move server/* to scnserver/*

2022-12-21 12:35:56 +01:00
parent 2b4d77bab4
commit bbf7962e29
123 changed files with 0 additions and 0 deletions
--- a/scnserver/api/handler/api.go
+++ b/scnserver/api/handler/api.go
--- a/scnserver/api/handler/common.go
+++ b/scnserver/api/handler/common.go
@@ -0,0 +1,212 @@
+package handler
+
+import (
+	"blackforestbytes.com/simplecloudnotifier/api/apierr"
+	"blackforestbytes.com/simplecloudnotifier/api/ginresp"
+	"blackforestbytes.com/simplecloudnotifier/logic"
+	"bytes"
+	"context"
+	"errors"
+	"github.com/gin-gonic/gin"
+	sqlite3 "github.com/mattn/go-sqlite3"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"gogs.mikescher.com/BlackForestBytes/goext/timeext"
+	"net/http"
+	"time"
+)
+
+type CommonHandler struct {
+	app *logic.Application
+}
+
+func NewCommonHandler(app *logic.Application) CommonHandler {
+	return CommonHandler{
+		app: app,
+	}
+}
+
+type pingResponse struct {
+	Message string           `json:"message"`
+	Info    pingResponseInfo `json:"info"`
+}
+type pingResponseInfo struct {
+	Method  string              `json:"method"`
+	Request string              `json:"request"`
+	Headers map[string][]string `json:"headers"`
+	URI     string              `json:"uri"`
+	Address string              `json:"addr"`
+}
+
+// Ping swaggerdoc
+//
+// @Summary Simple endpoint to test connection (any http method)
+// @Tags    Common
+//
+// @Success 200 {object} pingResponse
+// @Failure 500 {object} ginresp.apiError
+//
+// @Router  /api/ping [get]
+// @Router  /api/ping [post]
+// @Router  /api/ping [put]
+// @Router  /api/ping [delete]
+// @Router  /api/ping [patch]
+func (h CommonHandler) Ping(g *gin.Context) ginresp.HTTPResponse {
+	buf := new(bytes.Buffer)
+	_, _ = buf.ReadFrom(g.Request.Body)
+	resuestBody := buf.String()
+
+	return ginresp.JSON(http.StatusOK, pingResponse{
+		Message: "Pong",
+		Info: pingResponseInfo{
+			Method:  g.Request.Method,
+			Request: resuestBody,
+			Headers: g.Request.Header,
+			URI:     g.Request.RequestURI,
+			Address: g.Request.RemoteAddr,
+		},
+	})
+}
+
+// DatabaseTest swaggerdoc
+//
+// @Summary Check for a wroking database connection
+// @ID      api-common-dbtest
+// @Tags    Common
+//
+// @Success 200 {object} handler.DatabaseTest.response
+// @Failure 500 {object} ginresp.apiError
+//
+// @Router  /api/db-test [post]
+func (h CommonHandler) DatabaseTest(g *gin.Context) ginresp.HTTPResponse {
+	type response struct {
+		Success          bool   `json:"success"`
+		LibVersion       string `json:"libVersion"`
+		LibVersionNumber int    `json:"libVersionNumber"`
+		SourceID         string `json:"sourceID"`
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+	defer cancel()
+
+	libVersion, libVersionNumber, sourceID := sqlite3.Version()
+
+	err := h.app.Database.Ping(ctx)
+	if err != nil {
+		return ginresp.InternalError(err)
+	}
+
+	return ginresp.JSON(http.StatusOK, response{
+		Success:          true,
+		LibVersion:       libVersion,
+		LibVersionNumber: libVersionNumber,
+		SourceID:         sourceID,
+	})
+}
+
+// Health swaggerdoc
+//
+// @Summary Server Health-checks
+// @ID      api-common-health
+// @Tags    Common
+//
+// @Success 200 {object} handler.Health.response
+// @Failure 500 {object} ginresp.apiError
+//
+// @Router  /api/health [get]
+func (h CommonHandler) Health(g *gin.Context) ginresp.HTTPResponse {
+	type response struct {
+		Status string `json:"status"`
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+	defer cancel()
+
+	_, libVersionNumber, _ := sqlite3.Version()
+
+	if libVersionNumber < 3039000 {
+		ginresp.InternalError(errors.New("sqlite version too low"))
+	}
+
+	err := h.app.Database.Ping(ctx)
+	if err != nil {
+		return ginresp.InternalError(err)
+	}
+
+	uuidKey, _ := langext.NewHexUUID()
+	uuidWrite, _ := langext.NewHexUUID()
+
+	err = h.app.Database.WriteMetaString(ctx, uuidKey, uuidWrite)
+	if err != nil {
+		return ginresp.InternalError(err)
+	}
+
+	uuidRead, err := h.app.Database.ReadMetaString(ctx, uuidKey)
+	if err != nil {
+		return ginresp.InternalError(err)
+	}
+
+	if uuidRead == nil || uuidWrite != *uuidRead {
+		return ginresp.InternalError(errors.New("writing into DB was not consistent"))
+	}
+
+	err = h.app.Database.DeleteMeta(ctx, uuidKey)
+	if err != nil {
+		return ginresp.InternalError(err)
+	}
+
+	return ginresp.JSON(http.StatusOK, response{Status: "ok"})
+}
+
+// Sleep swaggerdoc
+//
+// @Summary Return 200 after x seconds
+// @ID      api-common-sleep
+// @Tags    Common
+//
+// @Param   secs path     number true "sleep delay (in seconds)"
+//
+// @Success 200  {object} handler.Sleep.response
+// @Failure 400  {object} ginresp.apiError
+// @Failure 500  {object} ginresp.apiError
+//
+// @Router  /api/sleep/{secs} [post]
+func (h CommonHandler) Sleep(g *gin.Context) ginresp.HTTPResponse {
+	type uri struct {
+		Seconds float64 `uri:"secs"`
+	}
+	type response struct {
+		Start    string  `json:"start"`
+		End      string  `json:"end"`
+		Duration float64 `json:"duration"`
+	}
+
+	t0 := time.Now().Format(time.RFC3339Nano)
+
+	var u uri
+	if err := g.ShouldBindUri(&u); err != nil {
+		return ginresp.APIError(g, 400, apierr.BINDFAIL_URI_PARAM, "Failed to read uri", err)
+	}
+
+	time.Sleep(timeext.FromSeconds(u.Seconds))
+
+	t1 := time.Now().Format(time.RFC3339Nano)
+
+	return ginresp.JSON(http.StatusOK, response{
+		Start:    t0,
+		End:      t1,
+		Duration: u.Seconds,
+	})
+}
+
+func (h CommonHandler) NoRoute(g *gin.Context) ginresp.HTTPResponse {
+	return ginresp.JSON(http.StatusNotFound, gin.H{
+		"":           "================ ROUTE NOT FOUND ================",
+		"FullPath":   g.FullPath(),
+		"Method":     g.Request.Method,
+		"URL":        g.Request.URL.String(),
+		"RequestURI": g.Request.RequestURI,
+		"Proto":      g.Request.Proto,
+		"Header":     g.Request.Header,
+		"~":          "================ ROUTE NOT FOUND ================",
+	})
+}
--- a/scnserver/api/handler/compat.go
+++ b/scnserver/api/handler/compat.go
@@ -0,0 +1,670 @@
+package handler
+
+import (
+	"blackforestbytes.com/simplecloudnotifier/api/ginresp"
+	"blackforestbytes.com/simplecloudnotifier/db"
+	"blackforestbytes.com/simplecloudnotifier/logic"
+	"blackforestbytes.com/simplecloudnotifier/models"
+	"database/sql"
+	"github.com/gin-gonic/gin"
+	"gogs.mikescher.com/BlackForestBytes/goext/dataext"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"net/http"
+)
+
+type CompatHandler struct {
+	app      *logic.Application
+	database *db.Database
+}
+
+func NewCompatHandler(app *logic.Application) CompatHandler {
+	return CompatHandler{
+		app:      app,
+		database: app.Database,
+	}
+}
+
+// Register swaggerdoc
+//
+// @Summary Register a new account
+// @ID      compat-register
+// @Tags    API-v1
+//
+// @Deprecated
+//
+// @Param   fcm_token query    string true "the (android) fcm token"
+// @Param   pro       query    string true "if the user is a paid account" Enums(true, false)
+// @Param   pro_token query    string true "the (android) IAP token"
+//
+// @Param   fcm_token formData string true "the (android) fcm token"
+// @Param   pro       formData string true "if the user is a paid account" Enums(true, false)
+// @Param   pro_token formData string true "the (android) IAP token"
+//
+// @Success 200       {object} handler.Register.response
+// @Failure 200       {object} ginresp.compatAPIError
+//
+// @Router  /api/register.php [get]
+func (h CompatHandler) Register(g *gin.Context) ginresp.HTTPResponse {
+	type query struct {
+		FCMToken *string `json:"fcm_token" form:"fcm_token"`
+		Pro      *string `json:"pro"       form:"pro"`
+		ProToken *string `json:"pro_token" form:"pro_token"`
+	}
+	type response struct {
+		Success   bool   `json:"success"`
+		Message   string `json:"message"`
+		UserID    int64  `json:"user_id"`
+		UserKey   string `json:"user_key"`
+		QuotaUsed int    `json:"quota"`
+		QuotaMax  int    `json:"quota_max"`
+		IsPro     int    `json:"is_pro"`
+	}
+
+	var datq query
+	var datb query
+	ctx, errResp := h.app.StartRequest(g, nil, &datq, nil, &datb)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(datb, datq)
+
+	if data.FCMToken == nil {
+		return ginresp.CompatAPIError(0, "Missing parameter [[fcm_token]]")
+	}
+	if data.Pro == nil {
+		return ginresp.CompatAPIError(0, "Missing parameter [[pro]]")
+	}
+	if data.ProToken == nil {
+		return ginresp.CompatAPIError(0, "Missing parameter [[pro_token]]")
+	}
+
+	if *data.Pro != "true" {
+		data.ProToken = nil
+	}
+
+	if data.ProToken != nil {
+		ptok, err := h.app.VerifyProToken(ctx, "ANDROID|v2|"+*data.ProToken)
+		if err != nil {
+			return ginresp.CompatAPIError(0, "Failed to query purchase status")
+		}
+
+		if !ptok {
+			return ginresp.CompatAPIError(0, "Purchase token could not be verified")
+		}
+	}
+
+	readKey := h.app.GenerateRandomAuthKey()
+	sendKey := h.app.GenerateRandomAuthKey()
+	adminKey := h.app.GenerateRandomAuthKey()
+
+	err := h.database.ClearFCMTokens(ctx, *data.FCMToken)
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to clear existing fcm tokens")
+	}
+
+	if data.ProToken != nil {
+		err := h.database.ClearProTokens(ctx, *data.ProToken)
+		if err != nil {
+			return ginresp.CompatAPIError(0, "Failed to clear existing fcm tokens")
+		}
+	}
+
+	user, err := h.database.CreateUser(ctx, readKey, sendKey, adminKey, data.ProToken, nil)
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to create user in db")
+	}
+
+	_, err = h.database.CreateClient(ctx, user.UserID, models.ClientTypeAndroid, *data.FCMToken, "compat", "compat")
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to create client in db")
+	}
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success:   true,
+		Message:   "New user registered",
+		UserID:    user.UserID.IntID(),
+		UserKey:   user.AdminKey,
+		QuotaUsed: user.QuotaUsedToday(),
+		QuotaMax:  user.QuotaPerDay(),
+		IsPro:     langext.Conditional(user.IsPro, 1, 0),
+	}))
+}
+
+// Info swaggerdoc
+//
+// @Summary Get information about the current user
+// @ID      compat-info
+// @Tags    API-v1
+//
+// @Deprecated
+//
+// @Param   user_id  query    string true "the user_id"
+// @Param   user_key query    string true "the user_key"
+//
+// @Param   user_id  formData string true "the user_id"
+// @Param   user_key formData string true "the user_key"
+//
+// @Success 200      {object} handler.Info.response
+// @Failure 200      {object} ginresp.compatAPIError
+//
+// @Router  /api/info.php [get]
+func (h CompatHandler) Info(g *gin.Context) ginresp.HTTPResponse {
+	type query struct {
+		UserID  *int64  `json:"user_id"  form:"user_id"`
+		UserKey *string `json:"user_key" form:"user_key"`
+	}
+	type response struct {
+		Success    bool   `json:"success"`
+		Message    string `json:"message"`
+		UserID     int64  `json:"user_id"`
+		UserKey    string `json:"user_key"`
+		QuotaUsed  int    `json:"quota"`
+		QuotaMax   int    `json:"quota_max"`
+		IsPro      int    `json:"is_pro"`
+		FCMSet     bool   `json:"fcm_token_set"`
+		UnackCount int    `json:"unack_count"`
+	}
+
+	var datq query
+	var datb query
+	ctx, errResp := h.app.StartRequest(g, nil, &datq, nil, &datb)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(datb, datq)
+
+	if data.UserID == nil {
+		return ginresp.CompatAPIError(101, "Missing parameter [[user_id]]")
+	}
+	if data.UserKey == nil {
+		return ginresp.CompatAPIError(102, "Missing parameter [[user_key]]")
+	}
+
+	user, err := h.database.GetUser(ctx, models.UserID(*data.UserID))
+	if err == sql.ErrNoRows {
+		return ginresp.CompatAPIError(201, "User not found")
+	}
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	if user.AdminKey != *data.UserKey {
+		return ginresp.CompatAPIError(204, "Authentification failed")
+	}
+
+	clients, err := h.database.ListClients(ctx, user.UserID)
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query clients")
+	}
+
+	fcmSet := langext.ArrAny(clients, func(c models.Client) bool { return c.FCMToken != nil })
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success:    true,
+		Message:    "ok",
+		UserID:     user.UserID.IntID(),
+		UserKey:    user.AdminKey,
+		QuotaUsed:  user.QuotaUsedToday(),
+		QuotaMax:   user.QuotaPerDay(),
+		IsPro:      langext.Conditional(user.IsPro, 1, 0),
+		FCMSet:     fcmSet,
+		UnackCount: 0,
+	}))
+}
+
+// Ack swaggerdoc
+//
+// @Summary Acknowledge that a message was received
+// @ID      compat-ack
+// @Tags    API-v1
+//
+// @Deprecated
+//
+// @Param   user_id    query    string true "the user_id"
+// @Param   user_key   query    string true "the user_key"
+// @Param   scn_msg_id query    string true "the message id"
+//
+// @Param   user_id    formData string true "the user_id"
+// @Param   user_key   formData string true "the user_key"
+// @Param   scn_msg_id formData string true "the message id"
+//
+// @Success 200        {object} handler.Ack.response
+// @Failure 200        {object} ginresp.compatAPIError
+//
+// @Router  /api/ack.php [get]
+func (h CompatHandler) Ack(g *gin.Context) ginresp.HTTPResponse {
+	type query struct {
+		UserID    *int64  `json:"user_id"    form:"user_id"`
+		UserKey   *string `json:"user_key"   form:"user_key"`
+		MessageID *int64  `json:"scn_msg_id" form:"scn_msg_id"`
+	}
+	type response struct {
+		Success      bool   `json:"success"`
+		Message      string `json:"message"`
+		PrevAckValue int    `json:"prev_ack"`
+		NewAckValue  int    `json:"new_ack"`
+	}
+
+	var datq query
+	var datb query
+	ctx, errResp := h.app.StartRequest(g, nil, &datq, nil, &datb)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(datb, datq)
+
+	if data.UserID == nil {
+		return ginresp.CompatAPIError(101, "Missing parameter [[user_id]]")
+	}
+	if data.UserKey == nil {
+		return ginresp.CompatAPIError(102, "Missing parameter [[user_key]]")
+	}
+	if data.MessageID == nil {
+		return ginresp.CompatAPIError(103, "Missing parameter [[scn_msg_id]]")
+	}
+
+	user, err := h.database.GetUser(ctx, models.UserID(*data.UserID))
+	if err == sql.ErrNoRows {
+		return ginresp.CompatAPIError(201, "User not found")
+	}
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	if user.AdminKey != *data.UserKey {
+		return ginresp.CompatAPIError(204, "Authentification failed")
+	}
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success:      true,
+		Message:      "ok",
+		PrevAckValue: 0,
+		NewAckValue:  1,
+	}))
+}
+
+// Requery swaggerdoc
+//
+// @Summary Return all not-acknowledged messages
+// @ID      compat-requery
+// @Tags    API-v1
+//
+// @Deprecated
+//
+// @Param   user_id  query    string true "the user_id"
+// @Param   user_key query    string true "the user_key"
+//
+// @Param   user_id  formData string true "the user_id"
+// @Param   user_key formData string true "the user_key"
+//
+// @Success 200      {object} handler.Requery.response
+// @Failure 200      {object} ginresp.compatAPIError
+//
+// @Router  /api/requery.php [get]
+func (h CompatHandler) Requery(g *gin.Context) ginresp.HTTPResponse {
+	type query struct {
+		UserID  *int64  `json:"user_id"  form:"user_id"`
+		UserKey *string `json:"user_key" form:"user_key"`
+	}
+	type response struct {
+		Success bool                   `json:"success"`
+		Message string                 `json:"message"`
+		Count   int                    `json:"count"`
+		Data    []models.CompatMessage `json:"data"`
+	}
+
+	var datq query
+	var datb query
+	ctx, errResp := h.app.StartRequest(g, nil, &datq, nil, &datb)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(datb, datq)
+
+	if data.UserID == nil {
+		return ginresp.CompatAPIError(101, "Missing parameter [[user_id]]")
+	}
+	if data.UserKey == nil {
+		return ginresp.CompatAPIError(102, "Missing parameter [[user_key]]")
+	}
+
+	user, err := h.database.GetUser(ctx, models.UserID(*data.UserID))
+	if err == sql.ErrNoRows {
+		return ginresp.CompatAPIError(201, "User not found")
+	}
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	if user.AdminKey != *data.UserKey {
+		return ginresp.CompatAPIError(204, "Authentification failed")
+	}
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success: true,
+		Message: "ok",
+		Count:   0,
+		Data:    make([]models.CompatMessage, 0),
+	}))
+}
+
+// Update swaggerdoc
+//
+// @Summary Set the fcm-token (android)
+// @ID      compat-update
+// @Tags    API-v1
+//
+// @Deprecated
+//
+// @Param   user_id   query    string true "the user_id"
+// @Param   user_key  query    string true "the user_key"
+// @Param   fcm_token query    string true "the (android) fcm token"
+//
+// @Param   user_id   formData string true "the user_id"
+// @Param   user_key  formData string true "the user_key"
+// @Param   fcm_token formData string true "the (android) fcm token"
+//
+// @Success 200       {object} handler.Update.response
+// @Failure 200       {object} ginresp.compatAPIError
+//
+// @Router  /api/update.php [get]
+func (h CompatHandler) Update(g *gin.Context) ginresp.HTTPResponse {
+	type query struct {
+		UserID   *int64  `json:"user_id"   form:"user_id"`
+		UserKey  *string `json:"user_key"  form:"user_key"`
+		FCMToken *string `json:"fcm_token" form:"fcm_token"`
+	}
+	type response struct {
+		Success   bool   `json:"success"`
+		Message   string `json:"message"`
+		UserID    int64  `json:"user_id"`
+		UserKey   string `json:"user_key"`
+		QuotaUsed int    `json:"quota"`
+		QuotaMax  int    `json:"quota_max"`
+		IsPro     int    `json:"is_pro"`
+	}
+
+	var datq query
+	var datb query
+	ctx, errResp := h.app.StartRequest(g, nil, &datq, nil, &datb)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(datb, datq)
+
+	if data.UserID == nil {
+		return ginresp.CompatAPIError(101, "Missing parameter [[user_id]]")
+	}
+	if data.UserKey == nil {
+		return ginresp.CompatAPIError(102, "Missing parameter [[user_key]]")
+	}
+
+	user, err := h.database.GetUser(ctx, models.UserID(*data.UserID))
+	if err == sql.ErrNoRows {
+		return ginresp.CompatAPIError(201, "User not found")
+	}
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	if user.AdminKey != *data.UserKey {
+		return ginresp.CompatAPIError(204, "Authentification failed")
+	}
+
+	clients, err := h.database.ListClients(ctx, user.UserID)
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to list clients")
+	}
+
+	newAdminKey := h.app.GenerateRandomAuthKey()
+	newReadKey := h.app.GenerateRandomAuthKey()
+	newSendKey := h.app.GenerateRandomAuthKey()
+
+	err = h.database.UpdateUserKeys(ctx, user.UserID, newSendKey, newReadKey, newAdminKey)
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to update keys")
+	}
+
+	if data.FCMToken != nil {
+
+		for _, client := range clients {
+
+			err = h.database.DeleteClient(ctx, client.ClientID)
+			if err != nil {
+				return ginresp.CompatAPIError(0, "Failed to delete client")
+			}
+
+		}
+
+		_, err = h.database.CreateClient(ctx, user.UserID, models.ClientTypeAndroid, *data.FCMToken, "compat", "compat")
+		if err != nil {
+			return ginresp.CompatAPIError(0, "Failed to delete client")
+		}
+
+	}
+
+	user, err = h.database.GetUser(ctx, user.UserID)
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success:   true,
+		Message:   "user updated",
+		UserID:    user.UserID.IntID(),
+		UserKey:   user.AdminKey,
+		QuotaUsed: user.QuotaUsedToday(),
+		QuotaMax:  user.QuotaPerDay(),
+		IsPro:     langext.Conditional(user.IsPro, 1, 0),
+	}))
+}
+
+// Expand swaggerdoc
+//
+// @Summary Get a whole (potentially truncated) message
+// @ID      compat-expand
+// @Tags    API-v1
+//
+// @Deprecated
+//
+// @Param   user_id    query    string true "The user_id"
+// @Param   user_key   query    string true "The user_key"
+// @Param   scn_msg_id query    string true "The message-id"
+//
+// @Param   user_id    formData string true "The user_id"
+// @Param   user_key   formData string true "The user_key"
+// @Param   scn_msg_id formData string true "The message-id"
+//
+// @Success 200        {object} handler.Expand.response
+// @Failure 200        {object} ginresp.compatAPIError
+//
+// @Router  /api/expand.php [get]
+func (h CompatHandler) Expand(g *gin.Context) ginresp.HTTPResponse {
+	type query struct {
+		UserID    *int64  `json:"user_id"    form:"user_id"`
+		UserKey   *string `json:"user_key"   form:"user_key"`
+		MessageID *int64  `json:"scn_msg_id" form:"scn_msg_id"`
+	}
+	type response struct {
+		Success bool                 `json:"success"`
+		Message string               `json:"message"`
+		Data    models.CompatMessage `json:"data"`
+	}
+
+	var datq query
+	var datb query
+	ctx, errResp := h.app.StartRequest(g, nil, &datq, nil, &datb)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(datb, datq)
+
+	if data.UserID == nil {
+		return ginresp.CompatAPIError(101, "Missing parameter [[user_id]]")
+	}
+	if data.UserKey == nil {
+		return ginresp.CompatAPIError(102, "Missing parameter [[user_key]]")
+	}
+	if data.MessageID == nil {
+		return ginresp.CompatAPIError(103, "Missing parameter [[scn_msg_id]]")
+	}
+
+	user, err := h.database.GetUser(ctx, models.UserID(*data.UserID))
+	if err == sql.ErrNoRows {
+		return ginresp.CompatAPIError(201, "User not found")
+	}
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	if user.AdminKey != *data.UserKey {
+		return ginresp.CompatAPIError(204, "Authentification failed")
+	}
+
+	msg, err := h.database.GetMessage(ctx, models.SCNMessageID(*data.MessageID), false)
+	if err == sql.ErrNoRows {
+		return ginresp.CompatAPIError(301, "Message not found")
+	}
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query message")
+	}
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success: true,
+		Message: "ok",
+		Data: models.CompatMessage{
+			Title:         msg.Title,
+			Body:          langext.Coalesce(msg.Content, ""),
+			Trimmed:       langext.Ptr(false),
+			Priority:      msg.Priority,
+			Timestamp:     msg.Timestamp().Unix(),
+			UserMessageID: msg.UserMessageID,
+			SCNMessageID:  msg.SCNMessageID.IntID(),
+		},
+	}))
+}
+
+// Upgrade swaggerdoc
+//
+// @Summary Upgrade a free account to a paid account
+// @ID      compat-upgrade
+// @Tags    API-v1
+//
+// @Deprecated
+//
+// @Param   user_id   query    string true "the user_id"
+// @Param   user_key  query    string true "the user_key"
+// @Param   pro       query    string true "if the user is a paid account" Enums(true, false)
+// @Param   pro_token query    string true "the (android) IAP token"
+//
+// @Param   user_id   formData string true "the user_id"
+// @Param   user_key  formData string true "the user_key"
+// @Param   pro       formData string true "if the user is a paid account" Enums(true, false)
+// @Param   pro_token formData string true "the (android) IAP token"
+//
+// @Success 200       {object} handler.Upgrade.response
+// @Failure 200       {object} ginresp.compatAPIError
+//
+// @Router  /api/upgrade.php [get]
+func (h CompatHandler) Upgrade(g *gin.Context) ginresp.HTTPResponse {
+	type query struct {
+		UserID   *int64  `json:"user_id"   form:"user_id"`
+		UserKey  *string `json:"user_key"  form:"user_key"`
+		Pro      *string `json:"pro"       form:"pro"`
+		ProToken *string `json:"pro_token" form:"pro_token"`
+	}
+	type response struct {
+		Success   bool   `json:"success"`
+		Message   string `json:"message"`
+		UserID    int64  `json:"user_id"`
+		QuotaUsed int    `json:"quota"`
+		QuotaMax  int    `json:"quota_max"`
+		IsPro     bool   `json:"is_pro"`
+	}
+
+	var datq query
+	var datb query
+	ctx, errResp := h.app.StartRequest(g, nil, &datq, nil, &datb)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(datb, datq)
+
+	if data.UserID == nil {
+		return ginresp.CompatAPIError(101, "Missing parameter [[user_id]]")
+	}
+	if data.UserKey == nil {
+		return ginresp.CompatAPIError(102, "Missing parameter [[user_key]]")
+	}
+	if data.Pro == nil {
+		return ginresp.CompatAPIError(103, "Missing parameter [[pro]]")
+	}
+	if data.ProToken == nil {
+		return ginresp.CompatAPIError(104, "Missing parameter [[pro_token]]")
+	}
+
+	user, err := h.database.GetUser(ctx, models.UserID(*data.UserID))
+	if err == sql.ErrNoRows {
+		return ginresp.CompatAPIError(201, "User not found")
+	}
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	if user.AdminKey != *data.UserKey {
+		return ginresp.CompatAPIError(204, "Authentification failed")
+	}
+
+	if *data.Pro != "true" {
+		data.ProToken = nil
+	}
+
+	if data.ProToken != nil {
+		ptok, err := h.app.VerifyProToken(ctx, "ANDROID|v2|"+*data.ProToken)
+		if err != nil {
+			return ginresp.CompatAPIError(0, "Failed to query purchase status")
+		}
+
+		if !ptok {
+			return ginresp.CompatAPIError(0, "Purchase token could not be verified")
+		}
+
+		err = h.database.UpdateUserProToken(ctx, user.UserID, data.ProToken)
+		if err != nil {
+			return ginresp.CompatAPIError(0, "Failed to update user")
+		}
+	} else {
+		err = h.database.UpdateUserProToken(ctx, user.UserID, nil)
+		if err != nil {
+			return ginresp.CompatAPIError(0, "Failed to update user")
+		}
+	}
+
+	user, err = h.database.GetUser(ctx, user.UserID)
+	if err != nil {
+		return ginresp.CompatAPIError(0, "Failed to query user")
+	}
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success:   true,
+		Message:   "user updated",
+		UserID:    user.UserID.IntID(),
+		QuotaUsed: user.QuotaUsedToday(),
+		QuotaMax:  user.QuotaPerDay(),
+		IsPro:     user.IsPro,
+	}))
+}
--- a/scnserver/api/handler/message.go
+++ b/scnserver/api/handler/message.go
@@ -0,0 +1,317 @@
+package handler
+
+import (
+	"blackforestbytes.com/simplecloudnotifier/api/apierr"
+	hl "blackforestbytes.com/simplecloudnotifier/api/apihighlight"
+	"blackforestbytes.com/simplecloudnotifier/api/ginresp"
+	"blackforestbytes.com/simplecloudnotifier/db"
+	"blackforestbytes.com/simplecloudnotifier/logic"
+	"blackforestbytes.com/simplecloudnotifier/models"
+	"database/sql"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"gogs.mikescher.com/BlackForestBytes/goext/dataext"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"gogs.mikescher.com/BlackForestBytes/goext/mathext"
+	"gogs.mikescher.com/BlackForestBytes/goext/timeext"
+	"net/http"
+	"strings"
+	"time"
+)
+
+type MessageHandler struct {
+	app      *logic.Application
+	database *db.Database
+}
+
+func NewMessageHandler(app *logic.Application) MessageHandler {
+	return MessageHandler{
+		app:      app,
+		database: app.Database,
+	}
+}
+
+// SendMessageCompat swaggerdoc
+//
+// @Deprecated
+//
+// @Summary     Send a new message (compatibility)
+// @Description All parameter can be set via query-parameter or form-data body. Only UserID, UserKey and Title are required
+// @Tags        External
+//
+// @Param       query_data query    handler.SendMessageCompat.combined false " "
+// @Param       form_data  formData handler.SendMessageCompat.combined false " "
+//
+// @Success     200        {object} handler.sendMessageInternal.response
+// @Failure     400        {object} ginresp.apiError
+// @Failure     401        {object} ginresp.apiError
+// @Failure     403        {object} ginresp.apiError
+// @Failure     500        {object} ginresp.apiError
+//
+// @Router      /send.php [POST]
+func (h MessageHandler) SendMessageCompat(g *gin.Context) ginresp.HTTPResponse {
+	type combined struct {
+		UserID        *models.UserID `json:"user_id"   form:"user_id"`
+		UserKey       *string        `json:"user_key"  form:"user_key"`
+		Title         *string        `json:"title"     form:"title"`
+		Content       *string        `json:"content"   form:"content"`
+		Priority      *int           `json:"priority"  form:"priority"`
+		UserMessageID *string        `json:"msg_id"    form:"msg_id"`
+		SendTimestamp *float64       `json:"timestamp" form:"timestamp"`
+	}
+
+	var f combined
+	var q combined
+	ctx, errResp := h.app.StartRequest(g, nil, &q, nil, &f)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	data := dataext.ObjectMerge(f, q)
+
+	return h.sendMessageInternal(g, ctx, data.UserID, data.UserKey, nil, nil, data.Title, data.Content, data.Priority, data.UserMessageID, data.SendTimestamp, nil)
+}
+
+// SendMessage swaggerdoc
+//
+// @Summary     Send a new message
+// @Description All parameter can be set via query-parameter or the json body. Only UserID, UserKey and Title are required
+// @Tags        External
+//
+// @Param       query_data query    handler.SendMessage.combined false " "
+// @Param       post_body  body     handler.SendMessage.combined false " "
+// @Param       form_body  formData handler.SendMessage.combined false " "
+//
+// @Success     200        {object} handler.sendMessageInternal.response
+// @Failure     400        {object} ginresp.apiError
+// @Failure     401        {object} ginresp.apiError "The user_id was not found or the user_key is wrong"
+// @Failure     403        {object} ginresp.apiError "The user has exceeded its daily quota - wait 24 hours or upgrade your account"
+// @Failure     500        {object} ginresp.apiError "An internal server error occurred - try again later"
+//
+// @Router      /     [POST]
+// @Router      /send [POST]
+func (h MessageHandler) SendMessage(g *gin.Context) ginresp.HTTPResponse {
+	type combined struct {
+		UserID        *models.UserID `json:"user_id"     form:"user_id"     example:"7725"                               `
+		UserKey       *string        `json:"user_key"    form:"user_key"    example:"P3TNH8mvv14fm"                      `
+		Channel       *string        `json:"channel"     form:"channel"     example:"test"                               `
+		ChanKey       *string        `json:"chan_key"    form:"chan_key"    example:"qhnUbKcLgp6tg"                      `
+		Title         *string        `json:"title"       form:"title"       example:"Hello World"                        `
+		Content       *string        `json:"content"     form:"content"     example:"This is a message"                  `
+		Priority      *int           `json:"priority"    form:"priority"    example:"1"                   enums:"0,1,2"  `
+		UserMessageID *string        `json:"msg_id"      form:"msg_id"      example:"db8b0e6a-a08c-4646"                 `
+		SendTimestamp *float64       `json:"timestamp"   form:"timestamp"   example:"1669824037"                         `
+		SenderName    *string        `json:"sender_name" form:"sender_name" example:"example-server"                     `
+	}
+
+	var b combined
+	var q combined
+	var f combined
+	ctx, errResp := h.app.StartRequest(g, nil, &q, &b, &f)
+	if errResp != nil {
+		return *errResp
+	}
+	defer ctx.Cancel()
+
+	// query has highest prio, then form, then json
+	data := dataext.ObjectMerge(dataext.ObjectMerge(b, f), q)
+
+	return h.sendMessageInternal(g, ctx, data.UserID, data.UserKey, data.Channel, data.ChanKey, data.Title, data.Content, data.Priority, data.UserMessageID, data.SendTimestamp, data.SenderName)
+
+}
+
+func (h MessageHandler) sendMessageInternal(g *gin.Context, ctx *logic.AppContext, UserID *models.UserID, UserKey *string, Channel *string, ChanKey *string, Title *string, Content *string, Priority *int, UserMessageID *string, SendTimestamp *float64, SenderName *string) ginresp.HTTPResponse {
+	type response struct {
+		Success        bool                `json:"success"`
+		ErrorID        apierr.APIError     `json:"error"`
+		ErrorHighlight int                 `json:"errhighlight"`
+		Message        string              `json:"message"`
+		SuppressSend   bool                `json:"suppress_send"`
+		MessageCount   int                 `json:"messagecount"`
+		Quota          int                 `json:"quota"`
+		IsPro          bool                `json:"is_pro"`
+		QuotaMax       int                 `json:"quota_max"`
+		SCNMessageID   models.SCNMessageID `json:"scn_msg_id"`
+	}
+
+	if Title != nil {
+		Title = langext.Ptr(strings.TrimSpace(*Title))
+	}
+	if UserMessageID != nil {
+		UserMessageID = langext.Ptr(strings.TrimSpace(*UserMessageID))
+	}
+
+	if UserID == nil {
+		return ginresp.SendAPIError(g, 400, apierr.MISSING_UID, hl.USER_ID, "Missing parameter [[user_id]]", nil)
+	}
+	if UserKey == nil {
+		return ginresp.SendAPIError(g, 400, apierr.MISSING_TOK, hl.USER_KEY, "Missing parameter [[user_token]]", nil)
+	}
+	if Title == nil {
+		return ginresp.SendAPIError(g, 400, apierr.MISSING_TITLE, hl.TITLE, "Missing parameter [[title]]", nil)
+	}
+	if Priority != nil && (*Priority != 0 && *Priority != 1 && *Priority != 2) {
+		return ginresp.SendAPIError(g, 400, apierr.INVALID_PRIO, hl.PRIORITY, "Invalid priority", nil)
+	}
+	if len(*Title) == 0 {
+		return ginresp.SendAPIError(g, 400, apierr.NO_TITLE, hl.TITLE, "No title specified", nil)
+	}
+
+	user, err := h.database.GetUser(ctx, *UserID)
+	if err == sql.ErrNoRows {
+		return ginresp.SendAPIError(g, 400, apierr.USER_NOT_FOUND, hl.USER_ID, "User not found", nil)
+	}
+	if err != nil {
+		return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query user", err)
+	}
+
+	channelName := user.DefaultChannel()
+	if Channel != nil {
+		channelName = h.app.NormalizeChannelName(*Channel)
+	}
+
+	if len(*Title) > user.MaxTitleLength() {
+		return ginresp.SendAPIError(g, 400, apierr.TITLE_TOO_LONG, hl.TITLE, fmt.Sprintf("Title too long (max %d characters)", user.MaxTitleLength()), nil)
+	}
+	if Content != nil && len(*Content) > user.MaxContentLength() {
+		return ginresp.SendAPIError(g, 400, apierr.CONTENT_TOO_LONG, hl.CONTENT, fmt.Sprintf("Content too long (%d characters; max := %d characters)", len(*Content), user.MaxContentLength()), nil)
+	}
+	if len(channelName) > user.MaxChannelNameLength() {
+		return ginresp.SendAPIError(g, 400, apierr.CHANNEL_TOO_LONG, hl.CHANNEL, fmt.Sprintf("Channel too long (max %d characters)", user.MaxChannelNameLength()), nil)
+	}
+	if SenderName != nil && len(*SenderName) > user.MaxSenderName() {
+		return ginresp.SendAPIError(g, 400, apierr.SENDERNAME_TOO_LONG, hl.SENDER_NAME, fmt.Sprintf("SenderName too long (max %d characters)", user.MaxSenderName()), nil)
+	}
+	if UserMessageID != nil && len(*UserMessageID) > user.MaxUserMessageID() {
+		return ginresp.SendAPIError(g, 400, apierr.USR_MSG_ID_TOO_LONG, hl.USER_MESSAGE_ID, fmt.Sprintf("MessageID too long (max %d characters)", user.MaxUserMessageID()), nil)
+	}
+	if SendTimestamp != nil && mathext.Abs(*SendTimestamp-float64(time.Now().Unix())) > timeext.FromHours(user.MaxTimestampDiffHours()).Seconds() {
+		return ginresp.SendAPIError(g, 400, apierr.TIMESTAMP_OUT_OF_RANGE, hl.NONE, fmt.Sprintf("The timestamp mus be within %d hours of now()", user.MaxTimestampDiffHours()), nil)
+	}
+
+	if UserMessageID != nil {
+		msg, err := h.database.GetMessageByUserMessageID(ctx, *UserMessageID)
+		if err != nil {
+			return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query existing message", err)
+		}
+		if msg != nil {
+			//the found message can be deleted (!), but we still return NO_ERROR here...
+			return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+				Success:        true,
+				ErrorID:        apierr.NO_ERROR,
+				ErrorHighlight: -1,
+				Message:        "Message already sent",
+				SuppressSend:   true,
+				MessageCount:   user.MessagesSent,
+				Quota:          user.QuotaUsedToday(),
+				IsPro:          user.IsPro,
+				QuotaMax:       user.QuotaPerDay(),
+				SCNMessageID:   msg.SCNMessageID,
+			}))
+		}
+	}
+
+	if user.QuotaRemainingToday() <= 0 {
+		return ginresp.SendAPIError(g, 403, apierr.QUOTA_REACHED, hl.NONE, fmt.Sprintf("Daily quota reached (%d)", user.QuotaPerDay()), nil)
+	}
+
+	var channel models.Channel
+	if ChanKey != nil {
+		// foreign channel (+ channel send-key)
+
+		foreignChan, err := h.database.GetChannelByNameAndSendKey(ctx, channelName, *ChanKey)
+		if err != nil {
+			return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query (foreign) channel", err)
+		}
+		if foreignChan == nil {
+			return ginresp.SendAPIError(g, 400, apierr.CHANNEL_NOT_FOUND, hl.CHANNEL, "(Foreign) Channel not found", err)
+		}
+		channel = *foreignChan
+	} else {
+		// own channel
+
+		channel, err = h.app.GetOrCreateChannel(ctx, *UserID, channelName)
+		if err != nil {
+			return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query/create (owned) channel", err)
+		}
+	}
+
+	selfChanAdmin := *UserID == channel.OwnerUserID && *UserKey == user.AdminKey
+	selfChanSend := *UserID == channel.OwnerUserID && *UserKey == user.SendKey
+	forgChanSend := *UserID != channel.OwnerUserID && ChanKey != nil && *ChanKey == channel.SendKey
+
+	if !selfChanAdmin && !selfChanSend && !forgChanSend {
+		return ginresp.SendAPIError(g, 401, apierr.USER_AUTH_FAILED, hl.USER_KEY, "You are not authorized for this action", nil)
+	}
+
+	var sendTimestamp *time.Time = nil
+	if SendTimestamp != nil {
+		sendTimestamp = langext.Ptr(timeext.UnixFloatSeconds(*SendTimestamp))
+	}
+
+	priority := langext.Coalesce(Priority, user.DefaultPriority())
+
+	clientIP := g.ClientIP()
+
+	msg, err := h.database.CreateMessage(ctx, *UserID, channel, sendTimestamp, *Title, Content, priority, UserMessageID, clientIP, SenderName)
+	if err != nil {
+		return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to create message in db", err)
+	}
+
+	subscriptions, err := h.database.ListSubscriptionsByChannel(ctx, channel.ChannelID)
+	if err != nil {
+		return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query subscriptions", err)
+	}
+
+	err = h.database.IncUserMessageCounter(ctx, user)
+	if err != nil {
+		return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to inc user msg-counter", err)
+	}
+
+	err = h.database.IncChannelMessageCounter(ctx, channel)
+	if err != nil {
+		return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to inc channel msg-counter", err)
+	}
+
+	for _, sub := range subscriptions {
+		clients, err := h.database.ListClients(ctx, sub.SubscriberUserID)
+		if err != nil {
+			return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query clients", err)
+		}
+
+		if !sub.Confirmed {
+			continue
+		}
+
+		for _, client := range clients {
+
+			fcmDelivID, err := h.app.DeliverMessage(ctx, client, msg)
+			if err != nil {
+				_, err = h.database.CreateRetryDelivery(ctx, client, msg)
+				if err != nil {
+					return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to create delivery", err)
+				}
+			} else {
+				_, err = h.database.CreateSuccessDelivery(ctx, client, msg, *fcmDelivID)
+				if err != nil {
+					return ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to create delivery", err)
+				}
+			}
+
+		}
+	}
+
+	return ctx.FinishSuccess(ginresp.JSON(http.StatusOK, response{
+		Success:        true,
+		ErrorID:        apierr.NO_ERROR,
+		ErrorHighlight: -1,
+		Message:        "Message sent",
+		SuppressSend:   false,
+		MessageCount:   user.MessagesSent + 1,
+		Quota:          user.QuotaUsedToday() + 1,
+		IsPro:          user.IsPro,
+		QuotaMax:       user.QuotaPerDay(),
+		SCNMessageID:   msg.SCNMessageID,
+	}))
+}
--- a/scnserver/api/handler/website.go
+++ b/scnserver/api/handler/website.go
@@ -0,0 +1,174 @@
+package handler
+
+import (
+	"blackforestbytes.com/simplecloudnotifier/api/ginresp"
+	"blackforestbytes.com/simplecloudnotifier/logic"
+	"blackforestbytes.com/simplecloudnotifier/website"
+	"errors"
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+	"net/http"
+	"regexp"
+	"strings"
+)
+
+type WebsiteHandler struct {
+	app         *logic.Application
+	rexTemplate *regexp.Regexp
+	rexConfig   *regexp.Regexp
+}
+
+func NewWebsiteHandler(app *logic.Application) WebsiteHandler {
+	return WebsiteHandler{
+		app:         app,
+		rexTemplate: regexp.MustCompile("{{template\\|[A-Za-z0-9_\\-\\[\\].]+}}"),
+		rexConfig:   regexp.MustCompile("{{config\\|[A-Za-z0-9_\\-.]+}}"),
+	}
+}
+
+func (h WebsiteHandler) Index(g *gin.Context) ginresp.HTTPResponse {
+	return h.serveAsset(g, "index.html", true)
+}
+
+func (h WebsiteHandler) APIDocs(g *gin.Context) ginresp.HTTPResponse {
+	return h.serveAsset(g, "api.html", true)
+}
+
+func (h WebsiteHandler) APIDocsMore(g *gin.Context) ginresp.HTTPResponse {
+	return h.serveAsset(g, "api_more.html", true)
+}
+
+func (h WebsiteHandler) MessageSent(g *gin.Context) ginresp.HTTPResponse {
+	return h.serveAsset(g, "message_sent.html", true)
+}
+
+func (h WebsiteHandler) FaviconIco(g *gin.Context) ginresp.HTTPResponse {
+	return h.serveAsset(g, "favicon.ico", false)
+}
+
+func (h WebsiteHandler) FaviconPNG(g *gin.Context) ginresp.HTTPResponse {
+	return h.serveAsset(g, "favicon.png", false)
+}
+
+func (h WebsiteHandler) Javascript(g *gin.Context) ginresp.HTTPResponse {
+	type uri struct {
+		Filename string `uri:"fn"`
+	}
+
+	var u uri
+	if err := g.ShouldBindUri(&u); err != nil {
+		return ginresp.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+	}
+
+	return h.serveAsset(g, "js/"+u.Filename, false)
+}
+
+func (h WebsiteHandler) CSS(g *gin.Context) ginresp.HTTPResponse {
+	type uri struct {
+		Filename string `uri:"fn"`
+	}
+
+	var u uri
+	if err := g.ShouldBindUri(&u); err != nil {
+		return ginresp.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+	}
+
+	return h.serveAsset(g, "css/"+u.Filename, false)
+}
+
+func (h WebsiteHandler) serveAsset(g *gin.Context, fn string, repl bool) ginresp.HTTPResponse {
+	data, err := website.Assets.ReadFile(fn)
+	if err != nil {
+		return ginresp.Status(http.StatusNotFound)
+	}
+
+	if repl {
+		failed := false
+		data = h.rexTemplate.ReplaceAllFunc(data, func(match []byte) []byte {
+			prefix := len("{{template|")
+			suffix := len("}}")
+			fnSub := string(match[prefix : len(match)-suffix])
+
+			fnSub = strings.ReplaceAll(fnSub, "[theme]", h.getTheme(g))
+
+			subdata, err := website.Assets.ReadFile(fnSub)
+			if err != nil {
+				log.Error().Str("templ", string(match)).Str("fnSub", fnSub).Str("source", fn).Msg("Failed to replace template")
+				failed = true
+			}
+			return subdata
+		})
+		if failed {
+			return ginresp.InternalError(errors.New("template replacement failed"))
+		}
+
+		data = h.rexConfig.ReplaceAllFunc(data, func(match []byte) []byte {
+			prefix := len("{{config|")
+			suffix := len("}}")
+			cfgKey := match[prefix : len(match)-suffix]
+
+			cval, ok := h.getReplConfig(string(cfgKey))
+			if !ok {
+				log.Error().Str("templ", string(match)).Str("source", fn).Msg("Failed to replace config")
+				failed = true
+			}
+			return []byte(cval)
+		})
+		if failed {
+			return ginresp.InternalError(errors.New("config replacement failed"))
+		}
+	}
+
+	mime := "text/plain"
+
+	lowerFN := strings.ToLower(fn)
+	if strings.HasSuffix(lowerFN, ".html") || strings.HasSuffix(lowerFN, ".htm") {
+		mime = "text/html"
+	} else if strings.HasSuffix(lowerFN, ".css") {
+		mime = "text/css"
+	} else if strings.HasSuffix(lowerFN, ".js") {
+		mime = "text/javascript"
+	} else if strings.HasSuffix(lowerFN, ".json") {
+		mime = "application/json"
+	} else if strings.HasSuffix(lowerFN, ".jpeg") || strings.HasSuffix(lowerFN, ".jpg") {
+		mime = "image/jpeg"
+	} else if strings.HasSuffix(lowerFN, ".png") {
+		mime = "image/png"
+	} else if strings.HasSuffix(lowerFN, ".svg") {
+		mime = "image/svg+xml"
+	}
+
+	return ginresp.Data(http.StatusOK, mime, data)
+}
+
+func (h WebsiteHandler) getReplConfig(key string) (string, bool) {
+	key = strings.TrimSpace(strings.ToLower(key))
+
+	if key == "baseurl" {
+		return h.app.Config.BaseURL, true
+	}
+	if key == "ip" {
+		return h.app.Config.ServerIP, true
+	}
+	if key == "port" {
+		return h.app.Config.ServerPort, true
+	}
+	if key == "namespace" {
+		return h.app.Config.Namespace, true
+	}
+
+	return "", false
+
+}
+
+func (h WebsiteHandler) getTheme(g *gin.Context) string {
+	if c, err := g.Cookie("theme"); err != nil {
+		return "light"
+	} else if c == "light" {
+		return "light"
+	} else if c == "dark" {
+		return "dark"
+	} else {
+		return "light"
+	}
+}