[auth] Potential fix for invalid handshake error on Windows (#2247 )

## Description ## Tests
Additional optimizations in file size and icon quality. (#2244 )
2024-06-22 16:49:55 +05:30 · 2024-06-22 16:49:10 +05:30 · 2024-06-22 16:48:16 +05:30 · 2024-06-22 16:47:53 +05:30 · 2024-06-22 11:38:23 +05:30 · 2024-06-22 11:30:20 +05:30
252 changed files with 12602 additions and 2425 deletions
--- a/.github/workflows/auth-crowdin-push.yml
+++ b/.github/workflows/auth-crowdin-push.yml
@@ -0,0 +1,31 @@
+name: "Push sources to Crowdin (auth)"
+
+on:
+    push:
+        branches: [main]
+        paths:
+            # Run workflow when auth's intl_en.arb is changed
+            - "auth/lib/l10n/arb/app_en.arb"
+            # Or the workflow itself is changed
+            - ".github/workflows/auth-crowdin.yml"
+
+jobs:
+    push-sources-to-crowdin:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v4
+
+            - name: Crowdin's action
+              uses: crowdin/github-action@v2
+              with:
+                  base_path: "auth/"
+                  config: "auth/crowdin.yml"
+                  upload_sources: true
+                  upload_translations: false
+                  download_translations: false
+                  project_id: 575169
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/auth-crowdin-sync.yml
+++ b/.github/workflows/auth-crowdin-sync.yml
@@ -1,17 +1,10 @@
 name: "Sync Crowdin translations (auth)"

 on:
-    push:
-        branches: [main]
-        paths:
-            # Run workflow when auth's intl_en.arb is changed
-            - "mobile/lib/l10n/arb/app_en.arb"
-            # Or the workflow itself is changed
-            - ".github/workflows/auth-crowdin.yml"
    schedule:
        # See: [Note: Run workflow on specific days of the week]
-        - cron: "50 1 * * 2,5"
-    # Also allow manually running the workflow
+        - cron: "50 1 * * 2"
+    # Also allow manually running the workflow.
    workflow_dispatch:

 jobs:
@@ -23,7 +16,7 @@ jobs:
              uses: actions/checkout@v4

            - name: Crowdin's action
-              uses: crowdin/github-action@v1
+              uses: crowdin/github-action@v2
              with:
                  base_path: "auth/"
                  config: "auth/crowdin.yml"
--- a/.github/workflows/mobile-crowdin-push.yml
+++ b/.github/workflows/mobile-crowdin-push.yml
@@ -0,0 +1,31 @@
+name: "Push sources to Crowdin (mobile)"
+
+on:
+    push:
+        branches: [main]
+        paths:
+            # Run workflow when mobiles's intl_en.arb is changed
+            - "mobile/lib/l10n/intl_en.arb"
+            # Or the workflow itself is changed
+            - ".github/workflows/mobile-crowdin.yml"
+
+jobs:
+    push-sources-to-crowdin:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v4
+
+            - name: Crowdin's action
+              uses: crowdin/github-action@v2
+              with:
+                  base_path: "mobile/"
+                  config: "mobile/crowdin.yml"
+                  upload_sources: true
+                  upload_translations: false
+                  download_translations: false
+                  project_id: 574741
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/.github/workflows/mobile-crowdin-sync.yml
+++ b/.github/workflows/mobile-crowdin-sync.yml
@@ -1,17 +1,10 @@
 name: "Sync Crowdin translations (mobile)"

 on:
-    push:
-        branches: [main]
-        paths:
-            # Run workflow when mobiles's intl_en.arb is changed
-            - "mobile/lib/l10n/intl_en.arb"
-            # Or the workflow itself is changed
-            - ".github/workflows/mobile-crowdin.yml"
    schedule:
        # See: [Note: Run workflow on specific days of the week]
-        - cron: "40 1 * * 2,5"
-    # Also allow manually running the workflow
+        - cron: "40 1 * * 2"
+    # Also allow manually running the workflow.
    workflow_dispatch:

 jobs:
@@ -23,7 +16,7 @@ jobs:
              uses: actions/checkout@v4

            - name: Crowdin's action
-              uses: crowdin/github-action@v1
+              uses: crowdin/github-action@v2
              with:
                  base_path: "mobile/"
                  config: "mobile/crowdin.yml"
--- a/.github/workflows/server-publish.yml
+++ b/.github/workflows/server-publish.yml
@@ -33,7 +33,7 @@ jobs:
                  registry: ghcr.io
                  enableBuildKit: true
                  multiPlatform: true
-                  platform: linux/amd64,linux/arm64,linux/arm/v7
+                  platform: linux/amd64,linux/arm64
                  buildArgs: GIT_COMMIT=${{ inputs.commit }}
                  tags: ${{ inputs.commit }}, latest
                  username: ${{ github.actor }}
--- a/.github/workflows/web-crowdin-push-both.yml
+++ b/.github/workflows/web-crowdin-push-both.yml
@@ -1,6 +1,6 @@
 name: "Push Crowdin translations (web)"

-# This is a variant of web-crowdin.yml that uploads the translated strings in
+# This is a variant of web-crowdin-sync.yml that uploads the translated strings in
 # addition to the source strings.
 #
 # This allows us to change the strings in our source code for an automated
@@ -9,11 +9,11 @@ name: "Push Crowdin translations (web)"

 on:
    # Trigger manually, or using
-    # `gh workflow run web-crowdin-push.yml --ref <my-branch>`
+    # `gh workflow run web-crowdin-push-both.yml --ref <my-branch>`
    workflow_dispatch:

 jobs:
-    push-to-crowdin:
+    push-both-to-crowdin:
        runs-on: ubuntu-latest

        steps:
@@ -21,7 +21,7 @@ jobs:
              uses: actions/checkout@v4

            - name: Crowdin push
-              uses: crowdin/github-action@v1
+              uses: crowdin/github-action@v2
              with:
                  base_path: "web/"
                  config: "web/crowdin.yml"
--- a/.github/workflows/web-crowdin-sync.yml
+++ b/.github/workflows/web-crowdin-sync.yml
@@ -16,8 +16,8 @@ on:
        # and FRI, this can be set to `2,5`.
        #
        # See also: [Note: Run workflow every 24 hours]
-        - cron: "20 1 * * 2,5"
-    # Also allow manually running the workflow
+        - cron: "20 1 * * 2"
+    # Also allow manually running the workflow.
    workflow_dispatch:

 jobs:
@@ -29,7 +29,7 @@ jobs:
              uses: actions/checkout@v4

            - name: Crowdin's action
-              uses: crowdin/github-action@v1
+              uses: crowdin/github-action@v2
              with:
                  base_path: "web/"
                  config: "web/crowdin.yml"
--- a/auth/android/app/src/main/play/listings/en-US/full_description.txt
+++ b/auth/android/app/src/main/play/listings/en-US/full_description.txt
@@ -6,7 +6,7 @@ FEATURES

 - Secure Backups
 Auth provides end-to-end encrypted cloud backups so that you don't have to worry
-about losing your tokens. We use the same protocols ente Photos uses to encrypt
+about losing your tokens. We use the same protocols Ente Photos uses to encrypt
 and preserve your data.

 - Multi Device Synchronization
--- a/auth/assets/custom-icons/_data/custom-icons.json
+++ b/auth/assets/custom-icons/_data/custom-icons.json
@@ -39,11 +39,15 @@
    {
      "title": "Bloom Host",
      "slug": "bloom_host",
-      "altNames": ["Bloom Host Billing"]
+      "altNames": [
+        "Bloom Host Billing"
+      ]
    },
    {
      "title": "BorgBase",
-      "altNames": ["borg"],
+      "altNames": [
+        "borg"
+      ],
      "slug": "BorgBase"
    },
    {
@@ -67,6 +71,16 @@
    {
      "title": "Cloudflare"
    },
+    {
+      "title": "CloudAMQP"
+    },
+    {
+      "title": "ConfigCat",
+      "slug": "configcat"
+    },
+    {
+      "title": "CoinDCX"
+    },
    {
      "title": "ConfigCat"
    },
@@ -80,7 +94,9 @@
    },
    {
      "title": "DCS",
-      "altNames": ["Digital Combat Simulator"],
+      "altNames": [
+        "Digital Combat Simulator"
+      ],
      "slug": "dcs"
    },
    {
@@ -140,7 +156,9 @@
    },
    {
      "title": "Gosuslugi",
-      "altNames": ["Госуслуги"],
+      "altNames": [
+        "Госуслуги"
+      ],
      "slug": "Gosuslugi"
    },
    {
@@ -216,7 +234,11 @@
    {
      "title": "Local",
      "slug": "local_wp",
-      "altNames": ["LocalWP", "Local WP", "Local Wordpress"]
+      "altNames": [
+        "LocalWP",
+        "Local WP",
+        "Local Wordpress"
+      ]
    },
    {
      "title": "Marketplace.tf",
@@ -224,14 +246,23 @@
    },
    {
      "title": "Mastodon",
-      "altNames": ["mstdn", "fediscience", "mathstodon", "fosstodon"],
+      "altNames": [
+        "mstdn",
+        "fediscience",
+        "mathstodon",
+        "fosstodon"
+      ],
      "slug": "mastodon",
      "hex": "6364FF"
    },
    {
      "title": "Mercado Livre",
      "slug": "mercado_livre",
-      "altNames": ["Mercado Libre", "MercadoLibre", "MercadoLivre"]
+      "altNames": [
+        "Mercado Libre",
+        "MercadoLibre",
+        "MercadoLivre"
+      ]
    },
    {
      "title": "Microsoft"
@@ -247,7 +278,9 @@
    },
    {
      "title": "Murena",
-      "altNames": ["eCloud"],
+      "altNames": [
+        "eCloud"
+      ],
      "slug": "ecloud"
    },
    {
@@ -274,6 +307,10 @@
    {
      "title": "Notion"
    },
+    {
+      "title": "NuCommunity",
+      "slug": "nucommunity"
+    },
    {
      "title": "NVIDIA"
    },
@@ -332,8 +369,16 @@
      "slug": "real_debrid"
    },
    {
-      "title": "Registro.br",
-      "slug": "registro_br"
+      "title": "Registro br",
+      "slug": "registro_br",
+      "altNames": [
+        "Registro br",
+        "registrobr",
+        "Registro.br"
+      ]
+    },
+    {
+      "title": "Render"
    },
    {
      "title": "Revolt",
@@ -352,6 +397,9 @@
      "slug": "rust_language_forum",
      "hex": "000000"
    },
+    {
+      "title": "Samsung"
+    },
    {
      "title": "Sendgrid"
    },
@@ -393,7 +441,10 @@
    },
    {
      "title": "Techlore",
-      "altNames": ["Techlore Courses", "Techlore Forums"]
+      "altNames": [
+        "Techlore Courses",
+        "Techlore Forums"
+      ]
    },
    {
      "title": "Termius",
@@ -423,6 +474,13 @@
      "title": "Twingate",
      "hex": "858585"
    },
+    {
+      "title": "Twitch",
+      "altNames": [
+        "Twitch.tv",
+        "Twitch tv"
+      ]
+    },
    {
      "title": "Ubisoft",
      "hex": "4285f4"
@@ -457,23 +515,32 @@
    {
      "title": "WorkOS",
      "slug": "workos",
-      "altNames": ["Work OS"]
+      "altNames": [
+        "Work OS"
+      ]
    },
    {
      "title": "X",
-      "altNames": ["twitter"],
+      "altNames": [
+        "twitter"
+      ],
      "slug": "x"
    },
    {
      "title": "Yandex",
-      "altNames": ["Ya", "Яндекс"],
+      "altNames": [
+        "Ya",
+        "Яндекс"
+      ],
      "slug": "Yandex"
    },
    {
      "title": "YNAB",
-      "altNames": ["You Need A Budget"],
+      "altNames": [
+        "You Need A Budget"
+      ],
      "slug": "ynab",
      "hex": "3B5EDA"
    }
  ]
-}
+}
--- a/auth/assets/custom-icons/icons/cloudamqp.svg
+++ b/auth/assets/custom-icons/icons/cloudamqp.svg
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="512px" height="512px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g><path style="opacity:1" fill="#0f0f0f" d="M 511.5,272.5 C 511.5,285.5 511.5,298.5 511.5,311.5C 508.543,328.958 502.376,345.291 493,360.5C 489.783,363.38 486.95,366.547 484.5,370C 491.258,380.639 489.591,389.639 479.5,397C 464.044,407.934 447.377,416.601 429.5,423C 412.83,426.168 399.163,421.335 388.5,408.5C 367.197,419.324 344.531,424.491 320.5,424C 318.692,436.612 312.359,446.279 301.5,453C 283.703,460.911 265.036,464.411 245.5,463.5C 242.9,471.276 237.9,477.109 230.5,481C 217.623,486.044 204.289,487.711 190.5,486C 185.821,485.662 181.488,484.328 177.5,482C 156.539,481.714 144.039,471.214 140,450.5C 127.176,458.148 113.343,460.648 98.5,458C 90.6339,455.515 82.6339,453.515 74.5,452C 54.9132,442.997 49.0799,428.497 57,408.5C 66.2342,395.627 78.7342,387.961 94.5,385.5C 92.6275,381.588 90.6275,377.755 88.5,374C 70.6568,365.82 58.8235,352.32 53,333.5C 40.7936,289.193 46.2936,247.193 69.5,207.5C 59.4487,191.064 51.2821,173.73 45,155.5C 46.0538,140.201 46.3871,124.867 46,109.5C 35.4808,94.9732 23.4808,81.6398 10,69.5C 6.25674,65.2678 2.75674,60.9345 -0.5,56.5C -0.5,52.1667 -0.5,47.8333 -0.5,43.5C 9.76623,24.2659 25.0996,18.7659 45.5,27C 67.9457,36.2887 85.1124,51.4554 97,72.5C 110.456,95.0753 121.456,118.742 130,143.5C 131.478,149.551 132.812,155.551 134,161.5C 150.985,156.607 167.819,150.94 184.5,144.5C 189.063,124.296 197.563,105.963 210,89.5C 221.355,76.4675 234.189,65.3008 248.5,56C 281.602,35.3661 304.768,43.1994 318,79.5C 320.953,90.3093 322.453,101.309 322.5,112.5C 360.236,109.787 395.903,116.953 429.5,134C 465.163,161.014 489.997,195.848 504,238.5C 507.153,249.807 509.653,261.14 511.5,272.5 Z"/></g>
+<g><path style="opacity:1" fill="#f9f9f9" d="M 24.5,29.5 C 29.5518,29.4502 34.5518,29.9502 39.5,31C 64.2651,40.4294 82.7651,56.9294 95,80.5C 105.37,98.9048 114.37,117.905 122,137.5C 124.445,145.715 126.278,154.048 127.5,162.5C 112.806,166.18 99.806,173.013 88.5,183C 87.6683,183.688 87.0016,183.521 86.5,182.5C 81.5074,171.354 77.0074,160.021 73,148.5C 71.949,132.503 70.949,116.503 70,100.5C 69.8323,89.9943 66.4989,80.661 60,72.5C 50.2229,59.4865 39.3896,47.3198 27.5,36C 24.3562,34.3084 21.0229,33.1418 17.5,32.5C 19.7639,31.1308 22.0972,30.1308 24.5,29.5 Z"/></g>
+<g><path style="opacity:1" fill="#f8a38f" d="M 12.5,38.5 C 17.3236,37.9711 21.6569,39.1378 25.5,42C 39.5654,55.7226 51.7321,70.8893 62,87.5C 64.8374,107.385 66.5041,127.385 67,147.5C 70.9051,161.478 76.0717,174.978 82.5,188C 79.7313,192.44 76.5646,196.606 73,200.5C 64.0573,185.948 56.724,170.614 51,154.5C 51.9952,139.197 52.3286,123.864 52,108.5C 48.7377,102.307 44.7377,96.6405 40,91.5C 29,79.8333 18,68.1667 7,56.5C 3.70863,48.8182 5.54196,42.8182 12.5,38.5 Z"/></g>
+<g><path style="opacity:1" fill="#fafafa" d="M 75.5,358.5 C 75.5,358.167 75.5,357.833 75.5,357.5C 89.9869,361.531 96.4869,355.865 95,340.5C 88.9149,339.688 82.7482,339.188 76.5,339C 72.7424,337.077 69.4091,334.577 66.5,331.5C 65.914,331.709 65.414,332.043 65,332.5C 64.3219,336.221 64.4886,339.888 65.5,343.5C 65.5,344.167 65.5,344.833 65.5,345.5C 56.2828,328.814 51.9494,310.814 52.5,291.5C 52.6554,251.963 65.6554,217.463 91.5,188C 109.872,171.873 131.372,164.04 156,164.5C 163.871,164.941 171.705,165.774 179.5,167C 180.059,167.725 180.392,168.558 180.5,169.5C 177.315,184.684 175.315,200.018 174.5,215.5C 176.5,215.5 178.5,215.5 180.5,215.5C 182.202,180.727 189.035,147.061 201,114.5C 217.196,84.2957 241.363,63.4624 273.5,52C 285.541,49.4426 295.374,52.9426 303,62.5C 310.113,73.413 314.447,85.413 316,98.5C 321.979,137.67 310.146,170.17 280.5,196C 263.081,211.714 243.415,223.881 221.5,232.5C 221.08,234.326 221.08,236.326 221.5,238.5C 234.851,234.241 247.351,228.241 259,220.5C 259.772,220.645 260.439,220.978 261,221.5C 275.359,247.499 277.359,274.499 267,302.5C 255.866,325.636 239.699,344.469 218.5,359C 205.461,365.355 191.794,369.689 177.5,372C 152.14,376.37 126.806,376.37 101.5,372C 91.2074,370.356 82.5408,365.856 75.5,358.5 Z"/></g>
+<g><path style="opacity:1" fill="#0f0c0c" d="M 193.5,223.5 C 192.507,215.35 192.174,207.017 192.5,198.5C 193.5,169.804 200.666,142.804 214,117.5C 225.84,98.1554 243.007,87.1554 265.5,84.5C 286.335,85.1601 299.835,95.4934 306,115.5C 309.914,142.091 302.081,164.591 282.5,183C 256.19,203.482 226.523,216.982 193.5,223.5 Z"/></g>
+<g><path style="opacity:1" fill="#fca592" d="M 257.5,90.5 C 284.894,88.5662 299.56,101.233 301.5,128.5C 300.608,150.45 291.608,168.284 274.5,182C 251.674,198.494 226.507,209.994 199,216.5C 197.361,188.998 201.361,162.331 211,136.5C 219.834,114.165 235.334,98.8314 257.5,90.5 Z"/></g>
+<g><path style="opacity:1" fill="#fafafa" d="M 60.5,425.5 C 59.5386,423.735 59.2053,421.735 59.5,419.5C 63.1115,407.716 70.7781,399.549 82.5,395C 91.0632,391.633 99.5632,391.799 108,395.5C 108.667,394.833 108.667,394.167 108,393.5C 102.81,388.767 99.4764,383.1 98,376.5C 102.705,378.033 107.538,379.2 112.5,380C 140.837,382.162 168.837,380.162 196.5,374C 217.812,367.925 235.645,356.425 250,339.5C 264.443,322.614 274.11,303.281 279,281.5C 281.871,258.038 277.038,236.371 264.5,216.5C 281.854,203.979 296.687,188.979 309,171.5C 318.099,155.03 322.599,137.363 322.5,118.5C 360.451,115.776 396.117,123.276 429.5,141C 473.317,176.458 498.484,222.292 505,278.5C 507.615,302.611 503.949,325.611 494,347.5C 489.686,356.123 483.52,363.123 475.5,368.5C 480.461,372.751 482.961,378.085 483,384.5C 480.5,388.333 477.333,391.5 473.5,394C 459.716,403.227 445.049,410.893 429.5,417C 425.514,417.499 421.514,417.666 417.5,417.5C 417.193,411.907 417.527,406.407 418.5,401C 417.167,400.333 415.833,399.667 414.5,399C 430.794,394.523 446.461,388.356 461.5,380.5C 461.014,378.503 459.847,377.169 458,376.5C 440.722,385.148 422.555,390.982 403.5,394C 380.37,396.219 367.203,385.719 364,362.5C 362.937,347.817 366.437,334.317 374.5,322C 373.465,320.726 372.298,319.56 371,318.5C 354.722,340.239 353.389,362.905 367,386.5C 371.262,392.27 376.762,396.27 383.5,398.5C 384.736,400.034 385.236,401.7 385,403.5C 364.91,414.289 343.41,418.956 320.5,417.5C 319.84,404.55 317.673,391.883 314,379.5C 311.816,377.129 309.65,377.296 307.5,380C 314.177,397.067 315.677,414.567 312,432.5C 305.593,444.224 295.76,451.39 282.5,454C 268.581,456.057 254.581,457.224 240.5,457.5C 239.833,466.67 235.166,472.837 226.5,476C 215.527,480.056 204.193,481.39 192.5,480C 187.997,479.932 183.83,478.765 180,476.5C 179.18,467.46 181.68,459.46 187.5,452.5C 186.167,451.5 184.833,450.5 183.5,449.5C 176.525,456.706 173.192,465.372 173.5,475.5C 155.566,474.56 151.066,466.227 160,450.5C 165.03,445.927 164.364,443.594 158,443.5C 153.995,448.511 151.328,454.178 150,460.5C 149.667,460.167 149.333,459.833 149,459.5C 144.897,446.475 148.397,435.975 159.5,428C 163.945,425.443 168.611,423.443 173.5,422C 182.977,422.438 192.477,422.938 202,423.5C 220.978,425.676 230.811,417.343 231.5,398.5C 229.5,398.5 227.5,398.5 225.5,398.5C 226.791,409.364 222.125,415.864 211.5,418C 200.619,418.627 189.786,418.127 179,416.5C 166.002,416.349 155.502,421.349 147.5,431.5C 146.029,427.759 144.363,424.092 142.5,420.5C 141.998,419.479 141.332,419.312 140.5,420C 139.272,420.779 138.272,421.779 137.5,423C 139.652,428.271 141.652,433.604 143.5,439C 129.108,453.41 112.441,456.91 93.5,449.5C 89.7245,439.648 91.3911,430.815 98.5,423C 97.3147,421.647 95.9814,420.48 94.5,419.5C 87.1734,427.469 84.5067,436.803 86.5,447.5C 75.3584,448.43 68.025,443.597 64.5,433C 65.9688,424.073 69.6355,416.239 75.5,409.5C 74.5,407.833 73.1667,406.5 71.5,405.5C 66.2677,411.297 62.601,417.964 60.5,425.5 Z"/></g>
+<g><path style="opacity:1" fill="#e5e5e5" d="M 180.5,151.5 C 181.675,151.281 182.675,151.614 183.5,152.5C 182.878,155.37 182.211,158.204 181.5,161C 175.174,160.8 168.84,160.134 162.5,159C 168.652,156.569 174.652,154.069 180.5,151.5 Z"/></g>
+<g><path style="opacity:1" fill="#9b9b9b" d="M 192.5,198.5 C 192.174,207.017 192.507,215.35 193.5,223.5C 193.44,224.043 193.107,224.376 192.5,224.5C 191.179,215.675 191.179,207.009 192.5,198.5 Z"/></g>
+<g><path style="opacity:1" fill="#090909" d="M 190.5,275.5 C 203.491,273.992 208.658,279.659 206,292.5C 201.745,299.54 195.578,302.04 187.5,300C 181.092,296.677 178.925,291.511 181,284.5C 183.679,280.924 186.846,277.924 190.5,275.5 Z"/></g>
+<g><path style="opacity:1" fill="#dddddd" d="M 192.5,279.5 C 196.302,278.88 199.635,279.714 202.5,282C 201.646,283.022 200.646,283.855 199.5,284.5C 197.382,283.054 195.049,282.387 192.5,282.5C 192.5,281.5 192.5,280.5 192.5,279.5 Z"/></g>
+<g><path style="opacity:1" fill="#070707" d="M 75.5,357.5 C 71.1612,353.465 67.8279,348.798 65.5,343.5C 64.4886,339.888 64.3219,336.221 65,332.5C 65.414,332.043 65.914,331.709 66.5,331.5C 69.4091,334.577 72.7424,337.077 76.5,339C 82.7482,339.188 88.9149,339.688 95,340.5C 96.4869,355.865 89.9869,361.531 75.5,357.5 Z"/></g>
+<g><path style="opacity:1" fill="#afafaf" d="M 65.5,343.5 C 67.8279,348.798 71.1612,353.465 75.5,357.5C 75.5,357.833 75.5,358.167 75.5,358.5C 70.6417,355.312 67.3083,350.979 65.5,345.5C 65.5,344.833 65.5,344.167 65.5,343.5 Z"/></g>
+<g><path style="opacity:1" fill="#ededed" d="M 407.5,398.5 C 409.167,398.5 410.833,398.5 412.5,398.5C 411.966,404.499 411.299,410.499 410.5,416.5C 402.406,414.736 396.739,410.069 393.5,402.5C 393.608,401.558 393.941,400.725 394.5,400C 399.019,399.825 403.353,399.325 407.5,398.5 Z"/></g>
+<g><path style="opacity:1" fill="#8e8e8e" d="M 59.5,419.5 C 59.2053,421.735 59.5386,423.735 60.5,425.5C 60.6068,427.379 60.1068,427.712 59,426.5C 58.2042,423.961 58.3709,421.628 59.5,419.5 Z"/></g>
+</svg>
--- a/auth/assets/custom-icons/icons/coindcx.svg
+++ b/auth/assets/custom-icons/icons/coindcx.svg
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 500 500">
+  <path fill="#182954" d="m75.705 269.386 12.606 10.812a40.902 40.902 0 0 1-8.642 8.853 53.365 53.365 0 0 1-13.599 7.73 45.769 45.769 0 0 1-16.998 3.094 49.02 49.02 0 0 1-25.212-6.466A45.84 45.84 0 0 1 6.72 275.84a50.83 50.83 0 0 1-6.212-25.287 52.621 52.621 0 0 1 3.525-19.394 49.28 49.28 0 0 1 10.2-16.022 46.603 46.603 0 0 1 15.44-10.812 49.626 49.626 0 0 1 19.969-3.938 45.9 45.9 0 0 1 23.51 5.48A49.016 49.016 0 0 1 88.308 219.5l-12.744 11.244A39.368 39.368 0 0 0 64.938 220.2a27.358 27.358 0 0 0-15.296-3.933 27.636 27.636 0 0 0-16.147 4.632 30.695 30.695 0 0 0-10.478 12.508 38.957 38.957 0 0 0-3.688 16.879 36.724 36.724 0 0 0 3.684 16.442 29.719 29.719 0 0 0 10.184 11.793 27.208 27.208 0 0 0 15.44 4.358c4.608.197 9.203-.62 13.456-2.391a27.765 27.765 0 0 0 8.214-5.622l5.381-5.481M93.275 264.047a35.477 35.477 0 0 1 4.535-17.71 34.84 34.84 0 0 1 12.748-12.929 39.497 39.497 0 0 1 18.838-4.778 39.497 39.497 0 0 1 18.838 4.778 34.846 34.846 0 0 1 12.749 12.928 36.889 36.889 0 0 1 4.532 17.709 36.891 36.891 0 0 1-4.532 17.708 36.519 36.519 0 0 1-13.365 13.153 36.875 36.875 0 0 1-18.181 4.837 36.88 36.88 0 0 1-18.203-4.756 36.513 36.513 0 0 1-13.424-13.092 35.479 35.479 0 0 1-4.535-17.707v-.141zm35.979 21.224a16.949 16.949 0 0 0 10.623-3.23c2.804-2.121 5-4.93 6.375-8.151a24.848 24.848 0 0 0 2.124-9.698 24.293 24.293 0 0 0-2.124-9.697 20.265 20.265 0 0 0-6.375-8.15 19.056 19.056 0 0 0-10.623-3.233 19.057 19.057 0 0 0-10.625 3.233 20.118 20.118 0 0 0-6.231 8.009 24.296 24.296 0 0 0-2.125 9.697 24.713 24.713 0 0 0 2.125 9.839 19.985 19.985 0 0 0 6.374 8.15 16.949 16.949 0 0 0 10.624 3.231M168.905 202.628h16.856v17.71h-16.856v-17.71zm0 28.11h16.856v66.758h-16.856v-66.758zM192.416 297.495V230.88h16.147l.42 7.589a35.937 35.937 0 0 1 7.505-5.905 23.656 23.656 0 0 1 12.749-3.094 24.38 24.38 0 0 1 10.396 1.612 24.22 24.22 0 0 1 8.726 5.836 29.047 29.047 0 0 1 6.66 20.097v40.477H238.02v-40.335a13.257 13.257 0 0 0-.76-5.278 13.337 13.337 0 0 0-2.78-4.561 12.19 12.19 0 0 0-4.164-2.694 12.27 12.27 0 0 0-4.902-.82 14.974 14.974 0 0 0-6.377 1.24 14.87 14.87 0 0 0-5.236 3.82 18.046 18.046 0 0 0-4.534 12.51v36.118l-16.851.004z"/>
+  <path fill="#FA4A29" d="m463.25 246.618 29.754-44.007h-28.187l-15.44 24.596-15.883-24.596h-31.163l1.416 1.967-.993-.416a63.329 63.329 0 0 0-23.083-4.046 50.453 50.453 0 0 0-25.92 6.607 46.609 46.609 0 0 0-14.308 12.929 40.334 40.334 0 0 0-15.582-11.806 65.028 65.028 0 0 0-26.344-5.077h-36.686v94.727h36.544a64.026 64.026 0 0 0 26.344-5.202A41.612 41.612 0 0 0 339.3 280.63c3.87 5.299 8.846 9.709 14.59 12.928a51.44 51.44 0 0 0 25.777 6.325 55.023 55.023 0 0 0 24.646-5.34l-1.982 2.953h27.76l18.558-29.108 19.122 29.108h31.73l-36.252-50.878zm-147.452 21.624a25.772 25.772 0 0 1-8.902 5.504 25.916 25.916 0 0 1-10.376 1.523h-10.334v-50.573h10.338c3.62-.305 7.264.165 10.685 1.378a25.427 25.427 0 0 1 9.147 5.65 26.146 26.146 0 0 1 6.374 18.271 24.821 24.821 0 0 1-1.597 9.836 24.965 24.965 0 0 1-5.343 8.436l.008-.025zm101.549 6.911-12.04-11.228a38.572 38.572 0 0 1-10.197 9.149 27.09 27.09 0 0 1-13.6 2.952 25.509 25.509 0 0 1-13.314-3.372 22.838 22.838 0 0 1-8.8-9.415 29.459 29.459 0 0 1-3.118-13.63c-.091-4.623.929-9.2 2.975-13.353a23.258 23.258 0 0 1 8.642-9.415 25.653 25.653 0 0 1 13.738-3.513 24.798 24.798 0 0 1 12.748 3.23 32.061 32.061 0 0 1 9.639 8.733l12.606-12.508 18.415 26.28-17.694 26.09z"/>
+</svg>
--- a/auth/assets/custom-icons/icons/hivelocity.svg
+++ b/auth/assets/custom-icons/icons/hivelocity.svg
@@ -1 +1 @@
-<svg id="logosandtypes_com" data-name="logosandtypes com" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 150 150"><defs><style>.cls-1{fill:none;}.cls-2{fill:#e31937;}</style></defs><g id="Layer_2" data-name="Layer 2"><path id="Layer_3" data-name="Layer 3" class="cls-1" d="M0,0H150V150H0Z" transform="translate(0 0)"/></g><rect class="cls-2" x="13.34" y="14.37" width="15.01" height="123.08"/><rect class="cls-2" x="122.92" y="14.37" width="15.01" height="123.08"/><rect class="cls-2" x="43.36" y="54.9" width="64.54" height="15.01"/><rect class="cls-2" x="43.36" y="83.42" width="64.54" height="15.01"/></svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 150 150" fill="#e31937" xmlns:v="https://vecta.io/nano"><path d="M13.34 14.37h15.01v123.08H13.34zm109.58 0h15.01v123.08h-15.01zM43.36 54.9h64.54v15.01H43.36zm0 28.52h64.54v15.01H43.36z"/></svg>
--- a/auth/assets/custom-icons/icons/kick.svg
+++ b/auth/assets/custom-icons/icons/kick.svg
--- a/auth/assets/custom-icons/icons/kucoin.svg
+++ b/auth/assets/custom-icons/icons/kucoin.svg
--- a/auth/assets/custom-icons/icons/nucommunity.svg
+++ b/auth/assets/custom-icons/icons/nucommunity.svg
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="900px" height="900px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g><path style="opacity:1" fill="#fefefe" d="M -0.5,-0.5 C 299.5,-0.5 599.5,-0.5 899.5,-0.5C 899.5,299.5 899.5,599.5 899.5,899.5C 599.5,899.5 299.5,899.5 -0.5,899.5C -0.5,599.5 -0.5,299.5 -0.5,-0.5 Z"/></g>
+<g><path style="opacity:1" fill="#e0a5fc" d="M 297.5,264.5 C 309.66,263.34 321.993,263.173 334.5,264C 337.457,264.279 340.123,265.113 342.5,266.5C 327.57,264.717 312.57,264.051 297.5,264.5 Z"/></g>
+<g><path style="opacity:1" fill="#8f02d8" d="M 297.5,264.5 C 312.57,264.051 327.57,264.717 342.5,266.5C 369.173,272.584 390.673,286.584 407,308.5C 421.104,329.299 429.604,352.299 432.5,377.5C 432.334,383.509 432.501,389.509 433,395.5C 433.21,397.058 433.71,398.391 434.5,399.5C 434.5,406.5 434.5,413.5 434.5,420.5C 434.5,421.5 434.5,422.5 434.5,423.5C 433.71,422.391 433.21,421.058 433,419.5C 432.5,487.833 432.333,556.166 432.5,624.5C 404.167,624.5 375.833,624.5 347.5,624.5C 347.832,575.997 347.499,527.664 346.5,479.5C 346.829,464.99 346.496,450.657 345.5,436.5C 347.595,406.902 342.095,378.902 329,352.5C 307.252,317.035 275.419,299.368 233.5,299.5C 233.5,299.167 233.5,298.833 233.5,298.5C 250.906,279.797 272.24,268.463 297.5,264.5 Z"/></g>
+<g><path style="opacity:1" fill="#e2aefc" d="M 464.5,272.5 C 494.329,271.502 524.329,271.169 554.5,271.5C 554.5,330.167 554.5,388.833 554.5,447.5C 554.5,452.833 554.5,458.167 554.5,463.5C 553.501,400.002 553.168,336.336 553.5,272.5C 523.833,272.5 494.167,272.5 464.5,272.5 Z"/></g>
+<g><path style="opacity:1" fill="#c47ceb" d="M 789.5,272.5 C 759.662,272.169 729.995,272.502 700.5,273.5C 700.667,355.501 700.5,437.501 700,519.5C 699.819,522.695 699.319,525.695 698.5,528.5C 699.467,442.842 699.801,357.175 699.5,271.5C 729.671,271.169 759.671,271.502 789.5,272.5 Z"/></g>
+<g><path style="opacity:1" fill="#f9fff3" d="M 790.5,489.5 C 790.5,417.167 790.5,344.833 790.5,272.5C 791.341,271.991 791.841,272.657 792,274.5C 792.667,345.167 792.667,415.833 792,486.5C 791.667,489.5 791.333,492.5 791,495.5C 790.505,493.527 790.338,491.527 790.5,489.5 Z"/></g>
+<g><path style="opacity:1" fill="#fedffe" d="M 789.5,272.5 C 789.833,272.5 790.167,272.5 790.5,272.5C 790.5,344.833 790.5,417.167 790.5,489.5C 789.833,492.167 789.167,494.833 788.5,497.5C 789.469,422.51 789.802,347.51 789.5,272.5 Z"/></g>
+<g><path style="opacity:1" fill="#eb99fb" d="M 464.5,272.5 C 464.168,339.002 464.501,405.335 465.5,471.5C 465.5,480.5 465.5,489.5 465.5,498.5C 464.672,492.347 464.172,486.013 464,479.5C 463.168,410.332 463.335,341.332 464.5,272.5 Z"/></g>
+<g><path style="opacity:1" fill="#8113b9" d="M 464.5,272.5 C 494.167,272.5 523.833,272.5 553.5,272.5C 553.168,336.336 553.501,400.002 554.5,463.5C 554.334,472.173 554.5,480.84 555,489.5C 555.183,492.365 555.683,495.031 556.5,497.5C 557.067,504.237 558.067,510.904 559.5,517.5C 558.069,517.119 557.236,516.119 557,514.5C 555.425,506.905 554.259,499.238 553.5,491.5C 552.5,418.836 552.167,346.17 552.5,273.5C 523.5,273.5 494.5,273.5 465.5,273.5C 465.5,339.5 465.5,405.5 465.5,471.5C 464.501,405.335 464.168,339.002 464.5,272.5 Z"/></g>
+<g><path style="opacity:1" fill="#8f02d8" d="M 559.5,517.5 C 567.209,549.077 585.209,572.91 613.5,589C 621.878,592.737 630.545,595.571 639.5,597.5C 641.515,598.924 643.848,599.59 646.5,599.5C 652.509,599.701 658.509,600.034 664.5,600.5C 664.833,601.167 665.167,601.833 665.5,602.5C 652.044,616.271 636.044,625.937 617.5,631.5C 613.313,632.213 609.313,633.213 605.5,634.5C 604.167,634.5 602.833,634.5 601.5,634.5C 584.03,635.144 566.696,634.144 549.5,631.5C 522.738,623.576 502.238,607.576 488,583.5C 473.799,557.033 466.299,528.699 465.5,498.5C 465.5,489.5 465.5,480.5 465.5,471.5C 465.5,405.5 465.5,339.5 465.5,273.5C 494.5,273.5 523.5,273.5 552.5,273.5C 552.167,346.17 552.5,418.836 553.5,491.5C 554.259,499.238 555.425,506.905 557,514.5C 557.236,516.119 558.069,517.119 559.5,517.5 Z"/></g>
+<g><path style="opacity:1" fill="#8f01d8" d="M 700.5,273.5 C 730.005,273.169 759.338,273.502 788.5,274.5C 787.167,309.327 786.5,344.494 786.5,380C 786.5,415.506 787.167,450.673 788.5,485.5C 787.326,491.399 786.659,497.399 786.5,503.5C 786.5,505.167 786.5,506.833 786.5,508.5C 775.375,553.295 747.708,582.629 703.5,596.5C 699.521,596.742 695.854,597.742 692.5,599.5C 684.181,600.124 675.848,600.457 667.5,600.5C 685.44,579.935 695.774,555.935 698.5,528.5C 699.319,525.695 699.819,522.695 700,519.5C 700.5,437.501 700.667,355.501 700.5,273.5 Z"/></g>
+<g><path style="opacity:1" fill="#9700e9" d="M 788.5,274.5 C 788.5,344.833 788.5,415.167 788.5,485.5C 787.167,450.673 786.5,415.506 786.5,380C 786.5,344.494 787.167,309.327 788.5,274.5 Z"/></g>
+<g><path style="opacity:1" fill="#7c10b7" d="M 700.5,273.5 C 729.995,272.502 759.662,272.169 789.5,272.5C 789.802,347.51 789.469,422.51 788.5,497.5C 787.833,499.5 787.167,501.5 786.5,503.5C 786.659,497.399 787.326,491.399 788.5,485.5C 788.5,415.167 788.5,344.833 788.5,274.5C 759.338,273.502 730.005,273.169 700.5,273.5 Z"/></g>
+<g><path style="opacity:1" fill="#e0b2f7" d="M 214.5,299.5 C 220.645,298.51 226.978,298.177 233.5,298.5C 233.5,298.833 233.5,299.167 233.5,299.5C 232.833,299.833 232.167,300.167 231.5,300.5C 226.025,299.511 220.358,299.178 214.5,299.5 Z"/></g>
+<g><path style="opacity:1" fill="#bb82dc" d="M 203.5,301.5 C 201.485,302.924 199.152,303.59 196.5,303.5C 198.515,302.076 200.848,301.41 203.5,301.5 Z"/></g>
+<g><path style="opacity:1" fill="#8f01d8" d="M 214.5,299.5 C 220.358,299.178 226.025,299.511 231.5,300.5C 214.94,317.802 205.273,338.469 202.5,362.5C 201.693,366.021 201.026,369.688 200.5,373.5C 199.833,374.5 199.167,375.5 198.5,376.5C 196.503,458.827 195.836,541.493 196.5,624.5C 168.167,624.5 139.833,624.5 111.5,624.5C 111.5,552.833 111.5,481.167 111.5,409.5C 111.5,408.833 111.5,408.167 111.5,407.5C 111.646,403.481 111.979,399.481 112.5,395.5C 113.768,393.095 114.435,390.428 114.5,387.5C 121.985,358.168 138.319,335.001 163.5,318C 173.533,310.984 184.533,306.151 196.5,303.5C 199.152,303.59 201.485,302.924 203.5,301.5C 207.221,301.089 210.888,300.422 214.5,299.5 Z"/></g>
+<g><path style="opacity:1" fill="#9500e4" d="M 198.5,376.5 C 198.5,459.833 198.5,543.167 198.5,626.5C 169.147,627.159 140.147,626.492 111.5,624.5C 139.833,624.5 168.167,624.5 196.5,624.5C 195.836,541.493 196.503,458.827 198.5,376.5 Z"/></g>
+<g><path style="opacity:1" fill="#7d10b7" d="M 200.5,373.5 C 199.513,458.149 199.18,542.815 199.5,627.5C 169.833,627.5 140.167,627.5 110.5,627.5C 110.167,554.665 110.501,481.998 111.5,409.5C 111.5,481.167 111.5,552.833 111.5,624.5C 140.147,626.492 169.147,627.159 198.5,626.5C 198.5,543.167 198.5,459.833 198.5,376.5C 199.167,375.5 199.833,374.5 200.5,373.5 Z"/></g>
+<g><path style="opacity:1" fill="#a456d2" d="M 432.5,377.5 C 434.105,384.603 434.772,391.937 434.5,399.5C 433.71,398.391 433.21,397.058 433,395.5C 432.501,389.509 432.334,383.509 432.5,377.5 Z"/></g>
+<g><path style="opacity:1" fill="#d898f7" d="M 114.5,387.5 C 114.435,390.428 113.768,393.095 112.5,395.5C 112.294,392.505 112.96,389.838 114.5,387.5 Z"/></g>
+<g><path style="opacity:1" fill="#fccbfe" d="M 111.5,407.5 C 111.5,408.167 111.5,408.833 111.5,409.5C 110.501,481.998 110.167,554.665 110.5,627.5C 140.167,627.5 169.833,627.5 199.5,627.5C 169.671,628.498 139.671,628.831 109.5,628.5C 109.333,555.166 109.5,481.833 110,408.5C 110.383,407.944 110.883,407.611 111.5,407.5 Z"/></g>
+<g><path style="opacity:1" fill="#8313bf" d="M 434.5,420.5 C 435.499,489.331 435.833,558.331 435.5,627.5C 405.833,627.5 376.167,627.5 346.5,627.5C 346.5,578.167 346.5,528.833 346.5,479.5C 347.499,527.664 347.832,575.997 347.5,624.5C 376.147,626.492 405.147,627.159 434.5,626.5C 434.5,558.833 434.5,491.167 434.5,423.5C 434.5,422.5 434.5,421.5 434.5,420.5 Z"/></g>
+<g><path style="opacity:1" fill="#e6b9fc" d="M 434.5,399.5 C 435.327,404.651 435.827,409.984 436,415.5C 436.832,486.335 436.665,557.001 435.5,627.5C 435.833,558.331 435.499,489.331 434.5,420.5C 434.5,413.5 434.5,406.5 434.5,399.5 Z"/></g>
+<g><path style="opacity:1" fill="#c48ee5" d="M 202.5,362.5 C 202.271,369.515 201.771,376.515 201,383.5C 200.833,465.001 200.333,546.334 199.5,627.5C 199.18,542.815 199.513,458.149 200.5,373.5C 201.026,369.688 201.693,366.021 202.5,362.5 Z"/></g>
+<g><path style="opacity:1" fill="#9800e9" d="M 434.5,423.5 C 434.5,491.167 434.5,558.833 434.5,626.5C 405.147,627.159 376.147,626.492 347.5,624.5C 375.833,624.5 404.167,624.5 432.5,624.5C 432.333,556.166 432.5,487.833 433,419.5C 433.21,421.058 433.71,422.391 434.5,423.5 Z"/></g>
+<g><path style="opacity:1" fill="#fde2ff" d="M 554.5,447.5 C 555.97,463.978 556.637,480.645 556.5,497.5C 555.683,495.031 555.183,492.365 555,489.5C 554.5,480.84 554.334,472.173 554.5,463.5C 554.5,458.167 554.5,452.833 554.5,447.5 Z"/></g>
+<g><path style="opacity:1" fill="#e6b4fd" d="M 788.5,497.5 C 788.749,501.458 788.082,505.124 786.5,508.5C 786.5,506.833 786.5,505.167 786.5,503.5C 787.167,501.5 787.833,499.5 788.5,497.5 Z"/></g>
+<g><path style="opacity:1" fill="#e6b5fa" d="M 703.5,596.5 C 700.146,598.258 696.479,599.258 692.5,599.5C 695.854,597.742 699.521,596.742 703.5,596.5 Z"/></g>
+<g><path style="opacity:1" fill="#d196ef" d="M 639.5,597.5 C 642.152,597.41 644.485,598.076 646.5,599.5C 643.848,599.59 641.515,598.924 639.5,597.5 Z"/></g>
+<g><path style="opacity:1" fill="#eebef9" d="M 692.5,599.5 C 683.638,600.905 674.638,601.905 665.5,602.5C 665.167,601.833 664.833,601.167 664.5,600.5C 665.5,600.5 666.5,600.5 667.5,600.5C 675.848,600.457 684.181,600.124 692.5,599.5 Z"/></g>
+<g><path style="opacity:1" fill="#e8b7fd" d="M 345.5,436.5 C 346.496,450.657 346.829,464.99 346.5,479.5C 346.5,528.833 346.5,578.167 346.5,627.5C 376.167,627.5 405.833,627.5 435.5,627.5C 405.671,628.498 375.671,628.831 345.5,628.5C 345.5,564.5 345.5,500.5 345.5,436.5 Z"/></g>
+<g><path style="opacity:1" fill="#eeccfd" d="M 617.5,631.5 C 614.032,634.114 610.032,635.114 605.5,634.5C 609.313,633.213 613.313,632.213 617.5,631.5 Z"/></g>
+<g><path style="opacity:1" fill="#902eca" d="M 549.5,631.5 C 566.696,634.144 584.03,635.144 601.5,634.5C 598.375,635.479 595.042,635.813 591.5,635.5C 581.461,635.758 571.461,635.424 561.5,634.5C 557.098,634.692 553.098,633.692 549.5,631.5 Z"/></g>
+<g><path style="opacity:1" fill="#e2b3f9" d="M 561.5,634.5 C 571.461,635.424 581.461,635.758 591.5,635.5C 582.009,636.658 572.342,636.825 562.5,636C 561.944,635.617 561.611,635.117 561.5,634.5 Z"/></g>
+</svg>
--- a/auth/assets/custom-icons/icons/plutus.svg
+++ b/auth/assets/custom-icons/icons/plutus.svg
--- a/auth/assets/custom-icons/icons/registro_br.svg
+++ b/auth/assets/custom-icons/icons/registro_br.svg
--- a/auth/assets/custom-icons/icons/render.svg
+++ b/auth/assets/custom-icons/icons/render.svg
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="200px" height="200px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g><path style="opacity:1" fill="#fefefe" d="M -0.5,-0.5 C 66.1667,-0.5 132.833,-0.5 199.5,-0.5C 199.5,66.1667 199.5,132.833 199.5,199.5C 132.833,199.5 66.1667,199.5 -0.5,199.5C -0.5,132.833 -0.5,66.1667 -0.5,-0.5 Z"/></g>
+<g><path style="opacity:1" fill="#0e0e0e" d="M 119.5,47.5 C 133.743,46.0344 143.909,51.701 150,64.5C 154.009,81.9852 147.509,93.4852 130.5,99C 123.167,99.3333 115.833,99.6667 108.5,100C 104.333,101.5 101.5,104.333 100,108.5C 99.5001,122.829 99.3334,137.163 99.5,151.5C 82.1667,151.5 64.8333,151.5 47.5,151.5C 47.5,132.833 47.5,114.167 47.5,95.5C 60.0736,101.213 72.4069,100.713 84.5,94C 88.6667,91.1667 92.1667,87.6667 95,83.5C 97.7515,75.0718 100.752,66.7384 104,58.5C 108.127,53.202 113.294,49.5354 119.5,47.5 Z"/></g>
+</svg>
--- a/auth/assets/custom-icons/icons/samsung.svg
+++ b/auth/assets/custom-icons/icons/samsung.svg
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="2030px" height="2048px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g><path style="opacity:0.999" fill="#0066ff" d="M 922.5,-0.5 C 984.167,-0.5 1045.83,-0.5 1107.5,-0.5C 1183.34,2.62698 1259.01,9.46031 1334.5,20C 1435.99,34.2851 1532.99,63.2851 1625.5,107C 1686.68,137.224 1742.68,174.891 1793.5,220C 1851.84,280.056 1898,348.556 1932,425.5C 1968.98,509.727 1994.31,597.394 2008,688.5C 2018.55,761.657 2025.72,834.99 2029.5,908.5C 2029.5,984.833 2029.5,1061.17 2029.5,1137.5C 2025.59,1213.37 2018.09,1289.04 2007,1364.5C 1992.77,1456.52 1966.44,1544.85 1928,1629.5C 1897.8,1694.64 1859.13,1753.97 1812,1807.5C 1763.29,1856.1 1708.46,1896.26 1647.5,1928C 1544.73,1980.25 1436.06,2013.59 1321.5,2028C 1239.36,2038.97 1157.03,2045.47 1074.5,2047.5C 1060.5,2047.5 1046.5,2047.5 1032.5,2047.5C 1020.83,2046.17 1009.17,2046.17 997.5,2047.5C 983.5,2047.5 969.5,2047.5 955.5,2047.5C 872.975,2045.46 790.642,2038.96 708.5,2028C 606.933,2014.94 509.599,1987.28 416.5,1945C 347.284,1912.42 284.617,1870.42 228.5,1819C 172.903,1758.37 128.403,1690.2 95,1614.5C 60.5996,1534.57 36.5996,1451.57 23,1365.5C 10.7368,1283.1 2.90342,1200.43 -0.5,1117.5C -0.5,1054.5 -0.5,991.5 -0.5,928.5C 2.77579,849.967 9.94246,771.634 21,693.5C 36.75,581.253 70.75,474.92 123,374.5C 154.057,316.905 192.557,264.739 238.5,218C 316.452,150.162 404.785,99.4952 503.5,66C 559.947,46.805 617.613,32.4717 676.5,23C 758.221,10.617 840.221,2.78365 922.5,-0.5 Z"/></g>
+<g><path style="opacity:1" fill="#fefeff" d="M 626.5,1312.5 C 626.5,1276.83 626.5,1241.17 626.5,1205.5C 722.5,1205.5 818.5,1205.5 914.5,1205.5C 914.333,1244.17 914.5,1282.83 915,1321.5C 919.897,1362.39 941.73,1389.55 980.5,1403C 1004.93,1409.12 1029.59,1410.12 1054.5,1406C 1094.33,1398.51 1118.83,1375.01 1128,1335.5C 1139.64,1293.91 1132.31,1256.24 1106,1222.5C 1094.47,1209.3 1081.97,1197.13 1068.5,1186C 1051.72,1173.22 1034.38,1161.22 1016.5,1150C 961.491,1118.16 906.158,1086.83 850.5,1056C 810.408,1032.63 772.408,1006.29 736.5,977C 708.562,953.08 685.062,925.58 666,894.5C 645.646,856.764 634.646,816.431 633,773.5C 624.333,602.57 702.833,497.07 868.5,457C 927.844,444.215 987.844,439.548 1048.5,443C 1106.86,444.281 1163.52,454.614 1218.5,474C 1318.44,513.324 1371.28,586.824 1377,694.5C 1377.5,726.832 1377.67,759.165 1377.5,791.5C 1288.17,791.5 1198.83,791.5 1109.5,791.5C 1109.67,765.165 1109.5,738.831 1109,712.5C 1103.68,665.514 1077.85,637.347 1031.5,628C 1000.82,622.223 972.154,627.223 945.5,643C 926.118,658.253 914.285,678.086 910,702.5C 905.639,729.545 909.639,755.212 922,779.5C 936.918,800.419 955.085,817.919 976.5,832C 993.234,843.062 1010.23,853.729 1027.5,864C 1086.31,895.238 1144.65,927.238 1202.5,960C 1251.24,988.047 1295.4,1022.21 1335,1062.5C 1363.36,1092.86 1383.19,1128.19 1394.5,1168.5C 1403.09,1210.74 1405.93,1253.41 1403,1296.5C 1401.52,1447.37 1328.36,1543.2 1183.5,1584C 1116.22,1600.81 1047.89,1607.14 978.5,1603C 920.733,1601.37 864.733,1590.71 810.5,1571C 693.944,1524.55 632.61,1438.38 626.5,1312.5 Z"/></g>
+<g><path style="opacity:1" fill="#8eb7ff" d="M 914.5,1205.5 C 818.5,1205.5 722.5,1205.5 626.5,1205.5C 626.5,1241.17 626.5,1276.83 626.5,1312.5C 625.502,1276.67 625.168,1240.67 625.5,1204.5C 722.001,1204.17 818.335,1204.5 914.5,1205.5 Z"/></g>
+</svg>
--- a/auth/assets/custom-icons/icons/standardnotes.svg
+++ b/auth/assets/custom-icons/icons/standardnotes.svg
--- a/auth/assets/custom-icons/icons/twitch.svg
+++ b/auth/assets/custom-icons/icons/twitch.svg
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="2400px" height="2800px" style="shape-rendering:geometricPrecision; text-rendering:geometricPrecision; image-rendering:optimizeQuality; fill-rule:evenodd; clip-rule:evenodd" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g><path style="opacity:1" fill="#9146ff" d="M 498.5,-0.5 C 1132.17,-0.5 1765.83,-0.5 2399.5,-0.5C 2399.5,466.5 2399.5,933.5 2399.5,1400.5C 2099.7,1699.8 1800.03,1999.3 1500.5,2299C 1366.83,2299.33 1233.17,2299.67 1099.5,2300C 932.965,2466.37 766.632,2632.87 600.5,2799.5C 600.167,2799.5 599.833,2799.5 599.5,2799.5C 599.5,2632.83 599.5,2466.17 599.5,2299.5C 399.5,2299.5 199.5,2299.5 -0.5,2299.5C -0.5,1699.17 -0.5,1098.83 -0.5,498.5C 166.167,332.5 332.5,166.167 498.5,-0.5 Z"/></g>
+<g><path style="opacity:1" fill="#fefffe" d="M 599.5,199.5 C 1132.83,199.5 1666.17,199.5 2199.5,199.5C 2199.67,566.167 2199.5,932.833 2199,1299.5C 2065.83,1432.67 1932.67,1565.83 1799.5,1699C 1665.83,1699.33 1532.17,1699.67 1398.5,1700C 1282.33,1816.17 1166.17,1932.33 1050,2048.5C 1049.5,1932.17 1049.33,1815.83 1049.5,1699.5C 899.5,1699.5 749.5,1699.5 599.5,1699.5C 599.5,1199.5 599.5,699.5 599.5,199.5 Z"/></g>
+<g><path style="opacity:1" fill="#9146ff" d="M 1149.5,549.5 C 1216.17,549.5 1282.83,549.5 1349.5,549.5C 1349.5,749.5 1349.5,949.5 1349.5,1149.5C 1282.83,1149.5 1216.17,1149.5 1149.5,1149.5C 1149.5,949.5 1149.5,749.5 1149.5,549.5 Z"/></g>
+<g><path style="opacity:1" fill="#9146ff" d="M 1699.5,549.5 C 1766.17,549.5 1832.83,549.5 1899.5,549.5C 1899.5,749.5 1899.5,949.5 1899.5,1149.5C 1832.83,1149.5 1766.17,1149.5 1699.5,1149.5C 1699.5,949.5 1699.5,749.5 1699.5,549.5 Z"/></g>
+</svg>
--- a/auth/fastlane/metadata/android/en-US/full_description.txt
+++ b/auth/fastlane/metadata/android/en-US/full_description.txt
@@ -6,7 +6,7 @@ FEATURES

 - Secure Backups
 ente provides end-to-end encrypted cloud backups so that you don't have to worry
-about losing your tokens. We use the same protocols ente Photos uses to encrypt
+about losing your tokens. We use the same protocols Ente Photos uses to encrypt
 and preserve your data.

 - Multi Device Synchronization
--- a/auth/ios/Podfile.lock
+++ b/auth/ios/Podfile.lock
@@ -81,12 +81,12 @@ PODS:
  - qr_code_scanner (0.2.0):
    - Flutter
    - MTBBarcodeScanner
-  - ReachabilitySwift (5.2.2)
+  - ReachabilitySwift (5.2.3)
  - SDWebImage (5.19.2):
    - SDWebImage/Core (= 5.19.2)
  - SDWebImage/Core (5.19.2)
  - Sentry/HybridSDK (8.25.0)
-  - sentry_flutter (7.20.1):
+  - sentry_flutter (7.20.2):
    - Flutter
    - FlutterMacOS
    - Sentry/HybridSDK (= 8.25.0)
@@ -100,18 +100,21 @@ PODS:
  - sqflite (0.0.3):
    - Flutter
    - FlutterMacOS
-  - "sqlite3 (3.45.3+1)":
-    - "sqlite3/common (= 3.45.3+1)"
-  - "sqlite3/common (3.45.3+1)"
-  - "sqlite3/fts5 (3.45.3+1)":
+  - "sqlite3 (3.46.0+1)":
+    - "sqlite3/common (= 3.46.0+1)"
+  - "sqlite3/common (3.46.0+1)"
+  - "sqlite3/dbstatvtab (3.46.0+1)":
    - sqlite3/common
-  - "sqlite3/perf-threadsafe (3.45.3+1)":
+  - "sqlite3/fts5 (3.46.0+1)":
    - sqlite3/common
-  - "sqlite3/rtree (3.45.3+1)":
+  - "sqlite3/perf-threadsafe (3.46.0+1)":
+    - sqlite3/common
+  - "sqlite3/rtree (3.46.0+1)":
    - sqlite3/common
  - sqlite3_flutter_libs (0.0.1):
    - Flutter
-    - "sqlite3 (~> 3.45.3+1)"
+    - "sqlite3 (~> 3.46.0+1)"
+    - sqlite3/dbstatvtab
    - sqlite3/fts5
    - sqlite3/perf-threadsafe
    - sqlite3/rtree
@@ -233,29 +236,29 @@ SPEC CHECKSUMS:
  flutter_local_authentication: 1172a4dd88f6306dadce067454e2c4caf07977bb
  flutter_local_notifications: 4cde75091f6327eb8517fa068a0a5950212d2086
  flutter_native_splash: edf599c81f74d093a4daf8e17bd7a018854bc778
-  flutter_secure_storage: 23fc622d89d073675f2eaa109381aefbcf5a49be
-  fluttertoast: 9f2f8e81bb5ce18facb9748d7855bf5a756fe3db
-  local_auth_darwin: c7e464000a6a89e952235699e32b329457608d98
+  flutter_secure_storage: d33dac7ae2ea08509be337e775f6b59f1ff45f12
+  fluttertoast: e9a18c7be5413da53898f660530c56f35edfba9c
+  local_auth_darwin: 4d56c90c2683319835a61274b57620df9c4520ab
  move_to_background: 39a5b79b26d577b0372cbe8a8c55e7aa9fcd3a2d
  MTBBarcodeScanner: f453b33c4b7dfe545d8c6484ed744d55671788cb
  OrderedSet: aaeb196f7fef5a9edf55d89760da9176ad40b93c
  package_info_plus: 115f4ad11e0698c8c1c5d8a689390df880f47e85
-  path_provider_foundation: 3784922295ac71e43754bd15e0653ccfd36a147c
+  path_provider_foundation: 2b6b4c569c0fb62ec74538f866245ac84301af46
  privacy_screen: 1a131c052ceb3c3659934b003b0d397c2381a24e
  qr_code_scanner: bb67d64904c3b9658ada8c402e8b4d406d5d796e
-  ReachabilitySwift: 2128f3a8c9107e1ad33574c6e58e8285d460b149
+  ReachabilitySwift: 7f151ff156cea1481a8411701195ac6a984f4979
  SDWebImage: dfe95b2466a9823cf9f0c6d01217c06550d7b29a
  Sentry: cd86fc55628f5b7c572cabe66cc8f95a9d2f165a
-  sentry_flutter: 4cb24c1055c556d7b27262ab2e179d1e5a0b9b0c
+  sentry_flutter: 0cf2507eb90ff7a6aa3304e900dd7f08edbbefdf
  share_plus: c3fef564749587fc939ef86ffb283ceac0baf9f5
-  shared_preferences_foundation: b4c3b4cddf1c21f02770737f147a3f5da9d39695
+  shared_preferences_foundation: fcdcbc04712aee1108ac7fda236f363274528f78
  sodium_libs: 1faae17af662384acbd13e41867a0008cd2e2318
  sqflite: 673a0e54cc04b7d6dba8d24fb8095b31c3a99eec
-  sqlite3: 02d1f07eaaa01f80a1c16b4b31dfcbb3345ee01a
-  sqlite3_flutter_libs: 9bfe005308998aeca155330bbc2ea6dddf834a3b
+  sqlite3: 292c3e1bfe89f64e51ea7fc7dab9182a017c8630
+  sqlite3_flutter_libs: c00457ebd31e59fa6bb830380ddba24d44fbcd3b
  SwiftyGif: 706c60cf65fa2bc5ee0313beece843c8eb8194d4
  Toast: 1f5ea13423a1e6674c4abdac5be53587ae481c4e
-  url_launcher_ios: 6116280ddcfe98ab8820085d8d76ae7449447586
+  url_launcher_ios: 5334b05cef931de560670eeae103fd3e431ac3fe

 PODFILE CHECKSUM: b4e3a7eabb03395b66e81fc061789f61526ee6bb

--- a/auth/lib/app/view/app.dart
+++ b/auth/lib/app/view/app.dart
@@ -10,6 +10,7 @@ import 'package:ente_auth/events/signed_out_event.dart';
 import "package:ente_auth/l10n/l10n.dart";
 import 'package:ente_auth/locale.dart';
 import "package:ente_auth/onboarding/view/onboarding_page.dart";
+import 'package:ente_auth/services/authenticator_service.dart';
 import 'package:ente_auth/services/update_service.dart';
 import 'package:ente_auth/services/user_service.dart';
 import 'package:ente_auth/services/window_listener_service.dart';
@@ -34,7 +35,8 @@ class App extends StatefulWidget {
  State<App> createState() => _AppState();
 }

-class _AppState extends State<App> with WindowListener, TrayListener {
+class _AppState extends State<App>
+    with WindowListener, TrayListener, WidgetsBindingObserver {
  late StreamSubscription<SignedOutEvent> _signedOutEvent;
  late StreamSubscription<SignedInEvent> _signedInEvent;
  Locale? locale;
@@ -56,6 +58,7 @@ class _AppState extends State<App> with WindowListener, TrayListener {
  void initState() {
    initWindowManager();
    initTrayManager();
+    WidgetsBinding.instance.addObserver(this);

    _signedOutEvent = Bus.instance.on<SignedOutEvent>().listen((event) {
      if (mounted) {
@@ -98,6 +101,15 @@ class _AppState extends State<App> with WindowListener, TrayListener {
    _signedInEvent.cancel();
  }

+  @override
+  Future<void> didChangeAppLifecycleState(AppLifecycleState state) async {
+    if (state == AppLifecycleState.resumed) {
+      if (Configuration.instance.hasConfiguredAccount()) {
+        AuthenticatorService.instance.onlineSync().ignore();
+      }
+    }
+  }
+
  @override
  Widget build(BuildContext context) {
    if (Platform.isAndroid || kDebugMode) {
--- a/auth/lib/core/network.dart
+++ b/auth/lib/core/network.dart
@@ -1,8 +1,10 @@
 import 'dart:io';

 import 'package:dio/dio.dart';
+import 'package:dio/io.dart';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/event_bus.dart';
+import 'package:ente_auth/core/win_http_client.dart';
 import 'package:ente_auth/events/endpoint_updated_event.dart';
 import 'package:ente_auth/utils/package_info_util.dart';
 import 'package:ente_auth/utils/platform_util.dart';
@@ -50,6 +52,19 @@ class Network {
        },
      ),
    );
+    if (Platform.isWindows) {
+      final customHttpClient = windowsHttpClient();
+      _enteDio.httpClientAdapter = IOHttpClientAdapter(
+        createHttpClient: () {
+          return customHttpClient;
+        },
+      );
+      _dio.httpClientAdapter = IOHttpClientAdapter(
+        createHttpClient: () {
+          return customHttpClient;
+        },
+      );
+    }
    _setupInterceptors(endpoint);

    Bus.instance.on<EndpointUpdatedEvent>().listen((event) {
--- a/auth/lib/core/win_http_client.dart
+++ b/auth/lib/core/win_http_client.dart
@@ -0,0 +1,68 @@
+import 'dart:convert';
+import 'dart:io';
+
+import 'package:flutter/foundation.dart';
+
+/*
+Reference from
+https://github.com/realm/realm-dart/blob/main/packages/realm_dart/lib/src/handles/native/default_client.dart
+https://github.com/realm/realm-dart/pull/1378
+ */
+HttpClient windowsHttpClient() {
+  const isrgRootX1CertPEM = // The root certificate used by lets encrypt
+      '''
+subject=CN=ISRG Root X1,O=Internet Security Research Group,C=US
+issuer=CN=DST Root CA X3,O=Digital Signature Trust Co.
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----''';
+
+  if (Platform.isWindows) {
+    final context = SecurityContext(withTrustedRoots: true);
+    try {
+      context.setTrustedCertificatesBytes(
+        const AsciiEncoder().convert(isrgRootX1CertPEM),
+      );
+      debugPrint("Certificate added to trusted certificates");
+      return HttpClient(context: context);
+    } on TlsException catch (e) {
+      debugPrint(
+          "Error adding certificate to trusted certificates: ${e.osError?.message}");
+      // certificate is already trusted. Nothing to do here
+      if (e.osError?.message.contains("CERT_ALREADY_IN_HASH_TABLE") != true) {
+        rethrow;
+      } else {
+        return HttpClient();
+      }
+    }
+  }
+  throw UnsupportedError("This platform is not supported");
+}
--- a/auth/lib/l10n/arb/app_de.arb
+++ b/auth/lib/l10n/arb/app_de.arb
@@ -269,6 +269,7 @@
  "privacy": "Datenschutz",
  "terms": "Bestimmungen",
  "checkForUpdates": "Auf Updates prüfen",
+  "checkStatus": "Status überprüfen",
  "downloadUpdate": "Herunterladen",
  "criticalUpdateAvailable": "Kritische neue Aktualisierung ist verfügbar",
  "updateAvailable": "Aktualisierung verfügbar",
@@ -417,6 +418,9 @@
  "waitingForBrowserRequest": "Warten auf Browseranfrage...",
  "waitingForVerification": "Warte auf Bestätigung...",
  "passkey": "Passkey",
+  "passKeyPendingVerification": "Verifizierung steht noch aus",
+  "loginSessionExpired": "Sitzung abgelaufen",
+  "loginSessionExpiredDetails": "Ihre Sitzung ist abgelaufen. Bitte melden Sie sich erneut an.",
  "developerSettingsWarning": "Sind Sie sicher, dass Sie die Entwicklereinstellungen ändern möchten?",
  "developerSettings": "Entwicklereinstellungen",
  "serverEndpoint": "Server Endpunkt",
--- a/auth/lib/l10n/arb/app_en.arb
+++ b/auth/lib/l10n/arb/app_en.arb
@@ -263,6 +263,8 @@
  "exportLogs": "Export logs",
  "enterYourRecoveryKey": "Enter your recovery key",
  "tempErrorContactSupportIfPersists": "It looks like something went wrong. Please retry after some time. If the error persists, please contact our support team.",
+  "networkHostLookUpErr": "Unable to connect to Ente, please check your network settings and contact support if the error persists.",
+  "networkConnectionRefusedErr": "Unable to connect to Ente, please retry after sometime. If the error persists, please contact support.",
  "itLooksLikeSomethingWentWrongPleaseRetryAfterSome": "It looks like something went wrong. Please retry after some time. If the error persists, please contact our support team.",
  "about": "About",
  "weAreOpenSource": "We are open source!",
--- a/auth/lib/l10n/arb/app_it.arb
+++ b/auth/lib/l10n/arb/app_it.arb
@@ -269,6 +269,7 @@
  "privacy": "Privacy",
  "terms": "Termini",
  "checkForUpdates": "Controlla aggiornamenti",
+  "checkStatus": "Verifica stato",
  "downloadUpdate": "Scarica",
  "criticalUpdateAvailable": "Un aggiornamento importante è disponibile",
  "updateAvailable": "Aggiornamento disponibile",
@@ -417,6 +418,9 @@
  "waitingForBrowserRequest": "In attesa della richiesta del browser...",
  "waitingForVerification": "In attesa di verifica...",
  "passkey": "Passkey",
+  "passKeyPendingVerification": "La verifica è ancora in corso",
+  "loginSessionExpired": "Sessione scaduta",
+  "loginSessionExpiredDetails": "La sessione è scaduta. Si prega di accedere nuovamente.",
  "developerSettingsWarning": "Siete sicuri di voler modificare le impostazioni sviluppatore?",
  "developerSettings": "Impostazioni sviluppatore",
  "serverEndpoint": "Endpoint del server",
--- a/auth/lib/l10n/arb/app_pt.arb
+++ b/auth/lib/l10n/arb/app_pt.arb
@@ -269,6 +269,7 @@
  "privacy": "Privacidade",
  "terms": "Termos",
  "checkForUpdates": "Verificar por atualizações",
+  "checkStatus": "Verificar status",
  "downloadUpdate": "Baixar",
  "criticalUpdateAvailable": "Atualização crítica disponível",
  "updateAvailable": "Atualização disponível",
@@ -417,6 +418,9 @@
  "waitingForBrowserRequest": "Aguardando solicitação do navegador...",
  "waitingForVerification": "Esperando por verificação...",
  "passkey": "Senha-mestra",
+  "passKeyPendingVerification": "A verificação ainda está pendente",
+  "loginSessionExpired": "Sessão expirada",
+  "loginSessionExpiredDetails": "Sua sessão expirou. Por favor, entre novamente.",
  "developerSettingsWarning": "Tem certeza de que deseja modificar as configurações de Desenvolvedor?",
  "developerSettings": "Configurações de desenvolvedor",
  "serverEndpoint": "Endpoint do servidor",
--- a/auth/lib/l10n/arb/app_ru.arb
+++ b/auth/lib/l10n/arb/app_ru.arb
@@ -269,6 +269,7 @@
  "privacy": "Конфиденциальность",
  "terms": "Условия использования",
  "checkForUpdates": "Проверить наличие обновлений",
+  "checkStatus": "Проверить статус",
  "downloadUpdate": "Скачать",
  "criticalUpdateAvailable": "Доступно критическое обновление",
  "updateAvailable": "Доступно обновление",
@@ -417,6 +418,9 @@
  "waitingForBrowserRequest": "Ожидание запроса браузера...",
  "waitingForVerification": "Ожидание подтверждения...",
  "passkey": "Ключ",
+  "passKeyPendingVerification": "Верификация еще не завершена",
+  "loginSessionExpired": "Сессия недействительна",
+  "loginSessionExpiredDetails": "Сессия истекла. Войдите снова.",
  "developerSettingsWarning": "Вы уверены, что хотите изменить настройки разработчика?",
  "developerSettings": "Настройки разработчика",
  "serverEndpoint": "Конечная точка сервера",
--- a/auth/lib/l10n/arb/app_sv.arb
+++ b/auth/lib/l10n/arb/app_sv.arb
@@ -159,5 +159,6 @@
    "description": "Message showed on a button that the user can click to leave the current dialog. It is used on iOS side. Maximum 30 characters."
  },
  "noInternetConnection": "Ingen internetanslutning",
-  "pleaseCheckYourInternetConnectionAndTryAgain": "Kontrollera din internetanslutning och försök igen."
+  "pleaseCheckYourInternetConnectionAndTryAgain": "Kontrollera din internetanslutning och försök igen.",
+  "loginSessionExpiredDetails": "Din session har upphört. Logga in igen."
 }
--- a/auth/lib/l10n/arb/app_zh.arb
+++ b/auth/lib/l10n/arb/app_zh.arb
@@ -269,6 +269,7 @@
  "privacy": "隐私",
  "terms": "使用条款",
  "checkForUpdates": "检查更新",
+  "checkStatus": "检查状态",
  "downloadUpdate": "下载",
  "criticalUpdateAvailable": "有重要更新可用",
  "updateAvailable": "有可用的更新",
@@ -417,6 +418,9 @@
  "waitingForBrowserRequest": "正在等待浏览器请求...",
  "waitingForVerification": "等待验证...",
  "passkey": "通行密钥",
+  "passKeyPendingVerification": "仍需进行验证",
+  "loginSessionExpired": "会话已过期",
+  "loginSessionExpiredDetails": "您的会话已过期。请重新登录。",
  "developerSettingsWarning": "您确定要修改开发者设置吗？",
  "developerSettings": "开发者设置",
  "serverEndpoint": "服务器端点",
--- a/auth/lib/services/passkey_service.dart
+++ b/auth/lib/services/passkey_service.dart
@@ -49,7 +49,7 @@ class PasskeyService {
      );
    } catch (e) {
      Logger('PasskeyService').severe("failed to open passkey page", e);
-      showGenericErrorDialog(context: context).ignore();
+      showGenericErrorDialog(context: context, error: e).ignore();
    }
  }
 }
--- a/auth/lib/services/user_service.dart
+++ b/auth/lib/services/user_service.dart
@@ -101,7 +101,7 @@ class UserService {
        );
        return;
      }
-      unawaited(showGenericErrorDialog(context: context));
+      unawaited(showGenericErrorDialog(context: context, error: null));
    } on DioException catch (e) {
      await dialog.hide();
      _logger.info(e);
@@ -114,12 +114,12 @@ class UserService {
          ),
        );
      } else {
-        unawaited(showGenericErrorDialog(context: context));
+        unawaited(showGenericErrorDialog(context: context, error: e));
      }
    } catch (e) {
      await dialog.hide();
      _logger.severe(e);
-      unawaited(showGenericErrorDialog(context: context));
+      unawaited(showGenericErrorDialog(context: context, error: e));
    }
  }

@@ -165,7 +165,11 @@ class UserService {
      return userDetails;
    } catch (e) {
      _logger.warning("Failed to fetch", e);
-      rethrow;
+      if (e is DioException && e.response?.statusCode == 401) {
+        throw UnauthorizedError();
+      } else {
+        rethrow;
+      }
    }
  }

@@ -213,11 +217,17 @@ class UserService {
      }
    } catch (e) {
      _logger.severe(e);
+      // check if token is already invalid
+      if (e is DioException && e.response?.statusCode == 401) {
+        await Configuration.instance.logout();
+        Navigator.of(context).popUntil((route) => route.isFirst);
+        return;
+      }
      //This future is for waiting for the dialog from which logout() is called
      //to close and only then to show the error dialog.
      Future.delayed(
        const Duration(milliseconds: 150),
-        () => showGenericErrorDialog(context: context),
+        () => showGenericErrorDialog(context: context, error: e),
      );
      rethrow;
    }
@@ -238,7 +248,10 @@ class UserService {
      }
    } catch (e) {
      _logger.severe(e);
-      await showGenericErrorDialog(context: context);
+      await showGenericErrorDialog(
+        context: context,
+        error: e,
+      );
      return null;
    }
  }
--- a/auth/lib/ui/account/logout_dialog.dart
+++ b/auth/lib/ui/account/logout_dialog.dart
@@ -3,51 +3,64 @@ import 'package:ente_auth/l10n/l10n.dart';
 import 'package:ente_auth/store/authenticator_db.dart';
 import 'package:ente_auth/utils/dialog_util.dart';
 import 'package:flutter/material.dart';
+import 'package:logging/logging.dart';

+bool showingLogoutDialog = false;
 Future<void> autoLogoutAlert(BuildContext context) async {
-  final l10n = context.l10n;
-  final AlertDialog alert = AlertDialog(
-    title: Text(l10n.sessionExpired),
-    content: Text(l10n.pleaseLoginAgain),
-    actions: [
-      TextButton(
-        child: Text(
-          l10n.ok,
-          style: TextStyle(
-            color: Theme.of(context).colorScheme.primary,
+  if (showingLogoutDialog) {
+    debugPrint("Ignore event as already logging out");
+    return;
+  }
+  try {
+    showingLogoutDialog = true;
+    final l10n = context.l10n;
+    final AlertDialog alert = AlertDialog(
+      title: Text(l10n.sessionExpired),
+      content: Text(l10n.pleaseLoginAgain),
+      actions: [
+        TextButton(
+          child: Text(
+            l10n.ok,
+            style: TextStyle(
+              color: Theme.of(context).colorScheme.primary,
+            ),
          ),
+          onPressed: () async {
+            Navigator.of(context, rootNavigator: true).pop('dialog');
+            Navigator.of(context).popUntil((route) => route.isFirst);
+            int pendingSyncCount =
+                await AuthenticatorDB.instance.getNeedSyncCount();
+            if (pendingSyncCount > 0) {
+              // ignore: unawaited_futures
+              showChoiceActionSheet(
+                context,
+                title: l10n.pendingSyncs,
+                body: l10n.pendingSyncsWarningBody,
+                firstButtonLabel: context.l10n.yesLogout,
+                isCritical: true,
+                firstButtonOnTap: () async {
+                  await _logout(context, l10n);
+                },
+              );
+            } else {
+              await _logout(context, l10n);
+            }
+          },
        ),
-        onPressed: () async {
-          Navigator.of(context, rootNavigator: true).pop('dialog');
-          Navigator.of(context).popUntil((route) => route.isFirst);
-          int pendingSyncCount =
-              await AuthenticatorDB.instance.getNeedSyncCount();
-          if (pendingSyncCount > 0) {
-            // ignore: unawaited_futures
-            showChoiceActionSheet(
-              context,
-              title: l10n.pendingSyncs,
-              body: l10n.pendingSyncsWarningBody,
-              firstButtonLabel: context.l10n.yesLogout,
-              isCritical: true,
-              firstButtonOnTap: () async {
-                await _logout(context, l10n);
-              },
-            );
-          } else {
-            await _logout(context, l10n);
-          }
-        },
-      ),
-    ],
-  );
-  await showDialog(
-    context: context,
-    barrierDismissible: false,
-    builder: (BuildContext context) {
-      return alert;
-    },
-  );
+      ],
+    );
+    await showDialog(
+      context: context,
+      barrierDismissible: false,
+      builder: (BuildContext context) {
+        return alert;
+      },
+    );
+  } catch (e) {
+    Logger("LogoutDialog").severe('failed to process sign out action', e);
+  } finally {
+    showingLogoutDialog = false;
+  }
 }

 Future<void> _logout(BuildContext context, AppLocalizations l10n) async {
--- a/auth/lib/ui/account/password_entry_page.dart
+++ b/auth/lib/ui/account/password_entry_page.dart
@@ -412,7 +412,10 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
      _logger.severe(e, s);
      await dialog.hide();
      // ignore: unawaited_futures
-      showGenericErrorDialog(context: context);
+      showGenericErrorDialog(
+        context: context,
+        error: e,
+      );
    }
  }

@@ -472,7 +475,10 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
          _logger.severe(e, s);
          await dialog.hide();
          // ignore: unawaited_futures
-          showGenericErrorDialog(context: context);
+          showGenericErrorDialog(
+            context: context,
+            error: e,
+          );
        }
      }

@@ -500,7 +506,10 @@ class _PasswordEntryPageState extends State<PasswordEntryPage> {
        );
      } else {
        // ignore: unawaited_futures
-        showGenericErrorDialog(context: context);
+        showGenericErrorDialog(
+          context: context,
+          error: e,
+        );
      }
    }
  }
--- a/auth/lib/ui/account/verify_recovery_page.dart
+++ b/auth/lib/ui/account/verify_recovery_page.dart
@@ -47,7 +47,10 @@ class _VerifyRecoveryPageState extends State<VerifyRecoveryPage> {
              "Please check your internet connection and try again.",
            );
          } else {
-            await showGenericErrorDialog(context: context);
+            await showGenericErrorDialog(
+              context: context,
+              error: e,
+            );
          }
          return;
        }
@@ -107,7 +110,10 @@ class _VerifyRecoveryPageState extends State<VerifyRecoveryPage> {
        );
      } catch (e) {
        // ignore: unawaited_futures
-        showGenericErrorDialog(context: context);
+        showGenericErrorDialog(
+          context: context,
+          error: e,
+        );
        return;
      }
    }
--- a/auth/lib/ui/components/buttons/button_widget.dart
+++ b/auth/lib/ui/components/buttons/button_widget.dart
@@ -485,7 +485,10 @@ class _ButtonChildWidgetState extends State<ButtonChildWidget> {
    } else if (exception != null) {
      //This is to show the execution was unsuccessful if the dialog is manually
      //closed before the execution completes.
-      showGenericErrorDialog(context: context);
+      showGenericErrorDialog(
+        context: context,
+        error: exception,
+      );
    }
  }

--- a/auth/lib/ui/home_page.dart
+++ b/auth/lib/ui/home_page.dart
@@ -56,7 +56,8 @@ class _HomePageState extends State<HomePage> {
  final scaffoldKey = GlobalKey<ScaffoldState>();

  final TextEditingController _textController = TextEditingController();
-  final FocusNode searchInputFocusNode = FocusNode();
+  final bool _autoFocusSearch =
+      PreferenceService.instance.shouldAutoFocusOnSearchBar();
  bool _showSearchBox = false;
  String _searchText = "";
  List<Code>? _allCodes;
@@ -87,18 +88,7 @@ class _HomePageState extends State<HomePage> {
    _iconsChangedEvent = Bus.instance.on<IconsChangedEvent>().listen((event) {
      setState(() {});
    });
-    _showSearchBox = PreferenceService.instance.shouldAutoFocusOnSearchBar();
-    if (_showSearchBox) {
-      WidgetsBinding.instance.addPostFrameCallback(
-        (_) {
-          // https://github.com/flutter/flutter/issues/20706#issuecomment-646328652
-          FocusScope.of(context).unfocus();
-          Timer(const Duration(milliseconds: 1), () {
-            FocusScope.of(context).requestFocus(searchInputFocusNode);
-          });
-        },
-      );
-    }
+    _showSearchBox = _autoFocusSearch;
  }

  void _loadCodes() {
@@ -240,8 +230,7 @@ class _HomePageState extends State<HomePage> {
              : TextField(
                  autocorrect: false,
                  enableSuggestions: false,
-                  focusNode: searchInputFocusNode,
-                  autofocus: _searchText.isEmpty,
+                  autofocus: _autoFocusSearch,
                  controller: _textController,
                  onChanged: (val) {
                    _searchText = val;
@@ -460,7 +449,10 @@ class _HomePageState extends State<HomePage> {
        CodeStore.instance.addCode(newCode);
        _focusNewCode(newCode);
      } catch (e, s) {
-        showGenericErrorDialog(context: context);
+        showGenericErrorDialog(
+          context: context,
+          error: e,
+        );
        _logger.severe("error while handling deeplink", e, s);
      }
    }
--- a/auth/lib/ui/passkey_page.dart
+++ b/auth/lib/ui/passkey_page.dart
@@ -69,7 +69,7 @@ class _PasskeyPageState extends State<PasskeyPage> {
      return;
    } catch (e, s) {
      _logger.severe("failed to check status", e, s);
-      showGenericErrorDialog(context: context).ignore();
+      showGenericErrorDialog(context: context, error: e).ignore();
      return;
    }
    await UserService.instance.onPassKeyVerified(context, response);
@@ -111,7 +111,7 @@ class _PasskeyPageState extends State<PasskeyPage> {
      }
    } catch (e, s) {
      _logger.severe('passKey: failed to handle deeplink', e, s);
-      showGenericErrorDialog(context: context).ignore();
+      showGenericErrorDialog(context: context, error: e).ignore();
    }
  }

@@ -169,7 +169,7 @@ class _PasskeyPageState extends State<PasskeyPage> {
                  await checkStatus();
                } catch (e) {
                  debugPrint('failed to check status %e');
-                  showGenericErrorDialog(context: context).ignore();
+                  showGenericErrorDialog(context: context, error: e).ignore();
                }
              },
              shouldSurfaceExecutionStates: true,
--- a/auth/lib/ui/settings/account_section_widget.dart
+++ b/auth/lib/ui/settings/account_section_widget.dart
@@ -111,7 +111,10 @@ class AccountSectionWidget extends StatelessWidget {
                  CryptoUtil.bin2hex(Configuration.instance.getRecoveryKey());
            } catch (e) {
              // ignore: unawaited_futures
-              showGenericErrorDialog(context: context);
+              showGenericErrorDialog(
+                context: context,
+                error: e,
+              );
              return;
            }
            // ignore: unawaited_futures
--- a/auth/lib/ui/settings/security_section_widget.dart
+++ b/auth/lib/ui/settings/security_section_widget.dart
@@ -182,7 +182,10 @@ class _SecuritySectionWidgetState extends State<SecuritySectionWidget> {
      PasskeyService.instance.openPasskeyPage(buildContext).ignore();
    } catch (e, s) {
      _logger.severe("failed to open passkey page", e, s);
-      await showGenericErrorDialog(context: context);
+      await showGenericErrorDialog(
+        context: context,
+        error: e,
+      );
    }
  }

--- a/auth/lib/utils/dialog_util.dart
+++ b/auth/lib/utils/dialog_util.dart
@@ -13,6 +13,8 @@ import 'package:ente_auth/ui/components/components_constants.dart';
 import 'package:ente_auth/ui/components/dialog_widget.dart';
 import 'package:ente_auth/ui/components/models/button_result.dart';
 import 'package:ente_auth/ui/components/models/button_type.dart';
+import 'package:ente_auth/utils/email_util.dart';
+import 'package:flutter/foundation.dart';
 import 'package:flutter/material.dart';

 typedef DialogBuilder = DialogWidget Function(BuildContext context);
@@ -69,22 +71,97 @@ Future<ButtonResult?> showErrorDialogForException({
  );
 }

+String parseErrorForUI(
+  BuildContext context,
+  String genericError, {
+  Object? error,
+  bool surfaceError = kDebugMode,
+}) {
+  try {
+    if (error == null) {
+      return genericError;
+    }
+    if (error is DioException) {
+      final DioException dioError = error;
+      if (dioError.type == DioExceptionType.unknown) {
+        if (dioError.error.toString().contains('Failed host lookup')) {
+          return context.l10n.networkHostLookUpErr;
+        } else if (dioError.error.toString().contains('SocketException')) {
+          return context.l10n.networkConnectionRefusedErr;
+        }
+      }
+    }
+    // return generic error if the user is not internal and the error is not in debug mode
+    if (!kDebugMode) {
+      return genericError;
+    }
+    String errorInfo = "";
+    if (error is DioException) {
+      final DioException dioError = error;
+      if (dioError.type == DioExceptionType.badResponse) {
+        if (dioError.response?.data["code"] != null) {
+          errorInfo = "Reason: " + dioError.response!.data["code"];
+        } else {
+          errorInfo = "Reason: " + dioError.response!.data.toString();
+        }
+      } else if (dioError.type == DioExceptionType.unknown) {
+        errorInfo = "Reason: " + dioError.error.toString();
+      } else {
+        errorInfo = "Reason: " + dioError.type.toString();
+      }
+    } else {
+      if (kDebugMode) {
+        errorInfo = error.toString();
+      } else {
+        errorInfo = error.toString().split('Source stack')[0];
+      }
+    }
+    if (errorInfo.isNotEmpty) {
+      return "$genericError\n\n$errorInfo";
+    }
+    return genericError;
+  } catch (e) {
+    return genericError;
+  }
+}
+
 ///Will return null if dismissed by tapping outside
 Future<ButtonResult?> showGenericErrorDialog({
  required BuildContext context,
  bool isDismissible = true,
+  required Object? error,
 }) async {
+  final errorBody = parseErrorForUI(
+    context,
+    context.l10n.itLooksLikeSomethingWentWrongPleaseRetryAfterSome,
+    error: error,
+  );
+
  return showDialogWidget(
    context: context,
    title: context.l10n.error,
    icon: Icons.error_outline_outlined,
-    body: context.l10n.itLooksLikeSomethingWentWrongPleaseRetryAfterSome,
+    body: errorBody,
    isDismissible: isDismissible,
-    buttons: const [
+    buttons: [
+      ButtonWidget(
+        buttonType: ButtonType.primary,
+        labelText: context.l10n.ok,
+        buttonAction: ButtonAction.first,
+        isInAlert: true,
+      ),
      ButtonWidget(
        buttonType: ButtonType.secondary,
-        labelText: "OK",
-        isInAlert: true,
+        labelText: context.l10n.contactSupport,
+        buttonAction: ButtonAction.second,
+        onTap: () async {
+          await sendLogs(
+            context,
+            context.l10n.contactSupport,
+            "support@ente.io",
+            postShare: () {},
+          );
+        },
      ),
    ],
  );
--- a/auth/linux/packaging/appimage/make_config.yaml
+++ b/auth/linux/packaging/appimage/make_config.yaml
@@ -27,3 +27,6 @@ include:
    - libffi.so.8
    - libtiff.so.5
    - libjpeg.so.8
+
+supported_mime_type:
+  - x-scheme-handler/enteauth
--- a/auth/linux/packaging/deb/make_config.yaml
+++ b/auth/linux/packaging/deb/make_config.yaml
@@ -31,4 +31,4 @@ categories:
 startup_notify: false

 supported_mime_type:
-  - x-scheme-handler/ente
+  - x-scheme-handler/enteauth
--- a/auth/linux/packaging/rpm/make_config.yaml
+++ b/auth/linux/packaging/rpm/make_config.yaml
@@ -28,4 +28,4 @@ categories:
 startup_notify: false

 supported_mime_type:
-  - x-scheme-handler/ente
+  - x-scheme-handler/enteauth
--- a/auth/macos/Podfile.lock
+++ b/auth/macos/Podfile.lock
@@ -26,11 +26,11 @@ PODS:
  - path_provider_foundation (0.0.1):
    - Flutter
    - FlutterMacOS
-  - ReachabilitySwift (5.2.2)
+  - ReachabilitySwift (5.2.3)
  - screen_retriever (0.0.1):
    - FlutterMacOS
  - Sentry/HybridSDK (8.25.0)
-  - sentry_flutter (7.20.1):
+  - sentry_flutter (7.20.2):
    - Flutter
    - FlutterMacOS
    - Sentry/HybridSDK (= 8.25.0)
@@ -44,18 +44,21 @@ PODS:
  - sqflite (0.0.3):
    - Flutter
    - FlutterMacOS
-  - "sqlite3 (3.45.3+1)":
-    - "sqlite3/common (= 3.45.3+1)"
-  - "sqlite3/common (3.45.3+1)"
-  - "sqlite3/fts5 (3.45.3+1)":
+  - "sqlite3 (3.46.0+1)":
+    - "sqlite3/common (= 3.46.0+1)"
+  - "sqlite3/common (3.46.0+1)"
+  - "sqlite3/dbstatvtab (3.46.0+1)":
    - sqlite3/common
-  - "sqlite3/perf-threadsafe (3.45.3+1)":
+  - "sqlite3/fts5 (3.46.0+1)":
    - sqlite3/common
-  - "sqlite3/rtree (3.45.3+1)":
+  - "sqlite3/perf-threadsafe (3.46.0+1)":
+    - sqlite3/common
+  - "sqlite3/rtree (3.46.0+1)":
    - sqlite3/common
  - sqlite3_flutter_libs (0.0.1):
    - FlutterMacOS
-    - "sqlite3 (~> 3.45.3+1)"
+    - "sqlite3 (~> 3.46.0+1)"
+    - sqlite3/dbstatvtab
    - sqlite3/fts5
    - sqlite3/perf-threadsafe
    - sqlite3/rtree
@@ -152,23 +155,23 @@ SPEC CHECKSUMS:
  flutter_inappwebview_macos: 9600c9df9fdb346aaa8933812009f8d94304203d
  flutter_local_authentication: 85674893931e1c9cfa7c9e4f5973cb8c56b018b0
  flutter_local_notifications: 3805ca215b2fb7f397d78b66db91f6a747af52e4
-  flutter_secure_storage_macos: d56e2d218c1130b262bef8b4a7d64f88d7f9c9ea
+  flutter_secure_storage_macos: 59459653abe1adb92abbc8ea747d79f8d19866c9
  FlutterMacOS: 8f6f14fa908a6fb3fba0cd85dbd81ec4b251fb24
  OrderedSet: aaeb196f7fef5a9edf55d89760da9176ad40b93c
  package_info_plus: 02d7a575e80f194102bef286361c6c326e4c29ce
-  path_provider_foundation: 3784922295ac71e43754bd15e0653ccfd36a147c
-  ReachabilitySwift: 2128f3a8c9107e1ad33574c6e58e8285d460b149
+  path_provider_foundation: 2b6b4c569c0fb62ec74538f866245ac84301af46
+  ReachabilitySwift: 7f151ff156cea1481a8411701195ac6a984f4979
  screen_retriever: 59634572a57080243dd1bf715e55b6c54f241a38
  Sentry: cd86fc55628f5b7c572cabe66cc8f95a9d2f165a
-  sentry_flutter: 4cb24c1055c556d7b27262ab2e179d1e5a0b9b0c
+  sentry_flutter: 0cf2507eb90ff7a6aa3304e900dd7f08edbbefdf
  share_plus: 76dd39142738f7a68dd57b05093b5e8193f220f7
-  shared_preferences_foundation: b4c3b4cddf1c21f02770737f147a3f5da9d39695
+  shared_preferences_foundation: fcdcbc04712aee1108ac7fda236f363274528f78
  sodium_libs: d39bd76697736cb11ce4a0be73b9b4bc64466d6f
  sqflite: 673a0e54cc04b7d6dba8d24fb8095b31c3a99eec
-  sqlite3: 02d1f07eaaa01f80a1c16b4b31dfcbb3345ee01a
-  sqlite3_flutter_libs: 8d204ef443cf0d5c1c8b058044eab53f3943a9c5
+  sqlite3: 292c3e1bfe89f64e51ea7fc7dab9182a017c8630
+  sqlite3_flutter_libs: 5ca46c1a04eddfbeeb5b16566164aa7ad1616e7b
  tray_manager: 9064e219c56d75c476e46b9a21182087930baf90
-  url_launcher_macos: d2691c7dd33ed713bf3544850a623080ec693d95
+  url_launcher_macos: 5f437abeda8c85500ceb03f5c1938a8c5a705399
  window_manager: 3a1844359a6295ab1e47659b1a777e36773cd6e8

 PODFILE CHECKSUM: f401c31c8f7c5571f6f565c78915d54338812dab
--- a/auth/pubspec.lock
+++ b/auth/pubspec.lock
@@ -45,10 +45,10 @@ packages:
    dependency: "direct main"
    description:
      name: archive
-      sha256: "0763b45fa9294197a2885c8567927e2830ade852e5c896fd4ab7e0e348d0f373"
+      sha256: cb6a278ef2dbb298455e1a713bda08524a175630ec643a242c399c932a0a1f7d
      url: "https://pub.dev"
    source: hosted
-    version: "3.5.0"
+    version: "3.6.1"
  args:
    dependency: transitive
    description:
@@ -117,10 +117,10 @@ packages:
    dependency: transitive
    description:
      name: build_daemon
-      sha256: "0343061a33da9c5810b2d6cee51945127d8f4c060b7fbdd9d54917f0a3feaaa1"
+      sha256: "79b2aef6ac2ed00046867ed354c88778c9c0f029df8a20fe10b5436826721ef9"
      url: "https://pub.dev"
    source: hosted
-    version: "4.0.1"
+    version: "4.0.2"
  build_resolvers:
    dependency: transitive
    description:
@@ -133,18 +133,18 @@ packages:
    dependency: "direct dev"
    description:
      name: build_runner
-      sha256: "3ac61a79bfb6f6cc11f693591063a7f19a7af628dc52f141743edac5c16e8c22"
+      sha256: "644dc98a0f179b872f612d3eb627924b578897c629788e858157fa5e704ca0c7"
      url: "https://pub.dev"
    source: hosted
-    version: "2.4.9"
+    version: "2.4.11"
  build_runner_core:
    dependency: transitive
    description:
      name: build_runner_core
-      sha256: "4ae8ffe5ac758da294ecf1802f2aff01558d8b1b00616aa7538ea9a8a5d50799"
+      sha256: e3c79f69a64bdfcd8a776a3c28db4eb6e3fb5356d013ae5eb2e52007706d5dbe
      url: "https://pub.dev"
    source: hosted
-    version: "7.3.0"
+    version: "7.3.1"
  built_collection:
    dependency: transitive
    description:
@@ -415,10 +415,10 @@ packages:
    dependency: "direct main"
    description:
      name: file_saver
-      sha256: bdebc720e17b3e01aba59da69b6d47020a7e5ba7d5c75bd9194f9618d5f16ef4
+      sha256: d375b351e3331663abbaf99747abd72f159260c58fbbdbca9f926f02c01bdc48
      url: "https://pub.dev"
    source: hosted
-    version: "0.2.12"
+    version: "0.2.13"
  fixnum:
    dependency: "direct main"
    description:
@@ -444,10 +444,10 @@ packages:
    dependency: "direct main"
    description:
      name: flutter_bloc
-      sha256: f0ecf6e6eb955193ca60af2d5ca39565a86b8a142452c5b24d96fb477428f4d2
+      sha256: b594505eac31a0518bdcb4b5b79573b8d9117b193cc80cc12e17d639b10aa27a
      url: "https://pub.dev"
    source: hosted
-    version: "8.1.5"
+    version: "8.1.6"
  flutter_context_menu:
    dependency: "direct main"
    description:
@@ -586,18 +586,18 @@ packages:
    dependency: transitive
    description:
      name: flutter_plugin_android_lifecycle
-      sha256: "8cf40eebf5dec866a6d1956ad7b4f7016e6c0cc69847ab946833b7d43743809f"
+      sha256: c6b0b4c05c458e1c01ad9bcc14041dd7b1f6783d487be4386f793f47a8a4d03e
      url: "https://pub.dev"
    source: hosted
-    version: "2.0.19"
+    version: "2.0.20"
  flutter_secure_storage:
    dependency: "direct main"
    description:
      name: flutter_secure_storage
-      sha256: ffdbb60130e4665d2af814a0267c481bcf522c41ae2e43caf69fa0146876d685
+      sha256: "165164745e6afb5c0e3e3fcc72a012fb9e58496fb26ffb92cf22e16a821e85d0"
      url: "https://pub.dev"
    source: hosted
-    version: "9.0.0"
+    version: "9.2.2"
  flutter_secure_storage_linux:
    dependency: "direct overridden"
    description:
@@ -611,34 +611,34 @@ packages:
    dependency: transitive
    description:
      name: flutter_secure_storage_macos
-      sha256: bd33935b4b628abd0b86c8ca20655c5b36275c3a3f5194769a7b3f37c905369c
+      sha256: "1693ab11121a5f925bbea0be725abfcfbbcf36c1e29e571f84a0c0f436147a81"
      url: "https://pub.dev"
    source: hosted
-    version: "3.0.1"
+    version: "3.1.2"
  flutter_secure_storage_platform_interface:
    dependency: transitive
    description:
      name: flutter_secure_storage_platform_interface
-      sha256: "0d4d3a5dd4db28c96ae414d7ba3b8422fd735a8255642774803b2532c9a61d7e"
+      sha256: cf91ad32ce5adef6fba4d736a542baca9daf3beac4db2d04be350b87f69ac4a8
      url: "https://pub.dev"
    source: hosted
-    version: "1.0.2"
+    version: "1.1.2"
  flutter_secure_storage_web:
    dependency: transitive
    description:
      name: flutter_secure_storage_web
-      sha256: "30f84f102df9dcdaa2241866a958c2ec976902ebdaa8883fbfe525f1f2f3cf20"
+      sha256: f4ebff989b4f07b2656fb16b47852c0aab9fed9b4ec1c70103368337bc1886a9
      url: "https://pub.dev"
    source: hosted
-    version: "1.1.2"
+    version: "1.2.1"
  flutter_secure_storage_windows:
    dependency: transitive
    description:
      name: flutter_secure_storage_windows
-      sha256: "5809c66f9dd3b4b93b0a6e2e8561539405322ee767ac2f64d084e2ab5429d108"
+      sha256: b20b07cb5ed4ed74fc567b78a72936203f587eba460af1df11281c9326cd3709
      url: "https://pub.dev"
    source: hosted
-    version: "3.0.0"
+    version: "3.1.2"
  flutter_slidable:
    dependency: "direct main"
    description:
@@ -685,10 +685,10 @@ packages:
    dependency: "direct main"
    description:
      name: fluttertoast
-      sha256: "81b68579e23fcbcada2db3d50302813d2371664afe6165bc78148050ab94bf66"
+      sha256: "7eae679e596a44fdf761853a706f74979f8dd3cd92cf4e23cae161fda091b847"
      url: "https://pub.dev"
    source: hosted
-    version: "8.2.5"
+    version: "8.2.6"
  freezed_annotation:
    dependency: transitive
    description:
@@ -725,10 +725,10 @@ packages:
    dependency: "direct main"
    description:
      name: gradient_borders
-      sha256: "69eeaff519d145a4c6c213ada1abae386bcc8981a4970d923e478ce7ba19e309"
+      sha256: b1cd969552c83f458ff755aa68e13a0327d09f06c3f42f471b423b01427f21f8
      url: "https://pub.dev"
    source: hosted
-    version: "1.0.0"
+    version: "1.0.1"
  graphs:
    dependency: transitive
    description:
@@ -757,10 +757,10 @@ packages:
    dependency: transitive
    description:
      name: hashlib_codecs
-      sha256: "49e2a471f74b15f1854263e58c2ac11f2b631b5b12c836f9708a35397d36d626"
+      sha256: a1c7b5d89ff29e81fd8e8c0b35966db4c935e149fc4ebe1ebf71e358c15863ab
      url: "https://pub.dev"
    source: hosted
-    version: "2.2.0"
+    version: "2.4.0"
  hex:
    dependency: transitive
    description:
@@ -805,10 +805,10 @@ packages:
    dependency: transitive
    description:
      name: image
-      sha256: "4c68bfd5ae83e700b5204c1e74451e7bf3cf750e6843c6e158289cf56bda018e"
+      sha256: "2237616a36c0d69aef7549ab439b833fb7f9fb9fc861af2cc9ac3eedddd69ca8"
      url: "https://pub.dev"
    source: hosted
-    version: "4.1.7"
+    version: "4.2.0"
  intl:
    dependency: "direct main"
    description:
@@ -893,18 +893,18 @@ packages:
    dependency: "direct main"
    description:
      name: local_auth_android
-      sha256: e0e5b1ea247c5a0951c13a7ee13dc1beae69750e6a2e1910d1ed6a3cd4d56943
+      sha256: "48dfb2d954da8ef6a77adfc93a29998f7729e9308eaa817e91dea4500317b2c8"
      url: "https://pub.dev"
    source: hosted
-    version: "1.0.38"
+    version: "1.0.39"
  local_auth_darwin:
    dependency: "direct main"
    description:
      name: local_auth_darwin
-      sha256: "33381a15b0de2279523eca694089393bb146baebdce72a404555d03174ebc1e9"
+      sha256: e424ebf90d5233452be146d4a7da4bcd7a70278b67791592f3fde1bda8eef9e2
      url: "https://pub.dev"
    source: hosted
-    version: "1.2.2"
+    version: "1.3.1"
  local_auth_platform_interface:
    dependency: transitive
    description:
@@ -973,10 +973,10 @@ packages:
    dependency: "direct dev"
    description:
      name: mocktail
-      sha256: c4b5007d91ca4f67256e720cb1b6d704e79a510183a12fa551021f652577dce6
+      sha256: "890df3f9688106f25755f26b1c60589a92b3ab91a22b8b224947ad041bf172d8"
      url: "https://pub.dev"
    source: hosted
-    version: "1.0.3"
+    version: "1.0.4"
  modal_bottom_sheet:
    dependency: "direct main"
    description:
@@ -1085,18 +1085,18 @@ packages:
    dependency: transitive
    description:
      name: path_provider_android
-      sha256: a248d8146ee5983446bf03ed5ea8f6533129a12b11f12057ad1b4a67a2b3b41d
+      sha256: "9c96da072b421e98183f9ea7464898428e764bc0ce5567f27ec8693442e72514"
      url: "https://pub.dev"
    source: hosted
-    version: "2.2.4"
+    version: "2.2.5"
  path_provider_foundation:
    dependency: transitive
    description:
      name: path_provider_foundation
-      sha256: "5a7999be66e000916500be4f15a3633ebceb8302719b47b9cc49ce924125350f"
+      sha256: f234384a3fdd67f989b4d54a5d73ca2a6c422fa55ae694381ae0f4375cd1ea16
      url: "https://pub.dev"
    source: hosted
-    version: "2.3.2"
+    version: "2.4.0"
  path_provider_linux:
    dependency: transitive
    description:
@@ -1141,10 +1141,10 @@ packages:
    dependency: transitive
    description:
      name: platform
-      sha256: "12220bb4b65720483f8fa9450b4332347737cf8213dd2840d8b2c823e47243ec"
+      sha256: "9b71283fc13df574056616011fb138fd3b793ea47cc509c189a6c3fa5f8a1a65"
      url: "https://pub.dev"
    source: hosted
-    version: "3.1.4"
+    version: "3.1.5"
  plugin_platform_interface:
    dependency: transitive
    description:
@@ -1157,10 +1157,10 @@ packages:
    dependency: "direct main"
    description:
      name: pointycastle
-      sha256: "79fbafed02cfdbe85ef3fd06c7f4bc2cbcba0177e61b765264853d4253b21744"
+      sha256: "4be0097fcf3fd3e8449e53730c631200ebc7b88016acecab2b0da2f0149222fe"
      url: "https://pub.dev"
    source: hosted
-    version: "3.9.0"
+    version: "3.9.1"
  pool:
    dependency: transitive
    description:
@@ -1205,10 +1205,10 @@ packages:
    dependency: transitive
    description:
      name: pubspec_parse
-      sha256: c63b2876e58e194e4b0828fcb080ad0e06d051cb607a6be51a9e084f47cb9367
+      sha256: c799b721d79eb6ee6fa56f00c04b472dcd44a30d258fac2174a6ec57302678f8
      url: "https://pub.dev"
    source: hosted
-    version: "1.2.3"
+    version: "1.3.0"
  qr:
    dependency: transitive
    description:
@@ -1245,18 +1245,18 @@ packages:
    dependency: "direct main"
    description:
      name: sentry
-      sha256: e572d33a3ff1d69549f33ee828a8ff514047d43ca8eea4ab093d72461205aa3e
+      sha256: "57514bc72d441ffdc463f498d6886aa586a2494fa467a1eb9d649c28010d7ee3"
      url: "https://pub.dev"
    source: hosted
-    version: "7.20.1"
+    version: "7.20.2"
  sentry_flutter:
    dependency: "direct main"
    description:
      name: sentry_flutter
-      sha256: ac8cf6bb849f3560353ae33672e17b2713809a4e8de0d3cf372e9e9c42013757
+      sha256: "9723d58470ca43a360681ddd26abb71ca7b815f706bc8d3747afd054cf639ded"
      url: "https://pub.dev"
    source: hosted
-    version: "7.20.1"
+    version: "7.20.2"
  share_plus:
    dependency: "direct main"
    description:
@@ -1285,18 +1285,18 @@ packages:
    dependency: transitive
    description:
      name: shared_preferences_android
-      sha256: "1ee8bf911094a1b592de7ab29add6f826a7331fb854273d55918693d5364a1f2"
+      sha256: "93d0ec9dd902d85f326068e6a899487d1f65ffcd5798721a95330b26c8131577"
      url: "https://pub.dev"
    source: hosted
-    version: "2.2.2"
+    version: "2.2.3"
  shared_preferences_foundation:
    dependency: transitive
    description:
      name: shared_preferences_foundation
-      sha256: "7708d83064f38060c7b39db12aefe449cb8cdc031d6062280087bc4cdb988f5c"
+      sha256: "0a8a893bf4fd1152f93fec03a415d11c27c74454d96e2318a7ac38dd18683ab7"
      url: "https://pub.dev"
    source: hosted
-    version: "2.3.5"
+    version: "2.4.0"
  shared_preferences_linux:
    dependency: transitive
    description:
@@ -1341,10 +1341,10 @@ packages:
    dependency: transitive
    description:
      name: shelf_web_socket
-      sha256: "9ca081be41c60190ebcb4766b2486a7d50261db7bd0f5d9615f2d653637a84c1"
+      sha256: "073c147238594ecd0d193f3456a5fe91c4b0abbcc68bf5cd95b36c4e194ac611"
      url: "https://pub.dev"
    source: hosted
-    version: "1.0.4"
+    version: "2.0.0"
  shortid:
    dependency: transitive
    description:
@@ -1370,10 +1370,10 @@ packages:
    dependency: transitive
    description:
      name: sodium_libs
-      sha256: f7f6719b7ab3e8512ce7a5ecd7bc8d865482431cdd5a07a46b55b13c152b54e1
+      sha256: "441444f6f433032bae3444c2ef5ed2cf5bc0def77f104abdff20aedcf79a7c7a"
      url: "https://pub.dev"
    source: hosted
-    version: "2.2.1+1"
+    version: "2.2.1+5"
  source_gen:
    dependency: transitive
    description:
@@ -1411,10 +1411,10 @@ packages:
    description:
      path: sqflite
      ref: HEAD
-      resolved-ref: f281785e12e8b1abf2f9d41a587fc83d810724cf
+      resolved-ref: "3309d399dd7d695bbfa7c05f643bb16765cef4ee"
      url: "https://github.com/tekartik/sqflite"
    source: git
-    version: "2.3.3"
+    version: "2.3.3+1"
  sqflite_common:
    dependency: transitive
    description:
@@ -1435,18 +1435,18 @@ packages:
    dependency: "direct main"
    description:
      name: sqlite3
-      sha256: "1abbeb84bf2b1a10e5e1138c913123c8aa9d83cd64e5f9a0dd847b3c83063202"
+      sha256: b384f598b813b347c5a7e5ffad82cbaff1bec3d1561af267041e66f6f0899295
      url: "https://pub.dev"
    source: hosted
-    version: "2.4.2"
+    version: "2.4.3"
  sqlite3_flutter_libs:
    dependency: "direct main"
    description:
      name: sqlite3_flutter_libs
-      sha256: fb2a106a2ea6042fe57de2c47074cc31539a941819c91e105b864744605da3f5
+      sha256: "62bbb4073edbcdf53f40c80775f33eea01d301b7b81417e5b3fb7395416258c1"
      url: "https://pub.dev"
    source: hosted
-    version: "0.5.21"
+    version: "0.5.24"
  stack_trace:
    dependency: transitive
    description:
@@ -1547,10 +1547,10 @@ packages:
    dependency: "direct main"
    description:
      name: tray_manager
-      sha256: e0ac9a88b2700f366b8629b97e8663b6ef450a2f169560a685dc167bfe9c9c29
+      sha256: c9a63fd88bd3546287a7eb8ccc978d707eef82c775397af17dda3a4f4c039e64
      url: "https://pub.dev"
    source: hosted
-    version: "0.2.2"
+    version: "0.2.3"
  tuple:
    dependency: "direct main"
    description:
@@ -1579,26 +1579,26 @@ packages:
    dependency: "direct main"
    description:
      name: url_launcher
-      sha256: "6ce1e04375be4eed30548f10a315826fd933c1e493206eab82eed01f438c8d2e"
+      sha256: "21b704ce5fa560ea9f3b525b43601c678728ba46725bab9b01187b4831377ed3"
      url: "https://pub.dev"
    source: hosted
-    version: "6.2.6"
+    version: "6.3.0"
  url_launcher_android:
    dependency: transitive
    description:
      name: url_launcher_android
-      sha256: "360a6ed2027f18b73c8d98e159dda67a61b7f2e0f6ec26e86c3ada33b0621775"
+      sha256: ceb2625f0c24ade6ef6778d1de0b2e44f2db71fded235eb52295247feba8c5cf
      url: "https://pub.dev"
    source: hosted
-    version: "6.3.1"
+    version: "6.3.3"
  url_launcher_ios:
    dependency: transitive
    description:
      name: url_launcher_ios
-      sha256: "9149d493b075ed740901f3ee844a38a00b33116c7c5c10d7fb27df8987fb51d5"
+      sha256: "7068716403343f6ba4969b4173cbf3b84fc768042124bc2c011e5d782b24fe89"
      url: "https://pub.dev"
    source: hosted
-    version: "6.2.5"
+    version: "6.3.0"
  url_launcher_linux:
    dependency: transitive
    description:
@@ -1611,10 +1611,10 @@ packages:
    dependency: transitive
    description:
      name: url_launcher_macos
-      sha256: b7244901ea3cf489c5335bdacda07264a6e960b1c1b1a9f91e4bc371d9e68234
+      sha256: "9a1a42d5d2d95400c795b2914c36fdcb525870c752569438e4ebb09a2b5d90de"
      url: "https://pub.dev"
    source: hosted
-    version: "3.1.0"
+    version: "3.2.0"
  url_launcher_platform_interface:
    dependency: transitive
    description:
@@ -1703,22 +1703,30 @@ packages:
      url: "https://pub.dev"
    source: hosted
    version: "0.5.1"
+  web_socket:
+    dependency: transitive
+    description:
+      name: web_socket
+      sha256: "24301d8c293ce6fe327ffe6f59d8fd8834735f0ec36e4fd383ec7ff8a64aa078"
+      url: "https://pub.dev"
+    source: hosted
+    version: "0.1.5"
  web_socket_channel:
    dependency: transitive
    description:
      name: web_socket_channel
-      sha256: "58c6666b342a38816b2e7e50ed0f1e261959630becd4c879c4f26bfa14aa5a42"
+      sha256: a2d56211ee4d35d9b344d9d4ce60f362e4f5d1aafb988302906bd732bc731276
      url: "https://pub.dev"
    source: hosted
-    version: "2.4.5"
+    version: "3.0.0"
  win32:
    dependency: "direct main"
    description:
      name: win32
-      sha256: "0eaf06e3446824099858367950a813472af675116bf63f008a4c2a75ae13e9cb"
+      sha256: a79dbe579cb51ecd6d30b17e0cae4e0ea15e2c0e66f69ad4198f22a6789e94f4
      url: "https://pub.dev"
    source: hosted
-    version: "5.5.0"
+    version: "5.5.1"
  win32_registry:
    dependency: transitive
    description:
@@ -1768,5 +1776,5 @@ packages:
    source: hosted
    version: "3.1.2"
 sdks:
-  dart: ">=3.3.0 <4.0.0"
-  flutter: ">=3.19.0"
+  dart: ">=3.4.0 <4.0.0"
+  flutter: ">=3.22.0"
--- a/auth/pubspec.yaml
+++ b/auth/pubspec.yaml
@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 3.0.12+312
+version: 3.0.15+315
 publish_to: none

 environment:
@@ -92,8 +92,8 @@ dependencies:
      url: https://github.com/tekartik/sqflite
      path: sqflite
  sqflite_common_ffi: ^2.3.0+4
-  sqlite3: ^2.1.0
-  sqlite3_flutter_libs: ^0.5.19+1
+  sqlite3: ^2.4.3
+  sqlite3_flutter_libs: ^0.5.24
  steam_totp: ^0.0.1
  step_progress_indicator: ^1.0.2
  styled_text: ^8.1.0
--- a/cli/config.yaml.example
+++ b/cli/config.yaml.example
@@ -5,6 +5,8 @@

 endpoint:
  api: "http://localhost:8080"
+  # Endpoint for the account service for passkey
+  accounts: "http://localhost:3001"

 log:
 http: false # log status code & time taken by requests
--- a/cli/internal/api/login.go
+++ b/cli/internal/api/login.go
@@ -161,3 +161,22 @@ func (c *Client) VerifyTotp(
 	}
 	return &res, nil
 }
+
+func (c *Client) CheckPasskeyStatus(ctx context.Context,
+	sessionID string) (*AuthorizationResponse, error) {
+	var res AuthorizationResponse
+	r, err := c.restClient.R().
+		SetContext(ctx).
+		SetResult(&res).
+		Get("/users/two-factor/passkeys/get-token?sessionID=" + sessionID)
+	if err != nil {
+		return nil, err
+	}
+	if r.IsError() {
+		return nil, &ApiError{
+			StatusCode: r.StatusCode(),
+			Message:    r.String(),
+		}
+	}
+	return &res, nil
+}
--- a/cli/internal/api/login_type.go
+++ b/cli/internal/api/login_type.go
@@ -37,6 +37,7 @@ type AuthorizationResponse struct {
 	EncryptedToken     string         `json:"encryptedToken,omitempty"`
 	Token              string         `json:"token,omitempty"`
 	TwoFactorSessionID string         `json:"twoFactorSessionID"`
+	PassKeySessionID   string         `json:"passkeySessionID"`
 	// SrpM2 is sent only if the user is logging via SRP
 	// SrpM2 is the SRP M2 value aka the proof that the server has the verifier
 	SrpM2 *string `json:"srpM2,omitempty"`
@@ -45,3 +46,7 @@ type AuthorizationResponse struct {
 func (a *AuthorizationResponse) IsMFARequired() bool {
 	return a.TwoFactorSessionID != ""
 }
+
+func (a *AuthorizationResponse) IsPasskeyRequired() bool {
+	return a.PassKeySessionID != ""
+}
--- a/cli/internal/promt.go
+++ b/cli/internal/promt.go
@@ -38,6 +38,17 @@ func GetUserInput(label string) (string, error) {
 	return input, nil
 }

+func WaitForEnter(prompt string) error {
+	fmt.Println(prompt)
+	// Create a new reader from standard input.
+	reader := bufio.NewReader(os.Stdin)
+	_, err := reader.ReadString('\n')
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func GetAppType() api.App {
 	for {
 		app, err := GetUserInput("Enter app type (default: photos)")
--- a/cli/main.go
+++ b/cli/main.go
@@ -15,7 +15,7 @@ import (
 	"strings"
 )

-var AppVersion = "0.1.15"
+var AppVersion = "0.1.16"

 func main() {
 	cliDBPath, err := GetCLIConfigPath()
@@ -75,6 +75,10 @@ func main() {
 		}
 		return
 	}
+	if len(os.Args) == 1 {
+		// If no arguments are passed, show help
+		os.Args = append(os.Args, "help")
+	}
 	cmd.Execute(&ctrl, AppVersion)
 }

@@ -85,6 +89,7 @@ func initConfig(cliConfigPath string) {
 	viper.AddConfigPath(".")                 // optionally look for config in the working directory

 	viper.SetDefault("endpoint.api", constants.EnteApiUrl)
+	viper.SetDefault("endpoint.accounts", constants.EnteAccountUrl)
 	viper.SetDefault("log.http", false)
 	if err := viper.ReadInConfig(); err != nil {
 		if _, ok := err.(viper.ConfigFileNotFoundError); ok {
--- a/cli/pkg/account.go
+++ b/cli/pkg/account.go
@@ -58,6 +58,10 @@ func (c *ClICtrl) AddAccount(cxt context.Context) {
 	if authResponse.IsMFARequired() {
 		authResponse, flowErr = c.validateTOTP(cxt, authResponse)
 	}
+
+	if authResponse.IsPasskeyRequired() {
+		authResponse, flowErr = c.verifyPassKey(cxt, authResponse)
+	}
 	if authResponse.EncryptedToken == "" || authResponse.KeyAttributes == nil {
 		log.Fatalf("missing key attributes or token.\nNote: Please use the mobile,web or desktop app to create a new account.\nIf you are trying to login to an existing account, report a bug.")
 	}
--- a/cli/pkg/sign_in.go
+++ b/cli/pkg/sign_in.go
@@ -7,7 +7,9 @@ import (
 	"github.com/ente-io/cli/internal/api"
 	eCrypto "github.com/ente-io/cli/internal/crypto"
 	"github.com/ente-io/cli/pkg/model"
+	"github.com/ente-io/cli/utils/browser"
 	"github.com/ente-io/cli/utils/encoding"
+	"github.com/spf13/viper"
 	"log"

 	"github.com/kong/go-srp"
@@ -139,6 +141,31 @@ func (c *ClICtrl) validateTOTP(ctx context.Context, authResp *api.AuthorizationR
 	}
 }

+func (c *ClICtrl) verifyPassKey(ctx context.Context, authResp *api.AuthorizationResponse) (*api.AuthorizationResponse, error) {
+	if !authResp.IsPasskeyRequired() {
+		return authResp, nil
+	}
+	baseAccountUrl := viper.GetString("endpoint.accounts")
+	passkeyAuthUrl := fmt.Sprintf("%s/passkeys/verify?passkeySessionID=%s&redirect=ente-cli://passkey&clientPackage=io.ente.photos", baseAccountUrl, authResp.PassKeySessionID)
+	fmt.Printf("Open this url in browser to verify passkey: %s\n", passkeyAuthUrl)
+	err := browser.OpenURL(passkeyAuthUrl)
+	if err != nil {
+		fmt.Printf("Failed to open browser: %v\n", err)
+	}
+	for {
+		err = internal.WaitForEnter("Press enter once you have completed the passkey verification")
+		if err != nil {
+			return nil, err
+		}
+		totpResp, err := c.Client.CheckPasskeyStatus(ctx, authResp.PassKeySessionID)
+		if err != nil {
+			log.Printf("failed to verify %v", err)
+			continue
+		}
+		return totpResp, nil
+	}
+}
+
 func (c *ClICtrl) validateEmail(ctx context.Context, email string) (*api.AuthorizationResponse, error) {
 	err := c.Client.SendEmailOTP(ctx, email)
 	if err != nil {
--- a/cli/utils/browser/browser.go
+++ b/cli/utils/browser/browser.go
@@ -0,0 +1,48 @@
+package browser
+
+import (
+	"os/exec"
+	"runtime"
+	"strings"
+)
+
+// https://stackoverflow.com/questions/39320371/how-start-web-server-to-open-page-in-browser-in-golang
+// openURL opens the specified URL in the default browser of the user.
+func OpenURL(url string) error {
+	var cmd string
+	var args []string
+
+	switch runtime.GOOS {
+	case "windows":
+		cmd = "cmd"
+		args = []string{"/c", "start"}
+	case "darwin":
+		cmd = "open"
+		args = []string{url}
+	default: // "linux", "freebsd", "openbsd", "netbsd"
+		// Check if running under WSL
+		if isWSL() {
+			// Use 'cmd.exe /c start' to open the URL in the default Windows browser
+			cmd = "cmd.exe"
+			args = []string{"/c", "start", url}
+		} else {
+			// Use xdg-open on native Linux environments
+			cmd = "xdg-open"
+			args = []string{url}
+		}
+	}
+	if len(args) > 1 {
+		// args[0] is used for 'start' command argument, to prevent issues with URLs starting with a quote
+		args = append(args[:1], append([]string{""}, args[1:]...)...)
+	}
+	return exec.Command(cmd, args...).Start()
+}
+
+// isWSL checks if the Go program is running inside Windows Subsystem for Linux
+func isWSL() bool {
+	releaseData, err := exec.Command("uname", "-r").Output()
+	if err != nil {
+		return false
+	}
+	return strings.Contains(strings.ToLower(string(releaseData)), "microsoft")
+}
--- a/cli/utils/constants/constants.go
+++ b/cli/utils/constants/constants.go
@@ -1,4 +1,6 @@
 package constants

 const CliDataPath = "/cli-data/"
+
 const EnteApiUrl = "https://api.ente.io"
+const EnteAccountUrl = "https://account.ente.io"
--- a/desktop/.github/workflows/desktop-release.yml
+++ b/desktop/.github/workflows/desktop-release.yml
@@ -17,9 +17,10 @@ on:
        #
        - cron: "45 2 * * 1-6"
    push:
-        # Run when a tag matching the pattern "v*"" is pushed.
+        # Run when a tag matching the pattern "vd.d.d"" is pushed. Crucially for
+        # us, this excludes the "-rc" tags.
        tags:
-            - "v*"
+            - "v[0-9]+.[0-9]+.[0-9]+"

 jobs:
    release:
--- a/desktop/CHANGELOG.md
+++ b/desktop/CHANGELOG.md
@@ -1,6 +1,10 @@
 # CHANGELOG

-## v1.7.1 (Unreleased)
+## v1.7.2 (Unreleased)
+
+-   .
+
+## v1.7.1

 -   Support for passkeys as a second factor authentication mechanism.
 -   Remember the window size across app restarts.
--- a/desktop/docs/release.md
+++ b/desktop/docs/release.md
@@ -53,23 +53,24 @@ This'll trigger the workflow and create a new pre-release. We can edit this to
 add the release notes, convert it to a release. Once it is marked as latest, the
 release goes live.

-We are done at this point, and can now create a new pre-release to host
+We are done at this point, and can now update the other pre-release that hosts
 subsequent nightly builds.

 1.  Update `package.json` in the source repo to use version `1.x.x-rc`, and
    merge these changes into `main`.

-2.  In the release repo:
+2.  In the release repo, delete the existing _nightly_ pre-release, then:

    ```sh
    git tag 1.x.x-rc
    git push origin 1.x.x-rc
    ```

-3.  Once the workflow finishes and the pre-release is created, edit its
-    description to "Nightly builds".
+3.  Start a new run of the workflow (`gh workflow run desktop-release.yml`).

-4.  Delete the pre-release for the previous (already released) version.
+Once the workflow finishes and the 1.x.x-rc pre-release is created, edit its
+description to "Nightly builds". Subsequent scheduled nightly builds will update
+this pre-release.

 ## Workflow - Extra pre-releases

--- a/desktop/package.json
+++ b/desktop/package.json
@@ -1,6 +1,6 @@
 {
    "name": "ente",
-    "version": "1.7.1-rc",
+    "version": "1.7.2-rc",
    "private": true,
    "description": "Desktop client for Ente Photos",
    "repository": "github:ente-io/photos-desktop",
@@ -55,6 +55,6 @@
        "typescript": "^5",
        "typescript-eslint": "8.0.0-alpha.10"
    },
-    "packageManager": "yarn@1.22.21",
+    "packageManager": "yarn@1.22.22",
    "productName": "ente"
 }
--- a/desktop/src/main.ts
+++ b/desktop/src/main.ts
@@ -455,20 +455,51 @@ const allowExternalLinks = (webContents: WebContents) =>
 /**
 * Allow uploading to arbitrary S3 buckets.
 *
- * The files in the desktop app are served over the ente:// protocol. During
- * testing or self-hosting, we might be using a S3 bucket that does not allow
- * whitelisting a custom URI scheme. To avoid requiring the bucket to set an
- * "Access-Control-Allow-Origin: *" or do a echo-back of `Origin`, we add a
- * workaround here instead, intercepting the ACAO header and allowing `*`.
+ * The files in the desktop app are served over the ente:// protocol. When that
+ * is returned as the CORS allowed origin, "Access-Control-Allow-Origin:
+ * ente://app", CORS requests fail.
+ *
+ * Further, during testing or self-hosting, file uploads involve a redirection
+ * (This doesn't affect our production systems since we upload via a worker,
+ * See: [Note: Passing credentials for self-hosted file fetches]).
+ *
+ * In some cases, we might be using a S3 bucket that does not allow whitelisting
+ * a custom URI scheme. Echoing back the value of `Origin` (even if the bucket
+ * would allow us to) would also not work, since the browser sends `null` as the
+ * `Origin` for the redirected request (this is as per the CORS spec). So the
+ * only way in such cases would be to require the bucket to set an
+ * "Access-Control-Allow-Origin: *".
+ *
+ * To avoid these issues, we intercepting the ACAO header and set it to `*`.
+ *
+ * However, that cause problems with requests that use credentials since "*" is
+ * not a valid value in such cases. One such example is the HCaptcha requests
+ * made by Stripe when we initiate a payment within the desktop app:
+ *
+ * > Access to XMLHttpRequest at 'https://api2.hcaptcha.com/getcaptcha/xxx' from
+ * > origin 'https://newassets.hcaptcha.com' has been blocked by CORS policy:
+ * > The value of the 'Access-Control-Allow-Origin' header in the response must
+ * > not be the wildcard '*' when the request's credentials mode is 'include'.
+ * > The credentials mode of requests initiated by the XMLHttpRequest is
+ * > controlled by the withCredentials attribute.
+ *
+ * So we only do this workaround if there was either no ACAO specified in the
+ * response, or if the ACAO was "ente://app".
 */
 const allowAllCORSOrigins = (webContents: WebContents) =>
    webContents.session.webRequest.onHeadersReceived(
        ({ responseHeaders }, callback) => {
            const headers: NonNullable<typeof responseHeaders> = {};
-            for (const [key, value] of Object.entries(responseHeaders ?? {}))
-                if (key.toLowerCase() != "access-control-allow-origin")
-                    headers[key] = value;
+
            headers["Access-Control-Allow-Origin"] = ["*"];
+            for (const [key, value] of Object.entries(responseHeaders ?? {}))
+                if (key.toLowerCase() == "access-control-allow-origin") {
+                    headers["Access-Control-Allow-Origin"] =
+                        value[0] == rendererURL ? ["*"] : value;
+                } else {
+                    headers[key] = value;
+                }
+
            callback({ responseHeaders: headers });
        },
    );
--- a/docs/docs/.vitepress/sidebar.ts
+++ b/docs/docs/.vitepress/sidebar.ts
@@ -135,6 +135,10 @@ export const sidebar = [
                        text: "Files not uploading",
                        link: "/photos/troubleshooting/files-not-uploading",
                    },
+                    {
+                        text: "Missing thumbnails",
+                        link: "/photos/troubleshooting/thumbnails",
+                    },
                    {
                        text: "Sharing debug logs",
                        link: "/photos/troubleshooting/sharing-logs",
--- a/docs/docs/photos/features/passkeys.md
+++ b/docs/docs/photos/features/passkeys.md
@@ -5,11 +5,6 @@ description: Using passkeys as a second factor for your Ente account

 # Passkeys

-> [!CAUTION]
->
-> This is preview documentation for an upcoming feature. This feature has not
-> yet been released yet, so the steps below will not work currently.
-
 Passkeys are a new authentication mechanism that uses strong cryptography built
 into devices, like Windows Hello or Apple's Touch ID. **You can use passkeys as
 a second factor to secure your Ente account.**
@@ -17,9 +12,13 @@ a second factor to secure your Ente account.**
 > [!TIP]
 >
 > Passkeys are the colloquial term for a WebAuthn (Web Authentication)
-> credentials. To know more technical details about how our passkey verification
-> works, you can see this
-> [technical note in our source code](https://github.com/ente-io/ente/blob/main/web/docs/webauthn-passkeys.md).
+> credentials.
+>
+> -   More details about why and how are in the Passkeys announcement
+>     [blog post](https://ente.io/blog/introducing-passkeys-on-ente/).
+> -   And to know more technical details about how our passkey verification
+>     works, you can see this
+>     [technical note in our source code](https://github.com/ente-io/ente/blob/main/web/docs/webauthn-passkeys.md).

 ## Passkeys and TOTP

--- a/docs/docs/photos/troubleshooting/desktop-install/index.md
+++ b/docs/docs/photos/troubleshooting/desktop-install/index.md
@@ -20,8 +20,12 @@ start it, then you might need to install the VC++ runtime from Microsoft.

 This is what the error looks like:

+<div style="border: 1px solid black">
+
 ![Error when VC++ runtime is not installed](windows-vc.png){width=500px}

+</div>
+
 You can install the Microsoft VC++ redistributable runtime from here:<br/>
 https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170#latest-microsoft-visual-c-redistributable-version

--- a/docs/docs/photos/troubleshooting/files-not-uploading.md
+++ b/docs/docs/photos/troubleshooting/files-not-uploading.md
@@ -8,10 +8,18 @@ description:

 ## Network Issue

-If you are using VPN, please try disabling the VPN or switching provider.
+If you are using VPN, please try disabling the VPN or switching your provider.

 ## Web / Desktop

+### Disable "Faster uploads"
+
+We use a Cloudflare proxy to speed up uploads
+([blog post](https://ente.io/blog/tech/making-uploads-faster/)). However, in
+some network configurations (depending on the ISP) this might prevent uploads
+from going through, so if you're having trouble with uploads please try after
+disabling the "Faster uploads" setting in _Preferences > Advanced_.
+
 ### Certain file types are not uploading

 The desktop/web app tries to detect if a particular file is video or image. If
--- a/docs/docs/photos/troubleshooting/thumbnails.md
+++ b/docs/docs/photos/troubleshooting/thumbnails.md
@@ -0,0 +1,16 @@
+---
+title: Missing thumbnails
+description:
+    Troubleshooting when thumbnails are not being generated when uploading
+    images in Ente Photos
+---
+
+# Missing thumbnails
+
+## Black thumbnails
+
+Users have reported an issue with Firefox which prevents the app from generating
+thumbnails if the "block canvas fingerprinting" setting in Firefox is enabled
+(i.e. `privacy.resistFingerprinting` is set to true in `about:config`). That
+feature blocks access to the canvas, and the app needs the canvas to generate
+thumbnails.
--- a/docs/package.json
+++ b/docs/package.json
@@ -11,5 +11,5 @@
        "prettier": "^3",
        "vitepress": "^1.0.0-rc.45"
    },
-    "packageManager": "yarn@1.22.21"
+    "packageManager": "yarn@1.22.22"
 }
--- a/infra/services/README.md
+++ b/infra/services/README.md
@@ -2,7 +2,7 @@

 "Services" are Docker images we run on our instances and manage using systemd.

-All our services (including museum itself) follow the same pattern:
+Generally our services (including museum itself) follow the same pattern:

 -   They're run on vanilla Ubuntu instances. The only expectation they have is
    for Docker to be installed.
@@ -23,6 +23,8 @@ All our services (including museum itself) follow the same pattern:
    appropriate file from `/root/service-name` into the running Docker
    container.

+-   There are exceptions to this general pattern (See [sentry](sentry)).
+
 ## Systemd cheatsheet

 ```sh
--- a/infra/services/nginx/README.md
+++ b/infra/services/nginx/README.md
@@ -48,10 +48,12 @@ When adding new services that sit behind Nginx,
 All the files we put into `/root/nginx/conf.d` get included in an `http` block.
 We can see this in the default configuration of nginx:

-   http {
-       ...
-       include /etc/nginx/conf.d/*.conf;
-   }
+```
+http {
+    ...
+    include /etc/nginx/conf.d/*.conf;
+}
+```

 > To view the default configuration, run the following command against the
 > [official Docker image for Nginx](https://hub.docker.com/_/nginx), which is
--- a/infra/services/sentry/README.md
+++ b/infra/services/sentry/README.md
@@ -0,0 +1,137 @@
+# Sentry
+
+-   [Data flow](#understanding-the-data-flow)
+-   [Setting up a new instance](#setting-up-a-new-instance)
+
+## Data flow
+
+### Overview
+
+Clients tunnel events to sentry-reporter.ente.io, and include the DSN in the
+request. At the other end of the tunnel is a Cloudflare Worker which unwraps the
+event, remaps the DSN if needed, and sends it to our actual self-hosted Sentry
+instance, sentry.ente.io.
+
+Among other things, this indirection allows us to treat the Sentry instance as
+disposable, and recreate it from scratch anytime. The existing DSN's change, but
+that is not a problem because we remap DSNs in the worker that handles the
+tunneled requests.
+
+### DSN
+
+Sentry identifies each project with a unique ID it calls **DSN** (Data Source
+Name). The DSN is a URL that includes the project ID. For example, here is the
+DSN for the debug builds of the photos mobile app:
+
+    https://ca5e686dd7f149d9bf94e620564cceba@sentry.ente.io/3
+
+The DSN is considered public information and is included as part of the client's
+code. The DSN has 3 parts:
+
+    https://<public-key-for-project>@<host>/<project-id>
+
+The `<host>` for our case is sentry.ente.io.
+
+Each client has a separate project, and some clients have multiple projects
+(e.g. production / debug). Each of these get a separate DSN.
+
+### Reporting crashes
+
+Sentry supports
+[tunnels](https://docs.sentry.io/platforms/javascript/configuration/options/#tunnel).
+The idea is to encapsulate the entire "original" HTTP event which would've been
+reported to some Sentry instance, and instead send this encapsulated event to a
+URL that is hosted alongside the app itself (say, example.org/sentry). At the
+other end of the tunnel is a service that unwraps the original payload and
+forwards it to the actual Sentry instance.
+
+Usage on the client is simple - the mobile SDKs for Sentry support a `tunnel`
+parameter which can be set to "https://sentry-reporter.ente.io"
+
+The other end of the tunnel is handled by a Cloudflare Worker that listens for
+incoming requests to 'https://sentry-reporter.ente.io', and forwards the
+requests to `sentry.ente.io`. Before forwarding, it also remaps the DSNs sent by
+the client with the latest ones. This allows us to hardcode the DSN in the
+client - if the DSN on the Sentry backend changes, we can just update or add a
+new mapping in the worker.
+
+The source code for this worker is in
+[workers/sentry-reporter](../../workers/sentry-reporter).
+
+## Setting up a new instance
+
+### Overview
+
+The upstream documentation is at https://develop.sentry.dev/self-hosted/.
+
+We follow their steps (clone their setup, modify the configuration, and run the
+`./install.sh` that they provide). This results in a Sentry installation being
+available at localhost:9000.
+
+Then, we install an nginx service that terminates the Cloudflare TLS and reverse
+proxies to localhost:9000.
+
+To update Sentry just fetch the latest upstream and re-run `./install.sh`.
+
+### Steps
+
+> The following assumes that you have already provisioned new instances using
+> our standard process.
+
+-   `cd /home/ente && git clone https://github.com/getsentry/self-hosted sentry`
+-   Checkout the latest tag, e.g. `git checkout 24.2.0` (Sentry uses CalVer, so
+    this'll be the latest `year.month.0`)
+-   Run `sudo ./install.sh`
+
+The rest of this section describes the remaining three steps:
+
+-   Modify configuration
+-   Configure and start external nginx
+-   Start the cluster
+
+### Configuration
+
+Modify `sentry/config.yml`, adding relevant bits from the contents of
+`config.yml` (from this repository) and the mail credentials.
+
+Next, modify `.env`, setting
+
+    SENTRY_EVENT_RETENTION_DAYS=30
+    SENTRY_MAIL_HOST=ente.io
+
+### Configure external nginx
+
+Add the nginx service (See [services/nginx](../services/nginx/README.md)) to the
+instance.
+
+Add the Sentry nginx conf and certificates (since this instance will be running
+only sentry, we can use sentry specific certificates instead of our general
+wildcard ones).
+
+    sudo mv sentry.nginx.conf /root/nginx/conf.d
+    sudo tee /root/nginx/cert.pem
+    sudo tee /root/nginx/key.pem
+
+### Start Sentry
+
+Sentry should automatically start when the instance boots. If needed (and for
+the first time), it can be started manually by
+
+    cd /home/ente/sentry
+    sudo docker compose up -d
+
+The (external) nginx service will also start automatically on boot, but
+if neded it can be manually started by
+
+    sudo systemctl start nginx
+
+In their docs Sentry sometimes refers to commands like `sentry createuser`. To
+run them, prefix the command with `docker compose exec web`. e.g.
+
+    cd /home/ente/sentry
+    sudo docker compose exec web sentry createuser
+
+If needed, Sentry can be stopped by using
+
+    cd /home/ente/sentry
+    sudo docker compose stop
--- a/infra/services/sentry/config.yml
+++ b/infra/services/sentry/config.yml
@@ -0,0 +1,13 @@
+###############
+# Mail Server #
+###############
+
+mail.host: "smtp.example.org"
+mail.port: 587
+mail.username: ""
+mail.password: ""
+mail.use-tls: true
+
+# ...
+
+system.url-prefix: "https://sentry.ente.io"
--- a/infra/services/sentry/sentry.nginx.conf
+++ b/infra/services/sentry/sentry.nginx.conf
@@ -0,0 +1,19 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    ssl_certificate         /etc/ssl/certs/cert.pem;
+    ssl_certificate_key     /etc/ssl/private/key.pem;
+
+    server_name sentry.ente.io;
+
+    client_max_body_size 500m;
+
+    location / {
+        proxy_pass http://host.docker.internal:9000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
--- a/infra/staff/package-lock.json
+++ b/infra/staff/package-lock.json
--- a/infra/staff/package.json
+++ b/infra/staff/package.json
@@ -13,6 +13,7 @@
    "dependencies": {
        "react": "^18",
        "react-dom": "^18",
+        "react-toastify": "^10.0.5",
        "zod": "^3"
    },
    "devDependencies": {
@@ -28,8 +29,8 @@
        "prettier": "^3",
        "prettier-plugin-organize-imports": "^3.2",
        "prettier-plugin-packagejson": "^2.5",
-        "typescript": "^5",
+        "typescript": "^5.4.5",
        "vite": "^5.2"
    },
-    "packageManager": "yarn@1.22.21"
+    "packageManager": "yarn@1.22.22"
 }
--- a/infra/staff/src/App.css
+++ b/infra/staff/src/App.css
@@ -0,0 +1,124 @@
+.fetch-button-container {
+    margin-right: 180px;
+    margin-left: 10px;
+}
+
+.content-wrapper {
+    display: flex;
+    align-items: flex-start;
+    margin-left: 175px;
+}
+
+.fetch-button-container button {
+    padding: 10px 20px;
+    font-size: 16px;
+    cursor: pointer;
+    background-color: #009879;
+    color: white;
+    border: none;
+    border-radius: 5px;
+    margin-top: 20px;
+}
+
+.fetch-button-container button:hover {
+    background-color: #007c6c;
+}
+
+.sidebar {
+    padding: 20px;
+    flex: 0 0 auto;
+}
+
+.button-container {
+    display: flex;
+    gap: 10px;
+}
+
+button {
+    padding: 10px 20px;
+    font-size: 16px;
+}
+
+.error-message {
+    margin-top: 20px;
+    color: red;
+}
+
+.message {
+    position: fixed;
+    bottom: 10px;
+    left: 50%;
+    transform: translateX(-50%);
+    padding: 10px;
+    border-radius: 5px;
+    background-color: #f0f0f0;
+    box-shadow: 0 2px 5px rgba(0, 0, 0, 0.2);
+}
+
+.message.error {
+    background-color: #f44336;
+    color: white;
+}
+
+.message.success {
+    background-color: #4caf50;
+    color: white;
+}
+
+.dropdown-container {
+    margin-bottom: 20px;
+    position: relative; /* Ensure relative positioning for dropdown menu */
+}
+
+.more-button {
+    padding: 10px 20px;
+    font-size: 16px;
+    cursor: pointer;
+    background-color: #009879;
+    color: white;
+    border: none;
+    border-radius: 5px;
+    margin-top: 1px;
+}
+
+.more-button:hover {
+    background-color: #007c6c;
+}
+
+.dropdown-menu {
+    position: absolute;
+    top: calc(100% + 5px); /* Position right below the More button */
+    left: 0;
+    z-index: 100;
+    display: block;
+    background-color: #fff;
+    box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+    border: 1px solid #ccc;
+    border-radius: 5px;
+    padding: 10px;
+    max-height: 150px; /* Example: Set max height for scrollability */
+    overflow-y: auto; /* Enable vertical scroll */
+}
+
+/* Remove bullets from unordered list */
+.dropdown-menu ul {
+    list-style-type: none;
+    padding: 0;
+    margin: 0;
+}
+
+.dropdown-menu button {
+    display: block;
+    width: 100%;
+    padding: 8px 16px;
+    font-size: 14px;
+    color: #333;
+    background-color: transparent;
+    border: none;
+    cursor: pointer;
+    transition: background-color 0.3s ease;
+}
+
+.dropdown-menu button:hover {
+    background-color: #f0f0f0;
+}
--- a/infra/staff/src/App.tsx
+++ b/infra/staff/src/App.tsx
@@ -1,12 +1,21 @@
 import React, { useEffect, useState } from "react";
+import "./App.css";
+import { Sidebar } from "./components/Sidebar";
 import { apiOrigin } from "./services/support";
 import S from "./utils/strings";

+type User = Record<
+    string,
+    string | number | boolean | null | undefined | Record<string, unknown>
+>;
+type UserData = Record<string, User>;
+
 export const App: React.FC = () => {
-    const [token, setToken] = useState("");
-    const [email, setEmail] = useState("");
-    const [userData, setUserData] = useState<any>(null);
+    const [token, setToken] = useState<string>("");
+    const [email, setEmail] = useState<string>("");
+    const [userData, setUserData] = useState<UserData | null>(null);
    const [error, setError] = useState<string | null>(null);
+    const [isDataFetched, setIsDataFetched] = useState<boolean>(false); // Track if data has been fetched successfully

    useEffect(() => {
        const storedToken = localStorage.getItem("token");
@@ -25,25 +34,32 @@ export const App: React.FC = () => {

    const fetchData = async () => {
        try {
-            const url = `${apiOrigin}/admin/user?email=${email}&token=${token}`;
+            const encodedEmail = encodeURIComponent(email);
+            const encodedToken = encodeURIComponent(token);
+            const url = `${apiOrigin}/admin/user?email=${encodedEmail}&token=${encodedToken}`;
+            console.log(`Fetching data from URL: ${url}`);
            const response = await fetch(url);
            if (!response.ok) {
                throw new Error("Network response was not ok");
            }
-            const userData = await response.json();
-            console.log("API Response:", userData);
-            setUserData(userData);
+            const userDataResponse = (await response.json()) as UserData;
+            console.log("API Response:", userDataResponse);
+            setUserData(userDataResponse);
            setError(null);
+            setIsDataFetched(true); // Set to true when data is successfully fetched
        } catch (error) {
            console.error("Error fetching data:", error);
            setError((error as Error).message);
+            setIsDataFetched(false); // Set to false if there's an error fetching data
        }
    };

-    const renderAttributes = (data: any) => {
+    const renderAttributes = (
+        data: Record<string, unknown> | User | null,
+    ): React.ReactNode => {
        if (!data) return null;

-        let nullAttributes: string[] = [];
+        const nullAttributes: string[] = [];

        const rows = Object.entries(data).map(([key, value]) => {
            console.log("Processing key:", key, "value:", value);
@@ -67,7 +83,9 @@ export const App: React.FC = () => {
                                {key.toUpperCase()}
                            </td>
                        </tr>
-                        {renderAttributes(value)}
+                        {renderAttributes(
+                            value as Record<string, unknown> | User,
+                        )}
                    </React.Fragment>
                );
            } else {
@@ -87,17 +105,26 @@ export const App: React.FC = () => {
                    displayValue = `${(value / 1024 ** 3).toFixed(2)} GB`;
                } else if (typeof value === "string") {
                    try {
-                        const parsedValue = JSON.parse(value);
+                        const parsedValue = JSON.parse(
+                            value,
+                        ) as React.ReactNode;
                        displayValue = parsedValue;
                    } catch (error) {
                        displayValue = value;
                    }
+                } else if (typeof value === "object" && value !== null) {
+                    displayValue = JSON.stringify(value, null, 2); // Pretty print JSON
                } else if (value === null) {
                    displayValue = "null";
-                } else if (typeof value !== "undefined") {
+                } else if (
+                    typeof value === "boolean" ||
+                    typeof value === "number"
+                ) {
                    displayValue = value.toString();
-                } else {
+                } else if (typeof value === "undefined") {
                    displayValue = "undefined";
+                } else {
+                    displayValue = value as string; // Fallback for any other types
                }

                return (
@@ -128,11 +155,19 @@ export const App: React.FC = () => {
        return rows;
    };

+    const handleKeyPress = (event: React.KeyboardEvent<HTMLFormElement>) => {
+        if (event.key === "Enter") {
+            event.preventDefault(); // Prevent form submission
+            fetchData().catch((error: unknown) =>
+                console.error("Fetch data error:", error),
+            );
+        }
+    };
+
    return (
        <div className="container center-table">
            <h1>{S.hello}</h1>
-
-            <form className="input-form">
+            <form className="input-form" onKeyPress={handleKeyPress}>
                <div className="input-group">
                    <label>
                        Token:
@@ -164,21 +199,19 @@ export const App: React.FC = () => {
                    </label>
                </div>
            </form>
-            <div className="fetch-button">
-                <button
-                    onClick={fetchData}
-                    style={{
-                        padding: "10px 20px",
-                        fontSize: "16px",
-                        cursor: "pointer",
-                        backgroundColor: "#009879",
-                        color: "white",
-                        border: "none",
-                        borderRadius: "5px",
-                    }}
-                >
-                    FETCH
-                </button>
+            <div className="content-wrapper">
+                {isDataFetched && <Sidebar token={token} email={email} />}
+                <div className="fetch-button-container">
+                    <button
+                        onClick={() => {
+                            fetchData().catch((error: unknown) =>
+                                console.error("Fetch data error:", error),
+                            );
+                        }}
+                    >
+                        FETCH
+                    </button>
+                </div>
            </div>
            <br />
            {error && <p style={{ color: "red" }}>{`Error: ${error}`}</p>}
@@ -208,7 +241,7 @@ export const App: React.FC = () => {
                                        {category.toUpperCase()}
                                    </td>
                                </tr>
-                                {renderAttributes(userData[category])}
+                                {renderAttributes(userData[category] ?? null)}
                            </React.Fragment>
                        ))}
                    </tbody>
@@ -222,3 +255,5 @@ export const App: React.FC = () => {
        </div>
    );
 };
+
+export default App;
--- a/infra/staff/src/components/Sidebar.tsx
+++ b/infra/staff/src/components/Sidebar.tsx
@@ -0,0 +1,185 @@
+import React, { useState } from "react";
+import "../App.css";
+import { apiOrigin } from "../services/support";
+
+interface SidebarProps {
+    token: string;
+    email: string;
+}
+
+interface UserData {
+    user: {
+        ID: string;
+    };
+}
+
+export const Sidebar: React.FC<SidebarProps> = ({ token, email }) => {
+    const [, /*userId*/ setUserId] = useState<string | null>(null);
+    const [error, setError] = useState<string | null>(null);
+    const [message, setMessage] = useState<string | null>(null);
+    const [dropdownVisible, setDropdownVisible] = useState<boolean>(false);
+
+    interface ApiResponse {
+        data: {
+            userId: string;
+        };
+    }
+
+    const fetchData = async (): Promise<string | null> => {
+        if (!email || !token) {
+            setError("Email or token is missing.");
+            return null;
+        }
+
+        try {
+            const url = `${apiOrigin}/admin/user?email=${encodeURIComponent(
+                email,
+            )}&token=${encodeURIComponent(token)}`;
+            const response = await fetch(url);
+            if (!response.ok) {
+                throw new Error("Network response was not ok");
+            }
+            const userDataResponse = (await response.json()) as UserData;
+            const fetchedUserId = userDataResponse.user.ID;
+            if (!fetchedUserId) {
+                throw new Error("User ID not found in response");
+            }
+            setUserId(fetchedUserId);
+            setError(null);
+            return fetchedUserId;
+        } catch (error) {
+            console.error("Error fetching data:", error);
+            setError(
+                error instanceof Error && typeof error.message === "string"
+                    ? error.message
+                    : "An unexpected error occurred",
+            );
+
+            setTimeout(() => {
+                setError(null);
+            }, 1000);
+            return null;
+        }
+    };
+
+    const performAction = async (userId: string, action: string) => {
+        try {
+            const actionUrls: Record<string, string> = {
+                Disable2FA: "/admin/user/disable-2fa",
+                DisablePasskeys: "/admin/user/disable-passkeys",
+                Closefamily: "/admin/user/close-family",
+            };
+
+            const url = `${apiOrigin}${actionUrls[action]}?id=${encodeURIComponent(
+                userId,
+            )}&token=${encodeURIComponent(token)}`;
+            const response = await fetch(url, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({ userId }),
+            });
+
+            if (!response.ok) {
+                throw new Error(
+                    `Network response was not ok: ${response.status}`,
+                );
+            }
+
+            const result = (await response.json()) as ApiResponse;
+            console.log("API Response:", result);
+
+            setMessage(`${action} completed successfully`);
+            setError(null);
+            setTimeout(() => {
+                setMessage(null);
+            }, 1000);
+            setDropdownVisible(false);
+        } catch (error) {
+            console.error(`Error ${action}:`, error);
+            setError(
+                error instanceof Error && typeof error.message === "string"
+                    ? error.message
+                    : "An unexpected error occurred",
+            );
+
+            setTimeout(() => {
+                setError(null);
+            }, 1000);
+            setMessage(null);
+        }
+    };
+
+    const handleActionClick = async (action: string) => {
+        try {
+            const fetchedUserId = await fetchData();
+            if (!fetchedUserId) {
+                throw new Error("Incorrect email id or token");
+            }
+
+            await performAction(fetchedUserId, action);
+        } catch (error) {
+            console.error(`Error performing ${action}:`, error);
+            setError(
+                error instanceof Error && typeof error.message === "string"
+                    ? error.message
+                    : "An unexpected error occurred",
+            );
+
+            setTimeout(() => {
+                setError(null);
+            }, 1000);
+            setMessage(null);
+        }
+    };
+
+    const toggleDropdown = () => {
+        setDropdownVisible(!dropdownVisible);
+    };
+
+    const dropdownOptions = [
+        { value: "Disable2FA", label: "Disable 2FA" },
+        { value: "Closefamily", label: "Close Family" },
+        { value: "DisablePasskeys", label: "Disable Passkeys" },
+    ];
+
+    return (
+        <div className="sidebar">
+            <div className="dropdown-container">
+                <button className="more-button" onClick={toggleDropdown}>
+                    MORE
+                </button>
+                {dropdownVisible && (
+                    <div className="dropdown-menu">
+                        <ul>
+                            {dropdownOptions.map((option) => (
+                                <li key={option.value}>
+                                    <button
+                                        onClick={() => {
+                                            handleActionClick(
+                                                option.value,
+                                            ).catch((error: unknown) =>
+                                                console.error(
+                                                    "Error handling action:",
+                                                    error,
+                                                ),
+                                            );
+                                        }}
+                                    >
+                                        {option.label}
+                                    </button>
+                                </li>
+                            ))}
+                        </ul>
+                    </div>
+                )}
+            </div>
+            {(error ?? message) && (
+                <div className={`message ${error ? "error" : "success"}`}>
+                    {error ? `Error: ${error}` : `Success: ${message}`}
+                </div>
+            )}
+        </div>
+    );
+};
+
+export default Sidebar;
--- a/infra/staff/src/main.tsx
+++ b/infra/staff/src/main.tsx
@@ -4,7 +4,7 @@ import { App } from "./App";
 import "./styles/globals.css";

 const root = document.getElementById("root");
-if (!root) throw new Error("Could not load root element to render onto");
+if (!root) throw new Error("Could not load root element to qrender onto");

 ReactDOM.createRoot(root).render(
    <React.StrictMode>
--- a/infra/staff/src/services/support.ts
+++ b/infra/staff/src/services/support.ts
@@ -1,6 +1,7 @@
 import { z } from "zod";

-export const apiOrigin = import.meta.env.VITE_ENTE_API_ORIGIN ?? "https://api.ente.io";
+export const apiOrigin =
+    import.meta.env.VITE_ENTE_API_ORIGIN ?? "https://api.ente.io";

 const UserDetails = z.object({}).passthrough();

--- a/infra/staff/src/vite-env.d.ts
+++ b/infra/staff/src/vite-env.d.ts
@@ -9,7 +9,9 @@ interface ImportMetaEnv {
     * Override the origin (scheme://host:port) of Ente's API to connect to.
     *
     * Default is "https://api.ente.io".
-     */
+    
+*/
+
    readonly VITE_ENTE_API_ORIGIN: string | undefined;
 }

--- a/infra/staff/yarn.lock
+++ b/infra/staff/yarn.lock
--- a/infra/workers/.prettierrc.json
+++ b/infra/workers/.prettierrc.json
@@ -1,3 +1,4 @@
 {
-    "tabWidth": 4
+    "tabWidth": 4,
+    "proseWrap": "always"
 }
--- a/infra/workers/README.md
+++ b/infra/workers/README.md
@@ -1,23 +1,28 @@
 # Cloudflare Workers

-Source code for our [Cloudflare
-Workers](https://developers.cloudflare.com/workers/).
+Source code for our
+[Cloudflare Workers](https://developers.cloudflare.com/workers/).

-Each worker is a self contained directory with its each `package.json`.
+Workers are organized as Yarn workspaces sharing a common `package.json` and
+base `tsconfig`. They can however be deployed individually.

 ## Deploying

-* Switch to a worker directory, e.g. `cd github-discord-notifier`.
+Install dependencies with `yarn`.

-* Install dependencies (if needed) with `yarn`
+> If you have previously deployed, then you will have an old `yarn.lock`. In
+> this case it is safe to delete and recreate using `rm yarn.lock && yarn`.

-* Login into wrangler (if needed) using `yarn wrangler login`
+Then, to deploy an individual worker

-* Deploy! `yarn wrangler deploy`
+-   Login into wrangler (if needed) using
+    `yarn workspace health-check wrangler login`
+
+-   Deploy! `yarn workspace health-check wrangler deploy`

 Wrangler is the CLI provided by Cloudflare to manage workers. Apart from
-deploying, it also allows us to stream logs from running workers by using `yarn
-wrangler tail`.
+deploying, it also allows us to stream logs from running workers by using
+`yarn workspace <worker-name> wrangler tail`.

 ## Creating a new worker

@@ -30,3 +35,12 @@ To import an existing worker from the Cloudflare dashboard, use
 ```sh
 npm create cloudflare@2 existing-worker-name -- --type pre-existing --existing-script existing-worker-name
 ```
+
+## Logging
+
+Attach the tail worker to your worker by adding
+
+    tail_consumers = [{ service = "tail" }]
+
+in its `wrangler.toml`. Then any `console.(log|warn|error)` statements and
+uncaught exceptions in your worker will be logged to Grafana.
--- a/infra/workers/cast-albums/package.json
+++ b/infra/workers/cast-albums/package.json
@@ -1,9 +1,5 @@
 {
    "name": "cast-albums",
-    "private": true,
-    "devDependencies": {
-        "@cloudflare/workers-types": "^4.20240314.0",
-        "typescript": "^5",
-        "wrangler": "^3"
-    }
+    "version": "0.0.0",
+    "private": true
 }
--- a/infra/workers/cast-albums/src/index.ts
+++ b/infra/workers/cast-albums/src/index.ts
@@ -1,50 +1,72 @@
-/** Proxy file and thumbnail requests from the cast web app */
+/** Proxy file and thumbnail requests for the cast web app. */

 export default {
    async fetch(request: Request) {
        switch (request.method) {
-            case "GET":
-                return handleGET(request);
            case "OPTIONS":
                return handleOPTIONS(request);
+            case "GET":
+                return handleGET(request);
            default:
-                throw new Error(
-                    `HTTP 405 Method Not Allowed: ${request.method}`
-                );
+                console.log(`Unsupported HTTP method ${request.method}`);
+                return new Response(null, { status: 405 });
        }
    },
 } satisfies ExportedHandler;

+const handleOPTIONS = (request: Request) => {
+    const origin = request.headers.get("Origin");
+    if (!isAllowedOrigin(origin)) console.warn("Unknown origin", origin);
+    return new Response("", {
+        headers: {
+            "Access-Control-Allow-Origin": "*",
+            "Access-Control-Allow-Methods": "GET, OPTIONS",
+            "Access-Control-Max-Age": "86400",
+            "Access-Control-Allow-Headers": "X-Cast-Access-Token",
+        },
+    });
+};
+
+const isAllowedOrigin = (origin: string | null) => {
+    const allowed = ["cast.ente.io", "cast.ente.sh", "localhost"];
+
+    if (!origin) return false;
+    try {
+        const url = new URL(origin);
+        return allowed.includes(url.hostname);
+    } catch {
+        // origin is likely an invalid URL
+        return false;
+    }
+};
+
 const handleGET = async (request: Request) => {
    const url = new URL(request.url);
-    const urlParams = new URLSearchParams(url.search);
-    const token =
-        request.headers.get("X-Cast-Access-Token") ??
-        urlParams.get("castToken");

-    const fileID = urlParams.get("fileID");
+    const fileID = url.searchParams.get("fileID");
+    if (!fileID) return new Response(null, { status: 400 });
+
+    let castToken = request.headers.get("X-Cast-Access-Token");
+    if (!castToken) {
+        console.warn("Using deprecated castToken query param");
+        castToken = url.searchParams.get("castToken");
+    }
+
+    if (!castToken) {
+        console.error("No cast token provided");
+        return new Response(null, { status: 400 });
+    }
+
    const pathname = url.pathname;
+    const params = new URLSearchParams({ castToken });

    let response = await fetch(
-        `https://api.ente.io/cast/files${pathname}${fileID}?castToken=${token}`
+        `https://api.ente.io/cast/files${pathname}${fileID}?${params.toString()}`
    );

+    if (!response.ok) console.log("Upstream error", response.status);
+
    response = new Response(response.body, response);
    response.headers.set("Access-Control-Allow-Origin", "*");
    return response;
 };
-
-const handleOPTIONS = (request: Request) => {
-    let corsHeaders: Record<string, string> = {
-        "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Methods": "GET,OPTIONS",
-        "Access-Control-Max-Age": "86400",
-    };
-
-    const acrh = request.headers.get("Access-Control-Request-Headers");
-    if (acrh) {
-        corsHeaders["Access-Control-Allow-Headers"] = acrh;
-    }
-
-    return new Response("", { headers: corsHeaders });
-};
--- a/infra/workers/cast-albums/tsconfig.json
+++ b/infra/workers/cast-albums/tsconfig.json
@@ -1 +1 @@
-{ "extends": "../tsconfig.base.json", "include": ["src/**/*.ts"] }
+{ "extends": "../tsconfig.base.json", "include": ["src"] }
--- a/infra/workers/cast-albums/wrangler.toml
+++ b/infra/workers/cast-albums/wrangler.toml
@@ -1,8 +1,11 @@
 name = "cast-albums"
 main = "src/index.ts"
-compatibility_date = "2024-03-14"
+compatibility_date = "2024-06-14"

-[[routes]]
-pattern = "cast-albums.ente.io"
-zone_name = "ente.io"
-custom_domain = true
+routes = [
+    { pattern = "cast-albums.ente.io", custom_domain = true }
+]
+
+tail_consumers = [
+    { service = "tail" }
+]
--- a/infra/workers/files/package.json
+++ b/infra/workers/files/package.json
@@ -0,0 +1,5 @@
+{
+    "name": "files",
+    "version": "0.0.0",
+    "private": true
+}
--- a/infra/workers/files/src/index.ts
+++ b/infra/workers/files/src/index.ts
@@ -0,0 +1,102 @@
+/** Proxy requests for files. */
+
+export default {
+    async fetch(request: Request) {
+        switch (request.method) {
+            case "OPTIONS":
+                return handleOPTIONS(request);
+            case "GET":
+                return handleGET(request);
+            default:
+                console.log(`Unsupported HTTP method ${request.method}`);
+                return new Response(null, { status: 405 });
+        }
+    },
+} satisfies ExportedHandler;
+
+const handleOPTIONS = (request: Request) => {
+    const origin = request.headers.get("Origin");
+    if (!isAllowedOrigin(origin)) console.warn("Unknown origin", origin);
+    const headers = request.headers.get("Access-Control-Request-Headers");
+    if (!areAllowedHeaders(headers))
+        console.warn("Unknown header in list", headers);
+    return new Response("", {
+        headers: {
+            "Access-Control-Allow-Origin": "*",
+            "Access-Control-Allow-Methods": "GET, OPTIONS",
+            "Access-Control-Max-Age": "86400",
+            // "Access-Control-Allow-Headers": "X-Auth-Token, X-Client-Package",
+            "Access-Control-Allow-Headers": "*",
+        },
+    });
+};
+
+const isAllowedOrigin = (origin: string | null) => {
+    if (!origin) return false;
+    try {
+        const url = new URL(origin);
+        const hostname = url.hostname;
+        return (
+            origin == "ente://app" /* desktop app */ ||
+            hostname.endsWith("ente.io") ||
+            hostname.endsWith("ente.sh") ||
+            hostname == "localhost"
+        );
+    } catch {
+        // `origin` is likely an invalid URL.
+        return false;
+    }
+};
+
+const areAllowedHeaders = (headers: string | null) => {
+    const allowed = ["x-auth-token", "x-client-package"];
+
+    if (!headers) return true;
+    for (const header of headers.split(",")) {
+        if (!allowed.includes(header.trim().toLowerCase())) return false;
+    }
+    return true;
+};
+
+const handleGET = async (request: Request) => {
+    const url = new URL(request.url);
+
+    // Random bots keep trying to pentest causing noise in the logs. If the
+    // request doesn't have a fileID, we can just safely ignore it thereafter.
+    const fileID = url.searchParams.get("fileID");
+    if (!fileID) return new Response(null, { status: 400 });
+
+    let token = request.headers.get("X-Auth-Token");
+    if (!token) {
+        console.warn("Using deprecated token query param");
+        token = url.searchParams.get("token");
+    }
+
+    if (!token) {
+        console.error("No token provided");
+        // return new Response(null, { status: 400 });
+    }
+
+    // We forward the auth token as a query parameter to museum. This is so that
+    // it does not get preserved when museum does a redirect to the presigned S3
+    // URL that serves the actual thumbnail.
+    //
+    // See: [Note: Passing credentials for self-hosted file fetches]
+    const params = new URLSearchParams();
+    if (token) params.set("token", token);
+
+    let response = await fetch(
+        `https://api.ente.io/files/download/${fileID}?${params.toString()}`,
+        {
+            headers: {
+                "User-Agent": request.headers.get("User-Agent") ?? "",
+            },
+        }
+    );
+
+    if (!response.ok) console.log("Upstream error", response.status);
+
+    response = new Response(response.body, response);
+    response.headers.set("Access-Control-Allow-Origin", "*");
+    return response;
+};
--- a/infra/workers/files/tsconfig.json
+++ b/infra/workers/files/tsconfig.json
@@ -0,0 +1 @@
+{ "extends": "../tsconfig.base.json", "include": ["src"] }
--- a/infra/workers/files/wrangler.toml
+++ b/infra/workers/files/wrangler.toml
@@ -0,0 +1,11 @@
+name = "files"
+main = "src/index.ts"
+compatibility_date = "2024-06-14"
+
+routes = [
+    { pattern = "files.ente.io", custom_domain = true }
+]
+
+tail_consumers = [
+    { service = "tail" }
+]
--- a/infra/workers/github-discord-notifier/package.json
+++ b/infra/workers/github-discord-notifier/package.json
@@ -1,9 +1,5 @@
 {
    "name": "github-discord-notifier",
-    "private": true,
-    "devDependencies": {
-        "@cloudflare/workers-types": "^4.20240314.0",
-        "typescript": "^5",
-        "wrangler": "^3"
-    }
+    "version": "0.0.0",
+    "private": true
 }
--- a/infra/workers/github-discord-notifier/src/index.ts
+++ b/infra/workers/github-discord-notifier/src/index.ts
@@ -2,7 +2,7 @@
 * Forward notifications from GitHub to Discord.
 *
 * This worker receives webhooks from GitHub, filters out the ones we don't
- * need, and forwards them to a Discord webhook.
+ * need, and forwards the rest to a Discord webhook.
 */
 export default {
    async fetch(request: Request, env: Env) {
@@ -33,13 +33,13 @@ const handleRequest = async (request: Request, discordWebhookURL: string) => {
    // doesn't work for get silently ignored (Discord responds with a 204).
    // https://github.com/discord/discord-api-docs/issues/6203#issuecomment-1608151265

-    let response = await fetch(`${discordWebhookURL}/github`, {
+    const response = await fetch(`${discordWebhookURL}/github`, {
        method: request.method,
        headers: request.headers,
        body: requestBody,
    });

-    if (response.status === 429) {
+    if (response.status == 429) {
        // Sometimes Discord starts returning 429 Rate Limited responses when we
        // try to invoke the webhook.
        //
@@ -79,7 +79,7 @@ const handleRequest = async (request: Request, discordWebhookURL: string) => {
        const action = requestJSON["action"];

        if (activityURL && ["created", "opened"].includes(action)) {
-            response = await fetch(discordWebhookURL, {
+            return fetch(discordWebhookURL, {
                method: request.method,
                headers: request.headers,
                body: JSON.stringify({
@@ -89,12 +89,5 @@ const handleRequest = async (request: Request, discordWebhookURL: string) => {
        }
    }

-    const responseBody = await response.text();
-    const newResponse = new Response(responseBody, {
-        status: response.status,
-        statusText: response.statusText,
-        headers: response.headers,
-    });
-
-    return newResponse;
+    return response;
 };
--- a/infra/workers/github-discord-notifier/tsconfig.json
+++ b/infra/workers/github-discord-notifier/tsconfig.json
@@ -1 +1 @@
-{ "extends": "../tsconfig.base.json", "include": ["src/**/*.ts"] }
+{ "extends": "../tsconfig.base.json", "include": ["src"] }
--- a/infra/workers/github-discord-notifier/wrangler.toml
+++ b/infra/workers/github-discord-notifier/wrangler.toml
@@ -1,6 +1,6 @@
 name = "github-discord-notifier"
 main = "src/index.ts"
-compatibility_date = "2024-03-14"
+compatibility_date = "2024-06-14"

 [vars]
 # Added as a secret via the Cloudflare dashboard
--- a/infra/workers/health-check/package.json
+++ b/infra/workers/health-check/package.json
@@ -0,0 +1,5 @@
+{
+    "name": "health-check",
+    "version": "0.0.0",
+    "private": true
+}
--- a/infra/workers/health-check/src/index.ts
+++ b/infra/workers/health-check/src/index.ts
@@ -0,0 +1,48 @@
+/** Ping api.ente.io every minute and yell if it doesn't pong. */
+
+export default {
+    async scheduled(_, env: Env, ctx: ExecutionContext) {
+        ctx.waitUntil(ping(env, ctx));
+    },
+} satisfies ExportedHandler<Env>;
+
+interface Env {
+    NOTIFY_URL: string;
+    CHAT_ID: string;
+}
+
+const ping = async (env: Env, ctx: ExecutionContext) => {
+    const notify = async (msg: string) =>
+        sendMessage(`${msg} on ${Date()}`, env);
+
+    try {
+        let timeout = setTimeout(() => {
+            ctx.waitUntil(notify("Ping timed out"));
+        }, 5000);
+        const res = await fetch("https://api.ente.io/ping", {
+            headers: {
+                "User-Agent": "health-check",
+            },
+        });
+        clearTimeout(timeout);
+        if (!res.ok) await notify(`Ping failed (HTTP ${res.status})`);
+    } catch (e) {
+        await notify(`Ping failed (${e instanceof Error ? e.message : e})`);
+    }
+};
+
+const sendMessage = async (message: string, env: Env) => {
+    console.log(message);
+    const res = await fetch(env.NOTIFY_URL, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+            chat_id: parseInt(env.CHAT_ID),
+            parse_mode: "html",
+            text: message,
+        }),
+    });
+    if (!res.ok) throw new Error(`Failed to sendMessage (HTTP ${res.status})`);
+};
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`{ "extends": "../tsconfig.base.json", "include": ["src"] }`