feat: persist user creation date (resolve #31 )

fix: set string key value data type to text
docs: update readme
2023-08-10 21:12:56 +03:00 · 2020-05-30 22:19:05 +02:00 · 2020-05-30 21:10:44 +02:00 · 2020-05-30 21:01:46 +02:00 · 2020-05-30 20:54:56 +02:00 · 2020-05-30 20:41:27 +02:00
47 changed files with 1493 additions and 634 deletions
--- a/.env.example
+++ b/.env.example
@ -1,9 +1,8 @@
 ENV=prod
-WAKAPI_DB_TYPE=mysql                    # mysql, postgres, sqlite3
-WAKAPI_DB_NAME=wakapi_db                # file path for sqlite, e.g. /tmp/wakapi.db
-WAKAPI_DB_USER=myuser
-WAKAPI_DB_PASSWORD=shhh
-WAKAPI_DB_HOST=localhost
-WAKAPI_DB_PORT=3306
-WAKAPI_DEFAULT_USER_NAME=admin
-WAKAPI_DEFAULT_USER_PASSWORD=admin      # CHANGE!
+WAKAPI_DB_TYPE=sqlite3                  # mysql, postgres, sqlite3
+WAKAPI_DB_NAME=wakapi_db.db             # database name for mysql / postgres or file path for sqlite (e.g. /tmp/wakapi.db)
+WAKAPI_DB_USER=myuser                   # ignored when using sqlite
+WAKAPI_DB_PASSWORD=shhh                 # ignored when using sqlite
+WAKAPI_DB_HOST=localhost                # ignored when using sqlite
+WAKAPI_DB_PORT=3306                     # ignored when using sqlite
+WAKAPI_PASSWORD_SALT=shhh               # CHANGE !
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,2 +1,3 @@
 github: muety
+liberapay: muety
 custom: ['https://paypal.me/ferdinandmuetsch', 'https://www.buymeacoffee.com/n1try']
--- a/17
+++ b/17
@ -1,8 +1,10 @@
 # Build Stage
+
 FROM golang:1.13 AS build-env
 ADD . /src
 RUN cd /src && go build -o wakapi

+
 # Final Stage

 # When running the application using `docker run`, you can pass environment variables
@ -14,17 +16,30 @@ RUN cd /src && go build -o wakapi
 # – WAKAPI_DB_HOST
 # – WAKAPI_DB_PORT
 # – WAKAPI_DB_NAME
+# – WAKAPI_PASSWORD_SALT
 # – WAKAPI_DEFAULT_USER_NAME
 # – WAKAPI_DEFAULT_USER_PASSWORD

 FROM debian
 WORKDIR /app

+ENV ENV prod
+ENV WAKAPI_DB_TYPE sqlite3
+ENV WAKAPI_DB_USER ''
+ENV WAKAPI_DB_PASSWORD ''
+ENV WAKAPI_DB_HOST ''
+ENV WAKAPI_DB_NAME=/data/wakapi.db
+ENV WAKAPI_PASSWORD_SALT ''
+ENV WAKAPI_DEFAULT_USER_NAME admin
+ENV WAKAPI_DEFAULT_USER_PASSWORD admin
+
 COPY --from=build-env /src/wakapi /app/
 COPY --from=build-env /src/config.ini /app/
+COPY --from=build-env /src/version.txt /app/
 COPY --from=build-env /src/.env.example /app/.env

 RUN sed -i 's/listen = 127.0.0.1/listen = 0.0.0.0/g' /app/config.ini
+RUN sed -i 's/insecure_cookies = false/insecure_cookies = true/g' /app/config.ini

 ADD static /app/static
 ADD data /app/data
@ -32,4 +47,6 @@ ADD migrations /app/migrations
 ADD views /app/views
 ADD wait-for-it.sh .

+VOLUME /data
+
 ENTRYPOINT ./wait-for-it.sh
--- a/README.md
+++ b/README.md
@ -1,54 +1,75 @@
 # 📈 wakapi
+
+[![](http://img.shields.io/liberapay/receives/muety.svg?logo=liberapay&style=flat-square)](https://liberapay.com/muety/)
+[![Say thanks](https://img.shields.io/badge/SayThanks.io-%E2%98%BC-1EAEDB.svg?style=flat-square)](https://saythanks.io/to/n1try)
+![](https://img.shields.io/github/license/muety/wakapi?style=flat-square)
+[![Go Report Card](https://goreportcard.com/badge/github.com/muety/wakapi?style=flat-square)](https://goreportcard.com/report/github.com/muety/wakapi)
+
+[![Buy me a coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/n1try)
+
+---
+
 **A minimalist, self-hosted WakaTime-compatible backend for coding statistics**

 ![Wakapi screenshot](https://anchr.io/i/bxQ69.png)

-[![Buy me a coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/n1try)
+If you like this project, please consider supporting it 🙂. You can donate either through [buying me a coffee](https://buymeacoff.ee/n1try) or becoming a GitHub sponsor. Every little donation is highly appreciated and boosts the developers' motivation to keep improving Wakapi!
+
+## Demo 
+🔥 **New:** There is hosted [demo version](https://apps.muetsch.io/wakapi) available now. Go check it out! Please use responsibly.
+
+To use the demo version set `api_url = https://apps.muetsch.io/wakapi/api/heartbeat`. However, this hosted instance might be taken down again in the future, so you might potentially lose your data ❕

 ## Prerequisites
-### Server
+**On the server side:**
 * Go >= 1.13 (with `$GOPATH` properly set)
-* An SQL database (MySQL, Postgres, Sqlite)
+* gcc (to compile [go-sqlite3](https://github.com/mattn/go-sqlite3))
+    * Fedora / RHEL: `dnf install @development-tools`
+    * Ubuntu / Debian: `apt install build-essential`
+    * Windows: See [here](https://github.com/mattn/go-sqlite3/issues/214#issuecomment-253216476)
+* _Optional_: A MySQL- or Postgres database

-### Client
+**On your local machine:**
 * [WakaTime plugin](https://wakatime.com/plugins) for your editor / IDE

-## Usage
-* Create an empty database 
-* Enable Go module support: `export GO111MODULE=on`
-* Get code: `go get github.com/muety/wakapi`
-* Go to project root: `cd "$GOPATH/src/github.com/muety/wakapi"`
-* Copy `.env.example` to `.env` and set database credentials
-* Set target port in `config.ini`
-* Build executable: `go build`
-* Run server: `./wakapi`
-* Edit your local `~/.wakatime.cfg` file
-  * `api_url = https://your.server:someport/api/heartbeat`
-  * `api_key = the_api_key_printed_to_the_console_after_starting_the_server`
-* Open [http://localhost:3000](http://localhost:3000) in your browser
-
-**As an alternative** to building from source or using `go get` you can also download one of the existing [pre-compiled binaries](https://github.com/muety/wakapi/releases).
+## Server Setup
+### Run from source
+1. Clone the project
+1. Copy `.env.example` to `.env` and set database credentials
+1. Adapt `config.ini` to your needs
+1. Build executable: `GO111MODULE=on go build`
+1. Run server: `./wakapi`

 ### Run with Docker
-* Edit `docker-compose.yml` file and change passwords for the DB
-* Start the application `docker-compose up -d`
-* To get the api key look in the logs `docker-compose logs | grep "API key"`
-* The application should now be running on `localhost:3000`
+```
+docker run -d -p 3000:3000 --name wakapi n1try/wakapi
+```

-### User Accounts
-* When starting wakapi for the first time, a default user _**admin**_ with password _**admin**_ is created. The corresponding API key is printed to the console.
-* Additional users, at the moment, can be added only via SQL statements on your database, like this:
-    * Connect to your database server: `mysql -u yourusername -p -H your.hostname` (alternatively use GUI tools like _MySQL Workbench_)
-    * Select your database: `USE yourdatabasename;`
-    * Add the new user: `INSERT INTO users (id, password, api_key) VALUES ('your_nickname', MD5('your_password'), '728f084c-85e0-41de-aa2a-b6cc871200c1');` (the latter value should be a random [UUIDv4](https://tools.ietf.org/html/rfc4122), as can be found in your `~/.wakatime.cfg`)
+By default, SQLite is used as a database. To run Wakapi in Docker with MySQL or Postgres, see [Dockerfile](https://github.com/muety/wakapi/blob/master/Dockerfile) and [.env.example](https://github.com/muety/wakapi/blob/master/.env.example) for further options.
+
+## Client Setup
+Wakapi relies on the open-source [WakaTime](https://github.com/wakatime/wakatime) client tools. In order to collect statistics to Wakapi, you need to set them up.
+
+1. **Set up WakaTime** for your specific IDE or editor. Please refer to the respective [plugin guide](https://wakatime.com/plugins)
+2. Make your local WakaTime client talk to Wakapi by **editing your local `~/.wakatime.cfg`** file as follows
+
+```
+api_url = https://your.server:someport/api/heartbeat`
+api_key = the_api_key_printed_to_the_console_after_starting_the_server`
+```
+
+You can view your API Key after logging in to the web interface.
+
+## Customization

 ### Aliases
 There is an option to add aliases for project names, editors, operating systems and languages. For instance, if you want to map two projects – `myapp-frontend` and `myapp-backend` – two a common project name – `myapp-web` – in your statistics, you can add project aliases.

-At the moment, this can only be done via raw database queries. See [_User Accounts_](#user-accounts) section above on how to do such.
-For the above example, you would need to add two aliases, like this:
+At the moment, this can only be done via raw database queries. For the above example, you would need to add two aliases, like this:

-* `INSERT INTO aliases (type, user_id, key, value) VALUES (0, 'your_username', 'myapp-web', 'myapp-frontend')` (analogously for `myapp-backend`)
+```sql
+INSERT INTO aliases (`type`, `user_id`, `key`, `value`) VALUES (0, 'your_username', 'myapp-web', 'myapp-frontend');
+```

 #### Types
 * Project ~  type **0**
--- a/config.ini
+++ b/config.ini
@ -1,9 +1,11 @@
 [server]
 listen = 127.0.0.1
 port = 3000
+base_path = /
+insecure_cookies = false

 [app]
-cleanup = true
+cleanup = false

 [database]
 max_connections = 2
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,27 +0,0 @@
-version: "3.1"
-
-services:
-  wakapi:
-    image: wakapi:latest
-    build:
-      dockerfile: Dockerfile
-      context: .
-    container_name: wakapi
-    environment:
-      - WAKAPI_DB_TYPE=sqlite3
-      - WAKAPI_DB_USER=
-      - WAKAPI_DB_PASSWORD=
-      - WAKAPI_DB_HOST=
-      - WAKAPI_DB_NAME=/data/wakapi.db
-      - WAKAPI_DEFAULT_USER_NAME=admin
-      - WAKAPI_DEFAULT_USER_PASSWORD=admin
-    ports:
-      - "3000:3000"
-    volumes:
-      - wakapi_data:/data
-
-volumes:
-  wakapi_data:
-
-              
-      
--- a/go.mod
+++ b/go.mod
@ -3,17 +3,18 @@ module github.com/muety/wakapi
 go 1.13

 require (
-	github.com/codegangsta/negroni v1.0.0
-	github.com/gobuffalo/packr/v2 v2.8.0
+	github.com/gorilla/handlers v1.4.2
 	github.com/gorilla/mux v1.7.3
+	github.com/gorilla/schema v1.1.0
+	github.com/gorilla/securecookie v1.1.1
 	github.com/jasonlvhit/gocron v0.0.0-20191106203602-f82992d443f4
 	github.com/jinzhu/gorm v1.9.11
 	github.com/joho/godotenv v1.3.0
 	github.com/kr/pretty v0.2.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/rs/cors v1.7.0
 	github.com/rubenv/sql-migrate v0.0.0-20200402132117-435005d389bc
 	github.com/satori/go.uuid v1.2.0
 	github.com/t-tiger/gorm-bulk-insert v0.0.0-20191014134946-beb77b81825f
+	golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c
 	gopkg.in/ini.v1 v1.50.0
 )
--- a/go.sum
+++ b/go.sum
@ -3,7 +3,6 @@ cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
 cloud.google.com/go v0.37.4/go.mod h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
@ -29,25 +28,18 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
 github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/codegangsta/negroni v1.0.0 h1:+aYywywx4bnKXWvoWtRfJ91vC59NbEhEY03sZjQhbVY=
-github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@ -56,7 +48,6 @@ github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3/go.mod h1:zA
 github.com/denisenkom/go-mssqldb v0.0.0-20191001013358-cfbb681360f0 h1:epsH3lb7KVbXHYk7LYGN5EiE0MxcevHU85CKITJ0wUY=
 github.com/denisenkom/go-mssqldb v0.0.0-20191001013358-cfbb681360f0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
@ -84,16 +75,14 @@ github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZp
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/envy v1.7.1 h1:OQl5ys5MBea7OGCdvPbBJWRgnhC/fGona6QKfvFeau8=
 github.com/gobuffalo/envy v1.7.1/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
+github.com/gobuffalo/logger v1.0.1 h1:ZEgyRGgAm4ZAhAO45YXMs5Fp+bzGLESFewzAVBMKuTg=
 github.com/gobuffalo/logger v1.0.1/go.mod h1:2zbswyIUa45I+c+FLXuWl9zSWEiVuthsk8ze5s8JvPs=
-github.com/gobuffalo/logger v1.0.3 h1:YaXOTHNPCvkqqA7w05A4v0k2tCdpr+sgFlgINbQ6gqc=
-github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM=
+github.com/gobuffalo/packd v0.3.0 h1:eMwymTkA1uXsqxS0Tpoop3Lc0u3kTfiMBE6nKtQU4g4=
 github.com/gobuffalo/packd v0.3.0/go.mod h1:zC7QkmNkYVGKPw4tHpBQ+ml7W/3tIebgeo1b36chA3Q=
-github.com/gobuffalo/packd v1.0.0 h1:6ERZvJHfe24rfFmA9OaoKBdC7+c9sydrytMg8SdFGBM=
-github.com/gobuffalo/packd v1.0.0/go.mod h1:6VTc4htmJRFB7u1m/4LeMTWjFoYrUiBkU9Fdec9hrhI=
+github.com/gobuffalo/packr/v2 v2.7.1 h1:n3CIW5T17T8v4GGK5sWXLVWJhCz7b5aNLSxW6gYim4o=
 github.com/gobuffalo/packr/v2 v2.7.1/go.mod h1:qYEvAazPaVxy7Y7KR0W8qYEE+RymX74kETFqjFoFlOc=
-github.com/gobuffalo/packr/v2 v2.8.0 h1:IULGd15bQL59ijXLxEvA5wlMxsmx/ZkQv9T282zNVIY=
-github.com/gobuffalo/packr/v2 v2.8.0/go.mod h1:PDk2k3vGevNE3SwVyVRgQCCXETC9SaONCNSXT1Q8M1g=
 github.com/godror/godror v0.13.3/go.mod h1:2ouUT4kdhUBk7TAkHWD4SN0CdI0pgEQbo8FVHhbSKWg=
 github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@ -103,7 +92,6 @@ github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZ
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@ -126,15 +114,18 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/handlers v1.4.2 h1:0QniY0USkHQ1RGCLfKxeNHK9bkDHGRYGNDFBCS+YARg=
+github.com/gorilla/handlers v1.4.2/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/schema v1.1.0 h1:CamqUDOFUBqzrvxuz2vEwo8+SUdwsluFh7IlzJh30LY=
+github.com/gorilla/schema v1.1.0/go.mod h1:kgLaKoK1FELgZqMAVxx/5cbj0kT+57qxUrAlIO2eleU=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
 github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
@ -180,8 +171,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.15.3 h1:0a2pXOgtB16CqIqXTiT7+K9L73f74n/aNQUnH6Ortew=
-github.com/karrick/godirwalk v1.15.3/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@ -202,12 +191,6 @@ github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-b
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
 github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
-github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
-github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
-github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
-github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
@ -242,7 +225,6 @@ github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxzi
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
@ -277,7 +259,6 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@ -285,27 +266,20 @@ github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.4.0 h1:LUa41nrWTQNGhzdsZ5lTnkwbNjj6rXTdazA1cSdjkOY=
 github.com/rogpeppe/go-internal v1.4.0/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.5.2 h1:qLvObTrvO/XRCqmkKxUlOBc48bI3efyDuAZe25QiF0w=
-github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
-github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rubenv/sql-migrate v0.0.0-20200402132117-435005d389bc h1:+2DdDcxVYlarHjYcZTt8dZ4Ec8cXZirzL5ko0mkKPjU=
 github.com/rubenv/sql-migrate v0.0.0-20200402132117-435005d389bc/go.mod h1:DCgfY80j8GYL7MLEfvcpSFvjD0L5yZq/aZUJmhZklyg=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
@ -325,17 +299,14 @@ github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIK
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
-github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
@ -343,14 +314,11 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/t-tiger/gorm-bulk-insert v0.0.0-20191014134946-beb77b81825f h1:Op5lFYUNE7tPxu6gJfwkgY8HMIWpLqiLApBJfGs71U8=
 github.com/t-tiger/gorm-bulk-insert v0.0.0-20191014134946-beb77b81825f/go.mod h1:SK1RZT4TR1aMUNGtbk6YxTPgx2D/gfbxB571QGnAV+c=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
@ -358,14 +326,12 @@ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
@ -391,7 +357,6 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -404,12 +369,10 @@ golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -442,7 +405,6 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -457,9 +419,7 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20191004055002-72853e10c5a3/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200308013534-11ec41452d41/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/main.go
+++ b/main.go
@ -1,131 +1,51 @@
 package main

 import (
-	"crypto/md5"
-	"encoding/hex"
-	"encoding/json"
-	"io/ioutil"
+	"github.com/gorilla/handlers"
 	"log"
 	"net/http"
-	"os"
 	"strconv"
-	"strings"
 	"time"

-	"github.com/codegangsta/negroni"
-	"github.com/gobuffalo/packr/v2"
 	"github.com/gorilla/mux"
 	"github.com/jinzhu/gorm"
-	"github.com/joho/godotenv"
-	"github.com/rs/cors"
-	"github.com/rubenv/sql-migrate"
-	uuid "github.com/satori/go.uuid"
-	ini "gopkg.in/ini.v1"
-
+	_ "github.com/jinzhu/gorm/dialects/mysql"
+	_ "github.com/jinzhu/gorm/dialects/postgres"
+	_ "github.com/jinzhu/gorm/dialects/sqlite"
 	"github.com/muety/wakapi/middlewares"
 	"github.com/muety/wakapi/models"
 	"github.com/muety/wakapi/routes"
 	"github.com/muety/wakapi/services"
 	"github.com/muety/wakapi/utils"
+)

-	_ "github.com/jinzhu/gorm/dialects/mysql"
-	_ "github.com/jinzhu/gorm/dialects/postgres"
-	_ "github.com/jinzhu/gorm/dialects/sqlite"
+var (
+	db     *gorm.DB
+	config *models.Config
+)
+
+var (
+	aliasService       *services.AliasService
+	heartbeatService   *services.HeartbeatService
+	userService        *services.UserService
+	summaryService     *services.SummaryService
+	aggregationService *services.AggregationService
+	keyValueService    *services.KeyValueService
 )

 // TODO: Refactor entire project to be structured after business domains

-func readConfig() *models.Config {
-	if err := godotenv.Load(); err != nil {
-		log.Fatal(err)
-	}
-
-	env := utils.LookupFatal("ENV")
-	dbType := utils.LookupFatal("WAKAPI_DB_TYPE")
-	dbUser := utils.LookupFatal("WAKAPI_DB_USER")
-	dbPassword := utils.LookupFatal("WAKAPI_DB_PASSWORD")
-	dbHost := utils.LookupFatal("WAKAPI_DB_HOST")
-	dbName := utils.LookupFatal("WAKAPI_DB_NAME")
-	dbPortStr := utils.LookupFatal("WAKAPI_DB_PORT")
-	defaultUserName := utils.LookupFatal("WAKAPI_DEFAULT_USER_NAME")
-	defaultUserPassword := utils.LookupFatal("WAKAPI_DEFAULT_USER_PASSWORD")
-	dbPort, err := strconv.Atoi(dbPortStr)
-
-	cfg, err := ini.Load("config.ini")
-	if err != nil {
-		log.Fatalf("Fail to read file: %v", err)
-	}
-
-	if dbType == "" {
-		dbType = "mysql"
-	}
-
-	dbMaxConn := cfg.Section("database").Key("max_connections").MustUint(1)
-	addr := cfg.Section("server").Key("listen").MustString("127.0.0.1")
-	port, err := strconv.Atoi(os.Getenv("PORT"))
-	if err != nil {
-		port = cfg.Section("server").Key("port").MustInt()
-	}
-
-	cleanUp := cfg.Section("app").Key("cleanup").MustBool(false)
-
-	// Read custom languages
-	customLangs := make(map[string]string)
-	languageKeys := cfg.Section("languages").Keys()
-	for _, k := range languageKeys {
-		customLangs[k.Name()] = k.MustString("unknown")
-	}
-
-	// Read language colors
-	// Source: https://raw.githubusercontent.com/ozh/github-colors/master/colors.json
-	var colors = make(map[string]string)
-	var rawColors map[string]struct {
-		Color string `json:"color"`
-		Url   string `json:"url"`
-	}
-
-	data, err := ioutil.ReadFile("data/colors.json")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	if err := json.Unmarshal(data, &rawColors); err != nil {
-		log.Fatal(err)
-	}
-
-	for k, v := range rawColors {
-		colors[strings.ToLower(k)] = v.Color
-	}
-
-	return &models.Config{
-		Env:                 env,
-		Port:                port,
-		Addr:                addr,
-		DbHost:              dbHost,
-		DbPort:              uint(dbPort),
-		DbUser:              dbUser,
-		DbPassword:          dbPassword,
-		DbName:              dbName,
-		DbDialect:           dbType,
-		DbMaxConn:           dbMaxConn,
-		CleanUp:             cleanUp,
-		DefaultUserName:     defaultUserName,
-		DefaultUserPassword: defaultUserPassword,
-		CustomLanguages:     customLangs,
-		LanguageColors:      colors,
-	}
-}
-
 func main() {
-	// Read Config
-	config := readConfig()
+	config = models.GetConfig()
+
 	// Enable line numbers in logging
 	if config.IsDev() {
 		log.SetFlags(log.LstdFlags | log.Lshortfile)
 	}

 	// Connect to database
-	db, err := gorm.Open(config.DbDialect, utils.MakeConnectionString(config))
+	var err error
+	db, err = gorm.Open(config.DbDialect, utils.MakeConnectionString(config))
 	if config.DbDialect == "sqlite3" {
 		db.DB().Exec("PRAGMA foreign_keys = ON;")
 	}
@ -134,62 +54,68 @@ func main() {
 	db.DB().SetMaxOpenConns(int(config.DbMaxConn))
 	if err != nil {
 		log.Println(err)
-		log.Fatal("Could not connect to database.")
+		log.Fatal("could not connect to database")
 	}
 	// TODO: Graceful shutdown
 	defer db.Close()

 	// Migrate database schema
-	migrateDo := databaseMigrateActions(config.DbDialect)
-	migrateDo(db)
-
-	// Custom migrations and initial data
-	addDefaultUser(db, config)
-	migrateLanguages(db, config)
+	runDatabaseMigrations()
+	applyFixtures()

 	// Services
-	aliasSrvc := &services.AliasService{Config: config, Db: db}
-	heartbeatSrvc := &services.HeartbeatService{Config: config, Db: db}
-	userSrvc := &services.UserService{Config: config, Db: db}
-	summarySrvc := &services.SummaryService{Config: config, Db: db, HeartbeatService: heartbeatSrvc, AliasService: aliasSrvc}
-	aggregationSrvc := &services.AggregationService{Config: config, Db: db, UserService: userSrvc, SummaryService: summarySrvc, HeartbeatService: heartbeatSrvc}
+	aliasService = services.NewAliasService(db)
+	heartbeatService = services.NewHeartbeatService(db)
+	userService = services.NewUserService(db)
+	summaryService = services.NewSummaryService(db, heartbeatService, aliasService)
+	aggregationService = services.NewAggregationService(db, userService, summaryService, heartbeatService)
+	keyValueService = services.NewKeyValueService(db)

-	services := []services.Initializable{aliasSrvc, heartbeatSrvc, summarySrvc, userSrvc, aggregationSrvc}
-	for _, s := range services {
-		s.Init()
-	}
+	// Custom migrations and initial data
+	migrateLanguages()

 	// Aggregate heartbeats to summaries and persist them
-	go aggregationSrvc.Schedule()
+	go aggregationService.Schedule()

 	if config.CleanUp {
-		go heartbeatSrvc.ScheduleCleanUp()
+		go heartbeatService.ScheduleCleanUp()
 	}

 	// Handlers
-	heartbeatHandler := &routes.HeartbeatHandler{HeartbeatSrvc: heartbeatSrvc}
-	summaryHandler := &routes.SummaryHandler{SummarySrvc: summarySrvc}
-	healthHandler := &routes.HealthHandler{Db: db}
+	heartbeatHandler := routes.NewHeartbeatHandler(heartbeatService)
+	summaryHandler := routes.NewSummaryHandler(summaryService)
+	healthHandler := routes.NewHealthHandler(db)
+	publicHandler := routes.NewIndexHandler(userService, keyValueService)
+
+	// Setup Routers
+	router := mux.NewRouter()
+	publicRouter := router.PathPrefix("/").Subrouter()
+	summaryRouter := publicRouter.PathPrefix("/summary").Subrouter()
+	apiRouter := router.PathPrefix("/api").Subrouter()

 	// Middlewares
-	authenticateMiddleware := &middlewares.AuthenticateMiddleware{
-		UserSrvc:       userSrvc,
-		WhitelistPaths: []string{"/api/health"},
-	}
-	basicAuthMiddleware := &middlewares.RequireBasicAuthMiddleware{}
-	corsMiddleware := cors.New(cors.Options{
-		AllowedOrigins: []string{"*"},
-		AllowedHeaders: []string{"*"},
-		Debug:          false,
-	})
+	recoveryMiddleware := handlers.RecoveryHandler()
+	loggingMiddleware := middlewares.NewLoggingMiddleware().Handler
+	corsMiddleware := handlers.CORS()
+	authenticateMiddleware := middlewares.NewAuthenticateMiddleware(
+		userService,
+		[]string{"/api/health"},
+	).Handler

-	// Setup Routing
-	router := mux.NewRouter()
-	mainRouter := mux.NewRouter().PathPrefix("/").Subrouter()
-	apiRouter := mux.NewRouter().PathPrefix("/api").Subrouter()
+	// Router configs
+	router.Use(loggingMiddleware, recoveryMiddleware)
+	summaryRouter.Use(authenticateMiddleware)
+	apiRouter.Use(corsMiddleware, authenticateMiddleware)

-	// Main Routes
-	mainRouter.Path("/").Methods(http.MethodGet).HandlerFunc(summaryHandler.Index)
+	// Public Routes
+	publicRouter.Path("/").Methods(http.MethodGet).HandlerFunc(publicHandler.Index)
+	publicRouter.Path("/login").Methods(http.MethodPost).HandlerFunc(publicHandler.Login)
+	publicRouter.Path("/logout").Methods(http.MethodPost).HandlerFunc(publicHandler.Logout)
+	publicRouter.Path("/signup").Methods(http.MethodGet, http.MethodPost).HandlerFunc(publicHandler.Signup)
+	publicRouter.Path("/imprint").Methods(http.MethodGet).HandlerFunc(publicHandler.Imprint)
+
+	// Summary Routes
+	summaryRouter.Methods(http.MethodGet).HandlerFunc(summaryHandler.Index)

 	// API Routes
 	apiRouter.Path("/heartbeat").Methods(http.MethodPost).HandlerFunc(heartbeatHandler.ApiPost)
@ -197,21 +123,7 @@ func main() {
 	apiRouter.Path("/health").Methods(http.MethodGet).HandlerFunc(healthHandler.ApiGet)

 	// Static Routes
-	router.PathPrefix("/assets").Handler(negroni.Classic().With(negroni.Wrap(http.FileServer(http.Dir("./static")))))
-
-	// Sub-Routes Setup
-	router.PathPrefix("/api").Handler(negroni.Classic().
-		With(corsMiddleware).
-		With(
-			negroni.HandlerFunc(authenticateMiddleware.Handle),
-			negroni.Wrap(apiRouter),
-		))
-
-	router.PathPrefix("/").Handler(negroni.Classic().With(
-		negroni.HandlerFunc(basicAuthMiddleware.Handle),
-		negroni.HandlerFunc(authenticateMiddleware.Handle),
-		negroni.Wrap(mainRouter),
-	))
+	router.PathPrefix("/assets").Handler(http.FileServer(http.Dir("./static")))

 	// Listen HTTP
 	portString := config.Addr + ":" + strconv.Itoa(config.Port)
@ -225,34 +137,20 @@ func main() {
 	s.ListenAndServe()
 }

-func databaseMigrateActions(dbDialect string) func(db *gorm.DB) {
-	var migrateDo func(db *gorm.DB)
-	if dbDialect == "sqlite3" {
-		migrations := &migrate.PackrMigrationSource{
-			Box: packr.New("migrations", "./migrations/sqlite3"),
-		}
-		migrateDo = func(db *gorm.DB) {
-			n, err := migrate.Exec(db.DB(), "sqlite3", migrations, migrate.Up)
-			if err != nil {
-				log.Fatal(err)
-			}
-			log.Printf("Applied %d migrations!\n", n)
-		}
-	} else {
-		migrateDo = func(db *gorm.DB) {
-			db.AutoMigrate(&models.Alias{})
-			db.AutoMigrate(&models.Summary{})
-			db.AutoMigrate(&models.SummaryItem{})
-			db.AutoMigrate(&models.User{})
-			db.AutoMigrate(&models.Heartbeat{}).AddForeignKey("user_id", "users(id)", "RESTRICT", "RESTRICT")
-			db.AutoMigrate(&models.SummaryItem{}).AddForeignKey("summary_id", "summaries(id)", "CASCADE", "CASCADE")
-		}
+func runDatabaseMigrations() {
+	if err := config.GetMigrationFunc(config.DbDialect)(db); err != nil {
+		log.Fatal(err)
 	}
-	return migrateDo
 }

-func migrateLanguages(db *gorm.DB, cfg *models.Config) {
-	for k, v := range cfg.CustomLanguages {
+func applyFixtures() {
+	if err := config.GetFixturesFunc(config.DbDialect)(db); err != nil {
+		log.Fatal(err)
+	}
+}
+
+func migrateLanguages() {
+	for k, v := range config.CustomLanguages {
 		result := db.Model(models.Heartbeat{}).
 			Where("language = ?", "").
 			Where("entity LIKE ?", "%."+k).
@ -265,18 +163,3 @@ func migrateLanguages(db *gorm.DB, cfg *models.Config) {
 		}
 	}
 }
-
-func addDefaultUser(db *gorm.DB, cfg *models.Config) {
-	pw := md5.Sum([]byte(cfg.DefaultUserPassword))
-	pwString := hex.EncodeToString(pw[:])
-	apiKey := uuid.NewV4().String()
-	u := &models.User{ID: cfg.DefaultUserName, Password: pwString, ApiKey: apiKey}
-	result := db.FirstOrCreate(u, &models.User{ID: u.ID})
-	if result.Error != nil {
-		log.Println("Unable to create default user.")
-		log.Fatal(result.Error)
-	}
-	if result.RowsAffected > 0 {
-		log.Printf("Created default user '%s' with password '%s' and API key '%s'.\n", u.ID, cfg.DefaultUserPassword, u.ApiKey)
-	}
-}
--- a/middlewares/authenticate.go
+++ b/middlewares/authenticate.go
@ -2,12 +2,11 @@ package middlewares

 import (
 	"context"
-	"crypto/md5"
-	"encoding/base64"
-	"encoding/hex"
 	"errors"
+	"fmt"
+	"github.com/muety/wakapi/utils"
+	"log"
 	"net/http"
-	"regexp"
 	"strings"
 	"time"

@ -18,25 +17,29 @@ import (
 )

 type AuthenticateMiddleware struct {
-	UserSrvc       *services.UserService
-	Cache          *cache.Cache
-	WhitelistPaths []string
-	Initialized    bool
+	config         *models.Config
+	userSrvc       *services.UserService
+	cache          *cache.Cache
+	whitelistPaths []string
 }

-func (m *AuthenticateMiddleware) Init() {
-	if m.Cache == nil {
-		m.Cache = cache.New(1*time.Hour, 2*time.Hour)
+func NewAuthenticateMiddleware(userService *services.UserService, whitelistPaths []string) *AuthenticateMiddleware {
+	return &AuthenticateMiddleware{
+		config:         models.GetConfig(),
+		userSrvc:       userService,
+		cache:          cache.New(1*time.Hour, 2*time.Hour),
+		whitelistPaths: whitelistPaths,
 	}
-	m.Initialized = true
 }

-func (m *AuthenticateMiddleware) Handle(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
-	if !m.Initialized {
-		m.Init()
-	}
+func (m *AuthenticateMiddleware) Handler(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		m.ServeHTTP(w, r, h.ServeHTTP)
+	})
+}

-	for _, p := range m.WhitelistPaths {
+func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	for _, p := range m.whitelistPaths {
 		if strings.HasPrefix(r.URL.Path, p) || r.URL.Path == p {
 			next(w, r)
 			return
@ -44,81 +47,81 @@ func (m *AuthenticateMiddleware) Handle(w http.ResponseWriter, r *http.Request,
 	}

 	var user *models.User
-	var userKey string
-	user, userKey, err := m.tryGetUserByPassword(r)
+	user, err := m.tryGetUserByCookie(r)

 	if err != nil {
-		user, userKey, err = m.tryGetUserByApiKey(r)
+		user, err = m.tryGetUserByApiKey(r)
 	}

 	if err != nil {
-		w.WriteHeader(http.StatusUnauthorized)
+		if strings.HasPrefix(r.URL.Path, "/api") {
+			w.WriteHeader(http.StatusUnauthorized)
+		} else {
+			utils.ClearCookie(w, models.AuthCookieKey, !m.config.InsecureCookies)
+			http.Redirect(w, r, fmt.Sprintf("%s/?error=unauthorized", m.config.BasePath), http.StatusFound)
+		}
 		return
 	}

-	m.Cache.Set(userKey, user, cache.DefaultExpiration)
+	m.cache.Set(user.ID, user, cache.DefaultExpiration)

 	ctx := context.WithValue(r.Context(), models.UserKey, user)
 	next(w, r.WithContext(ctx))
 }

-func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, string, error) {
-	authHeader := strings.Split(r.Header.Get("Authorization"), " ")
-	if len(authHeader) != 2 || authHeader[0] != "Basic" {
-		return nil, "", errors.New("failed to extract API key")
-	}
-
-	key, err := base64.StdEncoding.DecodeString(authHeader[1])
+func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, error) {
+	key, err := utils.ExtractBearerAuth(r)
 	if err != nil {
-		return nil, "", err
+		return nil, err
 	}

 	var user *models.User
-	userKey := strings.TrimSpace(string(key))
-	cachedUser, ok := m.Cache.Get(userKey)
+	userKey := strings.TrimSpace(key)
+	cachedUser, ok := m.cache.Get(userKey)
 	if !ok {
-		user, err = m.UserSrvc.GetUserByKey(userKey)
+		user, err = m.userSrvc.GetUserByKey(userKey)
 		if err != nil {
-			return nil, "", err
+			return nil, err
 		}
 	} else {
 		user = cachedUser.(*models.User)
 	}
-	return user, userKey, nil
+	return user, nil
 }

-func (m *AuthenticateMiddleware) tryGetUserByPassword(r *http.Request) (*models.User, string, error) {
-	authHeader := strings.Split(r.Header.Get("Authorization"), " ")
-	if len(authHeader) != 2 || authHeader[0] != "Basic" {
-		return nil, "", errors.New("failed to extract API key")
-	}
-
-	hash, err := base64.StdEncoding.DecodeString(authHeader[1])
-	userKey := strings.TrimSpace(string(hash))
+func (m *AuthenticateMiddleware) tryGetUserByCookie(r *http.Request) (*models.User, error) {
+	login, err := utils.ExtractCookieAuth(r, m.config)
 	if err != nil {
-		return nil, "", err
+		return nil, err
 	}

-	var user *models.User
-	cachedUser, ok := m.Cache.Get(userKey)
-	if !ok {
-		re := regexp.MustCompile(`^(.+):(.+)$`)
-		groups := re.FindAllStringSubmatch(userKey, -1)
-		if len(groups) == 0 || len(groups[0]) != 3 {
-			return nil, "", errors.New("failed to parse user agent string")
-		}
-		userId, password := groups[0][1], groups[0][2]
-		user, err = m.UserSrvc.GetUserById(userId)
-		if err != nil {
-			return nil, "", err
-		}
-		passwordHash := md5.Sum([]byte(password))
-		passwordHashString := hex.EncodeToString(passwordHash[:])
-		if passwordHashString != user.Password {
-			return nil, "", errors.New("invalid password")
-		}
-	} else {
-		user = cachedUser.(*models.User)
+	cachedUser, ok := m.cache.Get(login.Username)
+
+	if ok {
+		return cachedUser.(*models.User), nil
 	}
-	return user, userKey, nil
+
+	user, err := m.userSrvc.GetUserById(login.Username)
+	if err != nil {
+		return nil, err
+	}
+
+	if !CheckAndMigratePassword(user, login, m.config.PasswordSalt, m.userSrvc) {
+		return nil, errors.New("invalid password")
+	}
+
+	return user, nil
+}
+
+// migrate old md5-hashed passwords to new salted bcrypt hashes for backwards compatibility
+func CheckAndMigratePassword(user *models.User, login *models.Login, salt string, userServiceRef *services.UserService) bool {
+	if utils.IsMd5(user.Password) {
+		if utils.CheckPasswordMd5(user, login.Password) {
+			log.Printf("migrating old md5 password to new bcrypt format for user '%s'", user.ID)
+			userServiceRef.MigrateMd5Password(user, login)
+			return true
+		}
+		return false
+	}
+	return utils.CheckPasswordBcrypt(user, login.Password, salt)
 }
--- a/middlewares/basicauth.go
+++ b/middlewares/basicauth.go
@ -1,14 +0,0 @@
-package middlewares
-
-import (
-	"net/http"
-)
-
-type RequireBasicAuthMiddleware struct{}
-
-func (m *RequireBasicAuthMiddleware) Init() {}
-
-func (m *RequireBasicAuthMiddleware) Handle(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
-	w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
-	next(w, r)
-}
--- a/middlewares/logging.go
+++ b/middlewares/logging.go
@ -0,0 +1,17 @@
+package middlewares
+
+import (
+	"github.com/gorilla/handlers"
+	"net/http"
+	"os"
+)
+
+type LoggingMiddleware struct{}
+
+func NewLoggingMiddleware() *LoggingMiddleware {
+	return &LoggingMiddleware{}
+}
+
+func (m *LoggingMiddleware) Handler(h http.Handler) http.Handler {
+	return handlers.LoggingHandler(os.Stdout, h)
+}
--- a/migrations/common/fixtures/1_imprint_content.sql
+++ b/migrations/common/fixtures/1_imprint_content.sql
@ -0,0 +1,7 @@
+-- +migrate Up
+-- SQL in section 'Up' is executed when this migration is applied
+insert into key_string_values (`key`, `value`) values ('imprint', 'no content here');
+
+-- +migrate Down
+-- SQL section 'Down' is executed when this migration is rolled back
+delete from key_string_values where `key` = 'imprint';
--- a/migrations/sqlite3/2_key_value_table.sql
+++ b/migrations/sqlite3/2_key_value_table.sql
@ -0,0 +1,11 @@
+-- +migrate Up
+-- SQL in section 'Up' is executed when this migration is applied
+create table key_string_values
+(
+    key      varchar(255) primary key,
+    value    text
+);
+
+-- +migrate Down
+-- SQL section 'Down' is executed when this migration is rolled back
+drop table key_string_value;
--- a/migrations/sqlite3/3_user_creation_date.sql
+++ b/migrations/sqlite3/3_user_creation_date.sql
@ -0,0 +1,20 @@
+-- +migrate Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+-- SQLite does not allow altering a table to add a new column with default of CURRENT_TIMESTAMP
+-- See https://www.sqlite.org/lang_altertable.html
+
+alter table users
+    add `created_at` timestamp default '2020-01-01T00:00:00.000' not null;
+
+alter table users
+    add `last_logged_in_at` timestamp default '2020-01-01T00:00:00.000' not null;
+
+-- +migrate Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+alter table users
+    drop column `created_at`;
+
+alter table users
+    drop column `last_logged_in_at`;
--- a/models/config.go
+++ b/models/config.go
@ -1,23 +1,225 @@
 package models

+import (
+	"encoding/json"
+	"github.com/gorilla/securecookie"
+	"github.com/jinzhu/gorm"
+	"github.com/joho/godotenv"
+	migrate "github.com/rubenv/sql-migrate"
+	"gopkg.in/ini.v1"
+	"io/ioutil"
+	"log"
+	"os"
+	"strconv"
+	"strings"
+)
+
+var cfg *Config
+
 type Config struct {
-	Env                 string
-	Port                int
-	Addr                string
-	DbHost              string
-	DbPort              uint
-	DbUser              string
-	DbPassword          string
-	DbName              string
-	DbDialect           string
-	DbMaxConn           uint
-	CleanUp             bool
-	DefaultUserName     string
-	DefaultUserPassword string
-	CustomLanguages     map[string]string
-	LanguageColors      map[string]string
+	Env        string
+	Version    string
+	Port       int
+	Addr       string
+	BasePath   string
+	DbHost     string
+	DbPort     uint
+	DbUser     string
+	DbPassword string
+	DbName     string
+	DbDialect  string
+	DbMaxConn  uint
+	CleanUp    bool
+	// this is actually a pepper (https://en.wikipedia.org/wiki/Pepper_(cryptography))
+	PasswordSalt         string
+	SecureCookieHashKey  string
+	SecureCookieBlockKey string
+	InsecureCookies      bool
+	CustomLanguages      map[string]string
+	LanguageColors       map[string]string
+	SecureCookie         *securecookie.SecureCookie
 }

 func (c *Config) IsDev() bool {
-	return c.Env == "dev"
+	return IsDev(c.Env)
+}
+
+func (c *Config) GetMigrationFunc(dbDialect string) MigrationFunc {
+	switch dbDialect {
+	case "sqlite3":
+		return func(db *gorm.DB) error {
+			migrations := &migrate.FileMigrationSource{
+				Dir: "migrations/sqlite3",
+			}
+
+			migrate.SetIgnoreUnknown(true)
+			n, err := migrate.Exec(db.DB(), "sqlite3", migrations, migrate.Up)
+			if err != nil {
+				return err
+			}
+
+			log.Printf("applied %d migrations\n", n)
+			return nil
+		}
+	default:
+		return func(db *gorm.DB) error {
+			db.AutoMigrate(&Alias{})
+			db.AutoMigrate(&Summary{})
+			db.AutoMigrate(&SummaryItem{})
+			db.AutoMigrate(&User{})
+			db.AutoMigrate(&Heartbeat{}).AddForeignKey("user_id", "users(id)", "RESTRICT", "RESTRICT")
+			db.AutoMigrate(&SummaryItem{}).AddForeignKey("summary_id", "summaries(id)", "CASCADE", "CASCADE")
+			db.AutoMigrate(&KeyStringValue{})
+			return nil
+		}
+	}
+}
+
+func (c *Config) GetFixturesFunc(dbDialect string) MigrationFunc {
+	return func(db *gorm.DB) error {
+		migrations := &migrate.FileMigrationSource{
+			Dir: "migrations/common/fixtures",
+		}
+
+		migrate.SetIgnoreUnknown(true)
+		n, err := migrate.Exec(db.DB(), dbDialect, migrations, migrate.Up)
+		if err != nil {
+			return err
+		}
+
+		log.Printf("applied %d fixtures\n", n)
+		return nil
+	}
+}
+
+func IsDev(env string) bool {
+	return env == "dev" || env == "development"
+}
+
+func SetConfig(config *Config) {
+	cfg = config
+}
+
+func GetConfig() *Config {
+	return cfg
+}
+
+func LookupFatal(key string) string {
+	v, ok := os.LookupEnv(key)
+	if !ok {
+		log.Fatalf("missing env variable '%s'", key)
+	}
+	return v
+}
+
+func readVersion() string {
+	file, err := os.Open("version.txt")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer file.Close()
+
+	bytes, err := ioutil.ReadAll(file)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	return string(bytes)
+}
+
+func readConfig() *Config {
+	if err := godotenv.Load(); err != nil {
+		log.Fatal(err)
+	}
+
+	version := readVersion()
+
+	env := LookupFatal("ENV")
+	dbType := LookupFatal("WAKAPI_DB_TYPE")
+	dbUser := LookupFatal("WAKAPI_DB_USER")
+	dbPassword := LookupFatal("WAKAPI_DB_PASSWORD")
+	dbHost := LookupFatal("WAKAPI_DB_HOST")
+	dbName := LookupFatal("WAKAPI_DB_NAME")
+	dbPortStr := LookupFatal("WAKAPI_DB_PORT")
+	passwordSalt := LookupFatal("WAKAPI_PASSWORD_SALT")
+	dbPort, err := strconv.Atoi(dbPortStr)
+
+	cfg, err := ini.Load("config.ini")
+	if err != nil {
+		log.Fatalf("Fail to read file: %v", err)
+	}
+
+	if dbType == "" {
+		dbType = "mysql"
+	}
+
+	dbMaxConn := cfg.Section("database").Key("max_connections").MustUint(1)
+	addr := cfg.Section("server").Key("listen").MustString("127.0.0.1")
+	insecureCookies := IsDev(env) || cfg.Section("server").Key("insecure_cookies").MustBool(false)
+	port, err := strconv.Atoi(os.Getenv("PORT"))
+	if err != nil {
+		port = cfg.Section("server").Key("port").MustInt()
+	}
+
+	basePath := cfg.Section("server").Key("base_path").MustString("/")
+	if strings.HasSuffix(basePath, "/") {
+		basePath = basePath[:len(basePath)-1]
+	}
+
+	cleanUp := cfg.Section("app").Key("cleanup").MustBool(false)
+
+	// Read custom languages
+	customLangs := make(map[string]string)
+	languageKeys := cfg.Section("languages").Keys()
+	for _, k := range languageKeys {
+		customLangs[k.Name()] = k.MustString("unknown")
+	}
+
+	// Read language colors
+	// Source: https://raw.githubusercontent.com/ozh/github-colors/master/colors.json
+	var colors = make(map[string]string)
+	var rawColors map[string]struct {
+		Color string `json:"color"`
+		Url   string `json:"url"`
+	}
+
+	data, err := ioutil.ReadFile("data/colors.json")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if err := json.Unmarshal(data, &rawColors); err != nil {
+		log.Fatal(err)
+	}
+
+	for k, v := range rawColors {
+		colors[strings.ToLower(k)] = v.Color
+	}
+
+	// TODO: Read keys from env, so that users are not logged out every time the server is restarted
+	secureCookie := securecookie.New(
+		securecookie.GenerateRandomKey(64),
+		securecookie.GenerateRandomKey(32),
+	)
+
+	return &Config{
+		Env:             env,
+		Version:         version,
+		Port:            port,
+		Addr:            addr,
+		BasePath:        basePath,
+		DbHost:          dbHost,
+		DbPort:          uint(dbPort),
+		DbUser:          dbUser,
+		DbPassword:      dbPassword,
+		DbName:          dbName,
+		DbDialect:       dbType,
+		DbMaxConn:       dbMaxConn,
+		CleanUp:         cleanUp,
+		InsecureCookies: insecureCookies,
+		SecureCookie:    secureCookie,
+		PasswordSalt:    passwordSalt,
+		CustomLanguages: customLangs,
+		LanguageColors:  colors,
+	}
 }
--- a/models/heartbeat.go
+++ b/models/heartbeat.go
@ -1,36 +1,31 @@
 package models

 import (
-	"database/sql/driver"
-	"errors"
-	"fmt"
 	"regexp"
-	"strconv"
-	"strings"
 	"time"
 )

-type HeartbeatReqTime time.Time
+type CustomTime time.Time

 type Heartbeat struct {
-	ID              uint             `gorm:"primary_key"`
-	User            *User            `json:"-" gorm:"not null"`
-	UserID          string           `json:"-" gorm:"not null; index:idx_time_user"`
-	Entity          string           `json:"entity" gorm:"not null; index:idx_entity"`
-	Type            string           `json:"type"`
-	Category        string           `json:"category"`
-	Project         string           `json:"project"`
-	Branch          string           `json:"branch"`
-	Language        string           `json:"language" gorm:"index:idx_language"`
-	IsWrite         bool             `json:"is_write"`
-	Editor          string           `json:"editor"`
-	OperatingSystem string           `json:"operating_system"`
-	Time            HeartbeatReqTime `json:"time" gorm:"type:timestamp; default:CURRENT_TIMESTAMP; index:idx_time,idx_time_user"`
+	ID              uint       `gorm:"primary_key"`
+	User            *User      `json:"-" gorm:"not null"`
+	UserID          string     `json:"-" gorm:"not null; index:idx_time_user"`
+	Entity          string     `json:"entity" gorm:"not null; index:idx_entity"`
+	Type            string     `json:"type"`
+	Category        string     `json:"category"`
+	Project         string     `json:"project"`
+	Branch          string     `json:"branch"`
+	Language        string     `json:"language" gorm:"index:idx_language"`
+	IsWrite         bool       `json:"is_write"`
+	Editor          string     `json:"editor"`
+	OperatingSystem string     `json:"operating_system"`
+	Time            CustomTime `json:"time" gorm:"type:timestamp; default:CURRENT_TIMESTAMP; index:idx_time,idx_time_user"`
 	languageRegex   *regexp.Regexp
 }

 func (h *Heartbeat) Valid() bool {
-	return h.User != nil && h.UserID != "" && h.Time != HeartbeatReqTime(time.Time{})
+	return h.User != nil && h.UserID != "" && h.Time != CustomTime(time.Time{})
 }

 func (h *Heartbeat) Augment(customLangs map[string]string) {
@ -49,47 +44,3 @@ func (h *Heartbeat) Augment(customLangs map[string]string) {
 		h.Language, _ = customLangs[ending]
 	}
 }
-
-func (j *HeartbeatReqTime) UnmarshalJSON(b []byte) error {
-	s := strings.Split(strings.Trim(string(b), "\""), ".")[0]
-	i, err := strconv.ParseInt(s, 10, 64)
-	if err != nil {
-		return err
-	}
-	t := time.Unix(i, 0)
-	*j = HeartbeatReqTime(t)
-	return nil
-}
-
-func (j *HeartbeatReqTime) Scan(value interface{}) error {
-	switch value.(type) {
-	case string:
-		t, err := time.Parse("2006-01-02 15:04:05-07:00", value.(string))
-		if err != nil {
-			return errors.New(fmt.Sprintf("unsupported date time format: %s", value))
-		}
-		*j = HeartbeatReqTime(t)
-	case int64:
-		*j = HeartbeatReqTime(time.Unix(value.(int64), 0))
-		break
-	case time.Time:
-		*j = HeartbeatReqTime(value.(time.Time))
-		break
-	default:
-		return errors.New(fmt.Sprintf("unsupported type: %T", value))
-	}
-	return nil
-}
-
-func (j HeartbeatReqTime) Value() (driver.Value, error) {
-	return time.Time(j), nil
-}
-
-func (j HeartbeatReqTime) String() string {
-	t := time.Time(j)
-	return t.Format("2006-01-02 15:04:05")
-}
-
-func (j HeartbeatReqTime) Time() time.Time {
-	return time.Time(j)
-}
--- a/models/models.go
+++ b/models/models.go
@ -0,0 +1,5 @@
+package models
+
+func init() {
+	SetConfig(readConfig())
+}
--- a/models/shared.go
+++ b/models/shared.go
@ -1,5 +1,68 @@
 package models

-const (
-	UserKey = "user"
+import (
+	"database/sql/driver"
+	"errors"
+	"fmt"
+	"github.com/jinzhu/gorm"
+	"strconv"
+	"strings"
+	"time"
 )
+
+const (
+	UserKey       = "user"
+	ImprintKey    = "imprint"
+	AuthCookieKey = "wakapi_auth"
+)
+
+type MigrationFunc func(db *gorm.DB) error
+
+type KeyStringValue struct {
+	Key   string `gorm:"primary_key"`
+	Value string `gorm:"type:text"`
+}
+
+func (j *CustomTime) UnmarshalJSON(b []byte) error {
+	s := strings.Split(strings.Trim(string(b), "\""), ".")[0]
+	i, err := strconv.ParseInt(s, 10, 64)
+	if err != nil {
+		return err
+	}
+	t := time.Unix(i, 0)
+	*j = CustomTime(t)
+	return nil
+}
+
+func (j *CustomTime) Scan(value interface{}) error {
+	switch value.(type) {
+	case string:
+		t, err := time.Parse("2006-01-02 15:04:05-07:00", value.(string))
+		if err != nil {
+			return errors.New(fmt.Sprintf("unsupported date time format: %s", value))
+		}
+		*j = CustomTime(t)
+	case int64:
+		*j = CustomTime(time.Unix(value.(int64), 0))
+		break
+	case time.Time:
+		*j = CustomTime(value.(time.Time))
+		break
+	default:
+		return errors.New(fmt.Sprintf("unsupported type: %T", value))
+	}
+	return nil
+}
+
+func (j CustomTime) Value() (driver.Value, error) {
+	return time.Time(j), nil
+}
+
+func (j CustomTime) String() string {
+	t := time.Time(j)
+	return t.Format("2006-01-02 15:04:05")
+}
+
+func (j CustomTime) Time() time.Time {
+	return time.Time(j)
+}
--- a/models/summary.go
+++ b/models/summary.go
@ -39,4 +39,7 @@ type SummaryItemContainer struct {
 type SummaryViewModel struct {
 	*Summary
 	LanguageColors map[string]string
+	Error          string
+	Success        string
+	ApiKey         string
 }
--- a/models/user.go
+++ b/models/user.go
@ -1,7 +1,26 @@
 package models

 type User struct {
-	ID       string `json:"id" gorm:"primary_key"`
-	ApiKey   string `json:"api_key" gorm:"unique"`
-	Password string `json:"-"`
+	ID             string     `json:"id" gorm:"primary_key"`
+	ApiKey         string     `json:"api_key" gorm:"unique"`
+	Password       string     `json:"-"`
+	CreatedAt      CustomTime `gorm:"type:timestamp; default:CURRENT_TIMESTAMP"`
+	LastLoggedInAt CustomTime `gorm:"type:timestamp; default:CURRENT_TIMESTAMP"`
+}
+
+type Login struct {
+	Username string `schema:"username"`
+	Password string `schema:"password"`
+}
+
+type Signup struct {
+	Username       string `schema:"username"`
+	Password       string `schema:"password"`
+	PasswordRepeat string `schema:"password_repeat"`
+}
+
+func (s *Signup) IsValid() bool {
+	return len(s.Username) >= 3 &&
+		len(s.Password) >= 6 &&
+		s.Password == s.PasswordRepeat
 }
--- a/routes/health.go
+++ b/routes/health.go
@ -7,12 +7,16 @@ import (
 )

 type HealthHandler struct {
-	Db *gorm.DB
+	db *gorm.DB
+}
+
+func NewHealthHandler(db *gorm.DB) *HealthHandler {
+	return &HealthHandler{db: db}
 }

 func (h *HealthHandler) ApiGet(w http.ResponseWriter, r *http.Request) {
 	var dbStatus int
-	if err := h.Db.DB().Ping(); err == nil {
+	if err := h.db.DB().Ping(); err == nil {
 		dbStatus = 1
 	}

--- a/routes/heartbeat.go
+++ b/routes/heartbeat.go
@ -12,15 +12,18 @@ import (
 )

 type HeartbeatHandler struct {
-	HeartbeatSrvc *services.HeartbeatService
+	config        *models.Config
+	heartbeatSrvc *services.HeartbeatService
+}
+
+func NewHeartbeatHandler(heartbeatService *services.HeartbeatService) *HeartbeatHandler {
+	return &HeartbeatHandler{
+		config:        models.GetConfig(),
+		heartbeatSrvc: heartbeatService,
+	}
 }

 func (h *HeartbeatHandler) ApiPost(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
-		w.WriteHeader(http.StatusMethodNotAllowed)
-		return
-	}
-
 	var heartbeats []*models.Heartbeat
 	user := r.Context().Value(models.UserKey).(*models.User)
 	opSys, editor, _ := utils.ParseUserAgent(r.Header.Get("User-Agent"))
@ -37,7 +40,7 @@ func (h *HeartbeatHandler) ApiPost(w http.ResponseWriter, r *http.Request) {
 		hb.Editor = editor
 		hb.User = user
 		hb.UserID = user.ID
-		hb.Augment(h.HeartbeatSrvc.Config.CustomLanguages)
+		hb.Augment(h.config.CustomLanguages)

 		if !hb.Valid() {
 			w.WriteHeader(http.StatusBadRequest)
@ -46,7 +49,7 @@ func (h *HeartbeatHandler) ApiPost(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	if err := h.HeartbeatSrvc.InsertBatch(heartbeats); err != nil {
+	if err := h.heartbeatSrvc.InsertBatch(heartbeats); err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		os.Stderr.WriteString(err.Error())
 		return
--- a/routes/public.go
+++ b/routes/public.go
@ -0,0 +1,207 @@
+package routes
+
+import (
+	"fmt"
+	"github.com/gorilla/schema"
+	"github.com/muety/wakapi/middlewares"
+	"github.com/muety/wakapi/models"
+	"github.com/muety/wakapi/services"
+	"github.com/muety/wakapi/utils"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type IndexHandler struct {
+	config       *models.Config
+	userSrvc     *services.UserService
+	keyValueSrvc *services.KeyValueService
+}
+
+var loginDecoder = schema.NewDecoder()
+var signupDecoder = schema.NewDecoder()
+
+func NewIndexHandler(userService *services.UserService, keyValueService *services.KeyValueService) *IndexHandler {
+	return &IndexHandler{
+		config:       models.GetConfig(),
+		userSrvc:     userService,
+		keyValueSrvc: keyValueService,
+	}
+}
+
+func (h *IndexHandler) Index(w http.ResponseWriter, r *http.Request) {
+	if h.config.IsDev() {
+		loadTemplates()
+	}
+
+	if cookie, err := r.Cookie(models.AuthCookieKey); err == nil && cookie.Value != "" {
+		http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.BasePath), http.StatusFound)
+		return
+	}
+
+	if handleAlerts(w, r, "") {
+		return
+	}
+
+	// TODO: make this more generic and reusable
+	if success := r.URL.Query().Get("success"); success != "" {
+		templates["index.tpl.html"].Execute(w, struct {
+			Success string
+			Error   string
+		}{Success: success})
+		return
+	}
+	templates["index.tpl.html"].Execute(w, nil)
+}
+
+func (h *IndexHandler) Imprint(w http.ResponseWriter, r *http.Request) {
+	if h.config.IsDev() {
+		loadTemplates()
+	}
+
+	text := "failed to load content"
+	if data, err := h.keyValueSrvc.GetString(models.ImprintKey); err == nil {
+		text = data.Value
+	}
+
+	templates["imprint.tpl.html"].Execute(w, &struct {
+		HtmlText string
+	}{HtmlText: text})
+}
+
+func (h *IndexHandler) Login(w http.ResponseWriter, r *http.Request) {
+	if h.config.IsDev() {
+		loadTemplates()
+	}
+
+	if cookie, err := r.Cookie(models.AuthCookieKey); err == nil && cookie.Value != "" {
+		http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.BasePath), http.StatusFound)
+		return
+	}
+
+	var login models.Login
+	if err := r.ParseForm(); err != nil {
+		respondAlert(w, "missing parameters", "", "", http.StatusBadRequest)
+		return
+	}
+	if err := loginDecoder.Decode(&login, r.PostForm); err != nil {
+		respondAlert(w, "missing parameters", "", "", http.StatusBadRequest)
+		return
+	}
+
+	user, err := h.userSrvc.GetUserById(login.Username)
+	if err != nil {
+		respondAlert(w, "resource not found", "", "", http.StatusNotFound)
+		return
+	}
+
+	// TODO: depending on middleware package here is a hack
+	if !middlewares.CheckAndMigratePassword(user, &login, h.config.PasswordSalt, h.userSrvc) {
+		respondAlert(w, "invalid credentials", "", "", http.StatusUnauthorized)
+		return
+	}
+
+	encoded, err := h.config.SecureCookie.Encode(models.AuthCookieKey, login)
+	if err != nil {
+		respondAlert(w, "internal server error", "", "", http.StatusInternalServerError)
+		return
+	}
+
+	user.LastLoggedInAt = models.CustomTime(time.Now())
+	h.userSrvc.Update(user)
+
+	cookie := &http.Cookie{
+		Name:     models.AuthCookieKey,
+		Value:    encoded,
+		Path:     "/",
+		Secure:   !h.config.InsecureCookies,
+		HttpOnly: true,
+	}
+	http.SetCookie(w, cookie)
+	http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.BasePath), http.StatusFound)
+}
+
+func (h *IndexHandler) Logout(w http.ResponseWriter, r *http.Request) {
+	if h.config.IsDev() {
+		loadTemplates()
+	}
+
+	utils.ClearCookie(w, models.AuthCookieKey, !h.config.InsecureCookies)
+	http.Redirect(w, r, fmt.Sprintf("%s/", h.config.BasePath), http.StatusFound)
+}
+
+func (h *IndexHandler) Signup(w http.ResponseWriter, r *http.Request) {
+	if h.config.IsDev() {
+		loadTemplates()
+	}
+
+	if cookie, err := r.Cookie(models.AuthCookieKey); err == nil && cookie.Value != "" {
+		http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.BasePath), http.StatusFound)
+		return
+	}
+
+	switch r.Method {
+	case http.MethodPost:
+		h.handlePostSignup(w, r)
+		return
+	default:
+		h.handleGetSignup(w, r)
+		return
+	}
+}
+
+func (h *IndexHandler) handleGetSignup(w http.ResponseWriter, r *http.Request) {
+	if h.config.IsDev() {
+		loadTemplates()
+	}
+
+	if cookie, err := r.Cookie(models.AuthCookieKey); err == nil && cookie.Value != "" {
+		http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.BasePath), http.StatusFound)
+		return
+	}
+
+	if handleAlerts(w, r, "signup.tpl.html") {
+		return
+	}
+
+	templates["signup.tpl.html"].Execute(w, nil)
+}
+
+func (h *IndexHandler) handlePostSignup(w http.ResponseWriter, r *http.Request) {
+	if h.config.IsDev() {
+		loadTemplates()
+	}
+
+	if cookie, err := r.Cookie(models.AuthCookieKey); err == nil && cookie.Value != "" {
+		http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.BasePath), http.StatusFound)
+		return
+	}
+
+	var signup models.Signup
+	if err := r.ParseForm(); err != nil {
+		respondAlert(w, "missing parameters", "", "signup.tpl.html", http.StatusBadRequest)
+		return
+	}
+	if err := signupDecoder.Decode(&signup, r.PostForm); err != nil {
+		respondAlert(w, "missing parameters", "", "signup.tpl.html", http.StatusBadRequest)
+		return
+	}
+
+	if !signup.IsValid() {
+		respondAlert(w, "invalid parameters", "", "signup.tpl.html", http.StatusBadRequest)
+		return
+	}
+
+	_, created, err := h.userSrvc.CreateOrGet(&signup)
+	if err != nil {
+		respondAlert(w, "failed to create new user", "", "signup.tpl.html", http.StatusInternalServerError)
+		return
+	}
+	if !created {
+		respondAlert(w, "user already existing", "", "signup.tpl.html", http.StatusConflict)
+		return
+	}
+
+	msg := url.QueryEscape("account created successfully")
+	http.Redirect(w, r, fmt.Sprintf("%s/?success=%s", h.config.BasePath, msg), http.StatusFound)
+}
--- a/routes/routes.go
+++ b/routes/routes.go
@ -0,0 +1,87 @@
+package routes
+
+import (
+	"fmt"
+	"github.com/muety/wakapi/models"
+	"github.com/muety/wakapi/utils"
+	"html/template"
+	"io/ioutil"
+	"net/http"
+	"path"
+	"strings"
+)
+
+func init() {
+	loadTemplates()
+}
+
+var templates map[string]*template.Template
+
+func loadTemplates() {
+	tplPath := "views"
+	tpls := template.New("").Funcs(template.FuncMap{
+		"json":       utils.Json,
+		"date":       utils.FormatDateHuman,
+		"title":      strings.Title,
+		"capitalize": utils.Capitalize,
+		"getBasePath": func() string {
+			return models.GetConfig().BasePath
+		},
+		"getVersion": func() string {
+			return models.GetConfig().Version
+		},
+		"htmlSafe": func(html string) template.HTML {
+			return template.HTML(html)
+		},
+	})
+	templates = make(map[string]*template.Template)
+
+	files, err := ioutil.ReadDir(tplPath)
+	if err != nil {
+		panic(err)
+	}
+
+	for _, file := range files {
+		tplName := file.Name()
+		if file.IsDir() || path.Ext(tplName) != ".html" {
+			continue
+		}
+
+		tpl, err := tpls.New(tplName).ParseFiles(fmt.Sprintf("%s/%s", tplPath, tplName))
+		if err != nil {
+			panic(err)
+		}
+
+		templates[tplName] = tpl
+	}
+}
+
+func respondAlert(w http.ResponseWriter, error, success, tplName string, status int) {
+	w.WriteHeader(status)
+	if tplName == "" {
+		tplName = "index.tpl.html"
+	}
+	templates[tplName].Execute(w, struct {
+		Error   string
+		Success string
+	}{Error: error})
+}
+
+// TODO: do better
+func handleAlerts(w http.ResponseWriter, r *http.Request, tplName string) bool {
+	if err := r.URL.Query().Get("error"); err != "" {
+		if err == "unauthorized" {
+			respondAlert(w, err, "", tplName, http.StatusUnauthorized)
+		} else {
+			respondAlert(w, err, "", tplName, http.StatusInternalServerError)
+		}
+		return true
+	}
+
+	if success := r.URL.Query().Get("success"); success != "" {
+		respondAlert(w, "", success, tplName, http.StatusOK)
+		return true
+	}
+
+	return false
+}
--- a/routes/summary.go
+++ b/routes/summary.go
@ -2,9 +2,7 @@ package routes

 import (
 	"errors"
-	"html/template"
 	"net/http"
-	"path"
 	"time"

 	"github.com/muety/wakapi/models"
@ -22,39 +20,19 @@ const (
 )

 type SummaryHandler struct {
-	SummarySrvc   *services.SummaryService
-	Initialized   bool
-	indexTemplate *template.Template
+	summarySrvc *services.SummaryService
+	config      *models.Config
 }

-func (m *SummaryHandler) Init() {
-	m.loadTemplates()
-	m.Initialized = true
-}
-
-func (m *SummaryHandler) loadTemplates() {
-	indexTplPath := "views/index.tpl.html"
-	indexTpl, err := template.New(path.Base(indexTplPath)).Funcs(template.FuncMap{
-		"json": utils.Json,
-		"date": utils.FormatDateHuman,
-	}).ParseFiles(indexTplPath)
-	if err != nil {
-		panic(err)
+func NewSummaryHandler(summaryService *services.SummaryService) *SummaryHandler {
+	return &SummaryHandler{
+		summarySrvc: summaryService,
+		config:      models.GetConfig(),
 	}
-	m.indexTemplate = indexTpl
 }

 func (h *SummaryHandler) ApiGet(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodGet {
-		w.WriteHeader(http.StatusMethodNotAllowed)
-		return
-	}
-
-	if !h.Initialized {
-		h.Init()
-	}
-
-	summary, err, status := loadUserSummary(r, h.SummarySrvc)
+	summary, err, status := loadUserSummary(r, h.summarySrvc)
 	if err != nil {
 		w.WriteHeader(status)
 		w.Write([]byte(err.Error()))
@ -65,17 +43,8 @@ func (h *SummaryHandler) ApiGet(w http.ResponseWriter, r *http.Request) {
 }

 func (h *SummaryHandler) Index(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodGet {
-		w.WriteHeader(http.StatusMethodNotAllowed)
-		return
-	}
-
-	if !h.Initialized {
-		h.Init()
-	}
-
-	if h.SummarySrvc.Config.IsDev() {
-		h.loadTemplates()
+	if h.config.IsDev() {
+		loadTemplates()
 	}

 	q := r.URL.Query()
@ -84,19 +53,25 @@ func (h *SummaryHandler) Index(w http.ResponseWriter, r *http.Request) {
 		r.URL.RawQuery = q.Encode()
 	}

-	summary, err, status := loadUserSummary(r, h.SummarySrvc)
+	summary, err, status := loadUserSummary(r, h.summarySrvc)
 	if err != nil {
-		w.WriteHeader(status)
-		w.Write([]byte(err.Error()))
+		respondAlert(w, err.Error(), "", "summary.tpl.html", status)
+		return
+	}
+
+	user := r.Context().Value(models.UserKey).(*models.User)
+	if user == nil {
+		respondAlert(w, "unauthorized", "", "summary.tpl.html", http.StatusUnauthorized)
 		return
 	}

 	vm := models.SummaryViewModel{
 		Summary:        summary,
-		LanguageColors: utils.FilterLanguageColors(h.SummarySrvc.Config.LanguageColors, summary),
+		LanguageColors: utils.FilterLanguageColors(h.config.LanguageColors, summary),
+		ApiKey:         user.ApiKey,
 	}

-	h.indexTemplate.Execute(w, vm)
+	templates["summary.tpl.html"].Execute(w, vm)
 }

 func loadUserSummary(r *http.Request, summaryService *services.SummaryService) (*models.Summary, error, int) {
--- a/services/aggregation.go
+++ b/services/aggregation.go
@ -22,14 +22,22 @@ type AggregationService struct {
 	HeartbeatService *HeartbeatService
 }

+func NewAggregationService(db *gorm.DB, userService *UserService, summaryService *SummaryService, heartbeatService *HeartbeatService) *AggregationService {
+	return &AggregationService{
+		Config:           models.GetConfig(),
+		Db:               db,
+		UserService:      userService,
+		SummaryService:   summaryService,
+		HeartbeatService: heartbeatService,
+	}
+}
+
 type AggregationJob struct {
 	UserID string
 	From   time.Time
 	To     time.Time
 }

-func (srv *AggregationService) Init() {}
-
 // Schedule a job to (re-)generate summaries every day shortly after midnight
 // TODO: Make configurable
 func (srv *AggregationService) Schedule() {
--- a/services/alias.go
+++ b/services/alias.go
@ -13,9 +13,14 @@ type AliasService struct {
 	Db     *gorm.DB
 }

-var userAliases sync.Map
+func NewAliasService(db *gorm.DB) *AliasService {
+	return &AliasService{
+		Config: models.GetConfig(),
+		Db:     db,
+	}
+}

-func (srv *AliasService) Init() {}
+var userAliases sync.Map

 func (srv *AliasService) LoadUserAliases(userId string) error {
 	var aliases []*models.Alias
@ -41,7 +46,7 @@ func (srv *AliasService) GetAliasOrDefault(userId string, summaryType uint8, val
 	return "", errors.New("user aliases not initialized")
 }

-func (src *AliasService) IsInitialized(userId string) bool {
+func (srv *AliasService) IsInitialized(userId string) bool {
 	if _, ok := userAliases.Load(userId); ok {
 		return true
 	}
--- a/services/common.go
+++ b/services/common.go
@ -1,5 +0,0 @@
-package services
-
-type Initializable interface {
-	Init()
-}
--- a/services/heartbeat.go
+++ b/services/heartbeat.go
@ -21,7 +21,12 @@ type HeartbeatService struct {
 	Db     *gorm.DB
 }

-func (srv *HeartbeatService) Init() {}
+func NewHeartbeatService(db *gorm.DB) *HeartbeatService {
+	return &HeartbeatService{
+		Config: models.GetConfig(),
+		Db:     db,
+	}
+}

 func (srv *HeartbeatService) InsertBatch(heartbeats []*models.Heartbeat) error {
 	var batch []interface{}
--- a/services/key_value.go
+++ b/services/key_value.go
@ -0,0 +1,62 @@
+package services
+
+import (
+	"errors"
+	"github.com/jinzhu/gorm"
+	"github.com/muety/wakapi/models"
+)
+
+type KeyValueService struct {
+	Config *models.Config
+	Db     *gorm.DB
+}
+
+func NewKeyValueService(db *gorm.DB) *KeyValueService {
+	return &KeyValueService{
+		Config: models.GetConfig(),
+		Db:     db,
+	}
+}
+
+func (srv *KeyValueService) GetString(key string) (*models.KeyStringValue, error) {
+	kv := &models.KeyStringValue{}
+	if err := srv.Db.
+		Where(&models.KeyStringValue{Key: key}).
+		First(&kv).Error; err != nil {
+		return nil, err
+	}
+
+	return kv, nil
+}
+
+func (srv *KeyValueService) PutString(kv *models.KeyStringValue) error {
+	result := srv.Db.
+		Where(&models.KeyStringValue{Key: kv.Key}).
+		Assign(kv).
+		FirstOrCreate(kv)
+
+	if err := result.Error; err != nil {
+		return err
+	}
+
+	if result.RowsAffected != 1 {
+		return errors.New("nothing updated")
+	}
+
+	return nil
+}
+
+func (srv *KeyValueService) DeleteString(key string) error {
+	result := srv.Db.
+		Delete(&models.KeyStringValue{}, &models.KeyStringValue{Key: key})
+
+	if err := result.Error; err != nil {
+		return err
+	}
+
+	if result.RowsAffected != 1 {
+		return errors.New("nothing deleted")
+	}
+
+	return nil
+}
--- a/services/summary.go
+++ b/services/summary.go
@ -21,15 +21,21 @@ type SummaryService struct {
 	AliasService     *AliasService
 }

+func NewSummaryService(db *gorm.DB, heartbeatService *HeartbeatService, aliasService *AliasService) *SummaryService {
+	return &SummaryService{
+		Config:           models.GetConfig(),
+		Cache:            cache.New(24*time.Hour, 24*time.Hour),
+		Db:               db,
+		HeartbeatService: heartbeatService,
+		AliasService:     aliasService,
+	}
+}
+
 type Interval struct {
 	Start time.Time
 	End   time.Time
 }

-func (srv *SummaryService) Init() {
-	srv.Cache = cache.New(24*time.Hour, 24*time.Hour)
-}
-
 func (srv *SummaryService) Construct(from, to time.Time, user *models.User, recompute bool) (*models.Summary, error) {
 	var existingSummaries []*models.Summary
 	var cacheKey string
@ -138,7 +144,7 @@ func (srv *SummaryService) GetByUserWithin(user *models.User, from, to time.Time
 	return summaries, nil
 }

-// Will return *models.Summary objects with only user_id and to_time filled
+// Will return *models.Index objects with only user_id and to_time filled
 func (srv *SummaryService) GetLatestByUser() ([]*models.Summary, error) {
 	var summaries []*models.Summary
 	if err := srv.Db.
--- a/services/user.go
+++ b/services/user.go
@ -1,8 +1,11 @@
 package services

 import (
+	"errors"
 	"github.com/jinzhu/gorm"
 	"github.com/muety/wakapi/models"
+	"github.com/muety/wakapi/utils"
+	uuid "github.com/satori/go.uuid"
 )

 type UserService struct {
@ -10,7 +13,12 @@ type UserService struct {
 	Db     *gorm.DB
 }

-func (srv *UserService) Init() {}
+func NewUserService(db *gorm.DB) *UserService {
+	return &UserService{
+		Config: models.GetConfig(),
+		Db:     db,
+	}
+}

 func (srv *UserService) GetUserById(userId string) (*models.User, error) {
 	u := &models.User{}
@ -37,3 +45,55 @@ func (srv *UserService) GetAll() ([]*models.User, error) {
 	}
 	return users, nil
 }
+
+func (srv *UserService) CreateOrGet(signup *models.Signup) (*models.User, bool, error) {
+	u := &models.User{
+		ID:       signup.Username,
+		ApiKey:   uuid.NewV4().String(),
+		Password: signup.Password,
+	}
+
+	if err := utils.HashPassword(u, srv.Config.PasswordSalt); err != nil {
+		return nil, false, err
+	}
+
+	result := srv.Db.FirstOrCreate(u, &models.User{ID: u.ID})
+	if err := result.Error; err != nil {
+		return nil, false, err
+	}
+
+	if result.RowsAffected == 1 {
+		return u, true, nil
+	}
+
+	return u, false, nil
+}
+
+func (srv *UserService) Update(user *models.User) (*models.User, error) {
+	result := srv.Db.Model(&models.User{}).Updates(user)
+	if err := result.Error; err != nil {
+		return nil, err
+	}
+
+	if result.RowsAffected != 1 {
+		return nil, errors.New("nothing updated")
+	}
+
+	return user, nil
+}
+
+func (srv *UserService) MigrateMd5Password(user *models.User, login *models.Login) (*models.User, error) {
+	user.Password = login.Password
+	if err := utils.HashPassword(user, srv.Config.PasswordSalt); err != nil {
+		return nil, err
+	}
+
+	result := srv.Db.Model(user).Update("password", user.Password)
+	if err := result.Error; err != nil {
+		return nil, err
+	} else if result.RowsAffected < 1 {
+		return nil, errors.New("nothing changes")
+	}
+
+	return user, nil
+}
--- a/static/assets/app.js
+++ b/static/assets/app.js
@ -196,6 +196,21 @@ function getRandomColor(seed) {
    return color
 }

+function showApiKeyPopup(event) {
+    const el = document.getElementById('api-key-popup')
+    el.classList.remove('hidden')
+    el.classList.add('block')
+    event.stopPropagation()
+}
+
+function copyApiKey(event) {
+    const el = document.getElementById('api-key-container')
+    el.select()
+    el.setSelectionRange(0, 9999)
+    document.execCommand('copy')
+    event.stopPropagation()
+}
+
 // https://koddsson.com/posts/emoji-favicon/
 const favicon = document.querySelector('link[rel=icon]')
 if (favicon) {
@ -211,6 +226,17 @@ if (favicon) {
    }
 }

+// Click outside
+window.addEventListener('click', function(event) {
+    if (event.target.classList.contains('popup')) {
+        return
+    }
+    document.querySelectorAll('.popup').forEach(el => {
+        el.classList.remove('block')
+        el.classList.add('hidden')
+    })
+})
+
 window.addEventListener('load', function () {
    draw()
 })
--- a/utils/auth.go
+++ b/utils/auth.go
@ -0,0 +1,89 @@
+package utils
+
+import (
+	"crypto/md5"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"github.com/muety/wakapi/models"
+	"golang.org/x/crypto/bcrypt"
+	"net/http"
+	"regexp"
+	"strings"
+)
+
+var md5Regex = regexp.MustCompile(`^[a-f0-9]{32}$`)
+
+func ExtractBasicAuth(r *http.Request) (username, password string, err error) {
+	authHeader := strings.Split(r.Header.Get("Authorization"), " ")
+	if len(authHeader) != 2 || authHeader[0] != "Basic" {
+		return username, password, errors.New("failed to extract API key")
+	}
+
+	hash, err := base64.StdEncoding.DecodeString(authHeader[1])
+	userKey := strings.TrimSpace(string(hash))
+	if err != nil {
+		return username, password, err
+	}
+
+	re := regexp.MustCompile(`^(.+):(.+)$`)
+	groups := re.FindAllStringSubmatch(userKey, -1)
+	if len(groups) == 0 || len(groups[0]) != 3 {
+		return username, password, errors.New("failed to parse user agent string")
+	}
+	username, password = groups[0][1], groups[0][2]
+	return username, password, err
+}
+
+func ExtractBearerAuth(r *http.Request) (key string, err error) {
+	authHeader := strings.Split(r.Header.Get("Authorization"), " ")
+	if len(authHeader) != 2 || authHeader[0] != "Basic" {
+		return key, errors.New("failed to extract API key")
+	}
+
+	keyBytes, err := base64.StdEncoding.DecodeString(authHeader[1])
+	return string(keyBytes), err
+}
+
+func ExtractCookieAuth(r *http.Request, config *models.Config) (login *models.Login, err error) {
+	cookie, err := r.Cookie(models.AuthCookieKey)
+	if err != nil {
+		return nil, errors.New("missing authentication")
+	}
+
+	if err := config.SecureCookie.Decode(models.AuthCookieKey, cookie.Value, &login); err != nil {
+		return nil, errors.New("invalid parameters")
+	}
+
+	return login, nil
+}
+
+func IsMd5(hash string) bool {
+	return md5Regex.Match([]byte(hash))
+}
+
+func CheckPasswordBcrypt(user *models.User, password, salt string) bool {
+	plainPassword := []byte(strings.TrimSpace(password) + salt)
+	err := bcrypt.CompareHashAndPassword([]byte(user.Password), plainPassword)
+	return err == nil
+}
+
+// deprecated, only here for backwards compatibility
+func CheckPasswordMd5(user *models.User, password string) bool {
+	hash := md5.Sum([]byte(password))
+	hashStr := hex.EncodeToString(hash[:])
+	if hashStr == user.Password {
+		return true
+	}
+	return false
+}
+
+// inplace
+func HashPassword(u *models.User, salt string) error {
+	plainSaltedPassword := []byte(strings.TrimSpace(u.Password) + salt)
+	bytes, err := bcrypt.GenerateFromPassword(plainSaltedPassword, bcrypt.DefaultCost)
+	if err == nil {
+		u.Password = string(bytes)
+	}
+	return err
+}
--- a/utils/environment.go
+++ b/utils/environment.go
@ -1,14 +0,0 @@
-package utils
-
-import (
-	"log"
-	"os"
-)
-
-func LookupFatal(key string) string {
-	v, ok := os.LookupEnv(key)
-	if !ok {
-		log.Fatalf("missing env variable '%s'", key)
-	}
-	return v
-}
--- a/utils/http.go
+++ b/utils/http.go
@ -12,3 +12,13 @@ func RespondJSON(w http.ResponseWriter, status int, object interface{}) {
 		w.WriteHeader(http.StatusInternalServerError)
 	}
 }
+
+func ClearCookie(w http.ResponseWriter, name string, secure bool) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     name,
+		Value:    "",
+		Path:     "/",
+		Secure:   secure,
+		HttpOnly: true,
+	})
+}
--- a/utils/strings.go
+++ b/utils/strings.go
@ -0,0 +1,10 @@
+package utils
+
+import (
+	"fmt"
+	"strings"
+)
+
+func Capitalize(s string) string {
+	return fmt.Sprintf("%s%s", strings.ToUpper(s[:1]), s[1:])
+}
--- a/version.txt
+++ b/version.txt
@ -1 +1 @@
-1.2.2
+1.6.2
--- a/views/alerts.tpl.html
+++ b/views/alerts.tpl.html
@ -0,0 +1,13 @@
+{{ if .Error }}
+<div class="flex justify-center w-full">
+    <div class="p-4 text-white text-sm bg-red-500 rounded mt-16 shadow flex-grow max-w-lg">
+        Error: {{ .Error | capitalize }}
+    </div>
+</div>
+{{ else if .Success }}
+    <div class="flex justify-center w-full">
+        <div class="p-4 text-white text-sm bg-green-500 rounded mt-16 shadow flex-grow max-w-lg">
+            {{ .Success | capitalize }}
+        </div>
+    </div>
+{{ end }}
--- a/views/foot.tpl.html
+++ b/views/foot.tpl.html
@ -0,0 +1,12 @@
+<script src="https://cdnjs.cloudflare.com/ajax/libs/seedrandom/2.4.4/seedrandom.min.js"></script>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.3/Chart.bundle.min.js"></script>
+
+<script>
+    let wakapiData = {}
+    let languageColors = {{ .LanguageColors | json }}
+        wakapiData.projects = {{ .Projects | json }}
+            wakapiData.operatingSystems = {{ .OperatingSystems | json }}
+                wakapiData.editors = {{ .Editors | json }}
+                    wakapiData.languages = {{ .Languages | json }}
+</script>
+<script src="assets/app.js"></script>
--- a/views/footer.tpl.html
+++ b/views/footer.tpl.html
@ -0,0 +1,12 @@
+<footer class="flex justify-between w-full text-center text-gray-500 text-xs mt-12">
+    <div class="text-xs font-mono">
+        v{{ getVersion }}
+    </div>
+    <div>
+        Made with &nbsp; 🤍 &nbsp; by <a href="https://muetsch.io" class="border-b border-green-700">Ferdinand Mütsch</a> as <a
+                href="https://github.com/muety/wakapi" class="border-b border-green-700">open-source</a> software
+    </div>
+    <div>
+        <a href="imprint" class="border-b border-green-700">Imprint, Cookies & Data Privacy</a>
+    </div>
+</footer>
--- a/views/head.tpl.html
+++ b/views/head.tpl.html
@ -0,0 +1,9 @@
+<head>
+    <title>Wakapi – Coding Statistics</title>
+    <base href="{{ getBasePath }}/">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
+    <link rel="icon" data-emoji="📊" type="image/png">
+    <link href="https://fonts.googleapis.com/css?family=Roboto&display=swap" rel="stylesheet">
+    <link href="https://unpkg.com/tailwindcss@^1.4.6/dist/tailwind.min.css" rel="stylesheet">
+    <link href="assets/app.css" rel="stylesheet">
+</head>
--- a/views/imprint.tpl.html
+++ b/views/imprint.tpl.html
@ -0,0 +1,24 @@
+<html>
+
+{{ template "head.tpl.html" . }}
+
+<body class="bg-gray-800 text-gray-700 p-4 pt-10 flex flex-col min-h-screen max-w-screen-xl mx-auto justify-center">
+<div class="w-full flex justify-center">
+    <div class="flex items-center justify-between max-w-4xl flex-grow">
+        <div><a href="" class="text-gray-500 text-sm">🠐 Go back</a></div>
+        <div><h1 class="font-semibold text-2xl text-white m-0 border-b-4 border-green-700">Imprint & Data Privacy</h1>
+        </div>
+        <div></div>
+    </div>
+</div>
+
+<main class="mt-10 flex-grow flex justify-center w-full">
+    {{ htmlSafe .HtmlText }}
+</main>
+
+{{ template "footer.tpl.html" . }}
+
+{{ template "foot.tpl.html" . }}
+</body>
+
+</html>
--- a/views/index.tpl.html
+++ b/views/index.tpl.html
@ -1,76 +1,42 @@
 <html>

-<head>
-    <title>Wakapi – Coding Statistics</title>
-    <base href="/">
-    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
-    <link rel="icon" data-emoji="📊" type="image/png">
-    <link href="https://fonts.googleapis.com/css?family=Roboto&display=swap" rel="stylesheet">
-    <link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
-    <link href="assets/app.css" rel="stylesheet">
-</head>
+{{ template "head.tpl.html" . }}

 <body class="bg-gray-800 text-gray-700 p-4 pt-10 flex flex-col min-h-screen max-w-screen-xl mx-auto justify-center">
-    <div class="flex items-center justify-center">
-        <h1 class="font-semibold text-2xl text-white m-0 border-b-4 border-green-700">Your Coding Statistics 🤓</h1>
-    </div>
-    <div class="text-white text-sm flex items-center justify-center mt-4">
-        <a href="?interval=today" class="m-1 border-b border-green-700">Today (live)</a>
-        <a href="?interval=day" class="m-1 border-b border-green-700">Yesterday</a>
-        <a href="?interval=week" class="m-1 border-b border-green-700">This Week</a>
-        <a href="?interval=month" class="m-1 border-b border-green-700">This Month</a>
-        <a href="?interval=year" class="m-1 border-b border-green-700">This Year</a>
-        <a href="?interval=any" class="m-1 border-b border-green-700">All Time</a>
-    </div>
-    <main class="mt-10 flex-grow" id="grid-container">
-        <div class="flex justify-center">
-            <div class="p-1">
-                <div class="flex justify-center p-4 bg-white rounded shadow">
-                    <p class="mx-2"><strong>▶️</strong> <span title="Start Time">{{ .FromTime | date }}</span></p>
-                    <p class="mx-2"><strong>⏹</strong> <span title="End Time">{{ .ToTime | date }}</span></p>
-                    <p class="mx-2"><strong>⏱</strong> <span id="total-span" title="Total Hours"></span></p>
-                </div>
-            </div>
-        </div>
-        <div class="flex flex-wrap justify-center">
-            <div class="w-full lg:w-1/2 p-1">
-                <div class="p-4 bg-white rounded shadow m-2" id="projects-container" style="height: 300px">
-                    <canvas id="chart-projects"></canvas>
-                </div>
-            </div>
-            <div class="w-full lg:w-1/2 p-1">
-                <div class="p-4 bg-white rounded shadow m-2" id="os-container" style="height: 300px">
-                    <canvas id="chart-os"></canvas>
-                </div>
-            </div>
-            <div class="w-full lg:w-1/2 p-1">
-                <div class="p-4 bg-white rounded shadow m-2 relative" id="language-container" style="height: 300px">
-                    <canvas id="chart-language"></canvas>
-                </div>
-            </div>
-            <div class="w-full lg:w-1/2 p-1">
-                <div class="p-4 bg-white rounded shadow m-2" id="editor-container" style="height: 300px">
-                    <canvas id="chart-editor"></canvas>
-                </div>
-            </div>
-        </div>
-    </main>
-    <footer class="w-full text-center text-gray-300 text-xs mt-12">
-        Made by <a href="https://muetsch.io" class="border-b border-green-700">Ferdinand Mütsch</a> as <a href="https://github.com/muety/wakapi" class="border-b border-green-700">open-source</a>.
-    </footer>
+<div class="flex items-center justify-center">
+    <h1 class="font-semibold text-2xl text-white m-0 border-b-4 border-green-700">Login</h1>
+</div>

-    <script src="https://cdnjs.cloudflare.com/ajax/libs/seedrandom/2.4.4/seedrandom.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.3/Chart.bundle.min.js"></script>
+{{ template "alerts.tpl.html" . }}

-    <script>
-        let wakapiData = {}
-        let languageColors = {{ .LanguageColors | json }}
-        wakapiData.projects = {{ .Projects | json }}
-        wakapiData.operatingSystems = {{ .OperatingSystems | json }}
-        wakapiData.editors = {{ .Editors | json }}
-        wakapiData.languages = {{ .Languages | json }}
-    </script>
-    <script src="assets/app.js"></script>
+<main class="mt-10 flex-grow flex justify-center w-full">
+    <div class="flex-grow max-w-lg mt-12">
+        <form action="login" method="post">
+            <div class="mb-8">
+                <label class="inline-block text-sm mb-1 text-gray-500" for="username">Username</label>
+                <input class="shadow appearance-none bg-gray-800 focus:bg-gray-700 text-gray-300 border-green-700 focus:border-gray-500 border rounded w-full py-1 px-3"
+                       type="text" id="username"
+                       name="username" placeholder="Enter your username" minlength="3" required autofocus>
+            </div>
+            <div class="mb-8">
+                <label class="inline-block text-sm mb-1 text-gray-500" for="password">Password</label>
+                <input class="shadow appearance-none bg-gray-800 focus:bg-gray-700 text-gray-300 border-green-700 focus:border-gray-500 border rounded w-full py-1 px-3"
+                       type="password" id="password"
+                       name="password" placeholder="******" minlength="6" required>
+            </div>
+            <div class="flex justify-between">
+                <a href="signup">
+                    <button type="button" class="py-1 px-3 rounded border border-green-700 text-white text-sm">Sign up</button>
+                </a>
+                <button type="submit" class="py-1 px-3 rounded bg-green-700 hover:bg-green-800 text-white text-sm">Log in</button>
+            </div>
+        </form>
+    </div>
+</main>
+
+{{ template "footer.tpl.html" . }}
+
+{{ template "foot.tpl.html" . }}
 </body>

 </html>
--- a/views/signup.tpl.html
+++ b/views/signup.tpl.html
@ -0,0 +1,63 @@
+<html>
+
+{{ template "head.tpl.html" . }}
+
+<body class="bg-gray-800 text-gray-700 p-4 pt-10 flex flex-col min-h-screen max-w-screen-xl mx-auto justify-center">
+<div class="w-full flex justify-center">
+    <div class="flex items-center justify-between max-w-4xl flex-grow">
+        <div><a href="" class="text-gray-500 text-sm">🠐 Go back</a></div>
+        <div><h1 class="font-semibold text-2xl text-white m-0 border-b-4 border-green-700">Sign Up</h1></div>
+        <div></div>
+    </div>
+</div>
+
+{{ template "alerts.tpl.html" . }}
+
+<main class="mt-10 flex-grow flex justify-center w-full">
+    <div class="flex-grow max-w-lg mt-8">
+        <div>
+            <p class="text-sm text-gray-300">
+                💡 In order to use Wakapi, you need to create an account.
+                After successful signup, you still need to set up the <a href="https://wakatime.com" target="_blank"
+                                                                         class="border-b border-green-700">WakaTime</a>
+                client tools.
+                Please refer to <a href="https://github.com/muety/wakapi#client-setup" target="_blank"
+                                   class="border-b border-green-700">this readme section</a> for instructions.
+                You will be able to view you <strong>API Key</strong> once you log in.
+            </p>
+        </div>
+
+        <form class="mt-10" action="signup" method="post">
+            <div class="mb-8">
+                <label class="inline-block text-sm mb-1 text-gray-500" for="username">Username</label>
+                <input class="shadow appearance-none bg-gray-800 focus:bg-gray-700 text-gray-300 border-green-700 focus:border-gray-500 border rounded w-full py-1 px-3"
+                       type="text" id="username"
+                       name="username" placeholder="Choose a username" minlength="3" required autofocus>
+            </div>
+            <div class="mb-8">
+                <label class="inline-block text-sm mb-1 text-gray-500" for="password">Password</label>
+                <input class="shadow appearance-none bg-gray-800 focus:bg-gray-700 text-gray-300 border-green-700 focus:border-gray-500 border rounded w-full py-1 px-3"
+                       type="password" id="password"
+                       name="password" placeholder="Choose a password" minlength="6" required>
+            </div>
+            <div class="mb-8">
+                <label class="inline-block text-sm mb-1 text-gray-500" for="password">And again ...</label>
+                <input class="shadow appearance-none bg-gray-800 focus:bg-gray-700 text-gray-300 border-green-700 focus:border-gray-500 border rounded w-full py-1 px-3"
+                       type="password" id="password_repeat"
+                       name="password_repeat" placeholder="Repeat your password" minlength="6" required>
+            </div>
+            <div class="flex justify-between float-right">
+                <button type="submit" class="py-1 px-3 rounded bg-green-700 hover:bg-green-800 text-white text-sm">
+                    Create Account
+                </button>
+            </div>
+        </form>
+    </div>
+</main>
+
+{{ template "footer.tpl.html" . }}
+
+{{ template "foot.tpl.html" . }}
+</body>
+
+</html>
--- a/views/summary.tpl.html
+++ b/views/summary.tpl.html
@ -0,0 +1,78 @@
+<html>
+
+{{ template "head.tpl.html" . }}
+
+<body class="relative bg-gray-800 text-gray-700 p-4 pt-10 flex flex-col min-h-screen max-w-screen-xl mx-auto justify-center">
+
+<div class="hidden flex bg-gray-800 shadow-md z-10 p-2 absolute top-0 right-0 mt-10 mr-8 border border-green-700 rounded popup" id="api-key-popup">
+    <div class="flex-grow flex flex-col px-2">
+        <span class="text-xs text-gray-500 mx-1">API Key</span>
+        <input type="text" class="bg-transparent text-sm text-white mx-1 font-mono" id="api-key-container" readonly value="{{ .ApiKey }}" style="min-width: 330px">
+    </div>
+    <div class="flex items-center px-2 border-l border-gray-700">
+        <button title="Copy to clipboard" onclick="copyApiKey(event)">📋</button>
+    </div>
+</div>
+
+<div class="absolute top-0 right-0 mr-8 mt-10 py-2">
+    <form action="logout" method="post">
+        <button type="button" class="mx-1 py-1 px-3 rounded border border-green-700 text-white text-sm" onclick="showApiKeyPopup(event)">🔐</button>
+        <button type="submit" class="mx-1 py-1 px-3 rounded border border-green-700 text-white text-sm">Logout</button>
+    </form>
+</div>
+
+<div class="flex items-center justify-center">
+    <h1 class="font-semibold text-2xl text-white m-0 border-b-4 border-green-700">Your Coding Statistics 🤓</h1>
+</div>
+
+<div class="text-white text-sm flex items-center justify-center mt-4">
+    <a href="summary?interval=today" class="m-1 border-b border-green-700">Today (live)</a>
+    <a href="summary?interval=day" class="m-1 border-b border-green-700">Yesterday</a>
+    <a href="summary?interval=week" class="m-1 border-b border-green-700">This Week</a>
+    <a href="summary?interval=month" class="m-1 border-b border-green-700">This Month</a>
+    <a href="summary?interval=year" class="m-1 border-b border-green-700">This Year</a>
+    <a href="summary?interval=any" class="m-1 border-b border-green-700">All Time</a>
+</div>
+
+{{ template "alerts.tpl.html" . }}
+
+<main class="mt-10 flex-grow">
+    <div class="flex justify-center">
+        <div class="p-1">
+            <div class="flex justify-center p-4 bg-white rounded shadow">
+                <p class="mx-2"><strong>▶️</strong> <span title="Start Time">{{ .FromTime | date }}</span></p>
+                <p class="mx-2"><strong>⏹</strong> <span title="End Time">{{ .ToTime | date }}</span></p>
+                <p class="mx-2"><strong>⏱</strong> <span id="total-span" title="Total Hours"></span></p>
+            </div>
+        </div>
+    </div>
+    <div class="flex flex-wrap justify-center">
+        <div class="w-full lg:w-1/2 p-1">
+            <div class="p-4 bg-white rounded shadow m-2" id="projects-container" style="height: 300px">
+                <canvas id="chart-projects"></canvas>
+            </div>
+        </div>
+        <div class="w-full lg:w-1/2 p-1">
+            <div class="p-4 bg-white rounded shadow m-2" id="os-container" style="height: 300px">
+                <canvas id="chart-os"></canvas>
+            </div>
+        </div>
+        <div class="w-full lg:w-1/2 p-1">
+            <div class="p-4 bg-white rounded shadow m-2 relative" id="language-container" style="height: 300px">
+                <canvas id="chart-language"></canvas>
+            </div>
+        </div>
+        <div class="w-full lg:w-1/2 p-1">
+            <div class="p-4 bg-white rounded shadow m-2" id="editor-container" style="height: 300px">
+                <canvas id="chart-editor"></canvas>
+            </div>
+        </div>
+    </div>
+</main>
+
+{{ template "footer.tpl.html" . }}
+
+{{ template "foot.tpl.html" . }}
+</body>
+
+</html>
Author	SHA1	Message	Date
Ferdinand Mütsch	c1e6a3e265	feat: persist user creation date (resolve #31 )	2020-05-30 22:19:05 +02:00
Ferdinand Mütsch	1872bf4b4c	fix: set string key value data type to text	2020-05-30 21:10:44 +02:00
Ferdinand Mütsch	5e7e32ddb0	docs: update readme	2020-05-30 21:01:46 +02:00
Ferdinand Mütsch	d12ccc4566	docs: update readme	2020-05-30 20:54:56 +02:00
Ferdinand Mütsch	3c2dc78c93	refactor: refactor migrations and add fixtures feat: introduce key-value store feat: imprint page (resolve #23) chore: remove default user chore: remove packr	2020-05-30 20:41:27 +02:00
Ferdinand Mütsch	25b32e2fec	chore: update dockerfile	2020-05-30 12:27:10 +02:00
Ferdinand Mütsch	128f2965cc	docs: update readme	2020-05-30 12:14:37 +02:00
Ferdinand Mütsch	9dae5a1f77	feat: allow insecure cookies (resolve #27 )	2020-05-30 12:11:25 +02:00
Ferdinand Mütsch	002003a957	chore: make sqlite the default database to easily get started	2020-05-30 12:07:29 +02:00
Ferdinand Mütsch	50eba49547	fix: don't trim hash	2020-05-29 00:04:48 +02:00
Ferdinand Mütsch	75dd070b3d	chore: trim white spaces from passwords before hashing them	2020-05-28 23:29:55 +02:00
Ferdinand Mütsch	98d7d02935	docs: update readme	2020-05-28 22:36:00 +02:00
Ferdinand Mütsch	6c2f0cb1ec	feat: add auto-migrations for old md5 password to maintain backwards compatibility	2020-05-25 22:24:29 +02:00
Ferdinand Mütsch	08675bd99f	feat: use bcrypt with salts instead of md5 for hashing password (resolve #21 )	2020-05-25 21:42:45 +02:00
Ferdinand Mütsch	625994d1e9	feat: add basic sign up instructions	2020-05-24 21:42:15 +02:00
Ferdinand Mütsch	2cca2cb0bb	feat: display api key on user interface (resolve #24 )	2020-05-24 21:19:05 +02:00
Ferdinand Mütsch	b92a064eb1	chore: update version chore: update tailwind	2020-05-24 20:38:49 +02:00
Ferdinand Mütsch	f0b17e77b2	docs: update readme	2020-05-24 20:28:12 +02:00
Ferdinand Mütsch	2eabc3953f	Merge pull request #20 from muety/2-user-signup-and-login User signup and login	2020-05-24 20:17:21 +02:00
Ferdinand Mütsch	6614c86395	fix: base path for error redirects	2020-05-24 17:39:19 +02:00
Ferdinand Mütsch	fad91725b0	fix: quick summary paths	2020-05-24 17:36:45 +02:00
Ferdinand Mütsch	f341ae4707	fix: html base href trailing slash	2020-05-24 17:35:44 +02:00
Ferdinand Mütsch	c171d31f30	feat: set html base path from server base path refactor: services	2020-05-24 17:32:26 +02:00
Ferdinand Mütsch	d6e9f0295a	feat: introduce base path config option to better support redirections behind a proxy	2020-05-24 17:08:44 +02:00
Ferdinand Mütsch	411ae49206	fix: use relative urls	2020-05-24 16:55:44 +02:00
Ferdinand Mütsch	abfaa9d768	feat: user signup	2020-05-24 16:34:32 +02:00
Ferdinand Mütsch	a317dc6942	refactor: middlewares and get rid of negroni	2020-05-24 14:50:04 +02:00
Ferdinand Mütsch	041a49ede4	fix: forgot to check in alerts template partial	2020-05-24 13:43:28 +02:00
Ferdinand Mütsch	a7b4b01b04	chore: remove unused dependencies	2020-05-24 13:43:08 +02:00
Ferdinand Mütsch	9697bb5fd5	refactor: use cookie-based login feat: add login page	2020-05-24 13:41:19 +02:00
Ferdinand Mütsch	d3ab54f6dc	chore: enable templates to consist of partials	2020-05-24 10:37:31 +02:00
Ferdinand Mütsch	bbd2c24f9a	Update FUNDING.yml	2020-05-23 21:02:12 +02:00
Ferdinand Mütsch	4c39222193	docs: update badges	2020-05-23 20:11:09 +02:00
Ferdinand Mütsch	ef10f8b589	Merge branch 'master' of github.com:n1try/wakapi Conflicts: README.md	2020-05-23 20:05:40 +02:00
Ferdinand Mütsch	7f3c8dacba	docs: add badges	2020-05-23 20:04:48 +02:00
Ferdinand Mütsch	7bf6f353a9	docs: add badges	2020-05-23 20:02:40 +02:00
Ferdinand Mütsch	a77f37da02	Update README.md	2020-05-12 11:16:55 +02:00
Ferdinand Mütsch	94e1de772c	doc: update readme	2020-04-26 15:40:46 +02:00
Ferdinand Mütsch	f399f3bf8d	chore: remove docker compose file	2020-04-26 15:21:50 +02:00
Ferdinand Mütsch	f264ede147	fix: update docekr file to include env vars and volume	2020-04-26 15:18:47 +02:00
 @ -1 +1 @@
 .2.2
 .6.2