feat: add API endpoints to add email to existing account

backend/common/common.go

@@ -1,7 +1,11 @@
 // Package common contains functions and types common to all (or most) packages.
 package common
 
-import "unicode/utf8"
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"unicode/utf8"
+)
 
 func StringLength(s *string) int {
 	if s == nil {
@@ -9,3 +13,14 @@ func StringLength(s *string) int {
 	}
 	return utf8.RuneCountInString(*s)
 }
+
+// RandBase64 returns a string of random bytes encoded in raw base 64.
+func RandBase64(size int) string {
+	b := make([]byte, size)
+	_, err := rand.Read(b)
+	if err != nil {
+		panic(err)
+	}
+
+	return base64.RawURLEncoding.EncodeToString(b)
+}

backend/common/snowflake_types.go

@@ -37,3 +37,15 @@ func (id FlagID) Increment() uint16 { return Snowflake(id).Increment() }
 
 func (id FlagID) MarshalJSON() ([]byte, error)    { return Snowflake(id).MarshalJSON() }
 func (id *FlagID) UnmarshalJSON(src []byte) error { return (*Snowflake)(id).UnmarshalJSON(src) }
+
+type EmailID Snowflake
+
+func (id EmailID) String() string    { return Snowflake(id).String() }
+func (id EmailID) Time() time.Time   { return Snowflake(id).Time() }
+func (id EmailID) IsValid() bool     { return Snowflake(id).IsValid() }
+func (id EmailID) Worker() uint8     { return Snowflake(id).Worker() }
+func (id EmailID) PID() uint8        { return Snowflake(id).PID() }
+func (id EmailID) Increment() uint16 { return Snowflake(id).Increment() }
+
+func (id EmailID) MarshalJSON() ([]byte, error)    { return Snowflake(id).MarshalJSON() }
+func (id *EmailID) UnmarshalJSON(src []byte) error { return (*Snowflake)(id).UnmarshalJSON(src) }

backend/db/email.go

@@ -0,0 +1,125 @@
+package db
+
+import (
+	"context"
+	"crypto/rand"
+
+	"github.com/jackc/pgx/v5"
+	"github.com/jackc/pgx/v5/pgconn"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
+	"emperror.dev/errors"
+	"github.com/georgysavva/scany/v2/pgxscan"
+)
+
+type UserEmail struct {
+	ID           common.EmailID
+	UserID       common.UserID
+	EmailAddress string
+}
+
+func (db *DB) UserEmails(ctx context.Context, userID common.UserID) (es []UserEmail, err error) {
+	return db.UserEmailsTx(ctx, db, userID)
+}
+
+func (db *DB) UserEmailsTx(ctx context.Context, q pgxscan.Querier, userID common.UserID) (es []UserEmail, err error) {
+	sql, args, err := sq.Select("*").From("user_emails").Where("user_id = ?", userID).OrderBy("id").ToSql()
+	if err != nil {
+		return nil, errors.Wrap(err, "building query")
+	}
+
+	err = pgxscan.Select(ctx, q, &es, sql, args...)
+	if err != nil {
+		return nil, errors.Wrap(err, "executing query")
+	}
+
+	return NotNull(es), nil
+}
+
+// UserByEmail gets a user by their email address.
+func (db *DB) UserByEmail(ctx context.Context, email string) (u User, err error) {
+	sql, args, err := sq.Select("users.*").
+		From("user_emails").
+		Join("users ON user_emails.user_id = users.snowflake_id").
+		Where("email_address = ?", email).
+		ToSql()
+	if err != nil {
+		return u, errors.Wrap(err, "building query")
+	}
+
+	err = pgxscan.Get(ctx, db, &u, sql, args...)
+	if err != nil {
+		if errors.Cause(err) == pgx.ErrNoRows {
+			return u, ErrUserNotFound
+		}
+		return u, errors.Wrap(err, "executing query")
+	}
+	return u, nil
+}
+
+// EmailExists returns whether an email address already exists. It does not need to be comfirmed.
+func (db *DB) EmailExists(ctx context.Context, email string) (exists bool, err error) {
+	err = db.QueryRow(ctx, "select exists(SELECT * FROM user_emails WHERE email_address = $1)", email).Scan(&exists)
+	return exists, err
+}
+
+func (db *DB) EmailExistsTx(ctx context.Context, tx pgx.Tx, email string) (exists bool, err error) {
+	err = tx.QueryRow(ctx, "select exists(SELECT * FROM user_emails WHERE email_address = $1)", email).Scan(&exists)
+	return exists, err
+}
+
+const ErrEmailInUse = errors.Sentinel("email already in use")
+
+// AddEmail adds a new email to the database.
+func (db *DB) AddEmail(ctx context.Context, q pgxscan.Querier, userID common.UserID, email string) (e UserEmail, err error) {
+	sql, args, err := sq.Insert("user_emails").SetMap(map[string]any{
+		"id":            common.GenerateID(),
+		"user_id":       userID,
+		"email_address": email,
+	}).Suffix("RETURNING *").ToSql()
+	if err != nil {
+		return e, errors.Wrap(err, "building query")
+	}
+
+	err = pgxscan.Get(ctx, q, &e, sql, args...)
+	if err != nil {
+		pge := &pgconn.PgError{}
+		if errors.As(err, &pge) {
+			// unique constraint violation
+			if pge.Code == uniqueViolation {
+				return e, ErrEmailInUse
+			}
+		}
+
+		return e, errors.Wrap(err, "executing query")
+	}
+	return e, nil
+}
+
+func (db *DB) SetPassword(ctx context.Context, tx pgx.Tx, userID common.UserID, password string) (err error) {
+	salt := make([]byte, 16)
+	_, err = rand.Read(salt)
+	if err != nil {
+		return errors.Wrap(err, "creating salt")
+	}
+
+	hash := hashPassword([]byte(password), salt)
+
+	sql, args, err := sq.Update("users").Set("password", hash).Set("salt", salt).Where("snowflake_id = ?", userID).ToSql()
+	if err != nil {
+		return errors.Wrap(err, "building sql")
+	}
+
+	_, err = tx.Exec(ctx, sql, args...)
+	return errors.Wrap(err, "executing query")
+}
+
+func (db *DB) RemoveEmails(ctx context.Context, tx pgx.Tx, userID common.UserID) (err error) {
+	sql, args, err := sq.Delete("user_emails").Where("user_id = ?", userID).ToSql()
+	if err != nil {
+		return errors.Wrap(err, "building sql")
+	}
+
+	_, err = tx.Exec(ctx, sql, args...)
+	return errors.Wrap(err, "executing query")
+}

backend/db/fediverse.go

@@ -48,11 +48,11 @@ func (f FediverseApp) ClientConfig() *oauth2.Config {
 }
 
 func (f FediverseApp) MastodonCompatible() bool {
-	return f.InstanceType == "mastodon" || f.InstanceType == "pleroma" || f.InstanceType == "akkoma" || f.InstanceType == "incestoma" || f.InstanceType == "pixelfed" || f.InstanceType == "gotosocial"
+	return f.InstanceType == "mastodon" || f.InstanceType == "pleroma" || f.InstanceType == "akkoma" || f.InstanceType == "pixelfed" || f.InstanceType == "gotosocial"
 }
 
 func (f FediverseApp) Misskey() bool {
-	return f.InstanceType == "misskey" || f.InstanceType == "foundkey" || f.InstanceType == "calckey" || f.InstanceType == "firefish" || f.InstanceType == "sharkey"
+	return f.InstanceType == "misskey" || f.InstanceType == "foundkey" || f.InstanceType == "calckey" || f.InstanceType == "firefish"
 }
 
 const ErrNoInstanceApp = errors.Sentinel("instance doesn't have an app")

backend/db/tokens.go

@@ -64,7 +64,7 @@ func (db *DB) Tokens(ctx context.Context, userID xid.ID) (ts []Token, err error)
 const TokenExpiryTime = 3 * 30 * 24 * time.Hour
 
 // SaveToken saves a token to the database.
-func (db *DB) SaveToken(ctx context.Context, userID xid.ID, tokenID xid.ID, apiOnly, readOnly bool) (t Token, err error) {
+func (db *DB) SaveToken(ctx context.Context, q pgxscan.Querier, userID xid.ID, tokenID xid.ID, apiOnly, readOnly bool) (t Token, err error) {
 	sql, args, err := sq.Insert("tokens").
 		SetMap(map[string]any{
 			"user_id":   userID,
@@ -79,7 +79,7 @@ func (db *DB) SaveToken(ctx context.Context, userID xid.ID, tokenID xid.ID, apiO
 		return t, errors.Wrap(err, "building sql")
 	}
 
-	err = pgxscan.Get(ctx, db, &t, sql, args...)
+	err = pgxscan.Get(ctx, q, &t, sql, args...)
 	if err != nil {
 		return t, errors.Wrap(err, "inserting token")
 	}

backend/db/user.go

@@ -3,6 +3,7 @@ package db
 import (
 	"context"
 	"crypto/sha256"
+	"crypto/subtle"
 	"encoding/hex"
 	"fmt"
 	"regexp"
@@ -18,6 +19,7 @@ import (
 	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/rs/xid"
+	"golang.org/x/crypto/argon2"
 )
 
 type User struct {
@@ -56,6 +58,8 @@ type User struct {
 	LastSIDReroll time.Time `db:"last_sid_reroll"`
 	Timezone      *string
 	Settings      UserSettings
+	Password      []byte
+	Salt          []byte
 
 	DeletedAt    *time.Time
 	SelfDelete   *bool
@@ -101,7 +105,10 @@ const (
 	PreferenceSizeSmall  PreferenceSize = "small"
 )
 
-func (u User) NumProviders() (numProviders int) {
+func (u User) NumProviders(emails []UserEmail) (numProviders int) {
+	if len(emails) > 0 {
+		numProviders++
+	}
 	if u.Discord != nil {
 		numProviders++
 	}
@@ -132,6 +139,19 @@ func (u User) UTCOffset() (offset int, ok bool) {
 	return offset, true
 }
 
+func (u User) VerifyPassword(input string) bool {
+	if u.Password == nil || u.Salt == nil {
+		return false
+	}
+
+	inputHash := hashPassword([]byte(input), u.Salt)
+	return subtle.ConstantTimeCompare(inputHash, u.Password) == 1
+}
+
+func hashPassword(password, salt []byte) []byte {
+	return argon2.IDKey(password, salt, 1, 65536, 4, 16)
+}
+
 type Badge int32
 
 const (

backend/routes.go

@@ -6,11 +6,10 @@ import (
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/meta"
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/mod"
 	"codeberg.org/pronounscc/pronouns.cc/backend/routes/v1/user"
+	auth2 "codeberg.org/pronounscc/pronouns.cc/backend/routes/v2/auth"
 	user2 "codeberg.org/pronounscc/pronouns.cc/backend/routes/v2/user"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
 	"github.com/go-chi/chi/v5"
-
-	_ "embed"
 )
 
 // mountRoutes mounts all API routes on the server's router.
@@ -26,5 +25,6 @@ func mountRoutes(s *server.Server) {
 
 	s.Router.Route("/v2", func(r chi.Router) {
 		user2.Mount(s, r)
+		auth2.Mount(s, r)
 	})
 }

backend/routes/v1/auth/discord.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"time"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@@ -119,7 +120,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 		}
 
 		// save token to database
-		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@@ -142,7 +143,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// no user found, so save a ticket + save their Discord info in Redis
-	ticket := RandBase64(32)
+	ticket := common.RandBase64(32)
 	err = s.DB.SetJSON(ctx, "discord:"+ticket, du, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Discord user for ticket %q: %v", ticket, err)
@@ -234,8 +235,13 @@ func (s *Server) discordUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}
 
+	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
+	if err != nil {
+		return errors.Wrap(err, "getting user emails")
+	}
+
 	// cannot unlink last auth provider
-	if u.NumProviders() <= 1 {
+	if u.NumProviders(emails) <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}
 
@@ -360,12 +366,6 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}
 
-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@@ -375,11 +375,17 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// save token to database
-	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}
 
+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),

backend/routes/v1/auth/fedi_mastodon.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@@ -140,7 +141,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 		}
 
 		// save token to database
-		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@@ -163,7 +164,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
 	}
 
 	// no user found, so save a ticket + save their Mastodon info in Redis
-	ticket := RandBase64(32)
+	ticket := common.RandBase64(32)
 	err = s.DB.SetJSON(ctx, "mastodon:"+ticket, mu, "EX", "600")
 	if err != nil {
 		log.Errorf("setting mastoAPI user for ticket %q: %v", ticket, err)
@@ -261,8 +262,13 @@ func (s *Server) mastodonUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}
 
+	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
+	if err != nil {
+		return errors.Wrap(err, "getting user emails")
+	}
+
 	// cannot unlink last auth provider
-	if u.NumProviders() <= 1 {
+	if u.NumProviders(emails) <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}
 
@@ -388,12 +394,6 @@ func (s *Server) mastodonSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}
 
-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@@ -403,11 +403,17 @@ func (s *Server) mastodonSignup(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// save token to database
-	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}
 
+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),

backend/routes/v1/auth/fedi_misskey.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@@ -119,7 +120,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 		}
 
 		// save token to database
-		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@@ -142,7 +143,7 @@ func (s *Server) misskeyCallback(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// no user found, so save a ticket + save their Misskey info in Redis
-	ticket := RandBase64(32)
+	ticket := common.RandBase64(32)
 	err = s.DB.SetJSON(ctx, "misskey:"+ticket, mu.User, "EX", "600")
 	if err != nil {
 		log.Errorf("setting misskey user for ticket %q: %v", ticket, err)
@@ -316,12 +317,6 @@ func (s *Server) misskeySignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}
 
-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@@ -331,11 +326,17 @@ func (s *Server) misskeySignup(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// save token to database
-	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}
 
+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),

backend/routes/v1/auth/fediverse.go

@@ -68,10 +68,13 @@ func (s *Server) noAppFediverseURL(ctx context.Context, w http.ResponseWriter, r
 	case "iceshrimp":
 		softwareName = "firefish"
 		fallthrough
-	case "misskey", "foundkey", "calckey", "firefish", "sharkey":
+	case "misskey", "foundkey", "calckey", "firefish":
 		return s.noAppMisskeyURL(ctx, w, r, softwareName, instance)
-	case "mastodon", "pleroma", "akkoma", "incestoma", "pixelfed", "gotosocial":
+	case "mastodon", "pleroma", "akkoma", "pixelfed", "gotosocial":
 	case "glitchcafe", "hometown":
+		// plural.cafe (potentially other instances too?) runs Mastodon but changes the software name
+		// Hometown is a lightweight fork of Mastodon so we can just treat it the same
+		// changing it back to mastodon here for consistency
 		softwareName = "mastodon"
 	default:
 		return server.APIError{Code: server.ErrUnsupportedInstance}

backend/routes/v1/auth/google.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"time"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@@ -138,7 +139,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 		}
 
 		// save token to database
-		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@@ -161,7 +162,7 @@ func (s *Server) googleCallback(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// no user found, so save a ticket + save their Google info in Redis
-	ticket := RandBase64(32)
+	ticket := common.RandBase64(32)
 	err = s.DB.SetJSON(ctx, "google:"+ticket, partialGoogleUser{ID: googleID, Email: googleUsername}, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Google user for ticket %q: %v", ticket, err)
@@ -249,8 +250,13 @@ func (s *Server) googleUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}
 
+	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
+	if err != nil {
+		return errors.Wrap(err, "getting user emails")
+	}
+
 	// cannot unlink last auth provider
-	if u.NumProviders() <= 1 {
+	if u.NumProviders(emails) <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}
 
@@ -363,12 +369,6 @@ func (s *Server) googleSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}
 
-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@@ -378,11 +378,17 @@ func (s *Server) googleSignup(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// save token to database
-	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}
 
+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),

backend/routes/v1/auth/oauth.go

@@ -2,9 +2,8 @@ package auth
 
 import (
 	"context"
-	"crypto/rand"
-	"encoding/base64"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"github.com/mediocregopher/radix/v4"
 )
 
@@ -14,7 +13,7 @@ const numStates = "1000"
 
 // setCSRFState generates a random string to use as state, then stores that in Redis.
 func (s *Server) setCSRFState(ctx context.Context) (string, error) {
-	state := RandBase64(32)
+	state := common.RandBase64(32)
 
 	err := s.DB.MultiCmd(ctx,
 		radix.Cmd(nil, "LPUSH", "csrf", state),
@@ -32,14 +31,3 @@ func (s *Server) validateCSRFState(ctx context.Context, state string) (matched b
 	}
 	return num > 0, nil
 }
-
-// RandBase64 returns a string of random bytes encoded in raw base 64.
-func RandBase64(size int) string {
-	b := make([]byte, size)
-	_, err := rand.Read(b)
-	if err != nil {
-		panic(err)
-	}
-
-	return base64.RawURLEncoding.EncodeToString(b)
-}

backend/routes/v1/auth/tokens.go

@@ -115,7 +115,7 @@ func (s *Server) createToken(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "creating token")
 	}
 
-	t, err := s.DB.SaveToken(ctx, claims.UserID, tokenID, true, readOnly)
+	t, err := s.DB.SaveToken(ctx, s.DB, claims.UserID, tokenID, true, readOnly)
 	if err != nil {
 		return errors.Wrap(err, "saving token")
 	}

backend/routes/v1/auth/tumblr.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"time"
 
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
 	"codeberg.org/pronounscc/pronouns.cc/backend/db"
 	"codeberg.org/pronounscc/pronouns.cc/backend/log"
 	"codeberg.org/pronounscc/pronouns.cc/backend/server"
@@ -171,7 +172,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 		}
 
 		// save token to database
-		_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+		_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
 		if err != nil {
 			return errors.Wrap(err, "saving token to database")
 		}
@@ -194,7 +195,7 @@ func (s *Server) tumblrCallback(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// no user found, so save a ticket + save their Tumblr info in Redis
-	ticket := RandBase64(32)
+	ticket := common.RandBase64(32)
 	err = s.DB.SetJSON(ctx, "tumblr:"+ticket, tumblrUserInfo{ID: tumblrID, Name: tumblrName}, "EX", "600")
 	if err != nil {
 		log.Errorf("setting Tumblr user for ticket %q: %v", ticket, err)
@@ -282,8 +283,13 @@ func (s *Server) tumblrUnlink(w http.ResponseWriter, r *http.Request) error {
 		return server.APIError{Code: server.ErrNotLinked}
 	}
 
+	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
+	if err != nil {
+		return errors.Wrap(err, "getting user emails")
+	}
+
 	// cannot unlink last auth provider
-	if u.NumProviders() <= 1 {
+	if u.NumProviders(emails) <= 1 {
 		return server.APIError{Code: server.ErrLastProvider}
 	}
 
@@ -396,12 +402,6 @@ func (s *Server) tumblrSignup(w http.ResponseWriter, r *http.Request) error {
 		return errors.Wrap(err, "deleting signup ticket")
 	}
 
-	// commit transaction
-	err = tx.Commit(ctx)
-	if err != nil {
-		return errors.Wrap(err, "committing transaction")
-	}
-
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
@@ -411,11 +411,17 @@ func (s *Server) tumblrSignup(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// save token to database
-	_, err = s.DB.SaveToken(ctx, u.ID, tokenID, false, false)
+	_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
 	if err != nil {
 		return errors.Wrap(err, "saving token to database")
 	}
 
+	// commit transaction
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
 	// return user
 	render.JSON(w, r, signupResponse{
 		User:  *dbUserToUserResponse(u, nil),

backend/routes/v1/meta/meta.go

@@ -13,10 +13,17 @@ import (
 
 type Server struct {
 	*server.Server
+
+	requireInvite bool
+	emailSignup   bool
 }
 
 func Mount(srv *server.Server, r chi.Router) {
-	s := &Server{Server: srv}
+	s := &Server{
+		Server:        srv,
+		requireInvite: os.Getenv("REQUIRE_INVITE") == "true",
+		emailSignup:   os.Getenv("EMAIL_SMTP_ADDRESS") != "",
+	}
 
 	r.Get("/meta", server.WrapHandler(s.meta))
 }
@@ -27,6 +34,7 @@ type MetaResponse struct {
 	Users         MetaUsers   `json:"users"`
 	Members       int64       `json:"members"`
 	RequireInvite bool        `json:"require_invite"`
+	EmailSignup   bool        `json:"email_signup"`
 	Notice        *MetaNotice `json:"notice"`
 }
 
@@ -69,7 +77,8 @@ func (s *Server) meta(w http.ResponseWriter, r *http.Request) error {
 			ActiveDay:   activeDay,
 		},
 		Members:       numMembers,
-		RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",
+		RequireInvite: s.requireInvite,
+		EmailSignup:   s.emailSignup,
 		Notice:        notice,
 	})
 	return nil

backend/routes/v2/auth/email_signup.go

@@ -0,0 +1,192 @@
+package auth
+
+import (
+	"net/http"
+	"strings"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
+	"codeberg.org/pronounscc/pronouns.cc/backend/db"
+	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
+	"github.com/go-chi/render"
+	"github.com/mediocregopher/radix/v4"
+	"github.com/rs/xid"
+)
+
+type postEmailSignupRequest struct {
+	Email string `json:"email"`
+}
+
+func (s *Server) postEmailSignup(w http.ResponseWriter, r *http.Request) (err error) {
+	ctx := r.Context()
+	var req postEmailSignupRequest
+	err = render.Decode(r, &req)
+	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	if !strings.Contains(req.Email, "@") {
+		return server.APIError{Code: server.ErrBadRequest, Details: "Email seems to be invalid"}
+	}
+
+	ticket := common.RandBase64(48)
+	err = s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET", emailSignupTicketKey(ticket), req.Email, "EX", "3600"))
+	if err != nil {
+		return errors.Wrap(err, "setting email signup key")
+	}
+
+	// if the email address already exists, pretend we sent an email and return
+	// to prevent people from discovering valid email addresses
+	exists, err := s.DB.EmailExists(ctx, req.Email)
+	if err != nil {
+		return errors.Wrap(err, "checking if email exists")
+	}
+	if exists {
+		render.NoContent(w, r)
+		return nil
+	}
+
+	go s.SendEmail(req.Email, "Confirm your email address", "signup", map[string]any{
+		"Ticket": ticket,
+	})
+
+	render.NoContent(w, r)
+	return nil
+}
+
+func emailSignupTicketKey(ticket string) string {
+	return "email-signup:" + ticket
+}
+
+type postEmailSignupConfirmRequest struct {
+	Ticket   string `json:"ticket"`
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+func (s *Server) postEmailSignupConfirm(w http.ResponseWriter, r *http.Request) (err error) {
+	ctx := r.Context()
+	var req postEmailSignupConfirmRequest
+	err = render.Decode(r, &req)
+	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	var email string
+	err = s.DB.Redis.Do(ctx, radix.Cmd(&email, "GET", emailSignupTicketKey(req.Ticket)))
+	if err != nil {
+		return errors.Wrap(err, "getting email signup key")
+	}
+	if email == "" {
+		return server.APIError{Code: server.ErrBadRequest, Details: "Unknown ticket"}
+	}
+
+	tx, err := s.DB.Begin(ctx)
+	if err != nil {
+		return errors.Wrap(err, "starting transaction")
+	}
+	defer func() { _ = tx.Rollback(ctx) }()
+
+	u, err := s.DB.CreateUser(ctx, tx, req.Username)
+	if err != nil {
+		switch err {
+		case db.ErrUsernameTaken:
+			return server.APIError{Code: server.ErrUsernameTaken}
+		case db.ErrUsernameTooShort:
+			return server.APIError{Code: server.ErrBadRequest, Details: "Username is too short"}
+		case db.ErrUsernameTooLong:
+			return server.APIError{Code: server.ErrBadRequest, Details: "Username is too long"}
+		case db.ErrInvalidUsername:
+			return server.APIError{Code: server.ErrBadRequest, Details: "Username contains invalid characters"}
+		case db.ErrBannedUsername:
+			return server.APIError{Code: server.ErrBadRequest, Details: "Username is not allowed"}
+		default:
+			return errors.Wrap(err, "creating user")
+		}
+	}
+
+	_, err = s.DB.AddEmail(ctx, tx, u.SnowflakeID, email)
+	if err != nil {
+		if err == db.ErrEmailInUse {
+			// This should only happen if the email was *not* taken when the ticket was sent, but was taken in the meantime.
+			// i.e. unless another person has access to the mailbox, the user will know what happened
+			return server.APIError{Code: server.ErrBadRequest, Details: "Email is already in use"}
+		}
+
+		return errors.Wrap(err, "adding email to user")
+	}
+
+	err = s.DB.SetPassword(ctx, tx, u.SnowflakeID, req.Password)
+	if err != nil {
+		return errors.Wrap(err, "setting password for user")
+	}
+
+	// create token
+	tokenID := xid.New()
+	token, err := s.Auth.CreateToken(u.ID, tokenID, false, false, true)
+	if err != nil {
+		return errors.Wrap(err, "creating token")
+	}
+
+	// save token to database
+	_, err = s.DB.SaveToken(ctx, tx, u.ID, tokenID, false, false)
+	if err != nil {
+		return errors.Wrap(err, "saving token to database")
+	}
+
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
+	render.JSON(w, r, signupResponse{
+		User:  *dbUserToUserResponse(u, nil),
+		Token: token,
+	})
+
+	return nil
+}
+
+type userResponse struct {
+	ID          common.UserID     `json:"id"`
+	Username    string            `json:"name"`
+	DisplayName *string           `json:"display_name"`
+	Bio         *string           `json:"bio"`
+	Avatar      *string           `json:"avatar"`
+	Links       []string          `json:"links"`
+	Names       []db.FieldEntry   `json:"names"`
+	Pronouns    []db.PronounEntry `json:"pronouns"`
+	Fields      []db.Field        `json:"fields"`
+
+	Discord         *string `json:"discord"`
+	DiscordUsername *string `json:"discord_username"`
+
+	Tumblr         *string `json:"tumblr"`
+	TumblrUsername *string `json:"tumblr_username"`
+
+	Google         *string `json:"google"`
+	GoogleUsername *string `json:"google_username"`
+
+	Fediverse         *string `json:"fediverse"`
+	FediverseUsername *string `json:"fediverse_username"`
+	FediverseInstance *string `json:"fediverse_instance"`
+}
+
+func dbUserToUserResponse(u db.User, fields []db.Field) *userResponse {
+	return &userResponse{
+		ID:          u.SnowflakeID,
+		Username:    u.Username,
+		DisplayName: u.DisplayName,
+		Bio:         u.Bio,
+		Avatar:      u.Avatar,
+		Links:       db.NotNull(u.Links),
+		Names:       db.NotNull(u.Names),
+		Pronouns:    db.NotNull(u.Pronouns),
+		Fields:      db.NotNull(fields),
+	}
+}
+
+type signupResponse struct {
+	User  userResponse `json:"user"`
+	Token string       `json:"token"`
+}

backend/routes/v2/auth/get_emails.go

@@ -0,0 +1,53 @@
+package auth
+
+import (
+	"net/http"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
+	"codeberg.org/pronounscc/pronouns.cc/backend/db"
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
+	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
+	"github.com/go-chi/render"
+)
+
+type EmailResponse struct {
+	ID    common.EmailID `json:"id"`
+	Email string         `json:"email"`
+}
+
+func dbEmailToResponse(e db.UserEmail) EmailResponse {
+	return EmailResponse{
+		ID:    e.ID,
+		Email: e.EmailAddress,
+	}
+}
+
+func (s *Server) getEmails(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+	claims, _ := server.ClaimsFromContext(ctx)
+	if claims.APIToken {
+		return server.APIError{Code: server.ErrMissingPermissions, Details: "This endpoint cannot be used by API tokens"}
+	}
+
+	u, err := s.DB.User(ctx, claims.UserID)
+	if err != nil {
+		// this should never fail
+		log.Errorf("getting user: %v", err)
+		return errors.Wrap(err, "getting user")
+	}
+
+	emails, err := s.DB.UserEmails(ctx, u.SnowflakeID)
+	if err != nil {
+		log.Errorf("getting user emails: %v", err)
+		return errors.Wrap(err, "getting user emails")
+	}
+
+	out := make([]EmailResponse, len(emails))
+	for i := range emails {
+		out[i] = dbEmailToResponse(emails[i])
+	}
+
+	render.JSON(w, r, out)
+	return nil
+}

backend/routes/v2/auth/login.go

@@ -0,0 +1,62 @@
+package auth
+
+import (
+	"net/http"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
+	"github.com/go-chi/render"
+	"github.com/rs/xid"
+)
+
+type postLoginRequest struct {
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}
+
+type postLoginResponse struct {
+	User  *userResponse `json:"user,omitempty"`
+	Token string        `json:"token,omitempty"`
+}
+
+func (s *Server) postLogin(w http.ResponseWriter, r *http.Request) (err error) {
+	ctx := r.Context()
+	var req postLoginRequest
+	err = render.Decode(r, &req)
+	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	u, err := s.DB.UserByEmail(ctx, req.Email)
+	if err != nil {
+		return server.APIError{Code: server.ErrForbidden, Details: "Invalid email or password"}
+	}
+
+	if !u.VerifyPassword(req.Password) {
+		return server.APIError{Code: server.ErrForbidden, Details: "Invalid email or password"}
+	}
+
+	tokenID := xid.New()
+	token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
+	if err != nil {
+		return errors.Wrap(err, "creating token")
+	}
+
+	// save token to database
+	_, err = s.DB.SaveToken(ctx, s.DB, u.ID, tokenID, false, false)
+	if err != nil {
+		return errors.Wrap(err, "saving token to database")
+	}
+
+	fields, err := s.DB.UserFields(ctx, u.ID)
+	if err != nil {
+		return errors.Wrap(err, "querying fields")
+	}
+
+	render.JSON(w, r, postLoginResponse{
+		Token: token,
+		User:  dbUserToUserResponse(u, fields),
+	})
+
+	return nil
+}

backend/routes/v2/auth/put_email.go

@@ -0,0 +1,225 @@
+package auth
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/common"
+	"codeberg.org/pronounscc/pronouns.cc/backend/db"
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
+	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"emperror.dev/errors"
+	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v5"
+	"github.com/mediocregopher/radix/v4"
+)
+
+type putEmailRequest struct {
+	Email    string `json:"email"`
+	Password string `json:"password"`
+}
+
+func (s *Server) putEmail(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+	claims, _ := server.ClaimsFromContext(ctx)
+	if claims.APIToken {
+		return server.APIError{Code: server.ErrMissingPermissions, Details: "This endpoint cannot be used by API tokens"}
+	}
+
+	var req putEmailRequest
+	err := render.Decode(r, &req)
+	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	u, err := s.DB.User(ctx, claims.UserID)
+	if err != nil {
+		// this should never fail
+		log.Errorf("getting user: %v", err)
+		return errors.Wrap(err, "getting user")
+	}
+
+	tx, err := s.DB.Begin(ctx)
+	if err != nil {
+		return errors.Wrap(err, "beginning transaction")
+	}
+	defer func() {
+		_ = tx.Rollback(ctx)
+	}()
+
+	emails, err := s.DB.UserEmailsTx(ctx, tx, u.SnowflakeID)
+	if err != nil {
+		log.Errorf("getting user emails: %v", err)
+		return errors.Wrap(err, "getting user emails")
+	}
+
+	if len(emails) > 0 {
+		if emails[0].EmailAddress == req.Email {
+			return server.APIError{Code: server.ErrBadRequest, Details: "New email address cannot be the same as the current one"}
+		}
+
+		return s.putEmailExisting(w, r, tx, u, req)
+	}
+
+	ticket := common.RandBase64(48)
+	err = s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET",
+		emailChangeTicketKey(ticket), emailChangeTicketValue(req.Email, u.SnowflakeID), "EX", "3600"))
+	if err != nil {
+		return errors.Wrap(err, "setting email change key")
+	}
+
+	// if the email address already exists, pretend we sent an email and return
+	exists, err := s.DB.EmailExistsTx(ctx, tx, req.Email)
+	if err != nil {
+		return errors.Wrap(err, "checking if email exists")
+	}
+	if exists {
+		render.NoContent(w, r)
+		return nil
+	}
+
+	// set the user's password, this won't do anything unless the email address is actually confirmed
+	err = s.DB.SetPassword(ctx, tx, u.SnowflakeID, req.Password)
+	if err != nil {
+		return errors.Wrap(err, "setting user password")
+	}
+
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
+	// send the email
+	go s.SendEmail(req.Email, "Confirm your email address", "change", map[string]any{
+		"Ticket":   ticket,
+		"Username": u.Username,
+	})
+
+	render.NoContent(w, r)
+	return nil
+}
+
+func (s *Server) putEmailExisting(
+	w http.ResponseWriter, r *http.Request, tx pgx.Tx, u db.User, req putEmailRequest,
+) error {
+	ctx := r.Context()
+
+	if !u.VerifyPassword(req.Password) {
+		return server.APIError{Code: server.ErrForbidden, Details: "Invalid password"}
+	}
+
+	ticket := common.RandBase64(48)
+	err := s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET",
+		emailChangeTicketKey(ticket), emailChangeTicketValue(req.Email, u.SnowflakeID), "EX", "3600"))
+	if err != nil {
+		return errors.Wrap(err, "setting email change key")
+	}
+
+	// if the email address already exists, pretend we sent an email and return
+	exists, err := s.DB.EmailExistsTx(ctx, tx, req.Email)
+	if err != nil {
+		return errors.Wrap(err, "checking if email exists")
+	}
+	if exists {
+		render.NoContent(w, r)
+		return nil
+	}
+
+	go s.SendEmail(req.Email, "Confirm your email address", "change", map[string]any{
+		"Ticket":   ticket,
+		"Username": u.Username,
+	})
+
+	render.NoContent(w, r)
+	return nil
+}
+
+type putEmailConfirmRequest struct {
+	Ticket string `json:"ticket"`
+}
+
+type putEmailConfirmResponse struct {
+	Email string       `json:"email"`
+	User  userResponse `json:"user"`
+}
+
+func (s *Server) putEmailConfim(w http.ResponseWriter, r *http.Request) (err error) {
+	ctx := r.Context()
+	var req putEmailConfirmRequest
+	err = render.Decode(r, &req)
+	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	var ticket string
+	err = s.DB.Redis.Do(ctx, radix.Cmd(&ticket, "GET", emailChangeTicketKey(req.Ticket)))
+	if err != nil {
+		return errors.Wrap(err, "getting email change key")
+	}
+	if ticket == "" {
+		return server.APIError{Code: server.ErrBadRequest, Details: "Unknown ticket"}
+	}
+
+	email, userID, ok := parseEmailChangeTicket(ticket)
+	if !ok {
+		return fmt.Errorf("invalid email change ticket %q", ticket)
+	}
+
+	u, err := s.DB.UserBySnowflake(ctx, userID)
+	if err != nil {
+		return errors.Wrap(err, "getting user")
+	}
+
+	tx, err := s.DB.Begin(ctx)
+	if err != nil {
+		return errors.Wrap(err, "beginning transaction")
+	}
+	defer func() {
+		_ = tx.Rollback(ctx)
+	}()
+
+	err = s.DB.RemoveEmails(ctx, tx, userID)
+	if err != nil {
+		return errors.Wrapf(err, "removing existing email addresses for user %v", userID)
+	}
+
+	dbEmail, err := s.DB.AddEmail(ctx, s.DB, userID, email)
+	if err != nil {
+		if err == db.ErrEmailInUse {
+			// This should only happen if the email was *not* taken when the ticket was sent, but was taken in the meantime.
+			// i.e. unless another person has access to the mailbox, the user will know what happened
+			return server.APIError{Code: server.ErrBadRequest, Details: "Email is already in use"}
+		}
+
+		return errors.Wrap(err, "adding email to user")
+	}
+
+	render.JSON(w, r, putEmailConfirmResponse{
+		Email: dbEmail.EmailAddress,
+		User:  *dbUserToUserResponse(u, nil),
+	})
+	return nil
+}
+
+func emailChangeTicketKey(ticket string) string {
+	return "email-change:" + ticket
+}
+
+func emailChangeTicketValue(email string, userID common.UserID) string {
+	return email + ":" + userID.String()
+}
+
+func parseEmailChangeTicket(v string) (email string, userID common.UserID, ok bool) {
+	before, after, ok := strings.Cut(v, ":")
+	if !ok {
+		return "", common.UserID(common.NullSnowflake), false
+	}
+
+	id, err := common.ParseSnowflake(after)
+	if err != nil {
+		return "", common.UserID(common.NullSnowflake), false
+	}
+
+	return before, common.UserID(id), true
+}

backend/routes/v2/auth/routes.go

@@ -0,0 +1,53 @@
+package auth
+
+import (
+	"net/smtp"
+	"os"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/server"
+	"github.com/go-chi/chi/v5"
+	"github.com/jordan-wright/email"
+)
+
+type Server struct {
+	*server.Server
+
+	emailPool    *email.Pool
+	emailAddress string
+	baseURL      string
+}
+
+func Mount(srv *server.Server, r chi.Router) {
+	s := &Server{
+		Server:       srv,
+		emailAddress: os.Getenv("EMAIL_ADDRESS"), // The address used for sending email
+		baseURL:      os.Getenv("BASE_URL"),      // The frontend base URL
+	}
+
+	// Only mount email routes if email is set up
+	if os.Getenv("EMAIL_SMTP_ADDRESS") != "" {
+		// This function will never return an error
+		s.emailPool, _ = email.NewPool(
+			os.Getenv("EMAIL_SMTP_ADDRESS"), // This should be the SMTP server host, like "example.com:587"
+			4, smtp.PlainAuth("",
+				os.Getenv("EMAIL_USERNAME"), // This should be the account name, like "noreply@pronouns.cc"
+				os.Getenv("EMAIL_PASSWORD"), // This should be the account pass, like "6GzW3dY6"
+				os.Getenv("EMAIL_HOST"),     // This should be the email host (seems to be SMTP server without the port?)
+			))
+
+		r.Route("/auth/email", func(r chi.Router) {
+			r.With(server.MustAuth).Get("/", server.WrapHandler(s.getEmails))
+			r.With(server.MustAuth).Put("/", server.WrapHandler(s.putEmail))
+			r.With(server.MustAuth).Delete("/{id}", nil) // Remove existing email from account, <no body>
+
+			r.Post("/login", server.WrapHandler(s.postLogin))                       // Log in to account, { username, password }
+			r.Post("/signup", server.WrapHandler(s.postEmailSignup))                // Create account, { email }
+			r.Post("/signup/confirm", server.WrapHandler(s.postEmailSignupConfirm)) // Create account, { ticket, username, password }
+			r.Post("/confirm", server.WrapHandler(s.putEmailConfim))                // Confirm email address, { ticket }
+
+			r.Patch("/password", nil)        // Update password
+			r.Post("/password/forgot", nil)  // Forgot/reset password, { email }
+			r.Post("/password/confirm", nil) // Confirm resetting password, { ticket, new_password }
+		})
+	}
+}

backend/routes/v2/auth/send_email.go

@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"bytes"
+	"embed"
+	"html/template"
+	"time"
+
+	"codeberg.org/pronounscc/pronouns.cc/backend/log"
+	"emperror.dev/errors"
+	"github.com/jordan-wright/email"
+)
+
+func (s *Server) SendEmail(to, title, template string, data map[string]any) {
+	e := email.NewEmail()
+	e.From = s.emailAddress
+	e.To = []string{to}
+	e.Subject = title
+
+	text, html, err := s.Template(template, data)
+	if err != nil {
+		log.Errorf("executing templates: %v", err)
+		return
+	}
+	e.Text = text
+	e.HTML = html
+
+	err = s.emailPool.Send(e, 10*time.Second)
+	if err != nil {
+		log.Errorf("sending email: %v", err)
+	}
+}
+
+//go:embed templates/*
+var fs embed.FS
+var tmpl = template.Must(template.ParseFS(fs, "templates/*"))
+
+func (s *Server) Template(template string, data map[string]any) (text, html []byte, err error) {
+	data["BaseURL"] = s.baseURL
+
+	textWriter := new(bytes.Buffer)
+	htmlWriter := new(bytes.Buffer)
+
+	err = tmpl.ExecuteTemplate(textWriter, template+".txt", data)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "executing text template")
+	}
+
+	err = tmpl.ExecuteTemplate(htmlWriter, template+".html", data)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "executing HTML template")
+	}
+
+	return textWriter.Bytes(), htmlWriter.Bytes(), nil
+}

backend/routes/v2/auth/templates/change.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      body {
+        font-family: sans-serif;
+      }
+    </style>
+  </head>
+
+  <body>
+    <p>
+      To change <b>@{{.Username}}</b>'s email address, press the following link:
+      <br />
+      <a href="{{.BaseURL}}/auth/email/confirm/{{.Ticket}}">Confirm your new email address</a>
+      <br />
+      Note that this link will expire in one hour.
+    </p>
+    <p>
+      If you didn't mean to change your email address, feel free to ignore this email.
+    </p>
+  </body>
+</html>

backend/routes/v2/auth/templates/change.txt

@@ -0,0 +1,5 @@
+To change @{{.Username}}'s email address, press the following link:
+{{.BaseURL}}/auth/email/confirm/{{.Ticket}}
+This link will expire in one hour.
+
+If you didn't mean to change your email address, feel free to ignore this email.

backend/routes/v2/auth/templates/signup.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      body {
+        font-family: sans-serif;
+      }
+    </style>
+  </head>
+
+  <body>
+    <p>
+      Please continue creating a new pronouns.cc account by using the following link:
+      <br />
+      <a href="{{.BaseURL}}/auth/signup/confirm/{{.Ticket}}">Confirm your email address</a>
+      <br />
+      Note that this link will expire in one hour.
+    </p>
+    <p>
+      If you didn't mean to create a new account, feel free to ignore this email.
+    </p>
+  </body>
+</html>

backend/routes/v2/auth/templates/signup.txt

@@ -0,0 +1,5 @@
+Please continue creating a new pronouns.cc account by using the following link:
+{{.BaseURL}}/auth/signup/confirm/{{.Ticket}}
+This link will expire in one hour.
+
+If you didn't mean to create a new account, feel free to ignore this email.

frontend/src/lib/api/entities.ts

@@ -151,6 +151,11 @@ export interface Warning {
   read: boolean;
 }
 
+export interface Email {
+  id: string;
+  email: string;
+}
+
 export interface APIError {
   code: ErrorCode;
   message?: string;

frontend/src/lib/api/responses.ts

@@ -11,6 +11,7 @@ export interface MetaResponse {
   users: MetaUsers;
   members: number;
   require_invite: boolean;
+  email_signup: boolean;
   notice: { id: number; notice: string } | null;
 }
 

frontend/src/lib/components/FallbackImage.svelte

@@ -4,7 +4,6 @@
   export let urls: string[];
   export let alt: string;
   export let width = 300;
-  export let lazyLoad = false;
 
   const contentTypeFor = (url: string) => {
     if (url.endsWith(".webp")) {
@@ -32,7 +31,6 @@
       src={urls[0] || defaultAvatars[0]}
       {alt}
       class="rounded-circle img-fluid"
-      loading={lazyLoad ? "lazy" : "eager"}
     />
   </picture>
 {:else}

frontend/src/lib/components/PartialMemberCard.svelte

@@ -46,12 +46,7 @@
 
 <div>
   <a href="/@{user.name}/{member.name}">
-    <FallbackImage
+    <FallbackImage urls={memberAvatars(member)} width={200} alt="Avatar for {member.name}" />
-      urls={memberAvatars(member)}
-      width={200}
-      lazyLoad
-      alt="Avatar for {member.name}"
-    />
   </a>
   <p class="m-2">
     <a class="text-reset fs-5 text-break" href="/@{user.name}/{member.name}">

frontend/src/routes/auth/email/confirm/[ticket]/+page.server.ts

@@ -0,0 +1,15 @@
+import type { APIError, User } from "$lib/api/entities";
+import { apiFetch } from "$lib/api/fetch";
+
+export const load = async ({ params }) => {
+  try {
+    const resp = await apiFetch<{ email: string; user: User }>("/auth/email/confirm", {
+      method: "POST",
+      version: 2,
+      body: { ticket: params.ticket },
+    });
+    return { error: null, email: resp.email, user: resp.user };
+  } catch (e) {
+    return { error: e as APIError, email: null, user: null };
+  }
+};

frontend/src/routes/auth/email/confirm/[ticket]/+page.svelte

@@ -0,0 +1,25 @@
+<script lang="ts">
+  // TODO: improve this page's layout, it's very empty right now
+
+  import type { PageData } from "./$types";
+
+  export let data: PageData;
+</script>
+
+{#if !data.error}
+  <h1>Email confirmed!</h1>
+
+  <p>
+    The email address <strong>{data.email}</strong> is now linked to
+    <strong>@{data.user.name}</strong>, and can be used to log in.
+  </p>
+{:else}
+  <h1>Error confirming email</h1>
+
+  <p>
+    <strong>{data.error.code}</strong>: {data.error.message}
+    {#if data.error.details}{data.error.details}{/if}
+  </p>
+
+  <p>Please <a href="/settings/auth">try again</a>.</p>
+{/if}

frontend/src/routes/auth/login/+page.server.ts

@@ -1,6 +1,7 @@
 import { apiFetch } from "$lib/api/fetch";
 import { PUBLIC_BASE_URL } from "$env/static/public";
 import type { UrlsResponse } from "$lib/api/responses";
+import type { APIError, MeUser } from "$lib/api/entities";
 
 export const load = async () => {
   const resp = await apiFetch<UrlsResponse>("/auth/urls", {
@@ -12,3 +13,29 @@ export const load = async () => {
 
   return resp;
 };
+
+interface LoginResponse {
+  user?: MeUser;
+  token: string;
+}
+
+export const actions = {
+  default: async ({ request }) => {
+    const data = await request.formData();
+
+    try {
+      const resp = await apiFetch<LoginResponse>("/auth/email/login", {
+        method: "POST",
+        version: 2,
+        body: {
+          email: data.get("email"),
+          password: data.get("password"),
+        },
+      });
+
+      return { data: resp };
+    } catch (e) {
+      return { error: e as APIError };
+    }
+  },
+};

frontend/src/routes/auth/login/+page.svelte

@@ -1,4 +1,5 @@
 <script lang="ts">
+  import { enhance } from "$app/forms";
   import { goto } from "$app/navigation";
   import type { APIError } from "$lib/api/entities";
   import { apiFetch } from "$lib/api/fetch";
@@ -8,6 +9,7 @@
   import { onMount } from "svelte";
   import {
     Button,
+    FormGroup,
     Icon,
     Input,
     ListGroup,
@@ -16,9 +18,21 @@
     ModalBody,
     ModalFooter,
   } from "@sveltestrap/sveltestrap";
-  import type { PageData } from "./$types";
+  import type { PageData, ActionData } from "./$types";
 
   export let data: PageData;
+  export let form: ActionData;
+
+  $: loginCallback(form);
+  const loginCallback = (form: ActionData) => {
+    if (!form?.data?.user) return;
+
+    localStorage.setItem("pronouns-token", form.data.token);
+    localStorage.setItem("pronouns-user", JSON.stringify(form.data.user));
+    userStore.set(form.data.user);
+    addToast({ header: "Logged in", body: "Successfully logged in!" });
+    goto(`/@${form.data.user.name}`);
+  };
 
   let error: APIError | null = null;
   let instance = "";
@@ -59,7 +73,31 @@
 <div class="container">
   <h1>Log in or sign up</h1>
   <div class="row">
-    <div class="col-md-4 mb-1">
+    <div class="col-md">
+      {#if data.email_signup}
+        {#if form?.error}
+          <ErrorAlert error={form?.error} />
+        {/if}
+
+        <form method="POST" use:enhance>
+          <FormGroup class="m-1" floating label="Email">
+            <Input name="email" type="email" required />
+          </FormGroup>
+          <FormGroup class="m-1" floating label="Password">
+            <Input name="password" type="password" required />
+          </FormGroup>
+          <p class="m-1">
+            <Button color="primary" type="submit">Log in</Button>
+            <Button href="/auth/signup">Sign up</Button>
+          </p>
+        </form>
+      {:else}
+        <p>
+          <b>Choose an authentication provider to get started.</b> You can add more providers later.
+        </p>
+      {/if}
+    </div>
+    <div class="col-md">
       <ListGroup>
         <ListGroupItem tag="button" on:click={toggleModal}>Log in with the Fediverse</ListGroupItem>
         {#if data.discord}
@@ -101,10 +139,5 @@
         a token in your browser to identify your account.
       </p>
     </div>
-    <div class="col-md">
-      <p>
-        <b>Choose an authentication provider to get started.</b> You can add more providers later.
-      </p>
-    </div>
   </div>
 </div>

frontend/src/routes/auth/signup/+page.server.ts

@@ -0,0 +1,57 @@
+import { PUBLIC_BASE_URL } from "$env/static/public";
+import { ErrorCode, type APIError } from "$lib/api/entities";
+import { apiFetch, fastFetch } from "$lib/api/fetch";
+import type { UrlsResponse } from "$lib/api/responses";
+import { error, redirect } from "@sveltejs/kit";
+
+export const load = async ({ parent }) => {
+  const data = await parent();
+  if (!data.email_signup) {
+    redirect(303, "/auth/login");
+  }
+
+  const resp = await apiFetch<UrlsResponse>("/auth/urls", {
+    method: "POST",
+    body: {
+      callback_domain: PUBLIC_BASE_URL,
+    },
+  });
+
+  return resp;
+};
+
+export const actions = {
+  signup: async ({ request }) => {
+    const data = await request.formData();
+    const email = data.get("email");
+
+    try {
+      await fastFetch("/auth/email/signup", {
+        method: "POST",
+        version: 2,
+        body: { email },
+      });
+
+      return { status: "ok", email };
+    } catch (e) {
+      return { status: "error", error: e as APIError };
+    }
+  },
+
+  fedi: async ({ request }) => {
+    const data = await request.formData();
+    const instance = data.get("instance");
+    if (!instance) error(400, { code: ErrorCode.BadRequest, message: "Empty instance domain" });
+
+    let resp: { url: string };
+    try {
+      resp = await apiFetch<{ url: string }>(
+        `/auth/urls/fediverse?instance=${encodeURIComponent(instance as string)}`,
+        {},
+      );
+    } catch (e) {
+      return { status: "error", error: e as APIError };
+    }
+    redirect(303, resp.url);
+  },
+};

frontend/src/routes/auth/signup/+page.svelte

@@ -0,0 +1,83 @@
+<script lang="ts">
+  import { enhance } from "$app/forms";
+  import { Alert, Button, FormGroup, Input, InputGroup } from "@sveltestrap/sveltestrap";
+  import type { ActionData, PageData } from "./$types";
+  import { onMount } from "svelte";
+  import { userStore } from "$lib/store";
+  import { addToast } from "$lib/toast";
+  import { goto } from "$app/navigation";
+  import ErrorAlert from "$lib/components/ErrorAlert.svelte";
+
+  export let data: PageData;
+  export let form: ActionData;
+  $: ok = form?.status === "ok";
+
+  onMount(() => {
+    if ($userStore) {
+      addToast({ header: "Error", body: "You are already logged in." });
+      goto("/");
+    }
+  });
+</script>
+
+<svelte:head>
+  <title>Sign up - pronouns.ccc</title>
+</svelte:head>
+
+<h1>Sign up</h1>
+
+<p>
+  Enter your email address to get started. After confirming it, you can choose a username and
+  password.
+</p>
+
+<form method="POST" use:enhance action="?/signup">
+  {#if form?.error}
+    <ErrorAlert error={form.error} />
+  {/if}
+
+  {#if ok}
+    <Alert class="mx-1">
+      <h4 class="alert-heading">Check your email</h4>
+      Check your email to continue signing up!
+    </Alert>
+  {/if}
+
+  <FormGroup class="m-1" floating label="Email">
+    {#if !ok}
+      <Input name="email" type="email" required />
+    {:else}
+      <Input name="email" type="email" disabled value={form?.email || undefined} />
+    {/if}
+  </FormGroup>
+  <p class="mt-3 mx-1">
+    <Button color="primary" type="submit" disabled={ok}>Sign up</Button>
+  </p>
+</form>
+
+<hr />
+
+<p>Or, if you would rather sign up using another provider:</p>
+
+<div class="d-flex flex-column flex-lg-row">
+  <div class="d-flex flex-row my-1">
+    {#if data.discord}
+      <Button class="mx-1" href={data.discord}>Log in with Discord</Button>
+    {/if}
+    {#if data.tumblr}
+      <Button class="mx-1" href={data.tumblr}>Log in with Tumblr</Button>
+    {/if}
+    {#if data.google}
+      <Button class="mx-1" href={data.google}>Log in with Google</Button>
+    {/if}
+  </div>
+
+  <div class="m-1">
+    <form method="POST" use:enhance action="?/fedi">
+      <InputGroup>
+        <Input style="max-width: 200px" name="instance" placeholder="Server" required />
+        <Button type="submit">Log in with the fediverse</Button>
+      </InputGroup>
+    </form>
+  </div>
+</div>

frontend/src/routes/auth/signup/confirm/[ticket]/+page.server.ts

@@ -0,0 +1,35 @@
+import { ErrorCode, type APIError, type MeUser } from "$lib/api/entities";
+import { apiFetch } from "$lib/api/fetch";
+
+interface SignupConfirmData {
+  user: MeUser;
+  token: string;
+}
+
+export const actions = {
+  default: async ({ request, params }) => {
+    const data = await request.formData();
+    const username = data.get("username");
+    const password = data.get("password");
+    const password2 = data.get("password2");
+
+    if (password !== password2) {
+      return {
+        status: "error",
+        error: { code: ErrorCode.BadRequest, message: "Passwords do not match" } as APIError,
+      };
+    }
+
+    try {
+      const resp = await apiFetch<SignupConfirmData>("/auth/email/signup/confirm", {
+        method: "POST",
+        version: 2,
+        body: { username, password, ticket: params.ticket },
+      });
+
+      return { status: "ok", data: resp };
+    } catch (e) {
+      return { status: "error", error: e as APIError };
+    }
+  },
+};

frontend/src/routes/auth/signup/confirm/[ticket]/+page.svelte

@@ -0,0 +1,47 @@
+<script lang="ts">
+  import { enhance } from "$app/forms";
+  import { Button, FormGroup, Input } from "@sveltestrap/sveltestrap";
+  import type { ActionData } from "./$types";
+  import ErrorAlert from "$lib/components/ErrorAlert.svelte";
+  import { userStore } from "$lib/store";
+  import { addToast } from "$lib/toast";
+  import { goto } from "$app/navigation";
+
+  export let form: ActionData;
+
+  $: signupCallback(form);
+  const signupCallback = (form: ActionData) => {
+    if (!form?.data?.user) return;
+
+    localStorage.setItem("pronouns-token", form.data.token);
+    localStorage.setItem("pronouns-user", JSON.stringify(form.data.user));
+    userStore.set(form.data.user);
+    addToast({ header: "Signed up", body: "Successfully created account!" });
+    goto(`/@${form.data.user.name}`);
+  };
+</script>
+
+<svelte:head>
+  <title>Sign up - pronouns.cc</title>
+</svelte:head>
+
+<h1>Sign up</h1>
+
+<form method="POST" use:enhance>
+  {#if form?.error}
+    <ErrorAlert error={form.error} />
+  {/if}
+
+  <FormGroup class="m-1" floating label="Username">
+    <Input name="username" type="text" required />
+  </FormGroup>
+  <FormGroup class="m-1" floating label="Password">
+    <Input name="password" type="password" required />
+  </FormGroup>
+  <FormGroup class="m-1" floating label="Password (again)">
+    <Input name="password2" type="password" required />
+  </FormGroup>
+  <p class="m-1">
+    <Button color="primary" type="submit">Sign up</Button>
+  </p>
+</form>

frontend/src/routes/settings/auth/+page.svelte

@@ -21,7 +21,7 @@
   let canUnlink = false;
 
   $: canUnlink =
-    [data.user.discord, data.user.fediverse, data.user.tumblr, data.user.google]
+    [data.emails?.[0] || null, data.user.discord, data.user.fediverse, data.user.tumblr, data.user.google]
       .map<number>((entry) => (entry === null ? 0 : 1))
       .reduce((prev, current) => prev + current) >= 2;
 
@@ -30,19 +30,19 @@
   let fediDisabled = false;
 
   let fediLinkModalOpen = false;
-  let toggleFediLinkModal = () => (fediLinkModalOpen = !fediLinkModalOpen);
+  const toggleFediLinkModal = () => (fediLinkModalOpen = !fediLinkModalOpen);
 
   let fediUnlinkModalOpen = false;
-  let toggleFediUnlinkModal = () => (fediUnlinkModalOpen = !fediUnlinkModalOpen);
+  const toggleFediUnlinkModal = () => (fediUnlinkModalOpen = !fediUnlinkModalOpen);
 
   let discordUnlinkModalOpen = false;
-  let toggleDiscordUnlinkModal = () => (discordUnlinkModalOpen = !discordUnlinkModalOpen);
+  const toggleDiscordUnlinkModal = () => (discordUnlinkModalOpen = !discordUnlinkModalOpen);
 
   let tumblrUnlinkModalOpen = false;
-  let toggleTumblrUnlinkModal = () => (tumblrUnlinkModalOpen = !tumblrUnlinkModalOpen);
+  const toggleTumblrUnlinkModal = () => (tumblrUnlinkModalOpen = !tumblrUnlinkModalOpen);
 
   let googleUnlinkModalOpen = false;
-  let toggleGoogleUnlinkModal = () => (googleUnlinkModalOpen = !googleUnlinkModalOpen);
+  const toggleGoogleUnlinkModal = () => (googleUnlinkModalOpen = !googleUnlinkModalOpen);
 
   const fediLogin = async (e: Event) => {
     e.preventDefault();
@@ -107,7 +107,26 @@
 </script>
 
 <div>
-  <h1>Authentication providers</h1>
+  <h1>Authentication</h1>
+
+  {#if data.email_signup}
+    <h2>Email address</h2>
+    {#if data.emails && data.emails.length > 0}
+      <p>Your current email address is <strong>{data.emails[0].email}</strong>.</p>
+      <p>
+        <Button>Change email address</Button>
+        <Button>Change password</Button>
+        <Button outline color="danger" disabled={!canUnlink}>Remove email address</Button>
+      </p>
+    {:else}
+      <p>You currently do not have an email address set.</p>
+      <p>
+        <Button>Add email address</Button>
+      </p>
+    {/if}
+  {/if}
+
+  <h2>Third-party providers</h2>
 
   <div>
     <div class="my-2">

frontend/src/routes/settings/auth/+page.ts

@@ -1,8 +1,15 @@
 import { PUBLIC_BASE_URL } from "$env/static/public";
-import { apiFetch } from "$lib/api/fetch";
+import type { Email } from "$lib/api/entities";
+import { apiFetch, apiFetchClient } from "$lib/api/fetch";
 import type { UrlsResponse } from "$lib/api/responses";
 
-export const load = async () => {
+export const load = async ({ parent }) => {
+  const data = await parent();
+  let emails: Array<Email> | undefined = undefined;
+  if (data.email_signup) {
+    emails = await apiFetchClient<Array<Email>>("/auth/email", "GET", undefined, 2);
+  }
+
   const resp = await apiFetch<UrlsResponse>("/auth/urls", {
     method: "POST",
     body: {
@@ -10,5 +17,5 @@ export const load = async () => {
     },
   });
 
-  return { urls: resp };
+  return { urls: resp, emails };
 };

frontend/svelte.config.js

@@ -13,6 +13,9 @@ const config = {
     version: {
       name: child_process.execSync("git describe --tags --long --always").toString().trim(),
     },
+    csrf: {
+      checkOrigin: process.env.NODE_ENV !== "development",
+    },
   },
 };
 

go.mod

@@ -19,6 +19,7 @@ require (
 	github.com/google/uuid v1.4.0
 	github.com/jackc/pgx/v5 v5.4.3
 	github.com/joho/godotenv v1.5.1
+	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
 	github.com/mediocregopher/radix/v4 v4.1.4
 	github.com/minio/minio-go/v7 v7.0.63
 	github.com/prometheus/client_golang v1.17.0
@@ -27,6 +28,7 @@ require (
 	github.com/toshi0607/chi-prometheus v0.1.4
 	github.com/urfave/cli/v2 v2.25.7
 	go.uber.org/zap v1.26.0
+	golang.org/x/crypto v0.19.0
 	golang.org/x/oauth2 v0.13.0
 	google.golang.org/api v0.148.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -70,12 +72,11 @@ require (
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
 	golang.org/x/image v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
 	google.golang.org/grpc v1.59.0 // indirect

go.sum

@@ -109,6 +109,8 @@ github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk
 github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
+github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
+github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
@@ -205,8 +207,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/image v0.5.0/go.mod h1:FVC7BI/5Ym8R25iw5OLsgshdUBbT1h5jZTpA+mvAdZ4=
 golang.org/x/image v0.13.0 h1:3cge/F/QTkNLauhf2QoE9zp+7sr+ZcL4HnoZmdwg9sg=
@@ -246,19 +248,19 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=

scripts/migrate/023_email.sql

@@ -0,0 +1,19 @@
+-- 2023-10-28: Add email/password login
+
+-- +migrate Up
+
+alter table users add column password bytea null;
+alter table users add column salt bytea null;
+
+create table user_emails (
+    id                 bigint primary key,
+    user_id            bigint not null references users (snowflake_id) on delete cascade,
+    email_address      text not null unique
+);
+
+-- +migrate Down
+
+alter table users drop column password;
+alter table users drop column salt;
+
+drop table user_emails;