(hub *sentry.Hub, r *http.Request) {
+	if err := recover(); err != nil {
+		hub.RecoverWithContext(
+			context.WithValue(r.Context(), sentry.RequestContextKey, r),
+			err,
+		)
+	}
+}
+
+func httpStatusToSentryStatus(status int) sentry.SpanStatus {
+	// c.f. https://develop.sentry.dev/sdk/event-payloads/span/
+
+	if status >= 200 && status < 400 {
+		return sentry.SpanStatusOK
+	}
+
+	switch status {
+	case 499:
+		return sentry.SpanStatusCanceled
+	case 500:
+		return sentry.SpanStatusInternalError
+	case 400:
+		return sentry.SpanStatusInvalidArgument
+	case 504:
+		return sentry.SpanStatusDeadlineExceeded
+	case 404:
+		return sentry.SpanStatusNotFound
+	case 409:
+		return sentry.SpanStatusAlreadyExists
+	case 403:
+		return sentry.SpanStatusPermissionDenied
+	case 429:
+		return sentry.SpanStatusResourceExhausted
+	case 501:
+		return sentry.SpanStatusUnimplemented
+	case 503:
+		return sentry.SpanStatusUnavailable
+	case 401:
+		return sentry.SpanStatusUnauthenticated
+	default:
+		return sentry.SpanStatusUnknown
+	}
+}

backend/server/server.go

@@ -50,6 +50,9 @@ func New() (*Server, error) {
 		s.Router.Use(middleware.Logger)
 	}
 	s.Router.Use(middleware.Recoverer)
+	// add Sentry tracing handler
+	s.Router.Use(s.sentry)
+
 	// add CORS
 	s.Router.Use(cors.Handler(cors.Options{
 		AllowedOrigins: []string{"https://*", "http://*"},
@@ -97,23 +100,23 @@ func New() (*Server, error) {
 
 	// set scopes
 	// users
-	rateLimiter.Scope("GET", "/users/*", 60)
-	rateLimiter.Scope("PATCH", "/users/@me", 10)
+	_ = rateLimiter.Scope("GET", "/users/*", 60)
+	_ = rateLimiter.Scope("PATCH", "/users/@me", 10)
 
 	// members
-	rateLimiter.Scope("GET", "/users/*/members", 60)
-	rateLimiter.Scope("GET", "/users/*/members/*", 60)
+	_ = rateLimiter.Scope("GET", "/users/*/members", 60)
+	_ = rateLimiter.Scope("GET", "/users/*/members/*", 60)
 
-	rateLimiter.Scope("POST", "/members", 10)
-	rateLimiter.Scope("GET", "/members/*", 60)
-	rateLimiter.Scope("PATCH", "/members/*", 20)
-	rateLimiter.Scope("DELETE", "/members/*", 5)
+	_ = rateLimiter.Scope("POST", "/members", 10)
+	_ = rateLimiter.Scope("GET", "/members/*", 60)
+	_ = rateLimiter.Scope("PATCH", "/members/*", 20)
+	_ = rateLimiter.Scope("DELETE", "/members/*", 5)
 
 	// auth
-	rateLimiter.Scope("*", "/auth/*", 20)
-	rateLimiter.Scope("*", "/auth/tokens", 10)
-	rateLimiter.Scope("*", "/auth/invites", 10)
-	rateLimiter.Scope("POST", "/auth/discord/*", 10)
+	_ = rateLimiter.Scope("*", "/auth/*", 20)
+	_ = rateLimiter.Scope("*", "/auth/tokens", 10)
+	_ = rateLimiter.Scope("*", "/auth/invites", 10)
+	_ = rateLimiter.Scope("POST", "/auth/discord/*", 10)
 
 	s.Router.Use(rateLimiter.Handler())
 

docs/.vitepress/.gitignore

@@ -0,0 +1 @@
+cache/

docs/.vitepress/config.mts

@@ -0,0 +1,41 @@
+import { defineConfig } from "vitepress";
+
+// https://vitepress.dev/reference/site-config
+export default defineConfig({
+  title: "pronouns.cc documentation",
+  description: "pronouns.cc documentation",
+  markdown: {
+    anchor: { level: [2, 3] },
+  },
+  themeConfig: {
+    // https://vitepress.dev/reference/default-theme-config
+    siteTitle: "pronouns.cc",
+    logo: "/logo.svg",
+    nav: [
+      { text: "Home", link: "/" },
+      { text: "Back to pronouns.cc", link: "https://pronouns.cc/" },
+    ],
+    outline: {
+      level: [2, 3],
+    },
+    sidebar: [
+      {
+        text: "API",
+        items: [
+          { text: "API reference", link: "/api/" },
+          { text: "Rate limits", link: "/api/ratelimits" },
+          { text: "Error messages", link: "/api/errors" },
+        ],
+      },
+      {
+        text: "Endpoints",
+        items: [
+          { text: "Object reference", link: "/api/endpoints/" },
+          { text: "Users", link: "/api/endpoints/users" },
+          { text: "Members", link: "/api/endpoints/members" },
+          { text: "Other", link: "/api/endpoints/other" },
+        ],
+      },
+    ],
+  },
+});

docs/.vitepress/theme/custom.css

@@ -0,0 +1,4 @@
+:root {
+  --vp-font-family-base: "FiraGO", sans-serif;
+  --vp-font-family-mono: "Fira Mono", monospace;
+}

docs/.vitepress/theme/index.mts

@@ -0,0 +1,9 @@
+import DefaultTheme from 'vitepress/theme-without-fonts'
+import "@fontsource/firago/400.css";
+import "@fontsource/firago/400-italic.css";
+import "@fontsource/firago/700.css";
+import "@fontsource/firago/700-italic.css";
+import "@fontsource/fira-mono";
+import "./custom.css";
+
+export default DefaultTheme

docs/api/endpoints/index.md

@@ -0,0 +1,54 @@
+# Object reference
+
+These are some of the objects shared by multiple types of endpoints.
+For other objects, such as [users](./users) or [members](./members), check their respective pages.
+
+## Field
+
+| Field   | Type                            | Description                 |
+| ------- | ------------------------------- | --------------------------- |
+| name    | string                          | the field's name or heading |
+| entries | [field_entry](./#field-entry)[] | the field's entries         |
+
+## Field entry
+
+| Field  | Type   | Description                      |
+| ------ | ------ | -------------------------------- |
+| value  | string | this entry's value or key        |
+| status | string | this entry's [status](./#status) |
+
+## Pronoun entry
+
+| Field        | Type    | Description                                                                                           |
+| ------------ | ------- | ----------------------------------------------------------------------------------------------------- |
+| pronouns     | string  | this entry's raw pronouns. This can be any user-inputted value and does not have to be a complete set |
+| display_text | string? | the text shown in the pronoun list, if `pronouns` is a valid 5-member set                             |
+| status       | string  | this entry's [status](./#status)                                                                      |
+
+## Status
+
+A name, pronoun, or field entry's **status** is how the user or member feels about that entry.
+This can be any of `favourite`, `okay`, `jokingly`, `friends_only`, `avoid`,
+as well as the UUID of any [custom preferences](./#custom-preference) the user has set.
+
+## Custom preference
+
+A user can set custom word preferences, which can have custom icons and tooltips. These are identified by a UUID.
+
+| Field     | Type   | Description                                                                                          |
+| --------- | ------ | ---------------------------------------------------------------------------------------------------- |
+| icon      | string | the [Bootstrap icon](https://icons.getbootstrap.com/) associated with this preference                |
+| tooltip   | string | the description shown in the tooltip on hover or tap                                                 |
+| size      | string | the size at which any entry with this preference will be shown, can be `large`, `normal`, or `small` |
+| muted     | bool   | whether the preference is shown in a muted grey colour                                               |
+| favourite | bool   | whether the preference is treated the same as `favourite` when building embeds                       |
+
+## Pride flag
+
+| Field       | Type      | Description                           |
+| ----------- | --------- | ------------------------------------- |
+| id          | string    | the flag's unique ID                  |
+| id_new      | snowflake | the flag's unique snowflake ID        |
+| hash        | string    | the flag's [image hash](/api/#images) |
+| name        | string    | the flag's name                       |
+| description | string?   | the flag's description or alt text    |

docs/api/endpoints/members.md

@@ -0,0 +1,125 @@
+# Member endpoints
+
+## Member object
+
+| Field        | Type                                                 | Description                                                                       |
+| ------------ | ---------------------------------------------------- | --------------------------------------------------------------------------------- |
+| id           | string                                               | the member's unique ID                                                            |
+| id_new       | snowflake                                            | the member's unique snowflake ID                                                  |
+| sid          | string                                               | the member's 6-letter short ID                                                    |
+| name         | string                                               | the member's name                                                                 |
+| display_name | string?                                              | the member's display name or nickname                                             |
+| bio          | string?                                              | the member's description                                                          |
+| avatar       | string?                                              | the member's [avatar hash](/api/#images)                                          |
+| links        | string[]                                             | the member's profile links                                                        |
+| names        | [field_entry](./#field-entry)[]                      | the member's preferred names                                                      |
+| pronouns     | [pronoun_entry](./#pronoun-entry)[]                  | the member's preferred pronouns                                                   |
+| fields       | ?[field](./#field)[]                                 | the member's term fields. Not returned in member list endpoints.                  |
+| flags        | [flag](./#pride-flag)[]                              | the member's pride flags                                                          |
+| user         | partial [user](./members#partial-user-object) object | the user associated with this member                                              |
+| unlisted     | ?bool                                                | _only returned for your own members_, whether the member is shown in member lists |
+
+## Partial user object
+
+| Field              | Type                                                 | Description                            |
+| ------------------ | ---------------------------------------------------- | -------------------------------------- |
+| id                 | string                                               | the user's unique ID                   |
+| id_new             | snowflake                                            | the user's unique snowflake ID         |
+| name               | string                                               | the user's username                    |
+| display_name       | string?                                              | the user's display name or nickname    |
+| avatar             | string?                                              | the user's [avatar hash](/api/#images) |
+| custom_preferences | map\[uuid\][custom_preference](./#custom-preference) | the user's custom preferences          |
+
+## Endpoints
+
+### Get member
+
+#### `GET /members/{member.id}`
+
+Gets a member by their ID. Returns a [member](./members#member-object) object.
+If authenticated and the authenticated user is the owner of the requested member,
+also returns the `unlisted` field.
+
+### Get user member
+
+#### `GET /users/{user.id}/members/{member.id} | GET /users/{user.name}/members/{member.name}`
+
+Gets a member by their ID or name. Returns a [member](./members#member-object) object.
+If authenticated and the authenticated user is the owner of the requested member,
+also returns the `unlisted` field.
+
+### Get user members
+
+#### `GET /users/{user.id}/members | GET /users/{user.name}/members`
+
+Get a user's members. Returns an array of [member](./members#member-object) objects.
+
+### Get current user member
+
+#### `GET /users/@me/members/{member.id} | GET /users/@me/members/{member.name}`
+
+**Requires authentication.** Get one of the currently authenticated user's members by ID or name.
+Returns a [member](./members#member-object) object.
+
+### Get current user members
+
+#### `GET /users/@me/members`
+
+**Requires authentication.** Get the currently authenticated user's members.
+Returns an array of [member](./members#member-object) objects.
+
+### Create member
+
+#### `POST /members`
+
+**Requires authentication**. Creates a new member.
+Returns the newly created [member](./members#member-object) on success.
+
+#### Request body parameters
+
+| Field        | Type            | Description                                                                                         |
+| ------------ | --------------- | --------------------------------------------------------------------------------------------------- |
+| name         | string          | the new member's name. Must be unique per user, and be between 1 and 100 characters. **Required**   |
+| display_name | string?         | the new member's display name. Must be between 1 and 100 characters                                 |
+| bio          | string?         | the new member's bio. Must be between 1 and 1000 characters                                         |
+| avatar       | string          | the new member's avatar. This must be a PNG, JPEG, or WebP image, encoded in base64 data URI format |
+| links        | string[]        | the new member's profile links. Maximum 25 links, and links must be between 1 and 256 characters    |
+| names        | field_entry[]   | the new member's preferred names                                                                    |
+| pronouns     | pronoun_entry[] | the new member's preferred pronouns                                                                 |
+| fields       | field[]         | the new member's profile fields                                                                     |
+
+### Update member
+
+#### `PATCH /members/{member.id}`
+
+**Requires authentication.** Updates the given member.
+Returns the updated [member](./members#member-object) on success.
+
+#### Request body parameters
+
+| Field        | Type            | Description                                                                                            |
+| ------------ | --------------- | ------------------------------------------------------------------------------------------------------ |
+| name         | string          | the member's new name. Must be unique per user, and be between 1 and 100 characters.                   |
+| display_name | string          | the member's new display name. Must be between 1 and 100 characters                                    |
+| bio          | string          | the member's new bio. Must be between 1 and 1000 characters                                            |
+| links        | string[]        | the member's new profile links. Maximum 25 links, and links must be between 1 and 256 characters       |
+| names        | field_entry[]   | the member's new preferred names                                                                       |
+| pronouns     | pronoun_entry[] | the member's new preferred pronouns                                                                    |
+| fields       | field[]         | the member's new profile fields                                                                        |
+| flags        | string[]        | the member's new flags. This must be an array of [pride flag](./#pride-flag) IDs, _not_ snowflake IDs. |
+| avatar       | string          | the member's new avatar. This must be a PNG, JPEG, or WebP image, encoded in base64 data URI format    |
+| unlisted     | bool            | whether or not the member should be hidden from the member list                                        |
+
+### Delete member
+
+#### `DELETE /members/{member.id}`
+
+**Requires authentication.** Deletes the given member. Returns `204 No Content` on success.
+
+### Reroll short ID
+
+#### `GET /members/{member.id}/reroll`
+
+**Requires authentication.** Rerolls the member's short ID.
+Returns the updated [member](./members#member-object) on success.
+If the user has already rerolled a short ID in the past hour, returns `403 Forbidden`.

docs/api/endpoints/other.md

@@ -0,0 +1,46 @@
+# Other endpoints
+
+There are some endpoints that are neither user or member related:
+
+### Get statistics
+
+#### `GET /meta`
+
+Get aggregate statistics for pronouns.cc.
+Note: a user is considered active if they have updated their profile, created a member, deleted a member,
+or updated a member's profile in the given time period.
+
+#### Response body
+
+| Field          | Type              | Description                                                               |
+| -------------- | ----------------- | ------------------------------------------------------------------------- |
+| git_repository | string            | link to the project's Git repository                                      |
+| git_commit     | string            | the commit the backend is built from                                      |
+| users          | user count object | the total number of users                                                 |
+| members        | int               | the total number of non-hidden members                                    |
+| require_invite | bool              | whether invites are required to sign up. _Always `false` for pronouns.cc_ |
+
+#### User count object
+
+| Field        | Type | Description                                 |
+| ------------ | ---- | ------------------------------------------- |
+| total        | int  | total number of users                       |
+| active_month | int  | number of users active in the last month    |
+| active_week  | int  | number of users active in the last week     |
+| active_day   | int  | number of users active in the last 24 hours |
+
+### Get warnings
+
+#### `GET /auth/warnings`
+
+**Requires authentication.** Returns an array of warnings the currently authenticated user has.
+Add `?all=true` query parameter to return all warnings, not just unread ones.
+
+#### Response body
+
+| Field      | Type     | Description                                    |
+| ---------- | -------- | ---------------------------------------------- |
+| id         | int      | the warning ID                                 |
+| reason     | string   | the reason for the warning                     |
+| created_at | datetime | when the warning was created                   |
+| read       | bool     | whether the warning has been read/acknowledged |

docs/api/endpoints/users.md

@@ -0,0 +1,145 @@
+# User endpoints
+
+## User object
+
+| Field              | Type                                                 | Description                                                                 |
+| ------------------ | ---------------------------------------------------- | --------------------------------------------------------------------------- |
+| id                 | string                                               | the user's unique ID                                                        |
+| id_new             | snowflake                                            | the user's unique snowflake ID                                              |
+| sid                | string                                               | the user's 5 letter short ID                                                |
+| name               | string                                               | the user's username                                                         |
+| display_name       | string?                                              | the user's display name or nickname                                         |
+| bio                | string?                                              | the user's description or bio                                               |
+| member_title       | string?                                              | the heading used for the user's member list. If null, defaults to "Members" |
+| avatar             | string?                                              | the user's [avatar hash](/api/#images)                                      |
+| links              | string[]                                             | the user's profile links                                                    |
+| names              | [field_entry](./#field-entry)[]                      | the user's preferred names                                                  |
+| pronouns           | [pronoun_entry](./#pronoun-entry)[]                  | the user's preferred pronouns                                               |
+| fields             | [field](./#field)[]                                  | the user's term fields                                                      |
+| flags              | [flag](./#pride-flag)[]                              | the user's pride flags                                                      |
+| members            | [partial](./users#partial-member-object) member[]    | the user's non-hidden members                                               |
+| badges             | int                                                  | the user's badges, represented as a bitmask field                           |
+| utc_offset         | int?                                                 | the user's current offset from UTC, in seconds                              |
+| custom_preferences | map\[uuid\][custom_preference](./#custom-preference) | the user's custom preferences                                               |
+
+### Additional fields for the currently authenticated user {#additional-user-fields}
+
+| Field              | Type     | Description                                      |
+| ------------------ | -------- | ------------------------------------------------ |
+| created_at         | datetime | the user's creation date and time                |
+| timezone           | string?  | the user's timezone in IANA timezone format      |
+| is_admin           | bool     | whether or not the user is an administrator      |
+| list_private       | bool     | whether or not the user's member list is private |
+| last_sid_reroll    | datetime | the last time the user rerolled a short ID       |
+| discord            | string?  | the user's Discord ID                            |
+| discord_username   | string?  | the user's Discord username                      |
+| tumblr             | string?  | the user's Tumblr ID                             |
+| tumblr_username    | string?  | the user's Tumblr username                       |
+| google             | string?  | the user's Google ID                             |
+| google_username    | string?  | the user's Google username                       |
+| fediverse          | string?  | the user's fediverse user ID                     |
+| fediverse_username | string?  | the user's fediverse username, without instance  |
+| fediverse_instance | string?  | the user's fediverse instance                    |
+
+## Partial member object
+
+| Field        | Type                                | Description                              |
+| ------------ | ----------------------------------- | ---------------------------------------- |
+| id           | string                              | the member's unique ID                   |
+| id_new       | snowflake                           | the member's unique snowflake ID         |
+| sid          | string                              | the member's 6-letter short ID           |
+| name         | string                              | the member's name                        |
+| display_name | string?                             | the member's display name or nickname    |
+| bio          | string?                             | the member's description                 |
+| avatar       | string?                             | the member's [avatar hash](/api/#images) |
+| links        | string[]                            | the member's profile links               |
+| names        | [field_entry](./#field-entry)[]     | the member's preferred names             |
+| pronouns     | [pronoun_entry](./#pronoun-entry)[] | the member's preferred pronouns          |
+
+## Endpoints
+
+### Get user
+
+#### `GET /users/{user.id} | GET /users/{user.name}`
+
+Gets a user by their ID or username. Returns a [user](./users#user-object) object.
+If authenticated and the authenticated user is the requested user, also returns the [additional user fields](./users#additional-user-fields).
+
+### Get current user
+
+#### `GET /users/@me`
+
+**Requires authentication.** Gets the currently authenticated [user](./users#user-object),
+with all [additional user fields](./users#additional-user-fields).
+
+### Update current user
+
+#### `PATCH /users/@me`
+
+**Requires authentication.** Updates the currently authenticated user.
+Returns the updated [user](./users#user-object) object on success.
+
+#### Request body parameters
+
+| Field              | Type                 | Description                                                                                                   |
+| ------------------ | -------------------- | ------------------------------------------------------------------------------------------------------------- |
+| name               | string               | the user's new name. Must be between 2 and 40 characters and only consist of ASCII letters, `_`, `.`, and `-` |
+| display_name       | string               | the user's new display name. Must be between 1 and 100 characters                                             |
+| bio                | string               | the user's new bio. Must be between 1 and 1000 characters                                                     |
+| member_title       | string               | the user's new member title. Must be between 1 and 150 characters                                             |
+| links              | string[]             | the user's new profile links. Maximum 25 links, and links must be between 1 and 256 characters                |
+| names              | field_entry[]        | the user's new preferred names                                                                                |
+| pronouns           | pronoun_entry[]      | the user's new preferred pronouns                                                                             |
+| fields             | field[]              | the user's new profile fields                                                                                 |
+| flags              | string[]             | the user's new flags. This must be an array of [pride flag](./#pride-flag) IDs, _not_ snowflake IDs.          |
+| avatar             | string               | the user's new avatar. This must be a PNG, JPEG, or WebP image, encoded in base64 data URI format             |
+| timezone           | string               | the user's new timezone. Must be in IANA timezone database format                                             |
+| list_private       | bool                 | whether or not the user's member list should be hidden                                                        |
+| custom_preferences | _custom preferences_ | the user's new custom preferences                                                                             |
+
+### Get pride flags
+
+#### `GET /users/@me/flags`
+
+**Requires authentication.** Returns an array of the currently authenticated user's [pride flags](./#pride-flag).
+
+### Create pride flag
+
+#### `POST /users/@me/flags`
+
+**Requires authentication.** Creates a new pride flag. Returns a [pride flag](./#pride-flag) object on success.
+
+#### Request body parameters
+
+| Field       | Type   | Description                                                                                              |
+| ----------- | ------ | -------------------------------------------------------------------------------------------------------- |
+| flag        | string | the flag image. This must be a PNG, JPEG, or WebP image, encoded in base64 data URI format. **Required** |
+| name        | string | the flag name. Must be between 1 and 100 characters. **Required**                                        |
+| description | string | the flag description or alt text.                                                                        |
+
+### Edit pride flag
+
+#### `PATCH /users/@me/flags/{flag.id}`
+
+**Requires authentication.** Edits an existing pride flag.
+Returns the updated [pride flag](./#pride-flag) object on success.
+
+#### Request body parameters
+
+| Field       | Type   | Description                                                      |
+| ----------- | ------ | ---------------------------------------------------------------- |
+| name        | string | the flag's new name. Must be between 1 and 100 characters        |
+| description | string | the flag's new description. Must be between 1 and 500 characters |
+
+### Delete pride flag
+
+#### `DELETE /users/@me/flags/{flag.id}`
+
+**Requires authentication.** Deletes an existing pride flag. Returns `204 No Content` on success.
+
+### Reroll short ID
+
+#### `GET /users/@me/reroll`
+
+**Requires authentication.** Rerolls the user's short ID. Returns the updated [user](./users#user-object) on success.
+If the user has already rerolled a short ID in the past hour, returns `403 Forbidden`.

docs/api/errors.md

@@ -0,0 +1,34 @@
+# Error messages
+
+If there is an error in your request, or the server encounters an error while processing it, an error object will be returned.
+
+| Field           | Type    | Description                                                         |
+| --------------- | ------- | ------------------------------------------------------------------- |
+| code            | int     | an [error code](./errors#error-codes)                               |
+| id              | ?string | an opaque Sentry event ID, only returned for internal server errors |
+| message         | ?string | a human-readable description of the error                           |
+| details         | ?string | more details about the error, most often for bad request errors     |
+| ratelimit_reset | ?int    | the unix time when an expired rate limit will reset                 |
+
+### Error codes
+
+| Code | Description                                                                         |
+| ---- | ----------------------------------------------------------------------------------- |
+| 400  | One or more fields in your requests was invalid, or some required field is missing. |
+| 403  | You are not authorized to use this endpoint.                                        |
+| 404  | The endpoint was not found.                                                         |
+| 405  | The method you are trying to use is not suported for this endpoint.                 |
+| 429  | You have made too many requests in the last minute.                                 |
+| 500  | An internal server error occurred.                                                  |
+| 1006 | That username is invalid.                                                           |
+| 1007 | That username is already taken.                                                     |
+| 2001 | User not found.                                                                     |
+| 2002 | This user's member list is private.                                                 |
+| 2003 | You have reached the maximum number of pride flags.                                 |
+| 2004 | You are trying to reroll short IDs too quickly.                                     |
+| 3001 | Member not found.                                                                   |
+| 3002 | You have reached the maximum number of members.                                     |
+| 3003 | That member name is already in use.                                                 |
+| 3004 | You can only edit your own members.                                                 |
+| 4001 | Your request is too big (maximum 2 megabytes)                                       |
+| 4002 | This endpoint is unavailable to your account or the current token.                  |

docs/api/index.md

@@ -0,0 +1,95 @@
+# API reference
+
+pronouns.cc has a HTTP REST API to query and edit profiles, available at `https://pronouns.cc/api`.
+
+## Versioning
+
+The API is versioned, and versions must be explicitly specified for all endpoints.
+The current, and only, available version is **1**.
+The version is specified in the request path, like `https://pronouns.cc/api/v{version}`.
+
+| Version | Status     |
+| ------- | ---------- |
+| 1       | Default    |
+| 2       | _Upcoming_ |
+
+The API version will be incremented for any breaking changes, including:
+
+- Removing entire endpoints
+- Removing fields from responses
+- Changing the behaviour of fields (in some situations, see below)
+
+However, the following types of changes are **not** considered breaking:
+
+- Adding new endpoints
+- Adding new fields to requests or responses (your JSON serializer/deserializer should ignore unknown fields)
+- Forcing fields related to removed features to their default value
+
+## Authentication
+
+Tokens can be created [here](https://pronouns.cc/settings/tokens).
+Not all endpoints require authentication. For those that do, a token must be provided in the `Authorization` header.
+The token _may_ be prefixed with `Bearer `, but this is not required.
+
+::: info
+You are allowed to use site tokens (those stored in your browser's local storage) to access endpoints not available to API tokens,
+however, these endpoints are not available to API tokens *for a reason*:
+site tokens can take destructive actions such as deleting your account.
+Additionally, endpoints that are not available to API tokens may have breaking changes without a major version bump.
+:::
+
+## Request bodies
+
+::: info
+The current API version doesn't distinguish between omitted and `null` keys yet.
+However, the next version of the API will use `null` to unset keys, so clients should not rely on this behaviour.
+:::
+
+Request bodies should be in JSON format.
+For PATCH requests, **all keys are optional**. Omitted keys will not be updated,
+and keys set to the zero value of their respective types (for strings: `""`, for numbers: `0`, for arrays: `[]`, etc.)
+will be unset.
+
+## Documentation formatting
+
+The "type" column in tables is formatted as follows:
+
+- The type used is the _Go_ type, not the _JSON_ type.
+  For example, the documentation will use `int` for integers and `float` for floats,
+  even though they are both represented with JSON numbers.
+- A _leading_ `?` signifies that the field may be omitted.
+- A _trailing_ `?` signifies that the field may be null.
+
+## IDs
+
+### Snowflake IDs
+
+For [multiple reasons](https://codeberg.org/pronounscc/pronouns.cc/issues/89),
+pronouns.cc is transitioning to using snowflakes for unique IDs. These will become the default in the next API version,
+but are already returned as `id_new` in the relevant objects (users, members, and flags).
+
+### xids
+
+[xid](https://github.com/rs/xid) is the previous unique ID format. These are always serialized as strings.
+Although xids have timestamp information embedded in them, this is non-trivial to extract.
+xids are unique across _all_ resources, they are never shared (for example, a user and a member cannot share the same ID).
+
+### prns.cc IDs
+
+Users and members also have an additional ID type, `sid`.
+These are randomly generated 5 or 6 letter strings, and are used for the prns.cc URL shortener.
+**These can change at any time**, as short IDs can be rerolled once per hour.
+
+## Images
+
+The API does not return full URLs to images such as avatars and pride flags.
+Instead, the URL must be constructed manually using the `avatar` or `hash` fields.
+
+The default user and member avatar is served at `https://pronouns.cc/default/512.webp`.
+All custom images are served on the base URL `https://cdn.pronouns.cc`, and are only available in WebP format.
+
+| Type          | Format                                      |
+| ------------- | ------------------------------------------- |
+| User avatar   | `/users/{user.id}/{user.avatar}.webp`       |
+| Member avatar | `/members/{member.id}/{member.avatar}.webp` |
+| Pride flag    | `/flags/{flag.hash}.webp`                   |

docs/api/ratelimits.md

@@ -0,0 +1,31 @@
+# Rate limits
+
+The API has rate limits, generally separated by groups of endpoints.
+If you exceed a rate limit, the API will start to return 429 errors.
+
+## Headers
+
+- `X-RateLimit-Bucket`: the bucket the rate limit is for (listed below)
+- `X-RateLimit-Limit`: the total number of requests you can make per minute
+- `X-RateLimit-Remaining`: the number of requests remaining in the current timeframe
+- `X-RateLimit-Reset`: the unix timestamp that the number of requests resets at
+- `Retry-After`: only if you hit a rate limit, the number of seconds until you can make requests again
+
+## Buckets
+
+Note that only the most specific matching bucket is used for rate limits.
+
+| Bucket                   | Rate limit per minute | Notes                                                       |
+| ------------------------ | --------------------- | ----------------------------------------------------------- |
+| /                        | 120                   | Used as fallback if no other bucket exists for the endpoint |
+| GET /users/\*            | 60                    |                                                             |
+| GET /users/\*/members    | 60                    |                                                             |
+| GET /users/\*/members/\* | 60                    |                                                             |
+| PATCH /users/@me         | 10                    |                                                             |
+| POST /members            | 10                    |                                                             |
+| GET /members/\*          | 60                    |                                                             |
+| PATCH /members/\*        | 20                    |                                                             |
+| DELETE /members/\*       | 5                     |                                                             |
+| /auth/\*                 | 20                    |                                                             |
+| /auth/tokens             | 10                    |                                                             |
+| /auth/invites            | 10                    |                                                             |

docs/index.md

@@ -0,0 +1,5 @@
+# pronouns.cc
+
+pronouns.cc is a service where you can create a list of your preferred names, pronouns, and other terms, and share it with other people.
+
+*Note: this documentation site is a work in progress, and currently only contains (partial) API documentation.*

docs/package.json

@@ -0,0 +1,14 @@
+{
+  "devDependencies": {
+    "vitepress": "1.0.0-rc.4"
+  },
+  "scripts": {
+    "docs:dev": "vitepress dev",
+    "docs:build": "vitepress build",
+    "docs:preview": "vitepress preview"
+  },
+  "dependencies": {
+    "@fontsource/fira-mono": "^5.0.8",
+    "@fontsource/firago": "^5.0.7"
+  }
+}

docs/pnpm-lock.yaml

@@ -0,0 +1,876 @@
+lockfileVersion: '6.0'
+
+dependencies:
+  '@fontsource/fira-mono':
+    specifier: ^5.0.8
+    version: 5.0.8
+  '@fontsource/firago':
+    specifier: ^5.0.7
+    version: 5.0.7
+
+devDependencies:
+  vitepress:
+    specifier: 1.0.0-rc.4
+    version: 1.0.0-rc.4(@algolia/client-search@4.19.1)(search-insights@2.7.0)
+
+packages:
+
+  /@algolia/autocomplete-core@1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)(search-insights@2.7.0):
+    resolution: {integrity: sha512-009HdfugtGCdC4JdXUbVJClA0q0zh24yyePn+KUGk3rP7j8FEe/m5Yo/z65gn6nP/cM39PxpzqKrL7A6fP6PPw==}
+    dependencies:
+      '@algolia/autocomplete-plugin-algolia-insights': 1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)(search-insights@2.7.0)
+      '@algolia/autocomplete-shared': 1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)
+    transitivePeerDependencies:
+      - '@algolia/client-search'
+      - algoliasearch
+      - search-insights
+    dev: true
+
+  /@algolia/autocomplete-plugin-algolia-insights@1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)(search-insights@2.7.0):
+    resolution: {integrity: sha512-a/yTUkcO/Vyy+JffmAnTWbr4/90cLzw+CC3bRbhnULr/EM0fGNvM13oQQ14f2moLMcVDyAx/leczLlAOovhSZg==}
+    peerDependencies:
+      search-insights: '>= 1 < 3'
+    dependencies:
+      '@algolia/autocomplete-shared': 1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)
+      search-insights: 2.7.0
+    transitivePeerDependencies:
+      - '@algolia/client-search'
+      - algoliasearch
+    dev: true
+
+  /@algolia/autocomplete-preset-algolia@1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1):
+    resolution: {integrity: sha512-d4qlt6YmrLMYy95n5TB52wtNDr6EgAIPH81dvvvW8UmuWRgxEtY0NJiPwl/h95JtG2vmRM804M0DSwMCNZlzRA==}
+    peerDependencies:
+      '@algolia/client-search': '>= 4.9.1 < 6'
+      algoliasearch: '>= 4.9.1 < 6'
+    dependencies:
+      '@algolia/autocomplete-shared': 1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)
+      '@algolia/client-search': 4.19.1
+      algoliasearch: 4.19.1
+    dev: true
+
+  /@algolia/autocomplete-shared@1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1):
+    resolution: {integrity: sha512-Wnm9E4Ye6Rl6sTTqjoymD+l8DjSTHsHboVRYrKgEt8Q7UHm9nYbqhN/i0fhUYA3OAEH7WA8x3jfpnmJm3rKvaQ==}
+    peerDependencies:
+      '@algolia/client-search': '>= 4.9.1 < 6'
+      algoliasearch: '>= 4.9.1 < 6'
+    dependencies:
+      '@algolia/client-search': 4.19.1
+      algoliasearch: 4.19.1
+    dev: true
+
+  /@algolia/cache-browser-local-storage@4.19.1:
+    resolution: {integrity: sha512-FYAZWcGsFTTaSAwj9Std8UML3Bu8dyWDncM7Ls8g+58UOe4XYdlgzXWbrIgjaguP63pCCbMoExKr61B+ztK3tw==}
+    dependencies:
+      '@algolia/cache-common': 4.19.1
+    dev: true
+
+  /@algolia/cache-common@4.19.1:
+    resolution: {integrity: sha512-XGghi3l0qA38HiqdoUY+wvGyBsGvKZ6U3vTiMBT4hArhP3fOGLXpIINgMiiGjTe4FVlTa5a/7Zf2bwlIHfRqqg==}
+    dev: true
+
+  /@algolia/cache-in-memory@4.19.1:
+    resolution: {integrity: sha512-+PDWL+XALGvIginigzu8oU6eWw+o76Z8zHbBovWYcrtWOEtinbl7a7UTt3x3lthv+wNuFr/YD1Gf+B+A9V8n5w==}
+    dependencies:
+      '@algolia/cache-common': 4.19.1
+    dev: true
+
+  /@algolia/client-account@4.19.1:
+    resolution: {integrity: sha512-Oy0ritA2k7AMxQ2JwNpfaEcgXEDgeyKu0V7E7xt/ZJRdXfEpZcwp9TOg4TJHC7Ia62gIeT2Y/ynzsxccPw92GA==}
+    dependencies:
+      '@algolia/client-common': 4.19.1
+      '@algolia/client-search': 4.19.1
+      '@algolia/transporter': 4.19.1
+    dev: true
+
+  /@algolia/client-analytics@4.19.1:
+    resolution: {integrity: sha512-5QCq2zmgdZLIQhHqwl55ZvKVpLM3DNWjFI4T+bHr3rGu23ew2bLO4YtyxaZeChmDb85jUdPDouDlCumGfk6wOg==}
+    dependencies:
+      '@algolia/client-common': 4.19.1
+      '@algolia/client-search': 4.19.1
+      '@algolia/requester-common': 4.19.1
+      '@algolia/transporter': 4.19.1
+    dev: true
+
+  /@algolia/client-common@4.19.1:
+    resolution: {integrity: sha512-3kAIVqTcPrjfS389KQvKzliC559x+BDRxtWamVJt8IVp7LGnjq+aVAXg4Xogkur1MUrScTZ59/AaUd5EdpyXgA==}
+    dependencies:
+      '@algolia/requester-common': 4.19.1
+      '@algolia/transporter': 4.19.1
+    dev: true
+
+  /@algolia/client-personalization@4.19.1:
+    resolution: {integrity: sha512-8CWz4/H5FA+krm9HMw2HUQenizC/DxUtsI5oYC0Jxxyce1vsr8cb1aEiSJArQT6IzMynrERif1RVWLac1m36xw==}
+    dependencies:
+      '@algolia/client-common': 4.19.1
+      '@algolia/requester-common': 4.19.1
+      '@algolia/transporter': 4.19.1
+    dev: true
+
+  /@algolia/client-search@4.19.1:
+    resolution: {integrity: sha512-mBecfMFS4N+yK/p0ZbK53vrZbL6OtWMk8YmnOv1i0LXx4pelY8TFhqKoTit3NPVPwoSNN0vdSN9dTu1xr1XOVw==}
+    dependencies:
+      '@algolia/client-common': 4.19.1
+      '@algolia/requester-common': 4.19.1
+      '@algolia/transporter': 4.19.1
+    dev: true
+
+  /@algolia/logger-common@4.19.1:
+    resolution: {integrity: sha512-i6pLPZW/+/YXKis8gpmSiNk1lOmYCmRI6+x6d2Qk1OdfvX051nRVdalRbEcVTpSQX6FQAoyeaui0cUfLYW5Elw==}
+    dev: true
+
+  /@algolia/logger-console@4.19.1:
+    resolution: {integrity: sha512-jj72k9GKb9W0c7TyC3cuZtTr0CngLBLmc8trzZlXdfvQiigpUdvTi1KoWIb2ZMcRBG7Tl8hSb81zEY3zI2RlXg==}
+    dependencies:
+      '@algolia/logger-common': 4.19.1
+    dev: true
+
+  /@algolia/requester-browser-xhr@4.19.1:
+    resolution: {integrity: sha512-09K/+t7lptsweRTueHnSnmPqIxbHMowejAkn9XIcJMLdseS3zl8ObnS5GWea86mu3vy4+8H+ZBKkUN82Zsq/zg==}
+    dependencies:
+      '@algolia/requester-common': 4.19.1
+    dev: true
+
+  /@algolia/requester-common@4.19.1:
+    resolution: {integrity: sha512-BisRkcWVxrDzF1YPhAckmi2CFYK+jdMT60q10d7z3PX+w6fPPukxHRnZwooiTUrzFe50UBmLItGizWHP5bDzVQ==}
+    dev: true
+
+  /@algolia/requester-node-http@4.19.1:
+    resolution: {integrity: sha512-6DK52DHviBHTG2BK/Vv2GIlEw7i+vxm7ypZW0Z7vybGCNDeWzADx+/TmxjkES2h15+FZOqVf/Ja677gePsVItA==}
+    dependencies:
+      '@algolia/requester-common': 4.19.1
+    dev: true
+
+  /@algolia/transporter@4.19.1:
+    resolution: {integrity: sha512-nkpvPWbpuzxo1flEYqNIbGz7xhfhGOKGAZS7tzC+TELgEmi7z99qRyTfNSUlW7LZmB3ACdnqAo+9A9KFBENviQ==}
+    dependencies:
+      '@algolia/cache-common': 4.19.1
+      '@algolia/logger-common': 4.19.1
+      '@algolia/requester-common': 4.19.1
+    dev: true
+
+  /@babel/helper-string-parser@7.22.5:
+    resolution: {integrity: sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==}
+    engines: {node: '>=6.9.0'}
+    dev: true
+
+  /@babel/helper-validator-identifier@7.22.5:
+    resolution: {integrity: sha512-aJXu+6lErq8ltp+JhkJUfk1MTGyuA4v7f3pA+BJ5HLfNC6nAQ0Cpi9uOquUj8Hehg0aUiHzWQbOVJGao6ztBAQ==}
+    engines: {node: '>=6.9.0'}
+    dev: true
+
+  /@babel/parser@7.22.10:
+    resolution: {integrity: sha512-lNbdGsQb9ekfsnjFGhEiF4hfFqGgfOP3H3d27re3n+CGhNuTSUEQdfWk556sTLNTloczcdM5TYF2LhzmDQKyvQ==}
+    engines: {node: '>=6.0.0'}
+    hasBin: true
+    dependencies:
+      '@babel/types': 7.22.10
+    dev: true
+
+  /@babel/types@7.22.10:
+    resolution: {integrity: sha512-obaoigiLrlDZ7TUQln/8m4mSqIW2QFeOrCQc9r+xsaHGNoplVNYlRVpsfE8Vj35GEm2ZH4ZhrNYogs/3fj85kg==}
+    engines: {node: '>=6.9.0'}
+    dependencies:
+      '@babel/helper-string-parser': 7.22.5
+      '@babel/helper-validator-identifier': 7.22.5
+      to-fast-properties: 2.0.0
+    dev: true
+
+  /@docsearch/css@3.5.2:
+    resolution: {integrity: sha512-SPiDHaWKQZpwR2siD0KQUwlStvIAnEyK6tAE2h2Wuoq8ue9skzhlyVQ1ddzOxX6khULnAALDiR/isSF3bnuciA==}
+    dev: true
+
+  /@docsearch/js@3.5.2(@algolia/client-search@4.19.1)(search-insights@2.7.0):
+    resolution: {integrity: sha512-p1YFTCDflk8ieHgFJYfmyHBki1D61+U9idwrLh+GQQMrBSP3DLGKpy0XUJtPjAOPltcVbqsTjiPFfH7JImjUNg==}
+    dependencies:
+      '@docsearch/react': 3.5.2(@algolia/client-search@4.19.1)(search-insights@2.7.0)
+      preact: 10.17.1
+    transitivePeerDependencies:
+      - '@algolia/client-search'
+      - '@types/react'
+      - react
+      - react-dom
+      - search-insights
+    dev: true
+
+  /@docsearch/react@3.5.2(@algolia/client-search@4.19.1)(search-insights@2.7.0):
+    resolution: {integrity: sha512-9Ahcrs5z2jq/DcAvYtvlqEBHImbm4YJI8M9y0x6Tqg598P40HTEkX7hsMcIuThI+hTFxRGZ9hll0Wygm2yEjng==}
+    peerDependencies:
+      '@types/react': '>= 16.8.0 < 19.0.0'
+      react: '>= 16.8.0 < 19.0.0'
+      react-dom: '>= 16.8.0 < 19.0.0'
+      search-insights: '>= 1 < 3'
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      react:
+        optional: true
+      react-dom:
+        optional: true
+      search-insights:
+        optional: true
+    dependencies:
+      '@algolia/autocomplete-core': 1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)(search-insights@2.7.0)
+      '@algolia/autocomplete-preset-algolia': 1.9.3(@algolia/client-search@4.19.1)(algoliasearch@4.19.1)
+      '@docsearch/css': 3.5.2
+      algoliasearch: 4.19.1
+      search-insights: 2.7.0
+    transitivePeerDependencies:
+      - '@algolia/client-search'
+    dev: true
+
+  /@esbuild/android-arm64@0.18.20:
+    resolution: {integrity: sha512-Nz4rJcchGDtENV0eMKUNa6L12zz2zBDXuhj/Vjh18zGqB44Bi7MBMSXjgunJgjRhCmKOjnPuZp4Mb6OKqtMHLQ==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [android]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/android-arm@0.18.20:
+    resolution: {integrity: sha512-fyi7TDI/ijKKNZTUJAQqiG5T7YjJXgnzkURqmGj13C6dCqckZBLdl4h7bkhHt/t0WP+zO9/zwroDvANaOqO5Sw==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [android]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/android-x64@0.18.20:
+    resolution: {integrity: sha512-8GDdlePJA8D6zlZYJV/jnrRAi6rOiNaCC/JclcXpB+KIuvfBN4owLtgzY2bsxnx666XjJx2kDPUmnTtR8qKQUg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [android]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/darwin-arm64@0.18.20:
+    resolution: {integrity: sha512-bxRHW5kHU38zS2lPTPOyuyTm+S+eobPUnTNkdJEfAddYgEcll4xkT8DB9d2008DtTbl7uJag2HuE5NZAZgnNEA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [darwin]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/darwin-x64@0.18.20:
+    resolution: {integrity: sha512-pc5gxlMDxzm513qPGbCbDukOdsGtKhfxD1zJKXjCCcU7ju50O7MeAZ8c4krSJcOIJGFR+qx21yMMVYwiQvyTyQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [darwin]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/freebsd-arm64@0.18.20:
+    resolution: {integrity: sha512-yqDQHy4QHevpMAaxhhIwYPMv1NECwOvIpGCZkECn8w2WFHXjEwrBn3CeNIYsibZ/iZEUemj++M26W3cNR5h+Tw==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [freebsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/freebsd-x64@0.18.20:
+    resolution: {integrity: sha512-tgWRPPuQsd3RmBZwarGVHZQvtzfEBOreNuxEMKFcd5DaDn2PbBxfwLcj4+aenoh7ctXcbXmOQIn8HI6mCSw5MQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [freebsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-arm64@0.18.20:
+    resolution: {integrity: sha512-2YbscF+UL7SQAVIpnWvYwM+3LskyDmPhe31pE7/aoTMFKKzIc9lLbyGUpmmb8a8AixOL61sQ/mFh3jEjHYFvdA==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-arm@0.18.20:
+    resolution: {integrity: sha512-/5bHkMWnq1EgKr1V+Ybz3s1hWXok7mDFUMQ4cG10AfW3wL02PSZi5kFpYKrptDsgb2WAJIvRcDm+qIvXf/apvg==}
+    engines: {node: '>=12'}
+    cpu: [arm]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-ia32@0.18.20:
+    resolution: {integrity: sha512-P4etWwq6IsReT0E1KHU40bOnzMHoH73aXp96Fs8TIT6z9Hu8G6+0SHSw9i2isWrD2nbx2qo5yUqACgdfVGx7TA==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-loong64@0.18.20:
+    resolution: {integrity: sha512-nXW8nqBTrOpDLPgPY9uV+/1DjxoQ7DoB2N8eocyq8I9XuqJ7BiAMDMf9n1xZM9TgW0J8zrquIb/A7s3BJv7rjg==}
+    engines: {node: '>=12'}
+    cpu: [loong64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-mips64el@0.18.20:
+    resolution: {integrity: sha512-d5NeaXZcHp8PzYy5VnXV3VSd2D328Zb+9dEq5HE6bw6+N86JVPExrA6O68OPwobntbNJ0pzCpUFZTo3w0GyetQ==}
+    engines: {node: '>=12'}
+    cpu: [mips64el]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-ppc64@0.18.20:
+    resolution: {integrity: sha512-WHPyeScRNcmANnLQkq6AfyXRFr5D6N2sKgkFo2FqguP44Nw2eyDlbTdZwd9GYk98DZG9QItIiTlFLHJHjxP3FA==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-riscv64@0.18.20:
+    resolution: {integrity: sha512-WSxo6h5ecI5XH34KC7w5veNnKkju3zBRLEQNY7mv5mtBmrP/MjNBCAlsM2u5hDBlS3NGcTQpoBvRzqBcRtpq1A==}
+    engines: {node: '>=12'}
+    cpu: [riscv64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-s390x@0.18.20:
+    resolution: {integrity: sha512-+8231GMs3mAEth6Ja1iK0a1sQ3ohfcpzpRLH8uuc5/KVDFneH6jtAJLFGafpzpMRO6DzJ6AvXKze9LfFMrIHVQ==}
+    engines: {node: '>=12'}
+    cpu: [s390x]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/linux-x64@0.18.20:
+    resolution: {integrity: sha512-UYqiqemphJcNsFEskc73jQ7B9jgwjWrSayxawS6UVFZGWrAAtkzjxSqnoclCXxWtfwLdzU+vTpcNYhpn43uP1w==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [linux]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/netbsd-x64@0.18.20:
+    resolution: {integrity: sha512-iO1c++VP6xUBUmltHZoMtCUdPlnPGdBom6IrO4gyKPFFVBKioIImVooR5I83nTew5UOYrk3gIJhbZh8X44y06A==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [netbsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/openbsd-x64@0.18.20:
+    resolution: {integrity: sha512-e5e4YSsuQfX4cxcygw/UCPIEP6wbIL+se3sxPdCiMbFLBWu0eiZOJ7WoD+ptCLrmjZBK1Wk7I6D/I3NglUGOxg==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [openbsd]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/sunos-x64@0.18.20:
+    resolution: {integrity: sha512-kDbFRFp0YpTQVVrqUd5FTYmWo45zGaXe0X8E1G/LKFC0v8x0vWrhOWSLITcCn63lmZIxfOMXtCfti/RxN/0wnQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [sunos]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/win32-arm64@0.18.20:
+    resolution: {integrity: sha512-ddYFR6ItYgoaq4v4JmQQaAI5s7npztfV4Ag6NrhiaW0RrnOXqBkgwZLofVTlq1daVTQNhtI5oieTvkRPfZrePg==}
+    engines: {node: '>=12'}
+    cpu: [arm64]
+    os: [win32]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/win32-ia32@0.18.20:
+    resolution: {integrity: sha512-Wv7QBi3ID/rROT08SABTS7eV4hX26sVduqDOTe1MvGMjNd3EjOz4b7zeexIR62GTIEKrfJXKL9LFxTYgkyeu7g==}
+    engines: {node: '>=12'}
+    cpu: [ia32]
+    os: [win32]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@esbuild/win32-x64@0.18.20:
+    resolution: {integrity: sha512-kTdfRcSiDfQca/y9QIkng02avJ+NCaQvrMejlsB3RRv5sE9rRoeBPISaZpKxHELzRxZyLvNts1P27W3wV+8geQ==}
+    engines: {node: '>=12'}
+    cpu: [x64]
+    os: [win32]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /@fontsource/fira-mono@5.0.8:
+    resolution: {integrity: sha512-8OJiUK2lzJjvDlkmamEfhtpL1cyFApg1Pk4kE5Pw5UTf1ETF3Yy/pprgwV5I+LQPDjuFvinsinT9xSUZ2b/zuQ==}
+    dev: false
+
+  /@fontsource/firago@5.0.7:
+    resolution: {integrity: sha512-xuTYVOBSwev2IVp2dqgrnq3gABUnehn91Ii+R1TM5Jpvr86gCPrMxmqfL9fgpUb5r12u7U1LBVC20GypIy8jeg==}
+    dev: false
+
+  /@jridgewell/sourcemap-codec@1.4.15:
+    resolution: {integrity: sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==}
+    dev: true
+
+  /@types/web-bluetooth@0.0.17:
+    resolution: {integrity: sha512-4p9vcSmxAayx72yn70joFoL44c9MO/0+iVEBIQXe3v2h2SiAsEIo/G5v6ObFWvNKRFjbrVadNf9LqEEZeQPzdA==}
+    dev: true
+
+  /@vitejs/plugin-vue@4.3.1(vite@4.4.9)(vue@3.3.4):
+    resolution: {integrity: sha512-tUBEtWcF7wFtII7ayNiLNDTCE1X1afySEo+XNVMNkFXaThENyCowIEX095QqbJZGTgoOcSVDJGlnde2NG4jtbQ==}
+    engines: {node: ^14.18.0 || >=16.0.0}
+    peerDependencies:
+      vite: ^4.0.0
+      vue: ^3.2.25
+    dependencies:
+      vite: 4.4.9
+      vue: 3.3.4
+    dev: true
+
+  /@vue/compiler-core@3.3.4:
+    resolution: {integrity: sha512-cquyDNvZ6jTbf/+x+AgM2Arrp6G4Dzbb0R64jiG804HRMfRiFXWI6kqUVqZ6ZR0bQhIoQjB4+2bhNtVwndW15g==}
+    dependencies:
+      '@babel/parser': 7.22.10
+      '@vue/shared': 3.3.4
+      estree-walker: 2.0.2
+      source-map-js: 1.0.2
+    dev: true
+
+  /@vue/compiler-dom@3.3.4:
+    resolution: {integrity: sha512-wyM+OjOVpuUukIq6p5+nwHYtj9cFroz9cwkfmP9O1nzH68BenTTv0u7/ndggT8cIQlnBeOo6sUT/gvHcIkLA5w==}
+    dependencies:
+      '@vue/compiler-core': 3.3.4
+      '@vue/shared': 3.3.4
+    dev: true
+
+  /@vue/compiler-sfc@3.3.4:
+    resolution: {integrity: sha512-6y/d8uw+5TkCuzBkgLS0v3lSM3hJDntFEiUORM11pQ/hKvkhSKZrXW6i69UyXlJQisJxuUEJKAWEqWbWsLeNKQ==}
+    dependencies:
+      '@babel/parser': 7.22.10
+      '@vue/compiler-core': 3.3.4
+      '@vue/compiler-dom': 3.3.4
+      '@vue/compiler-ssr': 3.3.4
+      '@vue/reactivity-transform': 3.3.4
+      '@vue/shared': 3.3.4
+      estree-walker: 2.0.2
+      magic-string: 0.30.2
+      postcss: 8.4.28
+      source-map-js: 1.0.2
+    dev: true
+
+  /@vue/compiler-ssr@3.3.4:
+    resolution: {integrity: sha512-m0v6oKpup2nMSehwA6Uuu+j+wEwcy7QmwMkVNVfrV9P2qE5KshC6RwOCq8fjGS/Eak/uNb8AaWekfiXxbBB6gQ==}
+    dependencies:
+      '@vue/compiler-dom': 3.3.4
+      '@vue/shared': 3.3.4
+    dev: true
+
+  /@vue/devtools-api@6.5.0:
+    resolution: {integrity: sha512-o9KfBeaBmCKl10usN4crU53fYtC1r7jJwdGKjPT24t348rHxgfpZ0xL3Xm/gLUYnc0oTp8LAmrxOeLyu6tbk2Q==}
+    dev: true
+
+  /@vue/reactivity-transform@3.3.4:
+    resolution: {integrity: sha512-MXgwjako4nu5WFLAjpBnCj/ieqcjE2aJBINUNQzkZQfzIZA4xn+0fV1tIYBJvvva3N3OvKGofRLvQIwEQPpaXw==}
+    dependencies:
+      '@babel/parser': 7.22.10
+      '@vue/compiler-core': 3.3.4
+      '@vue/shared': 3.3.4
+      estree-walker: 2.0.2
+      magic-string: 0.30.2
+    dev: true
+
+  /@vue/reactivity@3.3.4:
+    resolution: {integrity: sha512-kLTDLwd0B1jG08NBF3R5rqULtv/f8x3rOFByTDz4J53ttIQEDmALqKqXY0J+XQeN0aV2FBxY8nJDf88yvOPAqQ==}
+    dependencies:
+      '@vue/shared': 3.3.4
+    dev: true
+
+  /@vue/runtime-core@3.3.4:
+    resolution: {integrity: sha512-R+bqxMN6pWO7zGI4OMlmvePOdP2c93GsHFM/siJI7O2nxFRzj55pLwkpCedEY+bTMgp5miZ8CxfIZo3S+gFqvA==}
+    dependencies:
+      '@vue/reactivity': 3.3.4
+      '@vue/shared': 3.3.4
+    dev: true
+
+  /@vue/runtime-dom@3.3.4:
+    resolution: {integrity: sha512-Aj5bTJ3u5sFsUckRghsNjVTtxZQ1OyMWCr5dZRAPijF/0Vy4xEoRCwLyHXcj4D0UFbJ4lbx3gPTgg06K/GnPnQ==}
+    dependencies:
+      '@vue/runtime-core': 3.3.4
+      '@vue/shared': 3.3.4
+      csstype: 3.1.2
+    dev: true
+
+  /@vue/server-renderer@3.3.4(vue@3.3.4):
+    resolution: {integrity: sha512-Q6jDDzR23ViIb67v+vM1Dqntu+HUexQcsWKhhQa4ARVzxOY2HbC7QRW/ggkDBd5BU+uM1sV6XOAP0b216o34JQ==}
+    peerDependencies:
+      vue: 3.3.4
+    dependencies:
+      '@vue/compiler-ssr': 3.3.4
+      '@vue/shared': 3.3.4
+      vue: 3.3.4
+    dev: true
+
+  /@vue/shared@3.3.4:
+    resolution: {integrity: sha512-7OjdcV8vQ74eiz1TZLzZP4JwqM5fA94K6yntPS5Z25r9HDuGNzaGdgvwKYq6S+MxwF0TFRwe50fIR/MYnakdkQ==}
+    dev: true
+
+  /@vueuse/core@10.3.0(vue@3.3.4):
+    resolution: {integrity: sha512-BEM5yxcFKb5btFjTSAFjTu5jmwoW66fyV9uJIP4wUXXU8aR5Hl44gndaaXp7dC5HSObmgbnR2RN+Un1p68Mf5Q==}
+    dependencies:
+      '@types/web-bluetooth': 0.0.17
+      '@vueuse/metadata': 10.3.0
+      '@vueuse/shared': 10.3.0(vue@3.3.4)
+      vue-demi: 0.14.5(vue@3.3.4)
+    transitivePeerDependencies:
+      - '@vue/composition-api'
+      - vue
+    dev: true
+
+  /@vueuse/integrations@10.3.0(focus-trap@7.5.2)(vue@3.3.4):
+    resolution: {integrity: sha512-Jgiv7oFyIgC6BxmDtiyG/fxyGysIds00YaY7sefwbhCZ2/tjEx1W/1WcsISSJPNI30in28+HC2J4uuU8184ekg==}
+    peerDependencies:
+      async-validator: '*'
+      axios: '*'
+      change-case: '*'
+      drauu: '*'
+      focus-trap: '*'
+      fuse.js: '*'
+      idb-keyval: '*'
+      jwt-decode: '*'
+      nprogress: '*'
+      qrcode: '*'
+      sortablejs: '*'
+      universal-cookie: '*'
+    peerDependenciesMeta:
+      async-validator:
+        optional: true
+      axios:
+        optional: true
+      change-case:
+        optional: true
+      drauu:
+        optional: true
+      focus-trap:
+        optional: true
+      fuse.js:
+        optional: true
+      idb-keyval:
+        optional: true
+      jwt-decode:
+        optional: true
+      nprogress:
+        optional: true
+      qrcode:
+        optional: true
+      sortablejs:
+        optional: true
+      universal-cookie:
+        optional: true
+    dependencies:
+      '@vueuse/core': 10.3.0(vue@3.3.4)
+      '@vueuse/shared': 10.3.0(vue@3.3.4)
+      focus-trap: 7.5.2
+      vue-demi: 0.14.5(vue@3.3.4)
+    transitivePeerDependencies:
+      - '@vue/composition-api'
+      - vue
+    dev: true
+
+  /@vueuse/metadata@10.3.0:
+    resolution: {integrity: sha512-Ema3YhNOa4swDsV0V7CEY5JXvK19JI/o1szFO1iWxdFg3vhdFtCtSTP26PCvbUpnUtNHBY2wx5y3WDXND5Pvnw==}
+    dev: true
+
+  /@vueuse/shared@10.3.0(vue@3.3.4):
+    resolution: {integrity: sha512-kGqCTEuFPMK4+fNWy6dUOiYmxGcUbtznMwBZLC1PubidF4VZY05B+Oht7Jh7/6x4VOWGpvu3R37WHi81cKpiqg==}
+    dependencies:
+      vue-demi: 0.14.5(vue@3.3.4)
+    transitivePeerDependencies:
+      - '@vue/composition-api'
+      - vue
+    dev: true
+
+  /algoliasearch@4.19.1:
+    resolution: {integrity: sha512-IJF5b93b2MgAzcE/tuzW0yOPnuUyRgGAtaPv5UUywXM8kzqfdwZTO4sPJBzoGz1eOy6H9uEchsJsBFTELZSu+g==}
+    dependencies:
+      '@algolia/cache-browser-local-storage': 4.19.1
+      '@algolia/cache-common': 4.19.1
+      '@algolia/cache-in-memory': 4.19.1
+      '@algolia/client-account': 4.19.1
+      '@algolia/client-analytics': 4.19.1
+      '@algolia/client-common': 4.19.1
+      '@algolia/client-personalization': 4.19.1
+      '@algolia/client-search': 4.19.1
+      '@algolia/logger-common': 4.19.1
+      '@algolia/logger-console': 4.19.1
+      '@algolia/requester-browser-xhr': 4.19.1
+      '@algolia/requester-common': 4.19.1
+      '@algolia/requester-node-http': 4.19.1
+      '@algolia/transporter': 4.19.1
+    dev: true
+
+  /ansi-sequence-parser@1.1.1:
+    resolution: {integrity: sha512-vJXt3yiaUL4UU546s3rPXlsry/RnM730G1+HkpKE012AN0sx1eOrxSu95oKDIonskeLTijMgqWZ3uDEe3NFvyg==}
+    dev: true
+
+  /body-scroll-lock@4.0.0-beta.0:
+    resolution: {integrity: sha512-a7tP5+0Mw3YlUJcGAKUqIBkYYGlYxk2fnCasq/FUph1hadxlTRjF+gAcZksxANnaMnALjxEddmSi/H3OR8ugcQ==}
+    dev: true
+
+  /csstype@3.1.2:
+    resolution: {integrity: sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==}
+    dev: true
+
+  /esbuild@0.18.20:
+    resolution: {integrity: sha512-ceqxoedUrcayh7Y7ZX6NdbbDzGROiyVBgC4PriJThBKSVPWnnFHZAkfI1lJT8QFkOwH4qOS2SJkS4wvpGl8BpA==}
+    engines: {node: '>=12'}
+    hasBin: true
+    requiresBuild: true
+    optionalDependencies:
+      '@esbuild/android-arm': 0.18.20
+      '@esbuild/android-arm64': 0.18.20
+      '@esbuild/android-x64': 0.18.20
+      '@esbuild/darwin-arm64': 0.18.20
+      '@esbuild/darwin-x64': 0.18.20
+      '@esbuild/freebsd-arm64': 0.18.20
+      '@esbuild/freebsd-x64': 0.18.20
+      '@esbuild/linux-arm': 0.18.20
+      '@esbuild/linux-arm64': 0.18.20
+      '@esbuild/linux-ia32': 0.18.20
+      '@esbuild/linux-loong64': 0.18.20
+      '@esbuild/linux-mips64el': 0.18.20
+      '@esbuild/linux-ppc64': 0.18.20
+      '@esbuild/linux-riscv64': 0.18.20
+      '@esbuild/linux-s390x': 0.18.20
+      '@esbuild/linux-x64': 0.18.20
+      '@esbuild/netbsd-x64': 0.18.20
+      '@esbuild/openbsd-x64': 0.18.20
+      '@esbuild/sunos-x64': 0.18.20
+      '@esbuild/win32-arm64': 0.18.20
+      '@esbuild/win32-ia32': 0.18.20
+      '@esbuild/win32-x64': 0.18.20
+    dev: true
+
+  /estree-walker@2.0.2:
+    resolution: {integrity: sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==}
+    dev: true
+
+  /focus-trap@7.5.2:
+    resolution: {integrity: sha512-p6vGNNWLDGwJCiEjkSK6oERj/hEyI9ITsSwIUICBoKLlWiTWXJRfQibCwcoi50rTZdbi87qDtUlMCmQwsGSgPw==}
+    dependencies:
+      tabbable: 6.2.0
+    dev: true
+
+  /fsevents@2.3.2:
+    resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==}
+    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
+    os: [darwin]
+    requiresBuild: true
+    dev: true
+    optional: true
+
+  /jsonc-parser@3.2.0:
+    resolution: {integrity: sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==}
+    dev: true
+
+  /magic-string@0.30.2:
+    resolution: {integrity: sha512-lNZdu7pewtq/ZvWUp9Wpf/x7WzMTsR26TWV03BRZrXFsv+BI6dy8RAiKgm1uM/kyR0rCfUcqvOlXKG66KhIGug==}
+    engines: {node: '>=12'}
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.4.15
+    dev: true
+
+  /mark.js@8.11.1:
+    resolution: {integrity: sha512-1I+1qpDt4idfgLQG+BNWmrqku+7/2bi5nLf4YwF8y8zXvmfiTBY3PV3ZibfrjBueCByROpuBjLLFCajqkgYoLQ==}
+    dev: true
+
+  /minisearch@6.1.0:
+    resolution: {integrity: sha512-PNxA/X8pWk+TiqPbsoIYH0GQ5Di7m6326/lwU/S4mlo4wGQddIcf/V//1f9TB0V4j59b57b+HZxt8h3iMROGvg==}
+    dev: true
+
+  /nanoid@3.3.6:
+    resolution: {integrity: sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==}
+    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
+    hasBin: true
+    dev: true
+
+  /picocolors@1.0.0:
+    resolution: {integrity: sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==}
+    dev: true
+
+  /postcss@8.4.28:
+    resolution: {integrity: sha512-Z7V5j0cq8oEKyejIKfpD8b4eBy9cwW2JWPk0+fB1HOAMsfHbnAXLLS+PfVWlzMSLQaWttKDt607I0XHmpE67Vw==}
+    engines: {node: ^10 || ^12 || >=14}
+    dependencies:
+      nanoid: 3.3.6
+      picocolors: 1.0.0
+      source-map-js: 1.0.2
+    dev: true
+
+  /preact@10.17.1:
+    resolution: {integrity: sha512-X9BODrvQ4Ekwv9GURm9AKAGaomqXmip7NQTZgY7gcNmr7XE83adOMJvd3N42id1tMFU7ojiynRsYnY6/BRFxLA==}
+    dev: true
+
+  /rollup@3.28.0:
+    resolution: {integrity: sha512-d7zhvo1OUY2SXSM6pfNjgD5+d0Nz87CUp4mt8l/GgVP3oBsPwzNvSzyu1me6BSG9JIgWNTVcafIXBIyM8yQ3yw==}
+    engines: {node: '>=14.18.0', npm: '>=8.0.0'}
+    hasBin: true
+    optionalDependencies:
+      fsevents: 2.3.2
+    dev: true
+
+  /search-insights@2.7.0:
+    resolution: {integrity: sha512-GLbVaGgzYEKMvuJbHRhLi1qoBFnjXZGZ6l4LxOYPCp4lI2jDRB3jPU9/XNhMwv6kvnA9slTreq6pvK+b3o3aqg==}
+    engines: {node: '>=8.16.0'}
+    dev: true
+
+  /shiki@0.14.3:
+    resolution: {integrity: sha512-U3S/a+b0KS+UkTyMjoNojvTgrBHjgp7L6ovhFVZsXmBGnVdQ4K4U9oK0z63w538S91ATngv1vXigHCSWOwnr+g==}
+    dependencies:
+      ansi-sequence-parser: 1.1.1
+      jsonc-parser: 3.2.0
+      vscode-oniguruma: 1.7.0
+      vscode-textmate: 8.0.0
+    dev: true
+
+  /source-map-js@1.0.2:
+    resolution: {integrity: sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==}
+    engines: {node: '>=0.10.0'}
+    dev: true
+
+  /tabbable@6.2.0:
+    resolution: {integrity: sha512-Cat63mxsVJlzYvN51JmVXIgNoUokrIaT2zLclCXjRd8boZ0004U4KCs/sToJ75C6sdlByWxpYnb5Boif1VSFew==}
+    dev: true
+
+  /to-fast-properties@2.0.0:
+    resolution: {integrity: sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==}
+    engines: {node: '>=4'}
+    dev: true
+
+  /vite@4.4.9:
+    resolution: {integrity: sha512-2mbUn2LlUmNASWwSCNSJ/EG2HuSRTnVNaydp6vMCm5VIqJsjMfbIWtbH2kDuwUVW5mMUKKZvGPX/rqeqVvv1XA==}
+    engines: {node: ^14.18.0 || >=16.0.0}
+    hasBin: true
+    peerDependencies:
+      '@types/node': '>= 14'
+      less: '*'
+      lightningcss: ^1.21.0
+      sass: '*'
+      stylus: '*'
+      sugarss: '*'
+      terser: ^5.4.0
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+      less:
+        optional: true
+      lightningcss:
+        optional: true
+      sass:
+        optional: true
+      stylus:
+        optional: true
+      sugarss:
+        optional: true
+      terser:
+        optional: true
+    dependencies:
+      esbuild: 0.18.20
+      postcss: 8.4.28
+      rollup: 3.28.0
+    optionalDependencies:
+      fsevents: 2.3.2
+    dev: true
+
+  /vitepress@1.0.0-rc.4(@algolia/client-search@4.19.1)(search-insights@2.7.0):
+    resolution: {integrity: sha512-JCQ89Bm6ECUTnyzyas3JENo00UDJeK8q1SUQyJYou+4Yz5BKEc/F3O21cu++DnUT2zXc0kvQ2Aj4BZCc/nioXQ==}
+    hasBin: true
+    dependencies:
+      '@docsearch/css': 3.5.2
+      '@docsearch/js': 3.5.2(@algolia/client-search@4.19.1)(search-insights@2.7.0)
+      '@vitejs/plugin-vue': 4.3.1(vite@4.4.9)(vue@3.3.4)
+      '@vue/devtools-api': 6.5.0
+      '@vueuse/core': 10.3.0(vue@3.3.4)
+      '@vueuse/integrations': 10.3.0(focus-trap@7.5.2)(vue@3.3.4)
+      body-scroll-lock: 4.0.0-beta.0
+      focus-trap: 7.5.2
+      mark.js: 8.11.1
+      minisearch: 6.1.0
+      shiki: 0.14.3
+      vite: 4.4.9
+      vue: 3.3.4
+    transitivePeerDependencies:
+      - '@algolia/client-search'
+      - '@types/node'
+      - '@types/react'
+      - '@vue/composition-api'
+      - async-validator
+      - axios
+      - change-case
+      - drauu
+      - fuse.js
+      - idb-keyval
+      - jwt-decode
+      - less
+      - lightningcss
+      - nprogress
+      - qrcode
+      - react
+      - react-dom
+      - sass
+      - search-insights
+      - sortablejs
+      - stylus
+      - sugarss
+      - terser
+      - universal-cookie
+    dev: true
+
+  /vscode-oniguruma@1.7.0:
+    resolution: {integrity: sha512-L9WMGRfrjOhgHSdOYgCt/yRMsXzLDJSL7BPrOZt73gU0iWO4mpqzqQzOz5srxqTvMBaR0XZTSrVWo4j55Rc6cA==}
+    dev: true
+
+  /vscode-textmate@8.0.0:
+    resolution: {integrity: sha512-AFbieoL7a5LMqcnOF04ji+rpXadgOXnZsxQr//r83kLPr7biP7am3g9zbaZIaBGwBRWeSvoMD4mgPdX3e4NWBg==}
+    dev: true
+
+  /vue-demi@0.14.5(vue@3.3.4):
+    resolution: {integrity: sha512-o9NUVpl/YlsGJ7t+xuqJKx8EBGf1quRhCiT6D/J0pfwmk9zUwYkC7yrF4SZCe6fETvSM3UNL2edcbYrSyc4QHA==}
+    engines: {node: '>=12'}
+    hasBin: true
+    requiresBuild: true
+    peerDependencies:
+      '@vue/composition-api': ^1.0.0-rc.1
+      vue: ^3.0.0-0 || ^2.6.0
+    peerDependenciesMeta:
+      '@vue/composition-api':
+        optional: true
+    dependencies:
+      vue: 3.3.4
+    dev: true
+
+  /vue@3.3.4:
+    resolution: {integrity: sha512-VTyEYn3yvIeY1Py0WaYGZsXnz3y5UnGi62GjVEqvEGPl6nxbOrCXbVOTQWBEJUqAyTUk2uJ5JLVnYJ6ZzGbrSw==}
+    dependencies:
+      '@vue/compiler-dom': 3.3.4
+      '@vue/compiler-sfc': 3.3.4
+      '@vue/runtime-dom': 3.3.4
+      '@vue/server-renderer': 3.3.4(vue@3.3.4)
+      '@vue/shared': 3.3.4
+    dev: true

docs/public/logo.svg

@@ -0,0 +1 @@
+<svg width="11.411mm" height="11.076mm" version="1.1" viewBox="1 1 11.245 10.218" xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="clipPath16"><path d="m0 38h38v-38h-38z"/></clipPath></defs><g transform="translate(-49.754 -142.39)"><g transform="matrix(.33073 0 0 -.33073 50.093 154.62)" clip-path="url(#clipPath16)"><path d="m35.347 20.107-8.899 3.294-3.323 10.891c-0.128 0.42-0.516 0.708-0.956 0.708-0.439 0-0.828-0.288-0.956-0.708l-3.322-10.891-8.9-3.294c-0.393-0.146-0.653-0.52-0.653-0.938s0.26-0.793 0.653-0.937l8.896-3.293 3.323-11.223c0.126-0.425 0.516-0.716 0.959-0.716s0.833 0.291 0.959 0.716l3.324 11.223 8.896 3.293c0.392 0.144 0.652 0.519 0.652 0.937s-0.26 0.792-0.653 0.938" fill="#aa8ed6"/><path d="m15.347 9.1064-2.313 0.856-0.9 3.3c-0.119 0.436-0.514 0.738-0.965 0.738s-0.846-0.302-0.965-0.738l-0.9-3.3-2.313-0.856c-0.393-0.145-0.653-0.52-0.653-0.937 0-0.418 0.26-0.793 0.653-0.938l2.301-0.853 0.907-3.622c0.111-0.444 0.511-0.756 0.97-0.756 0.458 0 0.858 0.312 0.97 0.756l0.907 3.622 2.301 0.853c0.393 0.145 0.653 0.52 0.653 0.938 0 0.417-0.26 0.792-0.653 0.937" fill="#fcab40"/><path d="m11.009 30.769-2.365 0.875-0.875 2.365c-0.146 0.393-0.52 0.653-0.938 0.653-0.419 0-0.793-0.26-0.938-0.653l-0.876-2.365-2.364-0.875c-0.393-0.146-0.653-0.52-0.653-0.938s0.26-0.792 0.653-0.938l2.364-0.875 0.876-2.365c0.145-0.393 0.519-0.653 0.938-0.653 0.418 0 0.792 0.26 0.938 0.653l0.875 2.365 2.365 0.875c0.393 0.146 0.653 0.52 0.653 0.938s-0.26 0.792-0.653 0.938" fill="#5dadec"/></g></g></svg>

docs/self-hosting.md

@@ -1,6 +1,6 @@
 # Running pronouns.cc in production
 
-The configuration files in this directory are the same files used to run pronouns.cc in production.  
+The configuration files in this directory are the same files used to run pronouns.cc in production.
 You might have to change paths and ports, but they should work fine as-is.
 
 ## Building pronouns.cc

frontend/.env.example

@@ -1,4 +1,4 @@
-# Base of frontend URLs
+# Base of frontend URLs (required)
 PUBLIC_BASE_URL=http://localhost:5173
 
 # Base of media URLs, required for avatars, pride flags, and data exports

frontend/.eslintrc.cjs

@@ -1,20 +1,31 @@
 module.exports = {
-	root: true,
-	parser: '@typescript-eslint/parser',
-	extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended', 'prettier'],
-	plugins: ['svelte3', '@typescript-eslint'],
-	ignorePatterns: ['*.cjs'],
-	overrides: [{ files: ['*.svelte'], processor: 'svelte3/svelte3' }],
-	settings: {
-		'svelte3/typescript': () => require('typescript')
-	},
-	parserOptions: {
-		sourceType: 'module',
-		ecmaVersion: 2020
-	},
-	env: {
-		browser: true,
-		es2017: true,
-		node: true
-	}
+  root: true,
+  parser: "@typescript-eslint/parser",
+  extends: ["eslint:recommended", "plugin:@typescript-eslint/recommended", "prettier"],
+  plugins: ["svelte3", "@typescript-eslint"],
+  ignorePatterns: ["*.cjs"],
+  overrides: [{ files: ["*.svelte"], processor: "svelte3/svelte3" }],
+  settings: {
+    "svelte3/typescript": () => require("typescript"),
+  },
+  parserOptions: {
+    sourceType: "module",
+    ecmaVersion: 2020,
+  },
+  env: {
+    browser: true,
+    es2017: true,
+    node: true,
+  },
+  rules: {
+    "no-unused-vars": "off",
+    "@typescript-eslint/no-unused-vars": [
+      "error",
+      {
+        argsIgnorePattern: "^_",
+        destructuredArrayIgnorePattern: "^_",
+        varsIgnorePattern: "^_",
+      },
+    ],
+  },
 };

frontend/icons.js

@@ -16,26 +16,22 @@ writeFileSync("src/icons.ts", `const icons = ${output};\nexport default icons;`)
 const goCode1 = `// Generated code. DO NOT EDIT
 package icons
 
-var icons = [...]string{
+var icons = map[string]struct{}{
 `;
 
 const goCode2 = `}
 
 // IsValid returns true if the input is the name of a Bootstrap icon.
 func IsValid(name string) bool {
-	for i := range icons {
-		if icons[i] == name {
-			return true
-		}
-	}
-	return false
+	_, ok := icons[name]
+	return ok
 }
 `;
 
 let goOutput = goCode1;
 
 keys.forEach((element) => {
-  goOutput += `	"${element}",\n`;
+  goOutput += `	"${element}": {},\n`;
 });
 
 goOutput += goCode2;

frontend/package.json

@@ -1,52 +1,53 @@
 {
-	"name": "pronouns-fe",
-	"version": "0.0.1",
-	"private": true,
-	"scripts": {
-		"dev": "vite dev",
-		"build": "vite build",
-		"preview": "vite preview",
-		"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
-		"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
-		"lint": "prettier --plugin-search-dir . --check . && eslint .",
-		"format": "prettier --plugin-search-dir . --write ."
-	},
-	"devDependencies": {
-		"@sveltejs/adapter-auto": "^2.0.0",
-		"@sveltejs/adapter-node": "^1.2.3",
-		"@sveltejs/kit": "^1.15.0",
-		"@types/luxon": "^3.2.2",
-		"@types/markdown-it": "^12.2.3",
-		"@types/node": "^18.15.11",
-		"@types/sanitize-html": "^2.9.0",
-		"@typescript-eslint/eslint-plugin": "^5.57.1",
-		"@typescript-eslint/parser": "^5.57.1",
-		"eslint": "^8.37.0",
-		"eslint-config-prettier": "^8.8.0",
-		"eslint-plugin-svelte3": "^4.0.0",
-		"prettier": "^2.8.7",
-		"prettier-plugin-svelte": "^2.10.0",
-		"svelte": "^3.58.0",
-		"svelte-check": "^3.1.4",
-		"svelte-hcaptcha": "^0.1.1",
-		"sveltestrap": "^5.10.0",
-		"tslib": "^2.5.0",
-		"typescript": "^4.9.5",
-		"vite": "^4.2.1",
-		"vite-plugin-markdown": "^2.1.0"
-	},
-	"type": "module",
-	"dependencies": {
-		"@fontsource/firago": "^4.5.3",
-		"@popperjs/core": "^2.11.7",
-		"@sentry/node": "^7.46.0",
-		"base64-arraybuffer": "^1.0.2",
-		"bootstrap": "5.3.0-alpha1",
-		"bootstrap-icons": "^1.10.4",
-		"jose": "^4.13.1",
-		"luxon": "^3.3.0",
-		"markdown-it": "^13.0.1",
-		"pretty-bytes": "^6.1.0",
-		"sanitize-html": "^2.10.0"
-	}
+  "name": "pronouns-fe",
+  "version": "0.0.1",
+  "private": true,
+  "scripts": {
+    "dev": "vite dev",
+    "build": "vite build",
+    "preview": "vite preview",
+    "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
+    "lint": "prettier --plugin-search-dir . --check . && eslint .",
+    "format": "prettier --plugin-search-dir . --write ."
+  },
+  "devDependencies": {
+    "@sveltejs/adapter-auto": "^3.0.0",
+    "@sveltejs/adapter-node": "^2.0.0",
+    "@sveltejs/kit": "^2.0.0",
+    "@sveltejs/vite-plugin-svelte": "^3.0.0",
+    "@sveltestrap/sveltestrap": "^6.0.5",
+    "@types/luxon": "^3.3.7",
+    "@types/markdown-it": "^13.0.7",
+    "@types/node": "^18.15.11",
+    "@types/sanitize-html": "^2.9.0",
+    "@typescript-eslint/eslint-plugin": "^5.57.1",
+    "@typescript-eslint/parser": "^5.57.1",
+    "eslint": "^8.37.0",
+    "eslint-config-prettier": "^8.8.0",
+    "eslint-plugin-svelte3": "^4.0.0",
+    "prettier": "^2.8.7",
+    "prettier-plugin-svelte": "^2.10.1",
+    "svelte": "^4.0.0",
+    "svelte-check": "^3.4.3",
+    "svelte-hcaptcha": "^0.1.1",
+    "tslib": "^2.5.0",
+    "typescript": "^5.0.0",
+    "vite": "^5.0.0",
+    "vite-plugin-markdown": "^2.1.0"
+  },
+  "type": "module",
+  "dependencies": {
+    "@fontsource/firago": "^4.5.3",
+    "@popperjs/core": "^2.11.7",
+    "@sentry/node": "^7.46.0",
+    "base64-arraybuffer": "^1.0.2",
+    "bootstrap": "^5.3.2",
+    "bootstrap-icons": "^1.11.2",
+    "jose": "^4.13.1",
+    "luxon": "^3.3.0",
+    "markdown-it": "^13.0.1",
+    "pretty-bytes": "^6.1.0",
+    "sanitize-html": "^2.10.0"
+  }
 }

frontend/src/app.d.ts

@@ -16,23 +16,4 @@ declare global {
   }
 }
 
-declare module "svelte-hcaptcha" {
-  import type { SvelteComponent } from "svelte";
-
-  export interface HCaptchaProps {
-    sitekey?: string;
-    apihost?: string;
-    hl?: string;
-    reCaptchaCompat?: boolean;
-    theme?: CaptchaTheme;
-    size?: string;
-  }
-
-  declare class HCaptcha extends SvelteComponent {
-    $$prop_def: HCaptchaProps;
-  }
-
-  export default HCaptcha;
-}
-
 export {};

frontend/src/hooks.server.ts

@@ -2,7 +2,9 @@ import { PRIVATE_SENTRY_DSN } from "$env/static/private";
 import * as Sentry from "@sentry/node";
 import type { HandleServerError } from "@sveltejs/kit";
 
-Sentry.init({ dsn: PRIVATE_SENTRY_DSN });
+if (PRIVATE_SENTRY_DSN) {
+  Sentry.init({ dsn: PRIVATE_SENTRY_DSN });
+}
 
 export const handleError = (({ error, event }) => {
   console.log(error);

frontend/src/lib/api/entities.ts

@@ -1,3 +1,4 @@
+/* eslint-disable no-unused-vars */
 import { PUBLIC_BASE_URL, PUBLIC_MEDIA_URL } from "$env/static/public";
 
 export const MAX_MEMBERS = 500;
@@ -62,8 +63,14 @@ export interface MeUser extends User {
   timezone: string | null;
 }
 
+export interface Settings {
+  read_changelog: string;
+  read_settings_notice: string;
+  read_global_notice: number;
+}
+
 export interface Field {
-  name: string;
+  name: string | null;
   entries: FieldEntry[];
 }
 

frontend/src/lib/api/fetch.ts

@@ -11,9 +11,16 @@ export async function apiFetch<T>(
     body,
     token,
     headers,
-  }: { method?: string; body?: any; token?: string; headers?: Record<string, string> },
+    version,
+  }: {
+    method?: string;
+    body?: any;
+    token?: string;
+    headers?: Record<string, string>;
+    version?: number;
+  },
 ) {
-  const resp = await fetch(`${PUBLIC_BASE_URL}/api/v1${path}`, {
+  const resp = await fetch(`${PUBLIC_BASE_URL}/api/v${version || 1}${path}`, {
     method: method || "GET",
     headers: {
       ...(token ? { Authorization: token } : {}),
@@ -28,12 +35,18 @@ export async function apiFetch<T>(
   return data as T;
 }
 
-export const apiFetchClient = async <T>(path: string, method = "GET", body: any = null) => {
+export const apiFetchClient = async <T>(
+  path: string,
+  method = "GET",
+  body: any = null,
+  version = 1,
+) => {
   try {
     const data = await apiFetch<T>(path, {
       method,
       body,
       token: localStorage.getItem("pronouns-token") || undefined,
+      version,
     });
     return data;
   } catch (e) {
@@ -55,9 +68,16 @@ export async function fastFetch(
     body,
     token,
     headers,
-  }: { method?: string; body?: any; token?: string; headers?: Record<string, string> },
+    version,
+  }: {
+    method?: string;
+    body?: any;
+    token?: string;
+    headers?: Record<string, string>;
+    version?: number;
+  },
 ) {
-  const resp = await fetch(`${PUBLIC_BASE_URL}/api/v1${path}`, {
+  const resp = await fetch(`${PUBLIC_BASE_URL}/api/v${version || 1}${path}`, {
     method: method || "GET",
     headers: {
       ...(token ? { Authorization: token } : {}),
@@ -71,12 +91,18 @@ export async function fastFetch(
 }
 
 /** Fetches the specified path without parsing the response body. */
-export const fastFetchClient = async (path: string, method = "GET", body: any = null) => {
+export const fastFetchClient = async (
+  path: string,
+  method = "GET",
+  body: any = null,
+  version = 1,
+) => {
   try {
     await fastFetch(path, {
       method,
       body,
       token: localStorage.getItem("pronouns-token") || undefined,
+      version,
     });
   } catch (e) {
     if ((e as APIError).code === ErrorCode.InvalidToken) {

frontend/src/lib/api/responses.ts

@@ -11,6 +11,7 @@ export interface MetaResponse {
   users: MetaUsers;
   members: number;
   require_invite: boolean;
+  notice: { id: number; notice: string } | null;
 }
 
 export interface MetaUsers {

frontend/src/lib/components/ActiveLink.svelte

@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { NavLink } from "sveltestrap";
+  import { NavLink } from "@sveltestrap/sveltestrap";
   import { page } from "$app/stores";
 
   export let href: string;

frontend/src/lib/components/ErrorAlert.svelte

@@ -1,6 +1,6 @@
 <script lang="ts">
   import type { APIError } from "$lib/api/entities";
-  import { Alert } from "sveltestrap";
+  import { Alert } from "@sveltestrap/sveltestrap";
 
   export let error: APIError;
 </script>

frontend/src/lib/components/FallbackImage.svelte

@@ -4,6 +4,7 @@
   export let urls: string[];
   export let alt: string;
   export let width = 300;
+  export let lazyLoad = false;
 
   const contentTypeFor = (url: string) => {
     if (url.endsWith(".webp")) {
@@ -31,6 +32,7 @@
       src={urls[0] || defaultAvatars[0]}
       {alt}
       class="rounded-circle img-fluid"
+      loading={lazyLoad ? "lazy" : "eager"}
     />
   </picture>
 {:else}

frontend/src/lib/components/IconButton.svelte

@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { Button, Icon, Tooltip } from "sveltestrap";
+  import { Button, Icon, Tooltip } from "@sveltestrap/sveltestrap";
 
   export let icon: string;
   export let color: "primary" | "secondary" | "success" | "danger";

frontend/src/lib/components/PartialMemberCard.svelte

@@ -6,12 +6,12 @@
     type User,
     type CustomPreferences,
   } from "$lib/api/entities";
-    import { Icon, Tooltip } from "sveltestrap";
+  import { Icon, Tooltip } from "@sveltestrap/sveltestrap";
   import FallbackImage from "./FallbackImage.svelte";
 
   export let user: User;
   export let member: PartialMember & {
-    unlisted?: boolean
+    unlisted?: boolean;
   };
 
   let pronouns: string | undefined;
@@ -46,13 +46,18 @@
 
 <div>
   <a href="/@{user.name}/{member.name}">
-    <FallbackImage urls={memberAvatars(member)} width={200} alt="Avatar for {member.name}" />
+    <FallbackImage
+      urls={memberAvatars(member)}
+      width={200}
+      lazyLoad
+      alt="Avatar for {member.name}"
+    />
   </a>
   <p class="m-2">
     <a class="text-reset fs-5 text-break" href="/@{user.name}/{member.name}">
       {member.display_name ?? member.name}
       {#if member.unlisted === true}
-        <span bind:this={iconElement} tabindex={0}><Icon name="lock"/></span>
+        <span bind:this={iconElement} tabindex={0}><Icon name="lock" /></span>
         <Tooltip target={iconElement} placement="top">This member is hidden</Tooltip>
       {/if}
     </a>

frontend/src/lib/components/StatusIcon.svelte

@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { Icon, Tooltip } from "sveltestrap";
+  import { Icon, Tooltip } from "@sveltestrap/sveltestrap";
 
   import type { CustomPreference, CustomPreferences } from "$lib/api/entities";
   import defaultPreferences from "$lib/api/default_preferences";
@@ -15,10 +15,11 @@
   $: currentPreference =
     status in mergedPreferences ? mergedPreferences[status] : defaultPreferences.missing;
 
-  let iconElement: HTMLElement;
+  let iconElement: HTMLSpanElement;
 </script>
 
-<span bind:this={iconElement} tabindex={0}
-  ><Icon name={currentPreference.icon} class={className} /></span
->
-<Tooltip target={iconElement} placement="top">{currentPreference.tooltip}</Tooltip>
+<span bind:this={iconElement} aria-hidden>
+  <Icon name={currentPreference.icon} class={className} />
+</span>
+<span class="visually-hidden">{currentPreference.tooltip}:</span>
+<Tooltip aria-hidden target={iconElement} placement="top">{currentPreference.tooltip}</Tooltip>

frontend/src/lib/components/Toast.svelte

@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { Toast } from "sveltestrap";
+  import { Toast } from "@sveltestrap/sveltestrap";
 
   export let header: string | undefined = undefined;
   export let body: string;

frontend/src/lib/components/edit/EditableField.svelte

@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { Field, CustomPreferences } from "$lib/api/entities";
   import IconButton from "$lib/components/IconButton.svelte";
-  import { Button, Input, InputGroup } from "sveltestrap";
+  import { Button, Input, InputGroup } from "@sveltestrap/sveltestrap";
   import FieldEntry from "./FieldEntry.svelte";
 
   export let field: Field;
@@ -36,7 +36,7 @@
 </script>
 
 <div class="p-3">
-  <h5>{field.name}</h5>
+  <h5>{field.name ? field.name : "New field"}</h5>
   <InputGroup class="m-1">
     <IconButton
       color="secondary"
@@ -50,7 +50,7 @@
       tooltip="Move field right"
       click={() => moveField(false)}
     />
-    <Input bind:value={field.name} />
+    <Input placeholder="New field" bind:value={field.name} />
     <Button color="danger" on:click={() => deleteField()}>Delete field</Button>
   </InputGroup>
   <hr />
@@ -65,7 +65,7 @@
     />
   {/each}
 
-  <form class="input-group m-1" on:submit={addEntry}>
+  <form class="m-1 input-group" on:submit={addEntry}>
     <input type="text" class="form-control" placeholder="New entry" bind:value={newEntry} />
     <IconButton color="success" icon="plus" tooltip="Add entry" />
   </form>

frontend/src/lib/components/edit/EditableName.svelte

@@ -9,7 +9,7 @@
     DropdownToggle,
     Icon,
     Tooltip,
-  } from "sveltestrap";
+  } from "@sveltestrap/sveltestrap";
 
   export let value: string;
   export let status: string;

frontend/src/lib/components/edit/EditablePronouns.svelte

@@ -12,7 +12,7 @@
     InputGroupText,
     Popover,
     Tooltip,
-  } from "sveltestrap";
+  } from "@sveltestrap/sveltestrap";
 
   export let pronoun: Pronoun;
   export let preferences: CustomPreferences;

frontend/src/lib/components/edit/FieldEntry.svelte

@@ -9,7 +9,7 @@
     DropdownToggle,
     Icon,
     Tooltip,
-  } from "sveltestrap";
+  } from "@sveltestrap/sveltestrap";
 
   export let value: string;
   export let status: string;

frontend/src/lib/components/edit/FlagButton.svelte

@@ -1,6 +1,6 @@
 <script lang="ts">
   import { flagURL, type PrideFlag } from "$lib/api/entities";
-  import { Button, Tooltip } from "sveltestrap";
+  import { Button, Tooltip } from "@sveltestrap/sveltestrap";
 
   export let flag: PrideFlag;
   export let tooltip: string;

frontend/src/lib/components/edit/MarkdownHelp.svelte

@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { Icon, Modal } from "sveltestrap";
+  import { Icon, Modal } from "@sveltestrap/sveltestrap";
 
   let isOpen = false;
   const toggle = () => (isOpen = !isOpen);

frontend/src/lib/store.ts

@@ -1,7 +1,7 @@
 import { writable } from "svelte/store";
 import { browser } from "$app/environment";
 
-import type { MeUser } from "./api/entities";
+import type { MeUser, Settings } from "./api/entities";
 
 const initialUserValue = null;
 export const userStore = writable<MeUser | null>(initialUserValue);
@@ -13,4 +13,10 @@ const initialThemeValue = browser
 
 export const themeStore = writable<string>(initialThemeValue);
 
+const defaultSettingsValue = {
+  settings: { read_changelog: "0.0.0", read_settings_notice: "0" } as Settings,
+  current: false,
+};
+export const settingsStore = writable(defaultSettingsValue);
+
 export const CURRENT_CHANGELOG = "0.6.0";

frontend/src/lib/utils.ts

@@ -7,8 +7,18 @@ const md = new MarkdownIt({
   linkify: true,
 }).disable(["heading", "lheading", "link", "table", "blockquote"]);
 
+const unsafeMd = new MarkdownIt({
+  html: false,
+  breaks: true,
+  linkify: true,
+});
+
 export function renderMarkdown(src: string | null) {
   return src ? sanitize(md.render(src)) : null;
 }
 
+export function renderUnsafeMarkdown(src: string) {
+  return sanitize(unsafeMd.render(src));
+}
+
 export const charCount = (str: string) => [...str].length;

frontend/src/routes/+layout.server.ts

@@ -22,7 +22,8 @@ export const load = (async () => {
         },
         members: 0,
         require_invite: false,
-      };
+        notice: null,
+      } as MetaResponse;
     } else {
       throw e;
     }

frontend/src/routes/+layout.svelte

@@ -10,9 +10,13 @@
   import Navigation from "./nav/Navigation.svelte";
   import type { LayoutData } from "./$types";
   import { version } from "$app/environment";
+  import { settingsStore } from "$lib/store";
   import { toastStore } from "$lib/toast";
   import Toast from "$lib/components/Toast.svelte";
-  import { Icon } from "sveltestrap";
+  import { Alert, Icon } from "@sveltestrap/sveltestrap";
+  import { apiFetchClient } from "$lib/api/fetch";
+  import type { Settings } from "$lib/api/entities";
+  import { renderUnsafeMarkdown } from "$lib/utils";
 
   export let data: LayoutData;
 
@@ -21,6 +25,22 @@
   if (versionParts.length >= 3) commit = versionParts[2].slice(1);
 
   const versionMismatch = data.git_commit !== commit && data.git_commit !== "[unknown]";
+
+  const readNotice = async () => {
+    try {
+      const resp = await apiFetchClient<Settings>(
+        "/users/@me/settings",
+        "PATCH",
+        // If this function is run, notice will always be non-null
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        { read_global_notice: data.notice!.id },
+        2,
+      );
+      settingsStore.set({ current: true, settings: resp });
+    } catch (e) {
+      console.log("updating settings:", e);
+    }
+  };
 </script>
 
 <svelte:head>
@@ -34,6 +54,12 @@
   <div class="flex-grow-1">
     <Navigation commit={data.git_commit} />
     <div class="container">
+      {#if data.notice && $settingsStore.current && data.notice.id > $settingsStore.settings.read_global_notice}
+        <Alert color="secondary" isOpen={true} toggle={() => readNotice()}>
+          {@html renderUnsafeMarkdown(data.notice.notice)}
+        </Alert>
+      {/if}
+
       <slot />
       <div class="position-absolute top-0 start-50 translate-middle-x">
         {#each $toastStore as toast}

frontend/src/routes/+page.svelte

@@ -1,6 +1,6 @@
 <script lang="ts">
   import { PUBLIC_BASE_URL } from "$env/static/public";
-  import { Button } from "sveltestrap";
+  import { Button } from "@sveltestrap/sveltestrap";
   import { userStore } from "$lib/store";
 </script>
 

frontend/src/routes/@[username]/+page.server.ts

@@ -11,7 +11,7 @@ export const load = async ({ params }) => {
     return resp;
   } catch (e) {
     if ((e as APIError).code === ErrorCode.UserNotFound) {
-      throw error(404, e as APIError);
+      error(404, e as App.Error);
     }
 
     throw e;

frontend/src/routes/@[username]/+page.svelte

@@ -4,7 +4,6 @@
 
   import {
     Alert,
-    Badge,
     Button,
     ButtonGroup,
     Icon,
@@ -14,8 +13,8 @@
     ModalBody,
     ModalFooter,
     Tooltip,
-  } from "sveltestrap";
-  import { DateTime, Duration, FixedOffsetZone, Zone } from "luxon";
+  } from "@sveltestrap/sveltestrap";
+  import { DateTime, FixedOffsetZone } from "luxon";
   import FieldCard from "$lib/components/FieldCard.svelte";
   import PronounLink from "$lib/components/PronounLink.svelte";
   import PartialMemberCard from "$lib/components/PartialMemberCard.svelte";
@@ -46,6 +45,7 @@
   import ProfileFlag from "./ProfileFlag.svelte";
   import IconButton from "$lib/components/IconButton.svelte";
   import Badges from "./badges/Badges.svelte";
+  import PreferencesCheatsheet from "./PreferencesCheatsheet.svelte";
 
   export let data: PageData;
 
@@ -190,14 +190,15 @@
         {/if}
         {#if data.utc_offset}
           <Tooltip target="user-clock" placement="top">Current time</Tooltip>
-          <Icon id="user-clock" name="clock" aria-label="This user's current time" /> {currentTime} <span class="text-body-secondary">(UTC{timezone})</span>
+          <Icon id="user-clock" name="clock" aria-label="This user's current time" />
+          {currentTime} <span class="text-body-secondary">(UTC{timezone})</span>
         {/if}
         {#if profileEmpty && $userStore?.id === data.id}
           <hr />
           <p>
             <em>
-              Your profile is empty! You can customize it by going to the <a href="/@{data.name}/edit"
-                >edit profile</a
+              Your profile is empty! You can customize it by going to the <a
+                href="/@{data.name}/edit">edit profile</a
               > page.</em
             > <span class="text-muted">(only you can see this)</span>
           </p>
@@ -258,6 +259,12 @@
         </div>
       {/each}
     </div>
+    <PreferencesCheatsheet
+      preferences={data.custom_preferences}
+      names={data.names}
+      pronouns={data.pronouns}
+      fields={data.fields}
+    />
     <div class="row">
       <div class="col-md-6">
         <InputGroup>

frontend/src/routes/@[username]/PreferencesCheatsheet.svelte

@@ -0,0 +1,65 @@
+<script lang="ts">
+  import type {
+    CustomPreferences,
+    CustomPreference,
+    Field,
+    FieldEntry,
+    Pronoun,
+  } from "$lib/api/entities";
+  import defaultPreferences from "$lib/api/default_preferences";
+  import StatusIcon from "$lib/components/StatusIcon.svelte";
+
+  export let preferences: CustomPreferences;
+  export let names: FieldEntry[];
+  export let pronouns: Pronoun[];
+  export let fields: Field[];
+
+  let mergedPreferences: CustomPreferences;
+  $: mergedPreferences = Object.assign({}, defaultPreferences, preferences);
+
+  // Filter default preferences to the ones the user/member has used
+  // This is done separately from custom preferences to make the shown list cleaner
+  let usedDefaultPreferences: Array<{ id: string; preference: CustomPreference }>;
+  $: usedDefaultPreferences = Object.keys(defaultPreferences)
+    .filter(
+      (pref) =>
+        names.some((entry) => entry.status === pref) ||
+        pronouns.some((entry) => entry.status === pref) ||
+        fields.some((field) => field.entries.some((entry) => entry.status === pref)),
+    )
+    .map((key) => ({
+      id: key,
+      preference: defaultPreferences[key],
+    }));
+  // Do the same for custom preferences
+  let usedCustomPreferences: Array<{ id: string; preference: CustomPreference }>;
+  $: usedCustomPreferences = Object.keys(preferences)
+    .filter(
+      (pref) =>
+        names.some((entry) => entry.status === pref) ||
+        pronouns.some((entry) => entry.status === pref) ||
+        fields.some((field) => field.entries.some((entry) => entry.status === pref)),
+    )
+    .map((pref) => ({ id: pref, preference: mergedPreferences[pref] }));
+</script>
+
+<div class="text-center">
+  <ul class="list-inline text-body-secondary">
+    {#each usedDefaultPreferences as pref (pref.id)}
+      <li class="list-inline-item mx-2">
+        <StatusIcon {preferences} status={pref.id} />
+        {pref.preference.tooltip}
+      </li>
+    {/each}
+  </ul>
+  {#if usedCustomPreferences}
+    <ul class="list-inline text-body-secondary">
+      {#each usedCustomPreferences as pref (pref.id)}
+        <li class="list-inline-item mx-2">
+          <StatusIcon {preferences} status={pref.id} />
+          {pref.preference.tooltip}
+        </li>
+      {/each}
+    </ul>
+  {/if}
+</div>