120 changed files with 2865 additions and 8380 deletions
--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@ -0,0 +1,8 @@
 # Default ignored files
 /shelf/
 /workspace.xml
 # Editor-based HTTP Client requests
 /httpRequests/
 # Datasource local storage ignored files
 /dataSources/
 /dataSources.local.xml
--- a/.idea/.name
+++ b/.idea/.name
@ -0,0 +1 @@
 Identity
--- a/.idea/Identity.iml
+++ b/.idea/Identity.iml
@ -5,8 +5,5 @@
    <content url="file://$MODULE_DIR$" />
    <orderEntry type="inheritedJdk" />
    <orderEntry type="sourceFolder" forTests="false" />
    <orderEntry type="library" name="animate.css" level="application" />
    <orderEntry type="library" name="tailwindcss" level="application" />
    <orderEntry type="library" name="@tailwindcss/typography" level="application" />
  </component>
 </module>
--- a/.idea/codeStyles/Project.xml
+++ b/.idea/codeStyles/Project.xml
@ -0,0 +1,57 @@
 <component name="ProjectCodeStyleConfiguration">
  <code_scheme name="Project" version="173">
    <HTMLCodeStyleSettings>
      <option name="HTML_SPACE_INSIDE_EMPTY_TAG" value="true" />
    </HTMLCodeStyleSettings>
    <JSCodeStyleSettings version="0">
      <option name="FORCE_SEMICOLON_STYLE" value="true" />
      <option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" />
      <option name="FORCE_QUOTE_STYlE" value="true" />
      <option name="ENFORCE_TRAILING_COMMA" value="Remove" />
      <option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" />
      <option name="SPACES_WITHIN_IMPORTS" value="true" />
    </JSCodeStyleSettings>
    <TypeScriptCodeStyleSettings version="0">
      <option name="FORCE_SEMICOLON_STYLE" value="true" />
      <option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" />
      <option name="FORCE_QUOTE_STYlE" value="true" />
      <option name="ENFORCE_TRAILING_COMMA" value="Remove" />
      <option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" />
      <option name="SPACES_WITHIN_IMPORTS" value="true" />
    </TypeScriptCodeStyleSettings>
    <VueCodeStyleSettings>
      <option name="INTERPOLATION_NEW_LINE_AFTER_START_DELIMITER" value="false" />
      <option name="INTERPOLATION_NEW_LINE_BEFORE_END_DELIMITER" value="false" />
    </VueCodeStyleSettings>
    <codeStyleSettings language="HTML">
      <option name="SOFT_MARGINS" value="120" />
      <indentOptions>
        <option name="INDENT_SIZE" value="2" />
        <option name="CONTINUATION_INDENT_SIZE" value="2" />
        <option name="TAB_SIZE" value="2" />
      </indentOptions>
    </codeStyleSettings>
    <codeStyleSettings language="JavaScript">
      <option name="SOFT_MARGINS" value="120" />
      <indentOptions>
        <option name="INDENT_SIZE" value="2" />
        <option name="CONTINUATION_INDENT_SIZE" value="2" />
        <option name="TAB_SIZE" value="2" />
      </indentOptions>
    </codeStyleSettings>
    <codeStyleSettings language="TypeScript">
      <option name="SOFT_MARGINS" value="120" />
      <indentOptions>
        <option name="INDENT_SIZE" value="2" />
        <option name="CONTINUATION_INDENT_SIZE" value="2" />
        <option name="TAB_SIZE" value="2" />
      </indentOptions>
    </codeStyleSettings>
    <codeStyleSettings language="Vue">
      <option name="SOFT_MARGINS" value="120" />
      <indentOptions>
        <option name="CONTINUATION_INDENT_SIZE" value="2" />
      </indentOptions>
    </codeStyleSettings>
  </code_scheme>
 </component>
--- a/.idea/codeStyles/codeStyleConfig.xml
+++ b/.idea/codeStyles/codeStyleConfig.xml
@ -0,0 +1,5 @@
 <component name="ProjectCodeStyleConfiguration">
  <state>
    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
  </state>
 </component>
--- a/.idea/dataSources.local.xml
+++ b/.idea/dataSources.local.xml
@ -1,23 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="dataSourceStorageLocal" created-in="GO-241.14494.238">
    <data-source name="hy_passport@localhost" uuid="74bcf3ef-a2b9-435b-b9e5-f32902a33b25">
      <database-info product="PostgreSQL" version="16.2 (Homebrew)" jdbc-version="4.2" driver-name="PostgreSQL JDBC Driver" driver-version="42.6.0" dbms="POSTGRES" exact-version="16.2" exact-driver-version="42.6">
        <identifier-quote-string>&quot;</identifier-quote-string>
      </database-info>
      <case-sensitivity plain-identifiers="lower" quoted-identifiers="exact" />
      <secret-storage>master_key</secret-storage>
      <user-name>postgres</user-name>
      <schema-mapping>
        <introspection-scope>
          <node negative="1">
            <node kind="database" qname="@">
              <node kind="schema" qname="@" />
            </node>
            <node kind="database" qname="hy_passport" />
          </node>
        </introspection-scope>
      </schema-mapping>
    </data-source>
  </component>
 </project>
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@ -1,11 +1,18 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
-    <data-source source="LOCAL" name="hy_passport@localhost" uuid="74bcf3ef-a2b9-435b-b9e5-f32902a33b25">
+    <data-source source="LOCAL" name="hy_identity@localhost" uuid="49a1c31c-500d-4f9f-bbf4-b4ddc9f3dc56">
      <driver-ref>postgresql</driver-ref>
      <synchronize>true</synchronize>
      <jdbc-driver>org.postgresql.Driver</jdbc-driver>
-      <jdbc-url>jdbc:postgresql://localhost:5432/hy_passport</jdbc-url>
+      <jdbc-url>jdbc:postgresql://localhost:5432/hy_identity</jdbc-url>
      <working-dir>$ProjectFileDir$</working-dir>
    </data-source>
    <data-source source="LOCAL" name="identity@id.solsynth.dev" uuid="df97c878-c355-4a1b-b7fb-3280c4ad4553">
      <driver-ref>postgresql</driver-ref>
      <synchronize>true</synchronize>
      <jdbc-driver>org.postgresql.Driver</jdbc-driver>
      <jdbc-url>jdbc:postgresql://id.solsynth.dev:5432/identity</jdbc-url>
      <working-dir>$ProjectFileDir$</working-dir>
    </data-source>
  </component>
--- a/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml
+++ b/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml
--- a/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ.meta
+++ b/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ.meta
@ -1 +0,0 @@
 #n:hy_passport
--- a/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ/schema/public.abK9xQ.meta
+++ b/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ/schema/public.abK9xQ.meta
@ -1,2 +0,0 @@
 #n:public
 !<md> [6267, 0, null, null, -2147483648, -2147483648]
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@ -1,6 +0,0 @@
 <component name="InspectionProjectProfileManager">
  <profile version="1.0">
    <option name="myName" value="Project Default" />
    <inspection_tool class="Eslint" enabled="true" level="WARNING" enabled_by_default="true" />
  </profile>
 </component>
--- a/.idea/jsLibraryMappings.xml
+++ b/.idea/jsLibraryMappings.xml
@ -1,6 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="JavaScriptLibraryMappings">
    <file url="PROJECT" libraries="{@tailwindcss/typography, animate.css, tailwindcss}" />
  </component>
 </project>
--- a/.idea/modules.xml
+++ b/.idea/modules.xml
@ -2,7 +2,7 @@
 <project version="4">
  <component name="ProjectModuleManager">
    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/Passport.iml" filepath="$PROJECT_DIR$/.idea/Passport.iml" />
+      <module fileurl="file://$PROJECT_DIR$/.idea/Identity.iml" filepath="$PROJECT_DIR$/.idea/Identity.iml" />
    </modules>
  </component>
 </project>
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@ -1,141 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="AutoImportSettings">
    <option name="autoReloadType" value="ALL" />
  </component>
  <component name="ChangeListManager">
    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Others userinfo" />
    <option name="SHOW_DIALOG" value="false" />
    <option name="HIGHLIGHT_CONFLICTS" value="true" />
    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
    <option name="LAST_RESOLUTION" value="IGNORE" />
  </component>
  <component name="FileTemplateManagerImpl">
    <option name="RECENT_TEMPLATES">
      <list>
        <option value="Go File" />
      </list>
    </option>
  </component>
  <component name="GOROOT" url="file:///opt/homebrew/opt/go/libexec" />
  <component name="Git.Settings">
    <option name="RECENT_BRANCH_BY_REPOSITORY">
      <map>
        <entry key="$PROJECT_DIR$" value="master" />
      </map>
    </option>
    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
  </component>
  <component name="ProblemsViewState">
    <option name="selectedTabId" value="ProjectErrors" />
  </component>
  <component name="ProjectColorInfo">{
  &quot;customColor&quot;: &quot;&quot;,
  &quot;associatedIndex&quot;: 6
 }</component>
  <component name="ProjectId" id="2fLXu43fjlLYVIGNrhGhOgBFq2O" />
  <component name="ProjectViewState">
    <option name="hideEmptyMiddlePackages" value="true" />
    <option name="showLibraryContents" value="true" />
  </component>
  <component name="PropertiesComponent"><![CDATA[{
  "keyToString": {
    "DefaultGoTemplateProperty": "Go File",
    "Go 构建.Backend.executor": "Run",
    "RunOnceActivity.ShowReadmeOnStart": "true",
    "RunOnceActivity.go.formatter.settings.were.checked": "true",
    "RunOnceActivity.go.migrated.go.modules.settings": "true",
    "RunOnceActivity.go.modules.automatic.dependencies.download": "true",
    "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
    "git-widget-placeholder": "refactor/ux",
    "go.import.settings.migrated": "true",
    "go.sdk.automatically.set": "true",
    "last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/pkg/server/ui",
    "node.js.detected.package.eslint": "true",
    "node.js.selected.package.eslint": "(autodetect)",
    "nodejs_package_manager_path": "npm",
    "run.code.analysis.last.selected.profile": "pProject Default",
    "settings.editor.selected.configurable": "preferences.lookFeel",
    "vue.rearranger.settings.migration": "true"
  },
  "keyToStringList": {
    "DatabaseDriversLRU": [
      "postgresql"
    ]
  }
 }]]></component>
  <component name="RecentsManager">
    <key name="CopyFile.RECENT_KEYS">
      <recent name="$PROJECT_DIR$/pkg/server/ui" />
      <recent name="$PROJECT_DIR$/pkg/views/users" />
      <recent name="$PROJECT_DIR$/pkg/views" />
      <recent name="$PROJECT_DIR$/pkg" />
    </key>
    <key name="MoveFile.RECENT_KEYS">
      <recent name="$PROJECT_DIR$/pkg/views/users/directory" />
      <recent name="$PROJECT_DIR$/pkg/views/users" />
      <recent name="$PROJECT_DIR$/pkg/utils" />
      <recent name="$PROJECT_DIR$/pkg/services" />
    </key>
  </component>
  <component name="RunAnythingCache">
    <myKeys>
      <visibility group="Grunt" flag="true" />
      <visibility group="Gulp" flag="true" />
      <visibility group="HTTP 请求" flag="true" />
      <visibility group="Recent projects" flag="true" />
      <visibility group="Run configurations" flag="true" />
      <visibility group="npm" flag="true" />
      <visibility group="yarn" flag="true" />
    </myKeys>
  </component>
  <component name="RunManager">
    <configuration name="Backend" type="GoApplicationRunConfiguration" factoryName="Go Application">
      <module name="Passport" />
      <working_directory value="$PROJECT_DIR$" />
      <kind value="FILE" />
      <directory value="$PROJECT_DIR$" />
      <filePath value="$PROJECT_DIR$/pkg/cmd/main.go" />
      <output_directory value="$PROJECT_DIR$/dist" />
      <method v="2" />
    </configuration>
  </component>
  <component name="SharedIndexes">
    <attachedChunks>
      <set>
        <option value="bundled-gosdk-33c477a475b1-b97fc8a1e17c-org.jetbrains.plugins.go.sharedIndexes.bundled-GO-241.14494.238" />
        <option value="bundled-js-predefined-1d06a55b98c1-74d2a5396914-JavaScript-GO-241.14494.238" />
      </set>
    </attachedChunks>
  </component>
  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="应用程序级" UseSingleDictionary="true" transferred="true" />
  <component name="TypeScriptGeneratedFilesManager">
    <option name="version" value="3" />
  </component>
  <component name="Vcs.Log.Tabs.Properties">
    <option name="TAB_STATES">
      <map>
        <entry key="MAIN">
          <value>
            <State />
          </value>
        </entry>
      </map>
    </option>
  </component>
  <component name="VcsManagerConfiguration">
    <MESSAGE value=":recycle: Refactor frontend" />
    <MESSAGE value=":sparkles: New ticket ways" />
    <MESSAGE value=":sparkles: Sign up &amp; Sign in" />
    <MESSAGE value=":sparkles: An entire complete sign in user flow" />
    <MESSAGE value=":sparkles: User center page" />
    <MESSAGE value=":sparkles: Personalize" />
    <MESSAGE value=":sparkles: OAuth" />
    <MESSAGE value=":truck: Update well known" />
    <MESSAGE value=":sparkles: Others userinfo" />
    <option name="LAST_COMMIT_MESSAGE" value=":sparkles: Others userinfo" />
  </component>
  <component name="VgoProject">
    <settings-migrated>true</settings-migrated>
  </component>
 </project>
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,6 @@ require (
 	github.com/go-playground/validator/v10 v10.17.0
 	github.com/gofiber/contrib/websocket v1.3.0
 	github.com/gofiber/fiber/v2 v2.52.4
 	github.com/gofiber/template/html/v2 v2.1.1
 	github.com/golang-jwt/jwt/v5 v5.2.0
 	github.com/google/uuid v1.6.0
 	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
@ -41,11 +40,8 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-sql-driver/mysql v1.7.1 // indirect
 	github.com/gofiber/template v1.8.3 // indirect
 	github.com/gofiber/utils v1.1.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
@ -56,7 +52,7 @@ require (
 	github.com/jackc/puddle/v2 v2.2.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/compress v1.17.7 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
@ -65,7 +61,6 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/nicksnyder/go-i18n/v2 v2.4.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
@ -77,7 +72,6 @@ require (
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/sujit-baniya/flash v0.1.8 // indirect
 	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.52.0 // indirect
@ -88,7 +82,7 @@ require (
 	golang.org/x/net v0.22.0 // indirect
 	golang.org/x/oauth2 v0.15.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
--- a/go.sum
+++ b/go.sum
@ -16,7 +16,6 @@ cloud.google.com/go/storage v1.35.1/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYE
 firebase.google.com/go v3.13.0+incompatible h1:3TdYC3DDi6aHn20qoRkxwGqNgdjtblwVAyRLQwGn/+4=
 firebase.google.com/go v3.13.0+incompatible/go.mod h1:xlah6XbEyW6tbfSklcfe5FHJIwjt8toICdV5Wh9ptHs=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@ -53,15 +52,8 @@ github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofiber/contrib/websocket v1.3.0 h1:XADFAGorer1VJ1bqC4UkCjqS37kwRTV0415+050NrMk=
 github.com/gofiber/contrib/websocket v1.3.0/go.mod h1:xguaOzn2ZZ759LavtosEP+rcxIgBEE/rdumPINhR+Xo=
 github.com/gofiber/fiber/v2 v2.36.0/go.mod h1:tgCr+lierLwLoVHHO/jn3Niannv34WRkQETU8wiL9fQ=
 github.com/gofiber/fiber/v2 v2.52.4 h1:P+T+4iK7VaqUsq2PALYEfBBo6bJZ4q3FP8cZ84EggTM=
 github.com/gofiber/fiber/v2 v2.52.4/go.mod h1:KEOE+cXMhXG0zHc9d8+E38hoX+ZN7bhOtgeF2oT6jrQ=
 github.com/gofiber/template v1.8.3 h1:hzHdvMwMo/T2kouz2pPCA0zGiLCeMnoGsQZBTSYgZxc=
 github.com/gofiber/template v1.8.3/go.mod h1:bs/2n0pSNPOkRa5VJ8zTIvedcI/lEYxzV3+YPXdBvq8=
 github.com/gofiber/template/html/v2 v2.1.1 h1:QEy3O3EBkvwDthy5bXVGUseOyO6ldJoiDxlF4+MJiV8=
 github.com/gofiber/template/html/v2 v2.1.1/go.mod h1:2G0GHHOUx70C1LDncoBpe4T6maQbNa4x1CVNFW0wju0=
 github.com/gofiber/utils v1.1.0 h1:vdEBpn7AzIUJRhe+CiTOJdUcTg4Q9RK+pEa0KPbLdrM=
 github.com/gofiber/utils v1.1.0/go.mod h1:poZpsnhBykfnY1Mc0KeEa6mSHrS3dV0+oBWyeQmb2e0=
 github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
 github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA=
@ -86,8 +78,6 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 h1:yEt5djSYb4iNtmV9iJGVday+i4e9u6Mrn5iP64HH5QM=
 github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@ -127,12 +117,8 @@ github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
 github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
 github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@ -160,8 +146,6 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/nicksnyder/go-i18n/v2 v2.4.0 h1:3IcvPOAvnCKwNm0TB0dLDTuawWEj+ax/RERNC+diLMM=
 github.com/nicksnyder/go-i18n/v2 v2.4.0/go.mod h1:nxYSZE9M0bf3Y70gPQjN9ha7XNHX7gMc814+6wVyEI4=
 github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
 github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
@ -212,13 +196,10 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/sujit-baniya/flash v0.1.8 h1:BwcrybCatPU30VMA9IBA5q3ZE0VSr5c7qTqwZrSvyRI=
 github.com/sujit-baniya/flash v0.1.8/go.mod h1:kmlAIkLDMlLshEeeE6fETEW8kSOopKN5WA3KXLmS/U0=
 github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=
 github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.38.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I=
 github.com/valyala/fasthttp v1.52.0 h1:wqBQpxH71XW0e2g+Og4dzQM8pk34aFYlA1Ga8db7gU0=
 github.com/valyala/fasthttp v1.52.0/go.mod h1:hf5C4QnVMkNXMspnsUlfM3WitlgYflyhHYoKol/szxQ=
 github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8=
@ -233,7 +214,6 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@ -253,8 +233,6 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
@ -274,10 +252,7 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -286,15 +261,12 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
--- a/pkg/cmd/main.go
+++ b/pkg/cmd/main.go
@ -1,8 +1,6 @@
 package main
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg"
 	"git.solsynth.dev/hydrogen/passport/pkg/i18n"
 	"os"
 	"os/signal"
 	"syscall"
@ -13,6 +11,7 @@ import (
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"github.com/robfig/cron/v3"
 	passport "git.solsynth.dev/hydrogen/passport/pkg"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
@ -36,8 +35,6 @@ func main() {
 		log.Panic().Err(err).Msg("An error occurred when loading settings.")
 	}
 	i18n.InitInternationalization()
 	// Connect to database
 	if err := database.NewGorm(); err != nil {
 		log.Fatal().Err(err).Msg("An error occurred when connect to database.")
@ -75,13 +72,13 @@ func main() {
 	quartz.Start()
 	// Messages
-	log.Info().Msgf("Passport v%s is started...", pkg.AppVersion)
+	log.Info().Msgf("Identity v%s is started...", passport.AppVersion)
 	quit := make(chan os.Signal, 1)
 	signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
 	<-quit
-	log.Info().Msgf("Passport v%s is quitting...", pkg.AppVersion)
+	log.Info().Msgf("Identity v%s is quitting...", passport.AppVersion)
 	quartz.Stop()
--- a/pkg/database/migrator.go
+++ b/pkg/database/migrator.go
@ -12,7 +12,8 @@ var DatabaseAutoActionRange = []any{
 	&models.AccountPage{},
 	&models.AccountContact{},
 	&models.AccountFriendship{},
-	&models.AuthTicket{},
+	&models.AuthSession{},
 	&models.AuthChallenge{},
 	&models.MagicToken{},
 	&models.ThirdClient{},
 	&models.ActionEvent{},
--- a/pkg/embed.go
+++ b/pkg/embed.go
@ -1,6 +0,0 @@
 package pkg
 import "embed"
 //go:embed views/*
 var FS embed.FS
--- a/pkg/i18n/bundle.go
+++ b/pkg/i18n/bundle.go
@ -1,16 +0,0 @@
 package i18n
 import (
 	jsoniter "github.com/json-iterator/go"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"golang.org/x/text/language"
 )
 var Bundle *i18n.Bundle
 func InitInternationalization() {
 	Bundle = i18n.NewBundle(language.English)
 	Bundle.RegisterUnmarshalFunc("json", jsoniter.ConfigCompatibleWithStandardLibrary.Unmarshal)
 	Bundle.LoadMessageFileFS(FS, "locale.en.json")
 	Bundle.LoadMessageFileFS(FS, "locale.zh.json")
 }
--- a/pkg/i18n/embed.go
+++ b/pkg/i18n/embed.go
@ -1,6 +0,0 @@
 package i18n
 import "embed"
 //go:embed locale.*.json
 var FS embed.FS
--- a/pkg/i18n/locale.en.json
+++ b/pkg/i18n/locale.en.json
@ -1,23 +0,0 @@
 {
  "next": "Next",
  "email": "Email",
  "username": "Username",
  "nickname": "Nickname",
  "password": "Password",
  "unknown": "Unknown",
  "apply": "Apply",
  "back": "Back",
  "approve": "Approve",
  "decline": "Decline",
  "magicToken": "Magic Token",
  "signinTitle": "Sign In",
  "signinCaption": "Sign in to Solarpass to explore entire Solar Network. Explore posts, discover communities, talk with your best friends. All these things in the Solar Network!",
  "signinRequired": "You need to sign in before do that.",
  "signupTitle": "Sign Up",
  "signupCaption": "Sign up to create an account on Solarpass, then you can explore the entire Solar Network! Enjoy the next-generation Internet Ecosystem!",
  "authorizeTitle": "Authorize",
  "authorizeCaption": "One Solarpass, get entire network.",
  "mfaTitle": "Multi Factor Authenticate",
  "mfaCaption": "We need use one more way to verify it is you.",
  "mfaFactorEmail": "OTP through your email"
 }
--- a/pkg/i18n/locale.zh.json
+++ b/pkg/i18n/locale.zh.json
@ -1,23 +0,0 @@
 {
  "next": "下一步",
  "email": "邮件地址",
  "username": "用户名",
  "nickname": "昵称",
  "password": "密码",
  "unknown": "未知",
  "apply": "应用",
  "back": "返回",
  "approve": "接受",
  "decline": "拒绝",
  "magicToken": "魔法令牌",
  "signinTitle": "登陆",
  "signinCaption": "登陆 Solarpass 以探索整个 Solar Network，浏览帖子、探索社区、和你的好朋友聊八卦，一切尽在 Solar Network!",
  "signinRequired": "你需要在那之前登陆",
  "signupTitle": "注册",
  "signupCaption": "注册以在 Solarpass 创建一个账号，之后你就可以探索整个 Solar Network，享受下一代互联网生态系统！",
  "authorizeTitle": "授权",
  "authorizeCaption": "一个 Solarpass，整个网络。",
  "mfaTitle": "多因素验证",
  "mfaCaption": "我们需要另一个方法来确认你是你。",
  "mfaFactorEmail": "电子邮寄一次性验证码"
 }
--- a/pkg/i18n/middleware.go
+++ b/pkg/i18n/middleware.go
@ -1,15 +0,0 @@
 package i18n
 import (
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 )
 func I18nMiddleware(c *fiber.Ctx) error {
 	accept := c.Get(fiber.HeaderAcceptLanguage)
 	localizer := i18n.NewLocalizer(Bundle, accept)
 	c.Locals("localizer", localizer)
 	return c.Next()
 }
--- a/pkg/meta.go
+++ b/pkg/meta.go
@ -1,4 +1,4 @@
-package pkg
+package passport
 const (
 	AppVersion = "1.0.0"
--- a/pkg/models/accounts.go
+++ b/pkg/models/accounts.go
@ -23,8 +23,9 @@ type Account struct {
 	PersonalPage AccountPage      `json:"personal_page"`
 	Contacts     []AccountContact `json:"contacts"`
-	Tickets []AuthTicket `json:"tickets"`
+	Sessions   []AuthSession   `json:"sessions"`
-	Factors []AuthFactor `json:"factors"`
+	Challenges []AuthChallenge `json:"challenges"`
 	Factors    []AuthFactor    `json:"factors"`
 	Events      []ActionEvent `json:"events"`
 	MagicTokens []MagicToken  `json:"-" gorm:"foreignKey:AssignTo"`
--- a/pkg/models/auth.go
+++ b/pkg/models/auth.go
@ -23,42 +23,67 @@ type AuthFactor struct {
 	AccountID uint    `json:"account_id"`
 }
-type AuthTicket struct {
+type AuthSession struct {
 	BaseModel
-	Location            string                      `json:"location"`
+	Claims       datatypes.JSONSlice[string] `json:"claims"`
-	IpAddress           string                      `json:"ip_address"`
+	Audiences    datatypes.JSONSlice[string] `json:"audiences"`
-	UserAgent           string                      `json:"user_agent"`
+	Challenge    AuthChallenge               `json:"challenge" gorm:"foreignKey:SessionID"`
-	RequireMFA          bool                        `json:"require_mfa"`
+	GrantToken   string                      `json:"grant_token"`
-	RequireAuthenticate bool                        `json:"require_authenticate"`
+	AccessToken  string                      `json:"access_token"`
-	Claims              datatypes.JSONSlice[string] `json:"claims"`
+	RefreshToken string                      `json:"refresh_token"`
-	Audiences           datatypes.JSONSlice[string] `json:"audiences"`
+	ExpiredAt    *time.Time                  `json:"expired_at"`
-	GrantToken          *string                     `json:"grant_token"`
+	AvailableAt  *time.Time                  `json:"available_at"`
-	AccessToken         *string                     `json:"access_token"`
+	LastGrantAt  *time.Time                  `json:"last_grant_at"`
-	RefreshToken        *string                     `json:"refresh_token"`
+	ClientID     *uint                       `json:"client_id"`
-	ExpiredAt           *time.Time                  `json:"expired_at"`
+	AccountID    uint                        `json:"account_id"`
 	AvailableAt         *time.Time                  `json:"available_at"`
 	LastGrantAt         *time.Time                  `json:"last_grant_at"`
 	ClientID            *uint                       `json:"client_id"`
 	AccountID           uint                        `json:"account_id"`
 }
-func (v AuthTicket) IsAvailable() error {
+func (v AuthSession) IsAvailable() error {
 	if v.RequireMFA || v.RequireAuthenticate {
 		return fmt.Errorf("ticket isn't authenticated yet")
 	}
 	if v.AvailableAt != nil && time.Now().Unix() < v.AvailableAt.Unix() {
-		return fmt.Errorf("ticket isn't available yet")
+		return fmt.Errorf("session isn't available yet")
 	}
 	if v.ExpiredAt != nil && time.Now().Unix() > v.ExpiredAt.Unix() {
-		return fmt.Errorf("ticket expired")
+		return fmt.Errorf("session expired")
 	}
 	return nil
 }
 type AuthChallengeState = int8
 const (
 	ActiveChallengeState = AuthChallengeState(iota)
 	ExpiredChallengeState
 	FinishChallengeState
 )
 type AuthChallenge struct {
 	BaseModel
 	Location         string                     `json:"location"`
 	IpAddress        string                     `json:"ip_address"`
 	UserAgent        string                     `json:"user_agent"`
 	RiskLevel        int                        `json:"risk_level"`
 	Progress         int                        `json:"progress"`
 	Requirements     int                        `json:"requirements"`
 	BlacklistFactors datatypes.JSONType[[]uint] `json:"blacklist_factors"`
 	State            int8                       `json:"state"`
 	ExpiredAt        time.Time                  `json:"expired_at"`
 	SessionID        *uint                      `json:"session_id"`
 	AccountID        uint                       `json:"account_id"`
 }
 func (v AuthChallenge) IsAvailable() error {
 	if time.Now().Unix() > v.ExpiredAt.Unix() {
 		return fmt.Errorf("challenge expired")
 	}
 	return nil
 }
 type AuthContext struct {
-	Ticket    AuthTicket `json:"ticket"`
+	Session   AuthSession `json:"session"`
-	Account   Account    `json:"account"`
+	Account   Account     `json:"account"`
-	ExpiredAt time.Time  `json:"expired_at"`
+	ExpiredAt time.Time   `json:"expired_at"`
 }
--- a/pkg/models/clients.go
+++ b/pkg/models/clients.go
@ -11,7 +11,7 @@ type ThirdClient struct {
 	Secret        string                      `json:"secret"`
 	Urls          datatypes.JSONSlice[string] `json:"urls"`
 	Callbacks     datatypes.JSONSlice[string] `json:"callbacks"`
-	Sessions      []AuthTicket                `json:"tickets" gorm:"foreignKey:ClientID"`
+	Sessions      []AuthSession               `json:"sessions" gorm:"foreignKey:ClientID"`
 	Notifications []Notification              `json:"notifications" gorm:"foreignKey:SenderID"`
 	IsDraft       bool                        `json:"is_draft"`
 	AccountID     *uint                       `json:"account_id"`
--- a/pkg/security/challanges.go
+++ b/pkg/security/challanges.go
@ -0,0 +1,96 @@
 package security
 import (
 	"fmt"
 	"strings"
 	"time"
 	"github.com/google/uuid"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/samber/lo"
 	"gorm.io/datatypes"
 )
 func CalcRisk(user models.Account, ip, ua string) int {
 	risk := 3
 	var secureFactor int64
 	if err := database.C.Where(models.AuthChallenge{
 		AccountID: user.ID,
 		IpAddress: ip,
 	}).Model(models.AuthChallenge{}).Count(&secureFactor).Error; err == nil {
 		if secureFactor >= 3 {
 			risk -= 3
 		} else if secureFactor >= 1 {
 			risk -= 2
 		}
 	}
 	return risk
 }
 func NewChallenge(user models.Account, factors []models.AuthFactor, ip, ua string) (models.AuthChallenge, error) {
 	var challenge models.AuthChallenge
 	// Pickup any challenge if possible
 	if err := database.C.Where(models.AuthChallenge{
 		AccountID: user.ID,
 	}).Where("state = ?", models.ActiveChallengeState).First(&challenge).Error; err == nil {
 		return challenge, nil
 	}
 	// Calculate the risk level
 	risk := CalcRisk(user, ip, ua)
 	// Clamp risk in the exists requirements factor count
 	requirements := lo.Clamp(risk, 1, len(factors))
 	challenge = models.AuthChallenge{
 		IpAddress:        ip,
 		UserAgent:        ua,
 		RiskLevel:        risk,
 		Requirements:     requirements,
 		BlacklistFactors: datatypes.NewJSONType([]uint{}),
 		State:            models.ActiveChallengeState,
 		ExpiredAt:        time.Now().Add(2 * time.Hour),
 		AccountID:        user.ID,
 	}
 	err := database.C.Save(&challenge).Error
 	return challenge, err
 }
 func DoChallenge(challenge models.AuthChallenge, factor models.AuthFactor, code string) error {
 	if err := challenge.IsAvailable(); err != nil {
 		challenge.State = models.ExpiredChallengeState
 		database.C.Save(&challenge)
 		return err
 	}
 	if challenge.Progress >= challenge.Requirements {
 		return fmt.Errorf("challenge already passed")
 	}
 	blacklist := challenge.BlacklistFactors.Data()
 	if lo.Contains(blacklist, factor.ID) {
 		return fmt.Errorf("factor in blacklist, please change another factor to challenge")
 	}
 	if err := VerifyFactor(factor, code); err != nil {
 		return err
 	}
 	challenge.Progress++
 	challenge.BlacklistFactors = datatypes.NewJSONType(append(blacklist, factor.ID))
 	if err := database.C.Save(&challenge).Error; err != nil {
 		return err
 	}
 	// Revoke some factor passwords
 	if factor.Type == models.EmailPasswordFactor {
 		factor.Secret = strings.ReplaceAll(uuid.NewString(), "-", "")
 		database.C.Save(&factor)
 	}
 	return nil
 }
--- a/pkg/security/encryptor.go
+++ b/pkg/security/encryptor.go
@ -1,4 +1,4 @@
-package services
+package security
 import "golang.org/x/crypto/bcrypt"
--- a/pkg/security/factors.go
+++ b/pkg/security/factors.go
@ -0,0 +1,27 @@
 package security
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/samber/lo"
 )
 func VerifyFactor(factor models.AuthFactor, code string) error {
 	switch factor.Type {
 	case models.PasswordAuthFactor:
 		return lo.Ternary(
 			VerifyPassword(code, factor.Secret),
 			nil,
 			fmt.Errorf("invalid password"),
 		)
 	case models.EmailPasswordFactor:
 		return lo.Ternary(
 			code == factor.Secret,
 			nil,
 			fmt.Errorf("invalid verification code"),
 		)
 	}
 	return nil
 }
--- a/pkg/security/jwt.go
+++ b/pkg/security/jwt.go
@ -1,4 +1,4 @@
-package services
+package security
 import (
 	"fmt"
--- a/pkg/security/sessions.go
+++ b/pkg/security/sessions.go
@ -0,0 +1,165 @@
 package security
 import (
 	"fmt"
 	"strconv"
 	"time"
 	"github.com/spf13/viper"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/google/uuid"
 	"github.com/samber/lo"
 )
 func GrantSession(challenge models.AuthChallenge, claims, audiences []string, expired, available *time.Time) (models.AuthSession, error) {
 	var session models.AuthSession
 	if err := challenge.IsAvailable(); err != nil {
 		return session, err
 	}
 	if challenge.Progress < challenge.Requirements {
 		return session, fmt.Errorf("challenge haven't passed")
 	}
 	challenge.State = models.FinishChallengeState
 	session = models.AuthSession{
 		Claims:       claims,
 		Audiences:    audiences,
 		Challenge:    challenge,
 		GrantToken:   uuid.NewString(),
 		AccessToken:  uuid.NewString(),
 		RefreshToken: uuid.NewString(),
 		ExpiredAt:    expired,
 		AvailableAt:  available,
 		AccountID:    challenge.AccountID,
 	}
 	if err := database.C.Save(&challenge).Error; err != nil {
 		return session, err
 	} else if err := database.C.Save(&session).Error; err != nil {
 		return session, err
 	}
 	return session, nil
 }
 func GrantOauthSession(user models.Account, client models.ThirdClient, claims, audiences []string, expired, available *time.Time, ip, ua string) (models.AuthSession, error) {
 	session := models.AuthSession{
 		Claims:    claims,
 		Audiences: audiences,
 		Challenge: models.AuthChallenge{
 			IpAddress: ip,
 			UserAgent: ua,
 			RiskLevel: CalcRisk(user, ip, ua),
 			State:     models.FinishChallengeState,
 			AccountID: user.ID,
 		},
 		GrantToken:   uuid.NewString(),
 		AccessToken:  uuid.NewString(),
 		RefreshToken: uuid.NewString(),
 		ExpiredAt:    expired,
 		AvailableAt:  available,
 		ClientID:     &client.ID,
 		AccountID:    user.ID,
 	}
 	if err := database.C.Save(&session).Error; err != nil {
 		return session, err
 	}
 	return session, nil
 }
 func RegenSession(session models.AuthSession) (models.AuthSession, error) {
 	session.GrantToken = uuid.NewString()
 	session.AccessToken = uuid.NewString()
 	session.RefreshToken = uuid.NewString()
 	err := database.C.Save(&session).Error
 	return session, err
 }
 func GetToken(session models.AuthSession) (string, string, error) {
 	var refresh, access string
 	if err := session.IsAvailable(); err != nil {
 		return refresh, access, err
 	}
 	accessDuration := time.Duration(viper.GetInt64("security.access_token_duration")) * time.Second
 	refreshDuration := time.Duration(viper.GetInt64("security.refresh_token_duration")) * time.Second
 	var err error
 	sub := strconv.Itoa(int(session.AccountID))
 	sed := strconv.Itoa(int(session.ID))
 	access, err = EncodeJwt(session.AccessToken, JwtAccessType, sub, sed, session.Audiences, time.Now().Add(accessDuration))
 	if err != nil {
 		return refresh, access, err
 	}
 	refresh, err = EncodeJwt(session.RefreshToken, JwtRefreshType, sub, sed, session.Audiences, time.Now().Add(refreshDuration))
 	if err != nil {
 		return refresh, access, err
 	}
 	session.LastGrantAt = lo.ToPtr(time.Now())
 	database.C.Save(&session)
 	return access, refresh, nil
 }
 func ExchangeToken(token string) (string, string, error) {
 	var session models.AuthSession
 	if err := database.C.Where(models.AuthSession{GrantToken: token}).First(&session).Error; err != nil {
 		return "404", "403", err
 	} else if session.LastGrantAt != nil {
 		return "404", "403", fmt.Errorf("session was granted the first token, use refresh token instead")
 	} else if len(session.Audiences) > 1 {
 		return "404", "403", fmt.Errorf("should use authorization code grant type")
 	}
 	return GetToken(session)
 }
 func ExchangeOauthToken(clientId, clientSecret, redirectUri, token string) (string, string, error) {
 	var client models.ThirdClient
 	if err := database.C.Where(models.ThirdClient{Alias: clientId}).First(&client).Error; err != nil {
 		return "404", "403", err
 	} else if client.Secret != clientSecret {
 		return "404", "403", fmt.Errorf("invalid client secret")
 	} else if !client.IsDraft && !lo.Contains(client.Callbacks, redirectUri) {
 		return "404", "403", fmt.Errorf("invalid redirect uri")
 	}
 	var session models.AuthSession
 	if err := database.C.Where(models.AuthSession{GrantToken: token}).First(&session).Error; err != nil {
 		return "404", "403", err
 	} else if session.LastGrantAt != nil {
 		return "404", "403", fmt.Errorf("session was granted the first token, use refresh token instead")
 	}
 	return GetToken(session)
 }
 func RefreshToken(token string) (string, string, error) {
 	parseInt := func(str string) int {
 		val, _ := strconv.Atoi(str)
 		return val
 	}
 	var session models.AuthSession
 	if claims, err := DecodeJwt(token); err != nil {
 		return "404", "403", err
 	} else if claims.Type != JwtRefreshType {
 		return "404", "403", fmt.Errorf("invalid token type, expected refresh token")
 	} else if err := database.C.Where(models.AuthSession{
 		BaseModel: models.BaseModel{ID: uint(parseInt(claims.SessionID))},
 	}).First(&session).Error; err != nil {
 		return "404", "403", err
 	}
 	if session, err := RegenSession(session); err != nil {
 		return "404", "403", err
 	} else {
 		return GetToken(session)
 	}
 }
--- a/pkg/server/accounts_api.go
+++ b/pkg/server/accounts_api.go
@ -2,7 +2,6 @@ package server
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"strconv"
 	"time"
@ -84,7 +83,7 @@ func editUserinfo(c *fiber.Ctx) error {
 		Birthday    time.Time `json:"birthday"`
 	}
-	if err := utils.BindAndValidate(c, &data); err != nil {
+	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
@ -113,9 +112,9 @@ func editUserinfo(c *fiber.Ctx) error {
 func killSession(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
-	id, _ := c.ParamsInt("ticketId", 0)
+	id, _ := c.ParamsInt("sessionId", 0)
-	if err := database.C.Delete(&models.AuthTicket{}, &models.AuthTicket{
+	if err := database.C.Delete(&models.AuthSession{}, &models.AuthSession{
 		BaseModel: models.BaseModel{ID: uint(id)},
 		AccountID: user.ID,
 	}).Error; err != nil {
@ -134,7 +133,7 @@ func doRegister(c *fiber.Ctx) error {
 		MagicToken string `json:"magic_token"`
 	}
-	if err := utils.BindAndValidate(c, &data); err != nil {
+	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	} else if viper.GetBool("use_registration_magic_token") && len(data.MagicToken) <= 0 {
 		return fmt.Errorf("missing magic token in request")
@ -163,7 +162,7 @@ func doRegisterConfirm(c *fiber.Ctx) error {
 		Code string `json:"code" validate:"required"`
 	}
-	if err := utils.BindAndValidate(c, &data); err != nil {
+	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
--- a/pkg/server/auth_api.go
+++ b/pkg/server/auth_api.go
@ -1,146 +0,0 @@
 package server
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"time"
 	"github.com/gofiber/fiber/v2"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 )
 func doAuthenticate(c *fiber.Ctx) error {
 	var data struct {
 		Username string `json:"username"`
 		Password string `json:"password" validate:"required"`
 	}
 	if err := utils.BindAndValidate(c, &data); err != nil {
 		return err
 	}
 	user, err := services.LookupAccount(data.Username)
 	if err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err.Error()))
 	}
 	ticket, err := services.NewTicket(user, c.IP(), c.Get(fiber.HeaderUserAgent))
 	if err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("unable setup ticket: %v", err.Error()))
 	}
 	ticket, err = services.ActiveTicketWithPassword(ticket, data.Password)
 	if err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("invalid password: %v", err.Error()))
 	}
 	return c.JSON(fiber.Map{
 		"is_finished": ticket.IsAvailable(),
 		"ticket":      ticket,
 	})
 }
 func doMultiFactorAuthenticate(c *fiber.Ctx) error {
 	var data struct {
 		TicketID uint   `json:"ticket_id" validate:"required"`
 		FactorID uint   `json:"factor_id" validate:"required"`
 		Code     string `json:"code" validate:"required"`
 	}
 	if err := utils.BindAndValidate(c, &data); err != nil {
 		return err
 	}
 	ticket, err := services.GetTicket(data.TicketID)
 	if err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("ticket was not found: %v", err.Error()))
 	}
 	factor, err := services.GetFactor(data.FactorID)
 	if err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("factor was not found: %v", err.Error()))
 	}
 	ticket, err = services.ActiveTicketWithMFA(ticket, factor, data.Code)
 	if err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("invalid code: %v", err.Error()))
 	}
 	return c.JSON(fiber.Map{
 		"is_finished": ticket.IsAvailable(),
 		"ticket":      ticket,
 	})
 }
 func getToken(c *fiber.Ctx) error {
 	var data struct {
 		Code         string `json:"code" form:"code"`
 		RefreshToken string `json:"refresh_token" form:"refresh_token"`
 		ClientID     string `json:"client_id" form:"client_id"`
 		ClientSecret string `json:"client_secret" form:"client_secret"`
 		Username     string `json:"username" form:"username"`
 		Password     string `json:"password" form:"password"`
 		RedirectUri  string `json:"redirect_uri" form:"redirect_uri"`
 		GrantType    string `json:"grant_type" form:"grant_type"`
 	}
 	if err := utils.BindAndValidate(c, &data); err != nil {
 		return err
 	}
 	var err error
 	var access, refresh string
 	switch data.GrantType {
 	case "refresh_token":
 		// Refresh Token
 		access, refresh, err = services.RefreshToken(data.RefreshToken)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 	case "authorization_code":
 		// Authorization Code Mode
 		access, refresh, err = services.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, data.Code)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 	case "password":
 		// Password Mode
 		user, err := services.LookupAccount(data.Username)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err.Error()))
 		}
 		ticket, err := services.NewTicket(user, c.IP(), c.Get(fiber.HeaderUserAgent))
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("unable setup ticket: %v", err.Error()))
 		}
 		ticket, err = services.ActiveTicketWithPassword(ticket, data.Password)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("invalid password: %v", err.Error()))
 		} else if ticket.GrantToken == nil {
 			return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("unable to get grant token to get token"))
 		}
 		access, refresh, err = services.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, *ticket.GrantToken)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 	case "grant_token":
 		// Internal Usage
 		access, refresh, err = services.ExchangeToken(data.Code)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 	default:
 		return fiber.NewError(fiber.StatusBadRequest, "unsupported exchange token type")
 	}
 	services.SetJwtCookieSet(c, access, refresh)
 	return c.JSON(fiber.Map{
 		"id_token":      access,
 		"access_token":  access,
 		"refresh_token": refresh,
 		"token_type":    "Bearer",
 		"expires_in":    (30 * time.Minute).Seconds(),
 	})
 }
--- a/pkg/server/auth_middleware.go
+++ b/pkg/server/auth_middleware.go
@ -3,13 +3,14 @@ package server
 import (
 	"strings"
 	"git.solsynth.dev/hydrogen/passport/pkg/security"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"github.com/gofiber/fiber/v2"
 )
 func authMiddleware(c *fiber.Ctx) error {
 	var token string
-	if cookie := c.Cookies(services.CookieAccessKey); len(cookie) > 0 {
+	if cookie := c.Cookies(security.CookieAccessKey); len(cookie) > 0 {
 		token = cookie
 	}
 	if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 {
@ -41,10 +42,10 @@ func authFunc(c *fiber.Ctx, overrides ...string) error {
 		}
 	}
-	rtk := c.Cookies(services.CookieRefreshKey)
+	rtk := c.Cookies(security.CookieRefreshKey)
 	if user, atk, rtk, err := services.Authenticate(token, rtk, 0); err == nil {
 		if atk != token {
-			services.SetJwtCookieSet(c, atk, rtk)
+			security.SetJwtCookieSet(c, atk, rtk)
 		}
 		c.Locals("principal", user)
 		return nil
--- a/pkg/server/challanges_api.go
+++ b/pkg/server/challanges_api.go
@ -0,0 +1,140 @@
 package server
 import (
 	"time"
 	"github.com/gofiber/fiber/v2"
 	"git.solsynth.dev/hydrogen/passport/pkg/security"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"github.com/samber/lo"
 )
 func startChallenge(c *fiber.Ctx) error {
 	var data struct {
 		ID string `json:"id" validate:"required"`
 	}
 	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
 	user, err := services.LookupAccount(data.ID)
 	if err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
 	}
 	factors, err := services.LookupFactorsByUser(user.ID)
 	if err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
 	}
 	challenge, err := security.NewChallenge(user, factors, c.IP(), c.Get(fiber.HeaderUserAgent))
 	if err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
 	}
 	services.AddEvent(user, "challenges.start", data.ID, c.IP(), c.Get(fiber.HeaderUserAgent))
 	return c.JSON(fiber.Map{
 		"display_name": user.Nick,
 		"challenge":    challenge,
 		"factors":      factors,
 	})
 }
 func doChallenge(c *fiber.Ctx) error {
 	var data struct {
 		ChallengeID uint   `json:"challenge_id" validate:"required"`
 		FactorID    uint   `json:"factor_id" validate:"required"`
 		Secret      string `json:"secret" validate:"required"`
 	}
 	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
 	challenge, err := services.LookupChallengeWithFingerprint(data.ChallengeID, c.IP(), c.Get(fiber.HeaderUserAgent))
 	if err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
 	}
 	factor, err := services.LookupFactor(data.FactorID)
 	if err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
 	}
 	if err := security.DoChallenge(challenge, factor, data.Secret); err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, err.Error())
 	}
 	challenge, err = services.LookupChallenge(data.ChallengeID)
 	if err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, err.Error())
 	} else if challenge.Progress >= challenge.Requirements {
 		session, err := security.GrantSession(challenge, []string{"*"}, []string{"passport"}, nil, lo.ToPtr(time.Now()))
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 		return c.JSON(fiber.Map{
 			"is_finished": true,
 			"challenge":   challenge,
 			"session":     session,
 		})
 	}
 	return c.JSON(fiber.Map{
 		"is_finished": false,
 		"challenge":   challenge,
 		"session":     nil,
 	})
 }
 func exchangeToken(c *fiber.Ctx) error {
 	var data struct {
 		Code         string `json:"code" form:"code"`
 		RefreshToken string `json:"refresh_token" form:"refresh_token"`
 		ClientID     string `json:"client_id" form:"client_id"`
 		ClientSecret string `json:"client_secret" form:"client_secret"`
 		RedirectUri  string `json:"redirect_uri" form:"redirect_uri"`
 		GrantType    string `json:"grant_type" form:"grant_type"`
 	}
 	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
 	var err error
 	var access, refresh string
 	switch data.GrantType {
 	case "authorization_code":
 		// Authorization Code Mode
 		access, refresh, err = security.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, data.Code)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 	case "grant_token":
 		// Internal Usage
 		access, refresh, err = security.ExchangeToken(data.Code)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 	case "refresh_token":
 		// Refresh Token
 		access, refresh, err = security.RefreshToken(data.RefreshToken)
 		if err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, err.Error())
 		}
 	default:
 		return fiber.NewError(fiber.StatusBadRequest, "unsupported exchange token type")
 	}
 	security.SetJwtCookieSet(c, access, refresh)
 	return c.JSON(fiber.Map{
 		"id_token":      access,
 		"access_token":  access,
 		"refresh_token": refresh,
 		"token_type":    "Bearer",
 		"expires_in":    (30 * time.Minute).Seconds(),
 	})
 }
--- a/pkg/server/factors_api.go
+++ b/pkg/server/factors_api.go
@ -8,7 +8,7 @@ import (
 func requestFactorToken(c *fiber.Ctx) error {
 	id, _ := c.ParamsInt("factorId", 0)
-	factor, err := services.GetFactor(uint(id))
+	factor, err := services.LookupFactor(uint(id))
 	if err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
 	}
--- a/pkg/server/friendships_api.go
+++ b/pkg/server/friendships_api.go
@ -3,7 +3,6 @@ package server
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 )
@ -71,7 +70,7 @@ func editFriendship(c *fiber.Ctx) error {
 		Status uint8 `json:"status"`
 	}
-	if err := utils.BindAndValidate(c, &data); err != nil {
+	if err := BindAndValidate(c, &data); err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, err.Error())
 	}
--- a/pkg/server/notifications_api.go
+++ b/pkg/server/notifications_api.go
@ -1,7 +1,6 @@
 package server
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"time"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
@ -73,7 +72,7 @@ func addNotifySubscriber(c *fiber.Ctx) error {
 		DeviceID string `json:"device_id" validate:"required"`
 	}
-	if err := utils.BindAndValidate(c, &data); err != nil {
+	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
--- a/pkg/server/notify_api.go
+++ b/pkg/server/notify_api.go
@ -3,7 +3,6 @@ package server
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 )
@ -19,7 +18,7 @@ func notifyUser(c *fiber.Ctx) error {
 		UserID       uint                      `json:"user_id" validate:"required"`
 	}
-	if err := utils.BindAndValidate(c, &data); err != nil {
+	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
--- a/pkg/server/oauth_api.go
+++ b/pkg/server/oauth_api.go
@ -6,6 +6,7 @@ import (
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/security"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"github.com/gofiber/fiber/v2"
 	"github.com/samber/lo"
@ -28,29 +29,29 @@ func preConnect(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
-	var ticket models.AuthTicket
+	var session models.AuthSession
-	if err := database.C.Where(&models.AuthTicket{
+	if err := database.C.Where(&models.AuthSession{
 		AccountID: user.ID,
 		ClientID:  &client.ID,
-	}).Where("last_grant_at IS NULL").First(&ticket).Error; err == nil {
+	}).Where("last_grant_at IS NULL").First(&session).Error; err == nil {
-		if ticket.ExpiredAt != nil && ticket.ExpiredAt.Unix() < time.Now().Unix() {
+		if session.ExpiredAt != nil && session.ExpiredAt.Unix() < time.Now().Unix() {
 			return c.JSON(fiber.Map{
-				"client": client,
+				"client":  client,
-				"ticket": nil,
+				"session": nil,
 			})
 		} else {
-			ticket, err = services.RegenSession(ticket)
+			session, err = security.RegenSession(session)
 		}
 		return c.JSON(fiber.Map{
-			"client": client,
+			"client":  client,
-			"ticket": ticket,
+			"session": session,
 		})
 	}
 	return c.JSON(fiber.Map{
-		"client": client,
+		"client":  client,
-		"ticket": nil,
+		"session": nil,
 	})
 }
@ -72,11 +73,13 @@ func doConnect(c *fiber.Ctx) error {
 	switch response {
 	case "code":
 		// OAuth Authorization Mode
-		ticket, err := services.NewOauthTicket(
+		session, err := security.GrantOauthSession(
 			user,
 			client,
 			strings.Split(scope, " "),
 			[]string{"passport", client.Alias},
 			nil,
 			lo.ToPtr(time.Now()),
 			c.IP(),
 			c.Get(fiber.HeaderUserAgent),
 		)
@ -86,24 +89,26 @@ func doConnect(c *fiber.Ctx) error {
 		} else {
 			services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
 			return c.JSON(fiber.Map{
-				"ticket":       ticket,
+				"session":      session,
 				"redirect_uri": redirect,
 			})
 		}
 	case "token":
 		// OAuth Implicit Mode
-		ticket, err := services.NewOauthTicket(
+		session, err := security.GrantOauthSession(
 			user,
 			client,
 			strings.Split(scope, " "),
 			[]string{"passport", client.Alias},
 			nil,
 			lo.ToPtr(time.Now()),
 			c.IP(),
 			c.Get(fiber.HeaderUserAgent),
 		)
 		if err != nil {
 			return fiber.NewError(fiber.StatusInternalServerError, err.Error())
-		} else if access, refresh, err := services.GetToken(ticket); err != nil {
+		} else if access, refresh, err := security.GetToken(session); err != nil {
 			return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 		} else {
 			services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
@ -111,7 +116,7 @@ func doConnect(c *fiber.Ctx) error {
 				"access_token":  access,
 				"refresh_token": refresh,
 				"redirect_uri":  redirect,
-				"ticket":        ticket,
+				"session":       session,
 			})
 		}
 	default:
--- a/pkg/server/page_api.go
+++ b/pkg/server/page_api.go
@ -3,7 +3,6 @@ package server
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 )
@ -48,7 +47,7 @@ func editPersonalPage(c *fiber.Ctx) error {
 		Links   []models.AccountPageLinks `json:"links"`
 	}
-	if err := utils.BindAndValidate(c, &data); err != nil {
+	if err := BindAndValidate(c, &data); err != nil {
 		return err
 	}
--- a/pkg/server/security_api.go
+++ b/pkg/server/security_api.go
@ -6,31 +6,60 @@ import (
 	"github.com/gofiber/fiber/v2"
 )
-func getTickets(c *fiber.Ctx) error {
+func getChallenges(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
 	take := c.QueryInt("take", 0)
 	offset := c.QueryInt("offset", 0)
 	var count int64
-	var tickets []models.AuthTicket
+	var challenges []models.AuthChallenge
 	if err := database.C.
-		Where(&models.AuthTicket{AccountID: user.ID}).
+		Where(&models.AuthChallenge{AccountID: user.ID}).
-		Model(&models.AuthTicket{}).
+		Model(&models.AuthChallenge{}).
 		Count(&count).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 	if err := database.C.
 		Order("created_at desc").
-		Where(&models.AuthTicket{AccountID: user.ID}).
+		Where(&models.AuthChallenge{AccountID: user.ID}).
 		Limit(take).
 		Offset(offset).
-		Find(&tickets).Error; err != nil {
+		Find(&challenges).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 	return c.JSON(fiber.Map{
 		"count": count,
-		"data":  tickets,
+		"data":  challenges,
 	})
 }
 func getSessions(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
 	take := c.QueryInt("take", 0)
 	offset := c.QueryInt("offset", 0)
 	var count int64
 	var sessions []models.AuthSession
 	if err := database.C.
 		Where(&models.AuthSession{AccountID: user.ID}).
 		Model(&models.AuthSession{}).
 		Count(&count).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 	if err := database.C.
 		Order("created_at desc").
 		Where(&models.AuthSession{AccountID: user.ID}).
 		Limit(take).
 		Offset(offset).
 		Find(&sessions).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 	return c.JSON(fiber.Map{
 		"count": count,
 		"data":  sessions,
 	})
 }
--- a/pkg/server/startup.go
+++ b/pkg/server/startup.go
@ -1,39 +1,35 @@
 package server
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg"
 	"git.solsynth.dev/hydrogen/passport/pkg/i18n"
 	"git.solsynth.dev/hydrogen/passport/pkg/server/ui"
 	"github.com/gofiber/contrib/websocket"
 	"net/http"
 	"strings"
 	"time"
 	"git.solsynth.dev/hydrogen/passport/pkg/views"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cache"
 	"github.com/gofiber/fiber/v2/middleware/cors"
-	"github.com/gofiber/fiber/v2/middleware/favicon"
+	"github.com/gofiber/fiber/v2/middleware/filesystem"
 	"github.com/gofiber/fiber/v2/middleware/idempotency"
 	"github.com/gofiber/fiber/v2/middleware/logger"
 	"github.com/gofiber/template/html/v2"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
 	"net/http"
 	"strings"
 )
 var A *fiber.App
 func NewServer() {
 	templates := html.NewFileSystem(http.FS(pkg.FS), ".gohtml")
 	A = fiber.New(fiber.Config{
 		DisableStartupMessage: true,
 		EnableIPValidation:    true,
-		ServerHeader:          "Hydrogen.Passport",
+		ServerHeader:          "Hydrogen.Identity",
-		AppName:               "Hydrogen.Passport",
+		AppName:               "Hydrogen.Identity",
 		ProxyHeader:           fiber.HeaderXForwardedFor,
 		JSONEncoder:           jsoniter.ConfigCompatibleWithStandardLibrary.Marshal,
 		JSONDecoder:           jsoniter.ConfigCompatibleWithStandardLibrary.Unmarshal,
 		EnablePrintRoutes:     viper.GetBool("debug.print_routes"),
 		Views:                 templates,
 		ViewsLayout:           "views/index",
 	})
 	A.Use(idempotency.New())
@ -58,8 +54,6 @@ func NewServer() {
 		Output: log.Logger,
 	}))
 	A.Use(i18n.I18nMiddleware)
 	A.Get("/.well-known", getMetadata)
 	A.Get("/.well-known/openid-configuration", getOidcConfiguration)
@ -87,8 +81,9 @@ func NewServer() {
 			me.Put("/", authMiddleware, editUserinfo)
 			me.Put("/page", authMiddleware, editPersonalPage)
 			me.Get("/events", authMiddleware, getEvents)
-			me.Get("/tickets", authMiddleware, getTickets)
+			me.Get("/challenges", authMiddleware, getChallenges)
-			me.Delete("/tickets/:ticketId", authMiddleware, killSession)
+			me.Get("/sessions", authMiddleware, getSessions)
 			me.Delete("/sessions/:sessionId", authMiddleware, killSession)
 			me.Post("/confirm", doRegisterConfirm)
@ -111,8 +106,9 @@ func NewServer() {
 		api.Post("/users", doRegister)
-		api.Post("/auth", doAuthenticate)
+		api.Put("/auth", startChallenge)
-		api.Post("/auth/token", getToken)
+		api.Post("/auth", doChallenge)
 		api.Post("/auth/token", exchangeToken)
 		api.Post("/auth/factors/:factorId", requestFactorToken)
 		api.Get("/auth/o/connect", authMiddleware, preConnect)
@ -124,13 +120,15 @@ func NewServer() {
 		}
 	}
-	A.Use(favicon.New(favicon.Config{
+	A.Use("/", cache.New(cache.Config{
-		FileSystem: http.FS(pkg.FS),
+		Expiration:   24 * time.Hour,
-		File:       "views/favicon.png",
+		CacheControl: true,
-		URL:        "/favicon.png",
+	}), filesystem.New(filesystem.Config{
 		Root:         http.FS(views.FS),
 		PathPrefix:   "dist",
 		Index:        "index.html",
 		NotFoundFile: "dist/index.html",
 	}))
 	ui.MapUserInterface(A, authFunc)
 }
 func Listen() {
--- a/pkg/server/ui/accounts.go
+++ b/pkg/server/ui/accounts.go
@ -1,48 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gomarkdown/markdown"
 	"github.com/gomarkdown/markdown/html"
 	"github.com/gomarkdown/markdown/parser"
 	"github.com/sujit-baniya/flash"
 	"html/template"
 	"time"
 )
 func selfUserinfoPage(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
 	var data models.Account
 	if err := database.C.
 		Where(&models.Account{BaseModel: models.BaseModel{ID: user.ID}}).
 		Preload("Profile").
 		Preload("PersonalPage").
 		Preload("Contacts").
 		First(&data).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 	var birthday = "Unknown"
 	if data.Profile.Birthday != nil {
 		birthday = data.Profile.Birthday.Format(time.RFC822)
 	}
 	doc := parser.
 		NewWithExtensions(parser.CommonExtensions | parser.AutoHeadingIDs | parser.NoEmptyLineBeforeBlock).
 		Parse([]byte(data.PersonalPage.Content))
 	renderer := html.NewRenderer(html.RendererOptions{Flags: html.CommonFlags | html.HrefTargetBlank})
 	return c.Render("views/users/me", fiber.Map{
 		"info":          flash.Get(c)["message"],
 		"uid":           fmt.Sprintf("%08d", data.ID),
 		"joined_at":     data.CreatedAt.Format(time.RFC822),
 		"birthday_at":   birthday,
 		"personal_page": template.HTML(markdown.Render(doc, renderer)),
 		"userinfo":      data,
 	}, "views/layouts/user-center")
 }
--- a/pkg/server/ui/directory.go
+++ b/pkg/server/ui/directory.go
@ -1,48 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gomarkdown/markdown"
 	"github.com/gomarkdown/markdown/html"
 	"github.com/gomarkdown/markdown/parser"
 	"github.com/sujit-baniya/flash"
 	"html/template"
 	"time"
 )
 func otherUserinfoPage(c *fiber.Ctx) error {
 	name := c.Params("account")
 	var data models.Account
 	if err := database.C.
 		Where(&models.Account{Name: name}).
 		Preload("Profile").
 		Preload("PersonalPage").
 		Preload("Contacts").
 		First(&data).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 	var birthday = "Unknown"
 	if data.Profile.Birthday != nil {
 		birthday = data.Profile.Birthday.Format(time.RFC822)
 	}
 	doc := parser.
 		NewWithExtensions(parser.CommonExtensions | parser.AutoHeadingIDs | parser.NoEmptyLineBeforeBlock).
 		Parse([]byte(data.PersonalPage.Content))
 	renderer := html.NewRenderer(html.RendererOptions{Flags: html.CommonFlags | html.HrefTargetBlank})
 	return c.Render("views/users/directory/userinfo", fiber.Map{
 		"info":          flash.Get(c)["message"],
 		"uid":           fmt.Sprintf("%08d", data.ID),
 		"joined_at":     data.CreatedAt.Format(time.RFC822),
 		"birthday_at":   birthday,
 		"personal_page": template.HTML(markdown.Render(doc, renderer)),
 		"userinfo":      data,
 	}, "views/layouts/user-center")
 }
--- a/pkg/server/ui/index.go
+++ b/pkg/server/ui/index.go
@ -1,46 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"github.com/gofiber/fiber/v2"
 )
 func MapUserInterface(A *fiber.App, authFunc func(c *fiber.Ctx, overrides ...string) error) {
 	authCheckWare := func(c *fiber.Ctx) error {
 		var token string
 		if cookie := c.Cookies(services.CookieAccessKey); len(cookie) > 0 {
 			token = cookie
 		}
 		c.Locals("token", token)
 		if err := authFunc(c); err != nil {
 			uri := c.Request().URI().FullURI()
 			return c.Redirect(fmt.Sprintf("/sign-in?redirect_uri=%s", string(uri)))
 		} else {
 			return c.Next()
 		}
 	}
 	pages := A.Group("/").Name("Pages")
 	pages.Get("/sign-up", signupPage)
 	pages.Get("/sign-in", signinPage)
 	pages.Get("/mfa", mfaRequestPage)
 	pages.Get("/mfa/apply", mfaApplyPage)
 	pages.Get("/authorize", authCheckWare, authorizePage)
 	pages.Post("/sign-up", signupAction)
 	pages.Post("/sign-in", signinAction)
 	pages.Post("/mfa", mfaRequestAction)
 	pages.Post("/mfa/apply", mfaApplyAction)
 	pages.Post("/authorize", authCheckWare, authorizeAction)
 	pages.Get("/@:account", otherUserinfoPage)
 	pages.Get("/users/me", authCheckWare, selfUserinfoPage)
 	pages.Get("/users/me/personalize", authCheckWare, personalizePage)
 	pages.Post("/users/me/personalize", authCheckWare, personalizeAction)
 }
--- a/pkg/server/ui/mfa.go
+++ b/pkg/server/ui/mfa.go
@ -1,194 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/samber/lo"
 	"github.com/sujit-baniya/flash"
 )
 func mfaRequestPage(c *fiber.Ctx) error {
 	ticketId := c.QueryInt("ticket", 0)
 	ticket, err := services.GetTicket(uint(ticketId))
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": "you must provide ticket id to perform multi-factor authenticate",
 		}).Redirect("/sign-in")
 	}
 	user, err := services.GetAccount(ticket.AccountID)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": "ticket related user just weirdly disappear",
 		}).Redirect("/sign-in")
 	}
 	factors, err := services.ListUserFactor(user.ID)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to get your factors: %v", err.Error()),
 		}).Redirect("/sign-in")
 	}
 	factors = lo.Filter(factors, func(item models.AuthFactor, index int) bool {
 		return item.Type != models.PasswordAuthFactor
 	})
 	localizer := c.Locals("localizer").(*i18n.Localizer)
 	next, _ := localizer.LocalizeMessage(&i18n.Message{ID: "next"})
 	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaTitle"})
 	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaCaption"})
 	return c.Render("views/mfa", fiber.Map{
 		"info":         flash.Get(c)["message"],
 		"redirect_uri": flash.Get(c)["redirect_uri"],
 		"ticket_id":    ticket.ID,
 		"factors": lo.Map(factors, func(item models.AuthFactor, index int) fiber.Map {
 			return fiber.Map{
 				"name": services.GetFactorName(item.Type, localizer),
 				"id":   item.ID,
 			}
 		}),
 		"i18n": fiber.Map{
 			"next":    next,
 			"title":   title,
 			"caption": caption,
 		},
 	}, "views/layouts/auth")
 }
 func mfaRequestAction(c *fiber.Ctx) error {
 	var data struct {
 		TicketID uint `form:"ticket_id" validate:"required"`
 		FactorID uint `form:"factor_id" validate:"required"`
 	}
 	redirectBackUri := "/sign-in"
 	err := utils.BindAndValidate(c, &data)
 	if data.TicketID > 0 {
 		redirectBackUri = fmt.Sprintf("/mfa?ticket=%d", data.TicketID)
 	}
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": err.Error(),
 		}).Redirect(redirectBackUri)
 	}
 	factor, err := services.GetFactor(data.FactorID)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("factor was not found: %v", err.Error()),
 		}).Redirect(redirectBackUri)
 	}
 	_, err = services.GetFactorCode(factor)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to get factor code: %v", err.Error()),
 		}).Redirect(redirectBackUri)
 	}
 	return flash.WithData(c, fiber.Map{
 		"redirect_uri": utils.GetRedirectUri(c),
 	}).Redirect(fmt.Sprintf("/mfa/apply?ticket=%d&factor=%d", data.TicketID, factor.ID))
 }
 func mfaApplyPage(c *fiber.Ctx) error {
 	ticketId := c.QueryInt("ticket", 0)
 	factorId := c.QueryInt("factor", 0)
 	ticket, err := services.GetTicket(uint(ticketId))
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to find your ticket: %v", err.Error()),
 		}).Redirect("/sign-in")
 	}
 	factor, err := services.GetFactor(uint(factorId))
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to find your factors: %v", err.Error()),
 		}).Redirect("/sign-in")
 	}
 	localizer := c.Locals("localizer").(*i18n.Localizer)
 	next, _ := localizer.LocalizeMessage(&i18n.Message{ID: "next"})
 	password, _ := localizer.LocalizeMessage(&i18n.Message{ID: "password"})
 	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaTitle"})
 	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaCaption"})
 	return c.Render("views/mfa-apply", fiber.Map{
 		"info":      flash.Get(c)["message"],
 		"label":     services.GetFactorName(factor.Type, localizer),
 		"ticket_id": ticket.ID,
 		"factor_id": factor.ID,
 		"i18n": fiber.Map{
 			"next":     next,
 			"password": password,
 			"title":    title,
 			"caption":  caption,
 		},
 	}, "views/layouts/auth")
 }
 func mfaApplyAction(c *fiber.Ctx) error {
 	var data struct {
 		TicketID uint   `form:"ticket_id" validate:"required"`
 		FactorID uint   `form:"factor_id" validate:"required"`
 		Code     string `form:"code" validate:"required"`
 	}
 	redirectBackUri := "/sign-in"
 	err := utils.BindAndValidate(c, &data)
 	if data.TicketID > 0 {
 		redirectBackUri = fmt.Sprintf("/mfa/apply?ticket=%d&factor=%d", data.TicketID, data.FactorID)
 	}
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": err.Error(),
 		}).Redirect(redirectBackUri)
 	}
 	ticket, err := services.GetTicket(data.TicketID)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to find your ticket: %v", err.Error()),
 		}).Redirect("/sign-in")
 	}
 	factor, err := services.GetFactor(data.FactorID)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("factor was not found: %v", err.Error()),
 		}).Redirect(redirectBackUri)
 	}
 	ticket, err = services.ActiveTicketWithMFA(ticket, factor, data.Code)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("invalid multi-factor authenticate code: %v", err.Error()),
 		}).Redirect(redirectBackUri)
 	} else if ticket.IsAvailable() != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": "ticket weirdly still unavailable after multi-factor authenticate",
 		}).Redirect("/sign-in")
 	}
 	access, refresh, err := services.ExchangeToken(*ticket.GrantToken)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("failed to exchange token: %v", err.Error()),
 		}).Redirect("/sign-in")
 	} else {
 		services.SetJwtCookieSet(c, access, refresh)
 	}
 	return c.Redirect(lo.FromPtr(utils.GetRedirectUri(c, "/users/me")))
 }
--- a/pkg/server/ui/oauth.go
+++ b/pkg/server/ui/oauth.go
@ -1,154 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/samber/lo"
 	"github.com/sujit-baniya/flash"
 	"html/template"
 	"strings"
 	"time"
 )
 func authorizePage(c *fiber.Ctx) error {
 	localizer := c.Locals("localizer").(*i18n.Localizer)
 	user := c.Locals("principal").(models.Account)
 	id := c.Query("client_id")
 	redirect := c.Query("redirect_uri")
 	var message string
 	if len(id) <= 0 || len(redirect) <= 0 {
 		message = "invalid request, missing query parameters"
 	}
 	var client models.ThirdClient
 	if err := database.C.Where(&models.ThirdClient{Alias: id}).First(&client).Error; err != nil {
 		message = fmt.Sprintf("unable to find client: %v", err)
 	} else if !client.IsDraft && !lo.Contains(client.Callbacks, strings.Split(redirect, "?")[0]) {
 		message = "invalid callback url"
 	}
 	var ticket models.AuthTicket
 	if err := database.C.Where(&models.AuthTicket{
 		AccountID: user.ID,
 		ClientID:  &client.ID,
 	}).Where("last_grant_at IS NULL").First(&ticket).Error; err == nil {
 		if !(ticket.ExpiredAt != nil && ticket.ExpiredAt.Unix() < time.Now().Unix()) {
 			ticket, err = services.RegenSession(ticket)
 			if c.Query("response_type") == "code" {
 				return c.Redirect(fmt.Sprintf(
 					"%s?code=%s&state=%s",
 					redirect,
 					*ticket.GrantToken,
 					c.Query("state"),
 				))
 			} else if c.Query("response_type") == "token" {
 				if access, refresh, err := services.GetToken(ticket); err == nil {
 					return c.Redirect(fmt.Sprintf("%s?access_token=%s&refresh_token=%s&state=%s",
 						redirect,
 						access,
 						refresh, c.Query("state"),
 					))
 				}
 			}
 		}
 	}
 	decline, _ := localizer.LocalizeMessage(&i18n.Message{ID: "decline"})
 	approve, _ := localizer.LocalizeMessage(&i18n.Message{ID: "approve"})
 	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "authorizeTitle"})
 	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "authorizeCaption"})
 	qs := "/authorize?" + string(c.Request().URI().QueryString())
 	return c.Render("views/authorize", fiber.Map{
 		"info":       lo.Ternary[any](len(message) > 0, message, flash.Get(c)["message"]),
 		"client":     client,
 		"scopes":     strings.Split(c.Query("scope"), " "),
 		"action_url": template.URL(qs),
 		"i18n": fiber.Map{
 			"approve": approve,
 			"decline": decline,
 			"title":   title,
 			"caption": caption,
 		},
 	}, "views/layouts/auth")
 }
 func authorizeAction(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
 	id := c.Query("client_id")
 	response := c.Query("response_type")
 	redirect := c.Query("redirect_uri")
 	scope := c.Query("scope")
 	redirectBackUri := "/authorize?" + string(c.Request().URI().QueryString())
 	if len(scope) <= 0 {
 		return flash.WithInfo(c, fiber.Map{
 			"message": "invalid request parameters",
 		}).Redirect(redirectBackUri)
 	}
 	var client models.ThirdClient
 	if err := database.C.Where(&models.ThirdClient{Alias: id}).First(&client).Error; err != nil {
 		return fiber.NewError(fiber.StatusNotFound, err.Error())
 	}
 	switch response {
 	case "code":
 		// OAuth Authorization Mode
 		ticket, err := services.NewOauthTicket(
 			user,
 			client,
 			strings.Split(scope, " "),
 			[]string{"passport", client.Alias},
 			c.IP(),
 			c.Get(fiber.HeaderUserAgent),
 		)
 		if err != nil {
 			return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 		} else {
 			services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
 			return c.Redirect(fmt.Sprintf(
 				"%s?code=%s&state=%s",
 				redirect,
 				*ticket.GrantToken,
 				c.Query("state"),
 			))
 		}
 	case "token":
 		// OAuth Implicit Mode
 		ticket, err := services.NewOauthTicket(
 			user,
 			client,
 			strings.Split(scope, " "),
 			[]string{"passport", client.Alias},
 			c.IP(),
 			c.Get(fiber.HeaderUserAgent),
 		)
 		if err != nil {
 			return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 		} else if access, refresh, err := services.GetToken(ticket); err != nil {
 			return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 		} else {
 			services.AddEvent(user, "oauth.connect", client.Alias, c.IP(), c.Get(fiber.HeaderUserAgent))
 			return c.Redirect(fmt.Sprintf("%s?access_token=%s&refresh_token=%s&state=%s",
 				redirect,
 				access,
 				refresh, c.Query("state"),
 			))
 		}
 	default:
 		return flash.WithInfo(c, fiber.Map{
 			"message": "unsupported response type",
 		}).Redirect(redirectBackUri)
 	}
 }
--- a/pkg/server/ui/personalize.go
+++ b/pkg/server/ui/personalize.go
@ -1,98 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/samber/lo"
 	"github.com/sujit-baniya/flash"
 	"strings"
 	"time"
 )
 func personalizePage(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
 	localizer := c.Locals("localizer").(*i18n.Localizer)
 	var data models.Account
 	if err := database.C.
 		Where(&models.Account{BaseModel: models.BaseModel{ID: user.ID}}).
 		Preload("Profile").
 		Preload("PersonalPage").
 		Preload("Contacts").
 		First(&data).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	}
 	var birthday any
 	if data.Profile.Birthday != nil {
 		birthday = strings.SplitN(data.Profile.Birthday.Format(time.RFC3339), "T", 1)[0]
 	}
 	apply, _ := localizer.LocalizeMessage(&i18n.Message{ID: "apply"})
 	back, _ := localizer.LocalizeMessage(&i18n.Message{ID: "back"})
 	return c.Render("views/users/personalize", fiber.Map{
 		"info":        flash.Get(c)["message"],
 		"birthday_at": birthday,
 		"userinfo":    data,
 		"i18n": fiber.Map{
 			"apply": apply,
 			"back":  back,
 		},
 	}, "views/layouts/user-center")
 }
 func personalizeAction(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
 	var data struct {
 		Nick        string `form:"nick" validate:"required,min=4,max=24"`
 		Description string `form:"description"`
 		FirstName   string `form:"first_name"`
 		LastName    string `form:"last_name"`
 		Birthday    string `form:"birthday"`
 	}
 	if err := utils.BindAndValidate(c, &data); err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": err.Error(),
 		}).Redirect("/users/me/personalize")
 	}
 	var account models.Account
 	if err := database.C.
 		Where(&models.Account{BaseModel: models.BaseModel{ID: user.ID}}).
 		Preload("Profile").
 		First(&account).Error; err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to get your userinfo: %v", err),
 		}).Redirect("/users/me/personalize")
 	}
 	account.Nick = data.Nick
 	account.Description = data.Description
 	account.Profile.FirstName = data.FirstName
 	account.Profile.LastName = data.LastName
 	if birthday, err := time.Parse(time.DateOnly, data.Birthday); err == nil {
 		account.Profile.Birthday = lo.ToPtr(birthday)
 	}
 	if err := database.C.Save(&account).Error; err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to personalize your account: %v", err),
 		}).Redirect("/users/me/personalize")
 	} else if err := database.C.Save(&account.Profile).Error; err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable to personalize your profile: %v", err),
 		}).Redirect("/users/me/personalize")
 	}
 	return flash.WithInfo(c, fiber.Map{
 		"message": "your account has been personalized",
 	}).Redirect("/users/me")
 }
--- a/pkg/server/ui/signin.go
+++ b/pkg/server/ui/signin.go
@ -1,93 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/samber/lo"
 	"github.com/sujit-baniya/flash"
 )
 func signinPage(c *fiber.Ctx) error {
 	localizer := c.Locals("localizer").(*i18n.Localizer)
 	next, _ := localizer.LocalizeMessage(&i18n.Message{ID: "next"})
 	username, _ := localizer.LocalizeMessage(&i18n.Message{ID: "username"})
 	password, _ := localizer.LocalizeMessage(&i18n.Message{ID: "password"})
 	signup, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signupTitle"})
 	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signinTitle"})
 	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signinCaption"})
 	requiredNotify, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signinRequired"})
 	var info any
 	if flash.Get(c)["message"] != nil {
 		info = flash.Get(c)["message"]
 	} else {
 		info = requiredNotify
 	}
 	return c.Render("views/signin", fiber.Map{
 		"info": info,
 		"i18n": fiber.Map{
 			"next":     next,
 			"username": username,
 			"password": password,
 			"signup":   signup,
 			"title":    title,
 			"caption":  caption,
 		},
 	}, "views/layouts/auth")
 }
 func signinAction(c *fiber.Ctx) error {
 	var data struct {
 		Username string `form:"username" validate:"required"`
 		Password string `form:"password" validate:"required"`
 	}
 	if err := utils.BindAndValidate(c, &data); err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": err.Error(),
 		}).Redirect("/sign-in")
 	}
 	user, err := services.LookupAccount(data.Username)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("account was not found: %v", err.Error()),
 		}).Redirect("/sign-in")
 	}
 	ticket, err := services.NewTicket(user, c.IP(), c.Get(fiber.HeaderUserAgent))
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("unable setup ticket: %v", err.Error()),
 		}).Redirect("/sign-in")
 	}
 	ticket, err = services.ActiveTicketWithPassword(ticket, data.Password)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("invalid password: %v", err.Error()),
 		}).Redirect("/sign-in")
 	}
 	if ticket.IsAvailable() != nil {
 		return flash.WithData(c, fiber.Map{
 			"redirect_uri": utils.GetRedirectUri(c),
 		}).Redirect(fmt.Sprintf("/mfa?ticket=%d", ticket.ID))
 	}
 	access, refresh, err := services.ExchangeToken(*ticket.GrantToken)
 	if err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": fmt.Sprintf("failed to exchange token: %v", err.Error()),
 		}).Redirect("/sign-in")
 	} else {
 		services.SetJwtCookieSet(c, access, refresh)
 	}
 	return c.Redirect(lo.FromPtr(utils.GetRedirectUri(c, "/users/me")))
 }
--- a/pkg/server/ui/signup.go
+++ b/pkg/server/ui/signup.go
@ -1,87 +0,0 @@
 package ui
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"git.solsynth.dev/hydrogen/passport/pkg/utils"
 	"github.com/gofiber/fiber/v2"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 	"github.com/samber/lo"
 	"github.com/spf13/viper"
 	"github.com/sujit-baniya/flash"
 )
 func signupPage(c *fiber.Ctx) error {
 	localizer := c.Locals("localizer").(*i18n.Localizer)
 	next, _ := localizer.LocalizeMessage(&i18n.Message{ID: "next"})
 	email, _ := localizer.LocalizeMessage(&i18n.Message{ID: "email"})
 	nickname, _ := localizer.LocalizeMessage(&i18n.Message{ID: "nickname"})
 	username, _ := localizer.LocalizeMessage(&i18n.Message{ID: "username"})
 	password, _ := localizer.LocalizeMessage(&i18n.Message{ID: "password"})
 	magicToken, _ := localizer.LocalizeMessage(&i18n.Message{ID: "magicToken"})
 	signin, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signinTitle"})
 	title, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signupTitle"})
 	caption, _ := localizer.LocalizeMessage(&i18n.Message{ID: "signupCaption"})
 	return c.Render("views/signup", fiber.Map{
 		"info":            flash.Get(c)["message"],
 		"use_magic_token": viper.GetBool("use_registration_magic_token"),
 		"i18n": fiber.Map{
 			"next":        next,
 			"email":       email,
 			"username":    username,
 			"nickname":    nickname,
 			"password":    password,
 			"magic_token": magicToken,
 			"signin":      signin,
 			"title":       title,
 			"caption":     caption,
 		},
 	}, "views/layouts/auth")
 }
 func signupAction(c *fiber.Ctx) error {
 	var data struct {
 		Name       string `form:"name" validate:"required,lowercase,alphanum,min=4,max=16"`
 		Nick       string `form:"nick" validate:"required,min=4,max=24"`
 		Email      string `form:"email" validate:"required,email"`
 		Password   string `form:"password" validate:"required,min=4,max=32"`
 		MagicToken string `form:"magic_token"`
 	}
 	if err := utils.BindAndValidate(c, &data); err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": err.Error(),
 		}).Redirect("/sign-up")
 	} else if viper.GetBool("use_registration_magic_token") && len(data.MagicToken) <= 0 {
 		return flash.WithInfo(c, fiber.Map{
 			"message": "magic token was required",
 		}).Redirect("/sign-up")
 	} else if viper.GetBool("use_registration_magic_token") {
 		if tk, err := services.ValidateMagicToken(data.MagicToken, models.RegistrationMagicToken); err != nil {
 			return flash.WithInfo(c, fiber.Map{
 				"message": fmt.Sprintf("magic token was invalid: %v", err.Error()),
 			}).Redirect("/sign-up")
 		} else {
 			database.C.Delete(&tk)
 		}
 	}
 	if _, err := services.CreateAccount(
 		data.Name,
 		data.Nick,
 		data.Email,
 		data.Password,
 	); err != nil {
 		return flash.WithInfo(c, fiber.Map{
 			"message": err.Error(),
 		}).Redirect("/sign-up")
 	} else {
 		return flash.WithInfo(c, fiber.Map{
 			"message": "account has been created. now you can sign in!",
 		}).Redirect(lo.FromPtr(utils.GetRedirectUri(c, "/sign-in")))
 	}
 }
--- a/pkg/server/userinfo_api.go
+++ b/pkg/server/userinfo_api.go
@ -12,7 +12,7 @@ func getOtherUserinfo(c *fiber.Ctx) error {
 	var account models.Account
 	if err := database.C.
 		Where(&models.Account{Name: alias}).
-		Omit("tickets", "challenges", "factors", "events", "clients", "notifications", "notify_subscribers").
+		Omit("sessions", "challenges", "factors", "events", "clients", "notifications", "notify_subscribers").
 		Preload("Profile").
 		First(&account).Error; err != nil {
 		return fiber.NewError(fiber.StatusBadRequest, err.Error())
--- a/pkg/utils/request.go
+++ b/pkg/utils/request.go
@ -1,10 +1,8 @@
-package utils
+package server
 import (
 	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
 	"github.com/samber/lo"
 	"github.com/sujit-baniya/flash"
 )
 var validation = validator.New(validator.WithRequiredStructEnabled())
@ -18,15 +16,3 @@ func BindAndValidate(c *fiber.Ctx, out any) error {
 	return nil
 }
 func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string {
 	if len(c.Query("redirect_uri")) > 0 {
 		return lo.ToPtr(c.Query("redirect_uri"))
 	} else if val, ok := flash.Get(c)["redirect_uri"].(*string); ok {
 		return val
 	} else if len(fallback) > 0 {
 		return &fallback[0]
 	} else {
 		return nil
 	}
 }
--- a/pkg/server/well_known_api.go
+++ b/pkg/server/well_known_api.go
@ -21,7 +21,7 @@ func getOidcConfiguration(c *fiber.Ctx) error {
 	return c.JSON(fiber.Map{
 		"issuer":                                           basepath,
-		"authorization_endpoint":                           fmt.Sprintf("%s/authorize", basepath),
+		"authorization_endpoint":                           fmt.Sprintf("%s/auth/o/connect", basepath),
 		"token_endpoint":                                   fmt.Sprintf("%s/api/auth/token", basepath),
 		"userinfo_endpoint":                                fmt.Sprintf("%s/api/users/me", basepath),
 		"response_types_supported":                         []string{"code", "token"},
--- a/pkg/services/accounts.go
+++ b/pkg/services/accounts.go
@ -6,6 +6,7 @@ import (
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/security"
 	"github.com/google/uuid"
 	"github.com/samber/lo"
 	"gorm.io/gorm"
@ -22,14 +23,14 @@ func GetAccount(id uint) (models.Account, error) {
 	return account, nil
 }
-func LookupAccount(probe string) (models.Account, error) {
+func LookupAccount(id string) (models.Account, error) {
 	var account models.Account
-	if err := database.C.Where(models.Account{Name: probe}).First(&account).Error; err == nil {
+	if err := database.C.Where(models.Account{Name: id}).First(&account).Error; err == nil {
 		return account, nil
 	}
 	var contact models.AccountContact
-	if err := database.C.Where(models.AccountContact{Content: probe}).First(&contact).Error; err == nil {
+	if err := database.C.Where(models.AccountContact{Content: id}).First(&contact).Error; err == nil {
 		if err := database.C.
 			Where(models.Account{
 				BaseModel: models.BaseModel{ID: contact.AccountID},
@ -51,7 +52,7 @@ func CreateAccount(name, nick, email, password string) (models.Account, error) {
 		Factors: []models.AuthFactor{
 			{
 				Type:   models.PasswordAuthFactor,
-				Secret: HashPassword(password),
+				Secret: security.HashPassword(password),
 			},
 			{
 				Type:   models.EmailPasswordFactor,
--- a/pkg/services/auth.go
+++ b/pkg/services/auth.go
@ -6,6 +6,7 @@ import (
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"git.solsynth.dev/hydrogen/passport/pkg/security"
 	"github.com/gofiber/fiber/v2"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/rs/zerolog/log"
@ -15,12 +16,12 @@ import (
 const authContextBucket = "AuthContext"
 func Authenticate(access, refresh string, depth int) (user models.Account, newAccess, newRefresh string, err error) {
-	var claims PayloadClaims
+	var claims security.PayloadClaims
-	claims, err = DecodeJwt(access)
+	claims, err = security.DecodeJwt(access)
 	if err != nil {
 		if len(refresh) > 0 && depth < 1 {
 			// Auto refresh and retry
-			newAccess, newRefresh, err = RefreshToken(refresh)
+			newAccess, newRefresh, err = security.RefreshToken(refresh)
 			if err == nil {
 				return Authenticate(newAccess, newRefresh, depth+1)
 			}
@ -73,7 +74,7 @@ func GetAuthContext(jti string) (models.AuthContext, error) {
 	})
 	if err == nil && time.Now().Unix() >= ctx.ExpiredAt.Unix() {
-		_ = RevokeAuthContext(jti)
+		RevokeAuthContext(jti)
 		return ctx, fmt.Errorf("auth context has been expired")
 	}
@ -85,14 +86,14 @@ func GrantAuthContext(jti string) (models.AuthContext, error) {
 	var ctx models.AuthContext
 	// Query data from primary database
-	ticket, err := GetTicketWithToken(jti)
+	session, err := LookupSessionWithToken(jti)
 	if err != nil {
-		return ctx, fmt.Errorf("invalid auth ticket: %v", err)
+		return ctx, fmt.Errorf("invalid auth session: %v", err)
-	} else if err := ticket.IsAvailable(); err != nil {
+	} else if err := session.IsAvailable(); err != nil {
-		return ctx, fmt.Errorf("unavailable auth ticket: %v", err)
+		return ctx, fmt.Errorf("unavailable auth session: %v", err)
 	}
-	user, err := GetAccount(ticket.AccountID)
+	user, err := GetAccount(session.AccountID)
 	if err != nil {
 		return ctx, fmt.Errorf("invalid account: %v", err)
 	}
@ -100,7 +101,7 @@ func GrantAuthContext(jti string) (models.AuthContext, error) {
 	// Every context should expires in some while
 	// Once user update their account info, this will have delay to update
 	ctx = models.AuthContext{
-		Ticket:    ticket,
+		Session:   session,
 		Account:   user,
 		ExpiredAt: time.Now().Add(5 * time.Minute),
 	}
--- a/pkg/services/challanges.go
+++ b/pkg/services/challanges.go
@ -0,0 +1,26 @@
 package services
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 )
 func LookupChallenge(id uint) (models.AuthChallenge, error) {
 	var challenge models.AuthChallenge
 	err := database.C.Where(models.AuthChallenge{
 		BaseModel: models.BaseModel{ID: id},
 	}).First(&challenge).Error
 	return challenge, err
 }
 func LookupChallengeWithFingerprint(id uint, ip string, ua string) (models.AuthChallenge, error) {
 	var challenge models.AuthChallenge
 	err := database.C.Where(models.AuthChallenge{
 		BaseModel: models.BaseModel{ID: id},
 		IpAddress: ip,
 		UserAgent: ua,
 	}).First(&challenge).Error
 	return challenge, err
 }
--- a/pkg/services/factors.go
+++ b/pkg/services/factors.go
@ -2,7 +2,6 @@ package services
 import (
 	"fmt"
 	"github.com/samber/lo"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
@ -25,17 +24,7 @@ Thank you for your cooperation in helping us maintain the security of your accou
 Best regards,
 %s`
-func GetPasswordTypeFactor(userId uint) (models.AuthFactor, error) {
+func LookupFactor(id uint) (models.AuthFactor, error) {
 	var factor models.AuthFactor
 	err := database.C.Where(models.AuthFactor{
 		Type:      models.PasswordAuthFactor,
 		AccountID: userId,
 	}).First(&factor).Error
 	return factor, err
 }
 func GetFactor(id uint) (models.AuthFactor, error) {
 	var factor models.AuthFactor
 	err := database.C.Where(models.AuthFactor{
 		BaseModel: models.BaseModel{ID: id},
@ -44,24 +33,15 @@ func GetFactor(id uint) (models.AuthFactor, error) {
 	return factor, err
 }
-func ListUserFactor(userId uint) ([]models.AuthFactor, error) {
+func LookupFactorsByUser(uid uint) ([]models.AuthFactor, error) {
 	var factors []models.AuthFactor
 	err := database.C.Where(models.AuthFactor{
-		AccountID: userId,
+		AccountID: uid,
 	}).Find(&factors).Error
 	return factors, err
 }
 func CountUserFactor(userId uint) int64 {
 	var count int64
 	database.C.Where(models.AuthFactor{
 		AccountID: userId,
 	}).Model(&models.AuthFactor{}).Count(&count)
 	return count
 }
 func GetFactorCode(factor models.AuthFactor) (bool, error) {
 	switch factor.Type {
 	case models.EmailPasswordFactor:
@ -88,22 +68,3 @@ func GetFactorCode(factor models.AuthFactor) (bool, error) {
 		return false, nil
 	}
 }
 func CheckFactor(factor models.AuthFactor, code string) error {
 	switch factor.Type {
 	case models.PasswordAuthFactor:
 		return lo.Ternary(
 			VerifyPassword(code, factor.Secret),
 			nil,
 			fmt.Errorf("invalid password"),
 		)
 	case models.EmailPasswordFactor:
 		return lo.Ternary(
 			code == factor.Secret,
 			nil,
 			fmt.Errorf("invalid verification code"),
 		)
 	}
 	return nil
 }
--- a/pkg/services/mfa.go
+++ b/pkg/services/mfa.go
@ -1,18 +0,0 @@
 package services
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
 )
 func GetFactorName(w models.AuthFactorType, localizer *i18n.Localizer) string {
 	unknown, _ := localizer.LocalizeMessage(&i18n.Message{ID: "unknown"})
 	mfaEmail, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaFactorEmail"})
 	switch w {
 	case models.EmailPasswordFactor:
 		return mfaEmail
 	default:
 		return unknown
 	}
 }
--- a/pkg/services/ticker_maintainer.go
+++ b/pkg/services/ticker_maintainer.go
@ -1,24 +1,37 @@
 package services
 import (
 	"time"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
 	"go.etcd.io/bbolt"
 	"time"
 )
 func LookupSessionWithToken(tokenId string) (models.AuthSession, error) {
 	var session models.AuthSession
 	if err := database.C.
 		Where(models.AuthSession{AccessToken: tokenId}).
 		Or(models.AuthSession{RefreshToken: tokenId}).
 		First(&session).Error; err != nil {
 		return session, err
 	}
 	return session, nil
 }
 func DoAutoSignoff() {
 	duration := time.Duration(viper.GetInt64("security.auto_signoff_duration")) * time.Second
 	divider := time.Now().Add(-duration)
-	log.Debug().Time("before", divider).Msg("Now signing off tickets...")
+	log.Debug().Time("before", divider).Msg("Now signing off sessions...")
 	if tx := database.C.
 		Where("last_grant_at < ?", divider).
-		Delete(&models.AuthTicket{}); tx.Error != nil {
+		Delete(&models.AuthSession{}); tx.Error != nil {
 		log.Error().Err(tx.Error).Msg("An error occurred when running auto sign off...")
 	} else {
 		log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
--- a/pkg/services/ticket.go
+++ b/pkg/services/ticket.go
@ -1,148 +0,0 @@
 package services
 import (
 	"fmt"
 	"time"
 	"github.com/google/uuid"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/samber/lo"
 )
 func DetectRisk(user models.Account, ip, ua string) bool {
 	var secureFactor int64
 	if err := database.C.Where(models.AuthTicket{
 		AccountID: user.ID,
 		IpAddress: ip,
 	}).Model(models.AuthTicket{}).Count(&secureFactor).Error; err == nil {
 		if secureFactor >= 1 {
 			return false
 		}
 	}
 	return true
 }
 func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
 	var ticket models.AuthTicket
 	if err := database.C.
 		Where("account_id = ? AND expired_at < ? AND available_at IS NULL", time.Now(), user.ID).
 		First(&ticket).Error; err == nil {
 		return ticket, nil
 	}
 	requireMFA := DetectRisk(user, ip, ua)
 	if count := CountUserFactor(user.ID); count <= 1 {
 		requireMFA = false
 	}
 	ticket = models.AuthTicket{
 		Claims:              []string{"*"},
 		Audiences:           []string{"passport"},
 		IpAddress:           ip,
 		UserAgent:           ua,
 		RequireMFA:          requireMFA,
 		RequireAuthenticate: true,
 		ExpiredAt:           nil,
 		AvailableAt:         nil,
 		AccountID:           user.ID,
 	}
 	err := database.C.Save(&ticket).Error
 	return ticket, err
 }
 func NewOauthTicket(
 	user models.Account,
 	client models.ThirdClient,
 	claims, audiences []string,
 	ip, ua string,
 ) (models.AuthTicket, error) {
 	ticket := models.AuthTicket{
 		Claims:       claims,
 		Audiences:    audiences,
 		IpAddress:    ip,
 		UserAgent:    ua,
 		RequireMFA:   DetectRisk(user, ip, ua),
 		GrantToken:   lo.ToPtr(uuid.NewString()),
 		AccessToken:  lo.ToPtr(uuid.NewString()),
 		RefreshToken: lo.ToPtr(uuid.NewString()),
 		AvailableAt:  lo.ToPtr(time.Now()),
 		ExpiredAt:    lo.ToPtr(time.Now()),
 		ClientID:     &client.ID,
 		AccountID:    user.ID,
 	}
 	if err := database.C.Save(&ticket).Error; err != nil {
 		return ticket, err
 	}
 	return ticket, nil
 }
 func ActiveTicketWithPassword(ticket models.AuthTicket, password string) (models.AuthTicket, error) {
 	if ticket.AvailableAt != nil {
 		return ticket, nil
 	} else if !ticket.RequireAuthenticate {
 		return ticket, nil
 	}
 	if factor, err := GetPasswordTypeFactor(ticket.AccountID); err != nil {
 		return ticket, fmt.Errorf("unable to active ticket: %v", err)
 	} else if err = CheckFactor(factor, password); err != nil {
 		return ticket, err
 	}
 	ticket.RequireAuthenticate = false
 	if !ticket.RequireAuthenticate && !ticket.RequireMFA {
 		ticket.AvailableAt = lo.ToPtr(time.Now())
 		ticket.GrantToken = lo.ToPtr(uuid.NewString())
 		ticket.AccessToken = lo.ToPtr(uuid.NewString())
 		ticket.RefreshToken = lo.ToPtr(uuid.NewString())
 	}
 	if err := database.C.Save(&ticket).Error; err != nil {
 		return ticket, err
 	}
 	return ticket, nil
 }
 func ActiveTicketWithMFA(ticket models.AuthTicket, factor models.AuthFactor, code string) (models.AuthTicket, error) {
 	if ticket.AvailableAt != nil {
 		return ticket, nil
 	} else if !ticket.RequireMFA {
 		return ticket, nil
 	}
 	if err := CheckFactor(factor, code); err != nil {
 		return ticket, fmt.Errorf("invalid code: %v", err)
 	}
 	ticket.RequireMFA = false
 	if !ticket.RequireAuthenticate && !ticket.RequireMFA {
 		ticket.AvailableAt = lo.ToPtr(time.Now())
 		ticket.GrantToken = lo.ToPtr(uuid.NewString())
 		ticket.AccessToken = lo.ToPtr(uuid.NewString())
 		ticket.RefreshToken = lo.ToPtr(uuid.NewString())
 	}
 	if err := database.C.Save(&ticket).Error; err != nil {
 		return ticket, err
 	}
 	return ticket, nil
 }
 func RegenSession(ticket models.AuthTicket) (models.AuthTicket, error) {
 	ticket.GrantToken = lo.ToPtr(uuid.NewString())
 	ticket.AccessToken = lo.ToPtr(uuid.NewString())
 	ticket.RefreshToken = lo.ToPtr(uuid.NewString())
 	err := database.C.Save(&ticket).Error
 	return ticket, err
 }
--- a/pkg/services/ticket_queries.go
+++ b/pkg/services/ticket_queries.go
@ -1,29 +0,0 @@
 package services
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 )
 func GetTicket(id uint) (models.AuthTicket, error) {
 	var ticket models.AuthTicket
 	if err := database.C.
 		Where(&models.AuthTicket{BaseModel: models.BaseModel{ID: id}}).
 		First(&ticket).Error; err != nil {
 		return ticket, err
 	}
 	return ticket, nil
 }
 func GetTicketWithToken(tokenId string) (models.AuthTicket, error) {
 	var ticket models.AuthTicket
 	if err := database.C.
 		Where(models.AuthTicket{AccessToken: &tokenId}).
 		Or(models.AuthTicket{RefreshToken: &tokenId}).
 		First(&ticket).Error; err != nil {
 		return ticket, err
 	}
 	return ticket, nil
 }
--- a/pkg/services/ticket_token.go
+++ b/pkg/services/ticket_token.go
@ -1,98 +0,0 @@
 package services
 import (
 	"fmt"
 	"git.solsynth.dev/hydrogen/passport/pkg/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/models"
 	"github.com/samber/lo"
 	"github.com/spf13/viper"
 	"strconv"
 	"time"
 )
 func GetToken(ticket models.AuthTicket) (string, string, error) {
 	var refresh, access string
 	if err := ticket.IsAvailable(); err != nil {
 		return refresh, access, err
 	}
 	if ticket.AccessToken == nil || ticket.RefreshToken == nil {
 		return refresh, access, fmt.Errorf("unable to encode token, access or refresh token id missing")
 	}
 	accessDuration := time.Duration(viper.GetInt64("security.access_token_duration")) * time.Second
 	refreshDuration := time.Duration(viper.GetInt64("security.refresh_token_duration")) * time.Second
 	var err error
 	sub := strconv.Itoa(int(ticket.AccountID))
 	sed := strconv.Itoa(int(ticket.ID))
 	access, err = EncodeJwt(*ticket.AccessToken, JwtAccessType, sub, sed, ticket.Audiences, time.Now().Add(accessDuration))
 	if err != nil {
 		return refresh, access, err
 	}
 	refresh, err = EncodeJwt(*ticket.RefreshToken, JwtRefreshType, sub, sed, ticket.Audiences, time.Now().Add(refreshDuration))
 	if err != nil {
 		return refresh, access, err
 	}
 	ticket.LastGrantAt = lo.ToPtr(time.Now())
 	database.C.Save(&ticket)
 	return access, refresh, nil
 }
 func ExchangeToken(token string) (string, string, error) {
 	var ticket models.AuthTicket
 	if err := database.C.Where(models.AuthTicket{GrantToken: &token}).First(&ticket).Error; err != nil {
 		return "", "", err
 	} else if ticket.LastGrantAt != nil {
 		return "", "", fmt.Errorf("ticket was granted the first token, use refresh token instead")
 	} else if len(ticket.Audiences) > 1 {
 		return "", "", fmt.Errorf("should use authorization code grant type")
 	}
 	return GetToken(ticket)
 }
 func ExchangeOauthToken(clientId, clientSecret, redirectUri, token string) (string, string, error) {
 	var client models.ThirdClient
 	if err := database.C.Where(models.ThirdClient{Alias: clientId}).First(&client).Error; err != nil {
 		return "", "", err
 	} else if client.Secret != clientSecret {
 		return "", "", fmt.Errorf("invalid client secret")
 	} else if !client.IsDraft && !lo.Contains(client.Callbacks, redirectUri) {
 		return "", "", fmt.Errorf("invalid redirect uri")
 	}
 	var ticket models.AuthTicket
 	if err := database.C.Where(models.AuthTicket{GrantToken: &token}).First(&ticket).Error; err != nil {
 		return "", "", err
 	} else if ticket.LastGrantAt != nil {
 		return "", "", fmt.Errorf("ticket was granted the first token, use refresh token instead")
 	}
 	return GetToken(ticket)
 }
 func RefreshToken(token string) (string, string, error) {
 	parseInt := func(str string) int {
 		val, _ := strconv.Atoi(str)
 		return val
 	}
 	var ticket models.AuthTicket
 	if claims, err := DecodeJwt(token); err != nil {
 		return "404", "403", err
 	} else if claims.Type != JwtRefreshType {
 		return "404", "403", fmt.Errorf("invalid token type, expected refresh token")
 	} else if err := database.C.Where(models.AuthTicket{
 		BaseModel: models.BaseModel{ID: uint(parseInt(claims.SessionID))},
 	}).First(&ticket).Error; err != nil {
 		return "404", "403", err
 	}
 	if ticket, err := RegenSession(ticket); err != nil {
 		return "404", "403", err
 	} else {
 		return GetToken(ticket)
 	}
 }
--- a/pkg/views/.eslintrc.cjs
+++ b/pkg/views/.eslintrc.cjs
@ -0,0 +1,15 @@
 /* eslint-env node */
 require("@rushstack/eslint-patch/modern-module-resolution")
 module.exports = {
  root: true,
  extends: [
    "plugin:vue/vue3-essential",
    "eslint:recommended",
    "@vue/eslint-config-typescript",
    "@vue/eslint-config-prettier/skip-formatting",
  ],
  parserOptions: {
    ecmaVersion: "latest",
  },
 }
--- a/pkg/views/.eslintrc.js
+++ b/pkg/views/.eslintrc.js
@ -0,0 +1,6 @@
 module.exports = {
  extends: ["plugin:vue/vue3-recommended"],
  rules: {
    "vue/multi-word-component-names": "off",
  },
 }
--- a/pkg/views/.gitignore
+++ b/pkg/views/.gitignore
@ -0,0 +1,30 @@
 # Logs
 logs
 *.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
 node_modules
 .DS_Store
 dist
 dist-ssr
 coverage
 *.local
 /cypress/videos/
 /cypress/screenshots/
 # Editor directories and files
 .vscode/*
 !.vscode/extensions.json
 .idea
 *.suo
 *.ntvs*
 *.njsproj
 *.sln
 *.sw?
 *.tsbuildinfo
--- a/pkg/views/.prettierrc.json
+++ b/pkg/views/.prettierrc.json
@ -0,0 +1,8 @@
 {
  "$schema": "https://json.schemastore.org/prettierrc",
  "semi": false,
  "tabWidth": 2,
  "singleQuote": false,
  "printWidth": 120,
  "trailingComma": "all"
 }
--- a/pkg/views/.vscode/extensions.json
+++ b/pkg/views/.vscode/extensions.json
@ -0,0 +1,3 @@
 {
  "recommendations": ["Vue.volar", "dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
 }
--- a/pkg/views/README.md
+++ b/pkg/views/README.md
@ -0,0 +1,39 @@
 # views
 This template should help get you started developing with Vue 3 in Vite.
 ## Recommended IDE Setup
 [VSCode](https://code.visualstudio.com/) + [Volar](https://marketplace.visualstudio.com/items?itemName=Vue.volar) (and disable Vetur).
 ## Type Support for `.vue` Imports in TS
 TypeScript cannot handle type information for `.vue` imports by default, so we replace the `tsc` CLI with `vue-tsc` for type checking. In editors, we need [Volar](https://marketplace.visualstudio.com/items?itemName=Vue.volar) to make the TypeScript language service aware of `.vue` types.
 ## Customize configuration
 See [Vite Configuration Reference](https://vitejs.dev/config/).
 ## Project Setup
 ```sh
 npm install
 ```
 ### Compile and Hot-Reload for Development
 ```sh
 npm run dev
 ```
 ### Type-Check, Compile and Minify for Production
 ```sh
 npm run build
 ```
 ### Lint with [ESLint](https://eslint.org/)
 ```sh
 npm run lint
 ```
--- a/pkg/views/authorize.gohtml
+++ b/pkg/views/authorize.gohtml
@ -1,50 +0,0 @@
 <div class="left-part">
    <img class="logo" alt="Logo" src="/favicon.png" width="64" height="64"/>
    <h1 class="title">{{.i18n.title}} {{.client.Name}}</h1>
    <p class="caption">{{.i18n.caption}}</p>
 </div>
 <div class="right-part">
    <div class="responsive-title-gap "></div>
    <form class="action-form" action="{{.action_url}}" method="POST">
        <div>
            <div class="section-title">Description</div>
            <div class="section-body">{{.client.Description}}</div>
        </div>
        <div>
            <div class="section-title">Requested scopes</div>
            <ul class="section-scope">
                {{range $_, $element := .scopes}}
                    <li>
                        <span class="section-mono">{{$element}}</span>
                    </li>
                {{end}}
            </ul>
        </div>
        <div class="action-form-buttons">
            <md-text-button type="button" id="decline-button">{{.i18n.decline}}</md-text-button>
            <md-filled-button type="submit">{{.i18n.approve}}</md-filled-button>
        </div>
    </form>
 </div>
 <style>
    .section-title {
        font-weight: bold;
    }
    .section-mono {
        font-family: "Roboto Mono", monospace;
    }
 </style>
 <script>
    document.getElementById("decline-button").addEventListener("click", () => {
        history.back()
        window.close()
    })
 </script>
--- a/pkg/views/embed.go
+++ b/pkg/views/embed.go
@ -0,0 +1,6 @@
 package views
 import "embed"
 //go:embed all:dist
 var FS embed.FS
--- a/pkg/views/env.d.ts
+++ b/pkg/views/env.d.ts
@ -0,0 +1 @@
 /// <reference types="vite/client" />
--- a/pkg/views/favicon.png
+++ b/pkg/views/favicon.png
--- a/pkg/views/index.gohtml
+++ b/pkg/views/index.gohtml
@ -1,10 +0,0 @@
 <!doctype html>
 <html lang="en">
 {{template "views/partials/header"}}
 <body>
 {{embed}}
 </body>
 </html>
--- a/pkg/views/index.html
+++ b/pkg/views/index.html
@ -0,0 +1,13 @@
 <!doctype html>
 <html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/xml+svg" href="/favicon.png" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Solarpass</title>
  </head>
  <body>
    <div id="app"></div>
    <script type="module" src="/src/main.ts"></script>
  </body>
 </html>
--- a/pkg/views/layouts/auth.gohtml
+++ b/pkg/views/layouts/auth.gohtml
@ -1,127 +0,0 @@
 <!doctype html>
 <html lang="en">
 {{template "views/partials/header"}}
 <body>
 <div class="wrapper-container">
    <div class="wrapper-middleware">
        {{if ne .info nil}}
            <div class="alert">
                <div class="content">{{.info}}</div>
            </div>
        {{end}}
        <div class="wrapper-card">
            {{embed}}
        </div>
    </div>
 </div>
 </body>
 <style>
    .wrapper-container {
        width: 100dvw;
        height: 100dvh;
        display: flex;
        justify-content: center;
        align-items: center;
        background-color: var(--md-sys-color-surface-container);
    }
    .wrapper-middleware {
        width: 100%;
        min-width: 0;
        max-width: min(800px, 100dvw);
        margin: 1rem;
        display: flex;
        flex-direction: column;
        gap: 1rem;
    }
    .wrapper-card {
        transition: all .3s;
        height: auto;
        overflow: auto;
        display: grid;
        grid-template-columns: 1fr;
        justify-content: center;
        border-radius: 28px;
        padding: 56px;
        gap: 0 2rem;
        background-color: var(--md-sys-color-surface);
        color: var(--md-sys-color-on-surface)
    }
    .alert {
        padding: 16px;
        border-radius: 16px;
        background-color: var(--md-sys-color-secondary-container);
        color: var(--md-sys-color-on-secondary-container);
        display: flex;
        gap: 8px;
    }
    .alert .content {
        flex-grow: 1;
        text-transform: capitalize;
    }
    .logo {
        margin-left: -8px;
        margin-bottom: -8px;
        display: block;
    }
    .title {
        margin-block-start: 0.33em;
        margin-block-end: 0.33em;
        font-size: 2.5rem;
    }
    .caption {
        font-size: 1rem;
    }
    .action-form {
        display: flex;
        flex-direction: column;
        gap: 0.8rem 0;
    }
    .action-form-buttons {
        display: flex;
        justify-content: end;
        margin-top: 8px;
        gap: 4px;
    }
    .block-field {
        width: 100%;
    }
    .responsive-hidden {
        display: unset;
    }
    .columns-two {
        display: grid;
        grid-template-columns: 1fr 1fr;
        gap: 1rem;
    }
    @media (min-width: 768px) {
        .wrapper-card {
            grid-template-columns: 1fr 1fr;
        }
        .responsive-title-gap {
            height: calc(56px + 0.44rem);
            display: block;
        }
    }
 </style>
 </html>
--- a/pkg/views/layouts/user-center.gohtml
+++ b/pkg/views/layouts/user-center.gohtml
@ -1,135 +0,0 @@
 <!doctype html>
 <html lang="en">
 {{template "views/partials/header"}}
 <body>
 <div class="wrapper-container">
    <div class="wrapper-middleware">
        {{if ne .info nil}}
            <div class="alert">
                <div class="content">{{.info}}</div>
            </div>
        {{end}}
        <div class="wrapper-card">
            {{embed}}
        </div>
    </div>
 </div>
 </body>
 <style>
    .wrapper-container {
        width: 100dvw;
        min-height: 100dvh;
        display: flex;
        justify-content: center;
        align-items: center;
        overflow: auto;
        scrollbar-width: none;
        background-color: var(--md-sys-color-surface-container);
    }
    .wrapper-container::-webkit-scrollbar, body::-webkit-scrollbar {
        display: none;
        width: 0;
    }
    .wrapper-middleware {
        width: 100%;
        min-width: 0;
        max-width: min(800px, 100dvw);
        margin: 1rem;
        display: flex;
        flex-direction: column;
        gap: 1rem;
    }
    .wrapper-card {
        transition: all .3s;
        height: auto;
        overflow: auto;
        display: grid;
        grid-template-columns: 1fr;
        justify-content: center;
        border-radius: 28px;
        padding: 56px;
        gap: 2rem;
        background-color: var(--md-sys-color-surface);
        color: var(--md-sys-color-on-surface)
    }
    .alert {
        padding: 16px;
        border-radius: 16px;
        background-color: var(--md-sys-color-secondary-container);
        color: var(--md-sys-color-on-secondary-container);
        display: flex;
        gap: 8px;
    }
    .alert .content {
        flex-grow: 1;
        text-transform: capitalize;
    }
    .logo {
        margin-left: -8px;
        margin-bottom: -8px;
        display: block;
    }
    .title {
        margin-block-start: 0.33em;
        margin-block-end: 0.33em;
        font-size: 2.5rem;
    }
    .caption {
        font-size: 1rem;
    }
    .action-form {
        display: flex;
        flex-direction: column;
        gap: 0.8rem 0;
    }
    .action-form-buttons {
        display: flex;
        justify-content: end;
        margin-top: 8px;
        gap: 4px;
    }
    .block-field {
        width: 100%;
    }
    .responsive-hidden {
        display: unset;
    }
    .columns-two {
        display: grid;
        grid-template-columns: 1fr 1fr;
        gap: 1rem;
    }
    @media (min-width: 768px) {
        .wrapper-card {
            grid-template-columns: 1fr 1fr;
        }
        .responsive-title-gap {
            height: calc(56px + 0.44rem);
            display: block;
        }
    }
 </style>
 </html>
--- a/pkg/views/mfa-apply.gohtml
+++ b/pkg/views/mfa-apply.gohtml
@ -1,47 +0,0 @@
 <div class="left-part">
    <img class="logo" alt="Logo" src="/favicon.png" width="64" height="64"/>
    <h1 class="title">{{.i18n.title}}</h1>
    <p class="caption">{{.i18n.caption}}</p>
 </div>
 <div class="right-part">
    <div class="responsive-title-gap"></div>
    <form class="action-form" action="/mfa/apply" method="POST">
        <label>
            <input name="ticket_id" value="{{.ticket_id}}" hidden>
        </label>
        <label>
            <input name="factor_id" value="{{.factor_id}}" hidden>
        </label>
        <div class="factor-label">{{.label}}</div>
        <md-outlined-text-field
                class="block-field"
                name="code"
                type="password"
                autocomplete="off"
                label={{.i18n.password}}
        >
        </md-outlined-text-field>
        <div class="action-form-buttons">
            <md-filled-button type="submit">{{.i18n.next}}</md-filled-button>
        </div>
    </form>
 </div>
 <style>
    .factor-label {
        font-size: 14px;
        text-align: left;
    }
    @media (min-width: 768px) {
        .factor-label {
            text-align: center;
        }
    }
 </style>
--- a/pkg/views/mfa.gohtml
+++ b/pkg/views/mfa.gohtml
@ -1,61 +0,0 @@
 <div class="left-part">
    <img class="logo" alt="Logo" src="/favicon.png" width="64" height="64"/>
    <h1 class="title">{{.i18n.title}}</h1>
    <p class="caption">{{.i18n.caption}}</p>
 </div>
 <div class="right-part">
    <div class="responsive-title-gap"></div>
    <form class="action-form" action="/mfa" method="POST">
        <label>
            <input name="ticket_id" value="{{.ticket_id}}" hidden>
        </label>
        {{if ne .redirect_uri nil}}
            <label>
                <input name="redirect_uri" value="{{.redirect_uri}}" hidden>
            </label>
        {{end}}
        <div class="block-field factor-list" role="radiogroup">
            {{range $_, $element := .factors}}
                <div class="factor-label">
                    <md-radio
                            aria-label="{{$element.name}}"
                            id="factor-{{$element.id}}"
                            value="{{$element.id}}"
                            touch-target="wrapper"
                            name="factor_id"
                    >
                    </md-radio>
                    <label for="factor-{{$element.id}}">{{$element.name}}</label>
                </div>
            {{end}}
        </div>
        <div class="action-form-buttons">
            <md-filled-button type="submit">{{.i18n.next}}</md-filled-button>
        </div>
    </form>
 </div>
 <style>
    .factor-list {
        display: flex;
        flex-direction: column;
    }
    .factor-label {
        display: flex;
        align-items: center;
    }
    .factor-label label {
        display: inline-flex;
        place-items: center;
        gap: 8px;
        font-family: Roboto, system-ui;
        color: var(--md-sys-color-on-background);
    }
 </style>
--- a/pkg/views/package.json
+++ b/pkg/views/package.json
@ -0,0 +1,45 @@
 {
  "name": "@hydrogen/passport",
  "version": "1.0.0",
  "type": "module",
  "scripts": {
    "dev": "vite",
    "build": "run-p type-check \"build-only {@}\" --",
    "preview": "vite preview",
    "build-only": "vite build",
    "type-check": "vue-tsc --build --force",
    "lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs,.ts,.tsx,.cts,.mts --fix --ignore-path .gitignore",
    "format": "prettier --write src/"
  },
  "dependencies": {
    "@fontsource/roboto": "^5.0.12",
    "@mdi/font": "^7.4.47",
    "@unocss/reset": "^0.58.5",
    "dompurify": "^3.0.10",
    "marked": "^12.0.1",
    "pinia": "^2.1.7",
    "universal-cookie": "^7.1.0",
    "unocss": "^0.58.5",
    "vue": "^3.4.21",
    "vue-router": "^4.3.0",
    "vuetify": "^3.5.8"
  },
  "devDependencies": {
    "@rushstack/eslint-patch": "^1.3.3",
    "@tsconfig/node20": "^20.1.2",
    "@types/dompurify": "^3.0.5",
    "@types/node": "^20.11.25",
    "@vitejs/plugin-vue": "^5.0.4",
    "@vitejs/plugin-vue-jsx": "^3.1.0",
    "@vue/eslint-config-prettier": "^8.0.0",
    "@vue/eslint-config-typescript": "^12.0.0",
    "@vue/tsconfig": "^0.5.1",
    "eslint": "^8.49.0",
    "eslint-plugin-vue": "^9.17.0",
    "npm-run-all2": "^6.1.2",
    "prettier": "^3.0.3",
    "typescript": "~5.4.0",
    "vite": "^5.1.5",
    "vue-tsc": "^2.0.6"
  }
 }
--- a/pkg/views/partials/header.gohtml
+++ b/pkg/views/partials/header.gohtml
@ -1,88 +0,0 @@
 <head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <link rel="icon" type="image/png" href="favicon.png">
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap" rel="stylesheet">
    <link
            href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200"
            rel="stylesheet"
    />
    <script type="importmap">
        {
          "imports": {
            "@material/web/": "https://esm.run/@material/web/"
          }
        }
    </script>
    <script type="module">
        import "@material/web/all.js";
        import {styles as typescaleStyles} from "@material/web/typography/md-typescale-styles.js";
        document.adoptedStyleSheets.push(typescaleStyles.styleSheet);
    </script>
    <title>Solarpass</title>
    <style>
        :root, :host {
            --md-sys-color-background: #fbf8ff;
            --md-sys-color-on-background: #1b1b20;
            --md-sys-color-surface: #fbf8ff;
            --md-sys-color-surface-dim: #dcd9df;
            --md-sys-color-surface-bright: #fbf8ff;
            --md-sys-color-surface-container-lowest: #ffffff;
            --md-sys-color-surface-container-low: #f6f2f9;
            --md-sys-color-surface-container: #f0edf3;
            --md-sys-color-surface-container-high: #eae7ed;
            --md-sys-color-surface-container-highest: #e4e1e8;
            --md-sys-color-on-surface: #1b1b20;
            --md-sys-color-surface-variant: #e3e1ee;
            --md-sys-color-on-surface-variant: #464650;
            --md-sys-color-inverse-surface: #303035;
            --md-sys-color-inverse-on-surface: #f3eff6;
            --md-sys-color-outline: #777681;
            --md-sys-color-outline-variant: #c7c5d2;
            --md-sys-color-shadow: #000000;
            --md-sys-color-scrim: #000000;
            --md-sys-color-surface-tint: #53589d;
            --md-sys-color-primary: #373c7e;
            --md-sys-color-on-primary: #ffffff;
            --md-sys-color-primary-container: #5b60a5;
            --md-sys-color-on-primary-container: #ffffff;
            --md-sys-color-inverse-primary: #bec2ff;
            --md-sys-color-secondary: #5b5c79;
            --md-sys-color-on-secondary: #ffffff;
            --md-sys-color-secondary-container: #e2e1ff;
            --md-sys-color-on-secondary-container: #454662;
            --md-sys-color-tertiary: #662d5e;
            --md-sys-color-on-tertiary: #ffffff;
            --md-sys-color-tertiary-container: #8e5084;
            --md-sys-color-on-tertiary-container: #ffffff;
            --md-sys-color-error: #ba1a1a;
            --md-sys-color-on-error: #ffffff;
            --md-sys-color-error-container: #ffdad6;
            --md-sys-color-on-error-container: #410002;
        }
         .material-symbols-outlined {
             font-variation-settings:
                     'FILL' 0,
                     'wght' 400,
                     'GRAD' 0,
                     'opsz' 24
         }
        html, body {
            padding: 0;
            margin: 0;
        }
    </style>
 </head>
--- a/pkg/views/public/favicon.png
+++ b/pkg/views/public/favicon.png
--- a/pkg/views/signin.gohtml
+++ b/pkg/views/signin.gohtml
@ -1,35 +0,0 @@
 <div class="left-part">
    <img class="logo" alt="Logo" src="/favicon.png" width="64" height="64"/>
    <h1 class="title">{{.i18n.title}}</h1>
    <p class="caption">{{.i18n.caption}}</p>
 </div>
 <div class="right-part">
    <div class="responsive-title-gap"></div>
    <form class="action-form" action="/sign-in" method="POST">
        <md-outlined-text-field
                class="block-field"
                name="username"
                type="text"
                autocomplete="username"
                label={{.i18n.username}}
        >
        </md-outlined-text-field>
        <md-outlined-text-field
                class="block-field"
                name="password"
                type="password"
                autocomplete="password"
                label={{.i18n.password}}
        >
        </md-outlined-text-field>
        <div class="action-form-buttons">
            <md-text-button type="button" href="/sign-up">{{.i18n.signup}}</md-text-button>
            <md-filled-button type="submit">{{.i18n.next}}</md-filled-button>
        </div>
    </form>
 </div>
--- a/pkg/views/signup.gohtml
+++ b/pkg/views/signup.gohtml
@ -1,67 +0,0 @@
 <div class="left-part">
    <img class="logo" alt="Logo" src="/favicon.png" width="64" height="64"/>
    <h1 class="title">{{.i18n.title}}</h1>
    <p class="caption">{{.i18n.caption}}</p>
 </div>
 <div class="right-part">
    <div class="responsive-title-gap"></div>
    <form class="action-form" action="/sign-up" method="POST">
        <div class="columns-two">
            <md-outlined-text-field
                    class="block-field"
                    name="name"
                    type="text"
                    autocomplete="username"
                    label={{.i18n.username}}
            >
            </md-outlined-text-field>
            <md-outlined-text-field
                    class="block-field"
                    name="nick"
                    type="text"
                    autocomplete="nickname"
                    label={{.i18n.nickname}}
            >
            </md-outlined-text-field>
        </div>
        <md-outlined-text-field
                class="block-field"
                name="email"
                type="email"
                autocomplete="email"
                label={{.i18n.email}}
        >
        </md-outlined-text-field>
        <md-outlined-text-field
                class="block-field"
                name="password"
                type="password"
                autocomplete="new-password"
                label={{.i18n.password}}
        >
        </md-outlined-text-field>
        {{if eq .use_magic_token true}}
            <md-outlined-text-field
                    class="block-field"
                    name="magic_token"
                    type="password"
                    autocomplete="off"
                    label={{.i18n.magic_token}}
            >
            </md-outlined-text-field>
        {{end}}
        <div class="action-form-buttons">
            <md-text-button type="button" href="/sign-in">{{.i18n.signin}}</md-text-button>
            <md-filled-button type="submit">{{.i18n.next}}</md-filled-button>
        </div>
    </form>
 </div>
--- a/pkg/views/src/assets/utils.css
+++ b/pkg/views/src/assets/utils.css
@ -0,0 +1,14 @@
 html,
 body,
 #app,
 .v-application {
  font-family: "Roboto Sans", ui-sans-serif, system-ui, sans-serif;
 }
 .no-scrollbar {
  scrollbar-width: none;
 }
 .no-scrollbar::-webkit-scrollbar {
  width: 0;
 }
--- a/pkg/views/src/components/Copyright.vue
+++ b/pkg/views/src/components/Copyright.vue
@ -0,0 +1,6 @@
 <template>
  <div class="text-xs text-center opacity-80">
    <p>Copyright © {{ new Date().getFullYear() }} Solsynth</p>
    <p>Powered by <a class="underline" href="#">Hydrogen.Identity</a></p>
  </div>
 </template>
--- a/pkg/views/src/components/NotificationList.vue
+++ b/pkg/views/src/components/NotificationList.vue
@ -0,0 +1,70 @@
 <template>
  <v-menu eager :close-on-content-click="false">
    <template #activator="{ props }">
      <v-btn v-bind="props" icon size="small" variant="text" :loading="loading">
        <v-badge v-if="notify.total > 0" color="error" :content="notify.total">
          <v-icon icon="mdi-bell" />
        </v-badge>
        <v-icon v-else icon="mdi-bell" />
      </v-btn>
    </template>
    <v-list v-if="notify.notifications.length <= 0" class="w-[380px]" density="compact">
      <v-list-item>
        <v-alert class="text-sm" variant="tonal" type="info">You are done! There is no unread notifications for you.</v-alert>
      </v-list-item>
    </v-list>
    <v-list v-else class="w-[380px]" density="compact" lines="three">
      <v-list-item v-for="(item, idx) in notify.notifications">
        <template #title>{{ item.subject }}</template>
        <template #subtitle>{{ item.content }}</template>
        <template #append>
          <v-btn icon="mdi-check" size="x-small" variant="text" :disabled="loading" @click="markAsRead(item, idx)" />
        </template>
        <div class="flex text-xs gap-1">
          <a v-for="link in item.links" class="mt-1 underline" target="_blank" :href="link.url">{{ link.label }}</a>
        </div>
      </v-list-item>
    </v-list>
  </v-menu>
  <!-- @vue-ignore -->
  <v-snackbar v-model="error" :timeout="5000">Something went wrong... {{ error }}</v-snackbar>
 </template>
 <script setup lang="ts">
 import { request } from "@/scripts/request"
 import { getAtk } from "@/stores/userinfo"
 import { computed, onMounted, onUnmounted, ref } from "vue";
 import { useNotifications } from "@/stores/notifications";
 const notify = useNotifications()
 const error = ref<string | null>(null)
 const submitting = ref(false)
 const loading = computed(() => notify.loading || submitting.value)
 async function markAsRead(item: any, idx: number) {
  submitting.value = true
  const res = await request(`/api/notifications/${item.id}/read`, {
    method: "PUT",
    headers: { Authorization: `Bearer ${getAtk()}` },
  })
  if (res.status !== 200) {
    error.value = await res.text()
  } else {
    notify.remove(idx)
    error.value = null
  }
  submitting.value = false
 }
 notify.list()
 onMounted(() => notify.connect())
 onUnmounted(() => notify.disconnect())
 </script>
--- a/pkg/views/src/components/UserMenu.vue
+++ b/pkg/views/src/components/UserMenu.vue
@ -0,0 +1,43 @@
 <template>
  <v-menu>
    <template #activator="{ props }">
      <v-btn flat exact v-bind="props" icon>
        <v-avatar color="transparent" icon="mdi-account-circle" :image="'/api/avatar/' + id.userinfo.data?.avatar" />
      </v-btn>
    </template>
    <v-list density="compact" v-if="!id.userinfo.isLoggedIn">
      <v-list-item title="Sign in" prepend-icon="mdi-login-variant" :to="{ name: 'auth.sign-in' }" />
      <v-list-item title="Create account" prepend-icon="mdi-account-plus" :to="{ name: 'auth.sign-up' }" />
    </v-list>
    <v-list density="compact" v-else>
      <v-list-item :title="nickname" :subtitle="username" />
      <v-divider class="border-opacity-50 my-2" />
      <v-list-item title="User Center" prepend-icon="mdi-account-supervisor" exact :to="{ name: 'dashboard' }" />
    </v-list>
  </v-menu>
 </template>
 <script setup lang="ts">
 import { useUserinfo } from "@/stores/userinfo"
 import { computed } from "vue"
 const id = useUserinfo()
 const username = computed(() => {
  if (id.userinfo.isLoggedIn) {
    return "@" + id.userinfo.data?.name
  } else {
    return "@vistor"
  }
 })
 const nickname = computed(() => {
  if (id.userinfo.isLoggedIn) {
    return id.userinfo.data?.nick
  } else {
    return "Anonymous"
  }
 })
 </script>
--- a/pkg/views/src/components/auth/AccountLocator.vue
+++ b/pkg/views/src/components/auth/AccountLocator.vue
@ -0,0 +1,61 @@
 <template>
  <div class="flex items-center">
    <v-form class="flex-grow-1" @submit.prevent="submit">
      <v-text-field label="Account ID" variant="solo" density="comfortable" :disabled="props.loading" v-model="probe" />
      <v-expand-transition>
        <v-alert v-show="error" variant="tonal" type="error" class="text-xs mb-3">
          Something went wrong... {{ error }}
        </v-alert>
      </v-expand-transition>
      <div class="flex justify-between">
        <v-btn type="button" variant="plain" color="grey-darken-3" :to="{ name: 'auth.sign-up' }">Sign up</v-btn>
        <v-btn
          type="submit"
          variant="text"
          color="primary"
          class="justify-self-end"
          append-icon="mdi-arrow-right"
          :disabled="props.loading"
        >
          Next
        </v-btn>
      </div>
    </v-form>
  </div>
 </template>
 <script setup lang="ts">
 import { ref } from "vue"
 import { request } from "@/scripts/request"
 const probe = ref("")
 const error = ref<string | null>(null)
 const props = defineProps<{ loading?: boolean }>()
 const emits = defineEmits(["swap", "update:loading", "update:factors", "update:challenge"])
 async function submit() {
  if (!probe) return
  emits("update:loading", true)
  const res = await request("/api/auth", {
    method: "PUT",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ id: probe.value }),
  })
  if (res.status !== 200) {
    error.value = await res.text()
  } else {
    const data = await res.json()
    emits("update:factors", data["factors"])
    emits("update:challenge", data["challenge"])
    emits("swap", "pick")
    error.value = null
  }
  emits("update:loading", false)
 }
 </script>
--- a/pkg/views/src/components/auth/CallbackNotify.vue
+++ b/pkg/views/src/components/auth/CallbackNotify.vue
@ -0,0 +1,16 @@
 <template>
  <div class="w-full max-w-[720px]">
    <v-expand-transition>
      <v-alert v-show="route.query['redirect_uri']" variant="tonal" type="info" class="text-xs">
        You need to sign in before access that page. After you signed in, we will redirect you to: <br />
        <span class="font-mono">{{ route.query["redirect_uri"] }}</span>
      </v-alert>
    </v-expand-transition>
  </div>
 </template>
 <script setup lang="ts">
 import { useRoute } from "vue-router"
 const route = useRoute()
 </script>
--- a/pkg/views/src/components/auth/FactorApplicator.vue
+++ b/pkg/views/src/components/auth/FactorApplicator.vue
@ -0,0 +1,129 @@
 <template>
  <div class="flex items-center">
    <v-form class="flex-grow-1" @submit.prevent="submit">
      <div v-if="inputType === 'one-time-password'" class="text-center">
        <p class="text-xs opacity-90">Check your inbox!</p>
        <v-otp-input
          class="pt-0"
          variant="solo"
          density="compact"
          type="text"
          :length="6"
          v-model="password"
          :loading="loading"
        />
      </div>
      <v-text-field
        v-else
        label="Password"
        type="password"
        variant="solo"
        density="comfortable"
        :disabled="loading"
        v-model="password"
      />
      <v-expand-transition>
        <v-alert v-show="error" variant="tonal" type="error" class="text-xs mb-3">
          Something went wrong... {{ error }}
        </v-alert>
      </v-expand-transition>
      <div class="flex justify-end">
        <v-btn
          type="submit"
          variant="text"
          color="primary"
          class="justify-self-end"
          append-icon="mdi-arrow-right"
          :disabled="loading"
        >
          Next
        </v-btn>
      </div>
    </v-form>
  </div>
 </template>
 <script setup lang="ts">
 import { request } from "@/scripts/request"
 import { useUserinfo } from "@/stores/userinfo"
 import { computed, ref } from "vue"
 import { useRoute, useRouter } from "vue-router"
 const password = ref("")
 const error = ref<string | null>(null)
 const props = defineProps<{ loading?: boolean; currentFactor?: any; challenge?: any }>()
 const emits = defineEmits(["swap", "update:challenge"])
 const route = useRoute()
 const router = useRouter()
 const { readProfiles } = useUserinfo()
 async function submit() {
  const res = await request(`/api/auth`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({
      challenge_id: props.challenge?.id,
      factor_id: props.currentFactor?.id,
      secret: password.value,
    }),
  })
  if (res.status !== 200) {
    error.value = await res.text()
  } else {
    const data = await res.json()
    if (data["is_finished"]) {
      await getToken(data["session"]["grant_token"])
      await readProfiles()
      callback()
    } else {
      emits("swap", "pick")
      emits("update:challenge", data["challenge"])
      error.value = null
      password.value = ""
    }
  }
 }
 async function getToken(tk: string) {
  const res = await request("/api/auth/token", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({
      code: tk,
      grant_type: "grant_token",
    }),
  })
  if (res.status !== 200) {
    const err = await res.text()
    error.value = err
    throw new Error(err)
  } else {
    error.value = null
  }
 }
 function callback() {
  if (route.query["closable"]) {
    window.close()
  } else if (route.query["redirect_uri"]) {
    window.open((route.query["redirect_uri"] as string) ?? "/", "_self")
  } else {
    router.push({ name: "dashboard" })
  }
 }
 const inputType = computed(() => {
  switch (props.currentFactor?.type) {
    case 0:
      return "text"
    case 1:
      return "one-time-password"
  }
 })
 </script>
--- a/pkg/views/src/components/auth/FactorPicker.vue
+++ b/pkg/views/src/components/auth/FactorPicker.vue
@ -0,0 +1,75 @@
 <template>
  <div class="flex items-center">
    <div class="flex-grow-1">
      <v-card class="mb-3">
        <v-list density="compact" color="primary">
          <v-list-item
            v-for="item in props.factors ?? []"
            :prepend-icon="getFactorType(item)?.icon"
            :title="getFactorType(item)?.label"
            :active="focus === item.id"
            :disabled="getFactorAvailable(item)"
            @click="focus = item.id"
          />
        </v-list>
      </v-card>
      <v-expand-transition>
        <v-alert v-show="error" variant="tonal" type="error" class="text-xs mb-3">
          Something went wrong... {{ error }}
        </v-alert>
      </v-expand-transition>
      <div class="flex justify-end">
        <v-btn variant="text" color="primary" class="justify-self-end" append-icon="mdi-arrow-right" @click="submit">
          Next
        </v-btn>
      </div>
    </div>
  </div>
 </template>
 <script setup lang="ts">
 import { ref } from "vue"
 import { request } from "@/scripts/request"
 const focus = ref<number | null>(null)
 const error = ref<string | null>(null)
 const props = defineProps<{ factors?: any[]; challenge?: any }>()
 const emits = defineEmits(["swap", "update:loading", "update:currentFactor"])
 async function submit() {
  if (!focus) return
  emits("update:loading", true)
  const res = await request(`/api/auth/factors/${focus.value}`, {
    method: "POST",
  })
  if (res.status !== 200 && res.status !== 204) {
    error.value = await res.text()
  } else {
    const item = props.factors?.find((item: any) => item.id === focus.value)
    emits("update:currentFactor", item)
    emits("swap", "applicator")
    error.value = null
    focus.value = null
  }
  emits("update:loading", false)
 }
 function getFactorType(item: any) {
  switch (item.type) {
    case 0:
      return { icon: "mdi-form-textbox-password", label: "Password Validation" }
    case 1:
      return { icon: "mdi-email-fast", label: "Email One Time Password" }
  }
 }
 function getFactorAvailable(factor: any) {
  const blacklist: number[] = props.challenge?.blacklist_factors ?? []
  return blacklist.includes(factor.id)
 }
 </script>
--- a/pkg/views/src/index.vue
+++ b/pkg/views/src/index.vue
@ -0,0 +1,5 @@
 <template>
  <v-app>
    <router-view />
  </v-app>
 </template>
--- a/pkg/views/src/layouts/master.vue
+++ b/pkg/views/src/layouts/master.vue
@ -0,0 +1,46 @@
 <template>
  <v-app-bar height="64" color="primary" scroll-behavior="elevate" flat>
    <div class="max-md:px-5 md:px-12 flex flex-grow-1 items-center">
      <router-link :to="{ name: 'dashboard' }" class="flex gap-1">
        <img src="/favicon.png" width="27" height="24" class="icon-filter" />
        <h2 class="ml-2 text-lg font-500">Solarpass</h2>
      </router-link>
      <v-spacer />
      <div class="me-2">
        <notification-list />
      </div>
      <div>
        <user-menu />
      </div>
    </div>
  </v-app-bar>
  <v-main>
    <router-view />
  </v-main>
 </template>
 <script setup lang="ts">
 import { useUserinfo } from "@/stores/userinfo"
 import NotificationList from "@/components/NotificationList.vue"
 import UserMenu from "@/components/UserMenu.vue"
 const id = useUserinfo()
 id.readProfiles()
 </script>
 <style scoped>
 .editor-fab {
  position: fixed !important;
  bottom: 16px;
  right: 20px;
 }
 .icon-filter {
  filter: invert(100%) sepia(100%) saturate(14%) hue-rotate(212deg) brightness(104%) contrast(104%);
 }
 </style>
--- a/pkg/views/src/layouts/user-center.vue
+++ b/pkg/views/src/layouts/user-center.vue
@ -0,0 +1,22 @@
 <template>
  <v-container class="pt-6 px-6">
    <v-row>
      <v-col :cols="12" :xs="12" :sm="12" :md="4" :lg="3">
        <v-card title="Navigation">
          <v-list density="comfortable">
            <v-list-item title="Dashboard" prepend-icon="mdi-view-dashboard" :to="{ name: 'dashboard' }" exact />
            <v-list-item title="Personalize" prepend-icon="mdi-card-bulleted-outline" :to="{ name: 'personalize' }" />
            <v-list-item title="Personal Page" prepend-icon="mdi-sitemap" :to="{ name: 'personal-page' }" />
            <v-list-item title="Security" prepend-icon="mdi-security" :to="{ name: 'security' }" />
          </v-list>
        </v-card>
      </v-col>
      <v-col :cols="12" :xs="12" :sm="12" :md="8" :lg="9">
        <router-view />
      </v-col>
    </v-row>
  </v-container>
 </template>
 <script setup lang="ts">
 </script>
--- a/pkg/views/src/main.ts
+++ b/pkg/views/src/main.ts
@ -0,0 +1,54 @@
 import "virtual:uno.css"
 import "./assets/utils.css"
 import { createApp } from "vue"
 import { createPinia } from "pinia"
 import "vuetify/styles"
 import { createVuetify } from "vuetify"
 import { md3 } from "vuetify/blueprints"
 import * as components from "vuetify/components"
 import * as labsComponents from "vuetify/labs/components"
 import * as directives from "vuetify/directives"
 import "@mdi/font/css/materialdesignicons.min.css"
 import "@fontsource/roboto/latin.css"
 import "@unocss/reset/tailwind.css"
 import index from "./index.vue"
 import router from "./router"
 const app = createApp(index)
 app.use(
  createVuetify({
    directives,
    components: {
      ...components,
      ...labsComponents,
    },
    blueprint: md3,
    theme: {
      defaultTheme: "original",
      themes: {
        original: {
          colors: {
            primary: "#4a5099",
            secondary: "#2196f3",
            accent: "#009688",
            error: "#f44336",
            warning: "#ff9800",
            info: "#03a9f4",
            success: "#4caf50",
          },
        },
      },
    },
  }),
 )
 app.use(createPinia())
 app.use(router)
 app.mount("#app")
--- a/pkg/views/src/router/index.ts
+++ b/pkg/views/src/router/index.ts
@ -0,0 +1,96 @@
 import { createRouter, createWebHistory } from "vue-router"
 import { useUserinfo } from "@/stores/userinfo"
 import MasterLayout from "@/layouts/master.vue"
 import UserCenterLayout from "@/layouts/user-center.vue"
 const router = createRouter({
  history: createWebHistory(import.meta.env.BASE_URL),
  routes: [
    {
      path: "/",
      component: MasterLayout,
      children: [
        {
          path: "/",
          component: UserCenterLayout,
          children: [
            {
              path: "/",
              name: "dashboard",
              component: () => import("@/views/dashboard.vue"),
              meta: { title: "Your account" },
            },
            {
              path: "/me/personalize",
              name: "personalize",
              component: () => import("@/views/personalize.vue"),
              meta: { title: "Your personality" },
            },
            {
              path: "/me/personal-page",
              name: "personal-page",
              component: () => import("@/views/personal-page.vue"),
              meta: { title: "Your personal page" },
            },
            {
              path: "/me/security",
              name: "security",
              component: () => import("@/views/security.vue"),
              meta: { title: "Your security" },
            },
          ],
        },
      ],
    },
    {
      path: "/auth",
      children: [
        {
          path: "sign-in",
          name: "auth.sign-in",
          component: () => import("@/views/auth/sign-in.vue"),
          meta: { public: true, title: "Sign in" },
        },
        {
          path: "sign-up",
          name: "auth.sign-up",
          component: () => import("@/views/auth/sign-up.vue"),
          meta: { public: true, title: "Sign up" },
        },
        {
          path: "o/connect",
          name: "openid.connect",
          component: () => import("@/views/auth/connect.vue"),
        },
        {
          path: "/me/confirm",
          name: "callback.confirm",
          component: () => import("@/views/confirm.vue"),
          meta: { public: true, title: "Confirm registration" },
        },
      ],
    },
  ],
 })
 router.beforeEach(async (to, from, next) => {
  const id = useUserinfo()
  if (!id.isReady) {
    await id.readProfiles()
  }
  if (to.meta.title) {
    document.title = `Solarpass | ${to.meta.title}`
  } else {
    document.title = "Solarpass"
  }
  if (!to.meta.public && !id.userinfo.isLoggedIn) {
    next({ name: "auth.sign-in", query: { redirect_uri: to.fullPath } })
  } else {
    next()
  }
 })
 export default router
--- a/pkg/views/src/scripts/request.ts
+++ b/pkg/views/src/scripts/request.ts
@ -0,0 +1,10 @@
 declare global {
  interface Window {
    __LAUNCHPAD_TARGET__?: string
  }
 }
 export async function request(input: string, init?: RequestInit) {
  const prefix = window.__LAUNCHPAD_TARGET__ ?? ""
  return await fetch(prefix + input, init)
 }
--- a/Show More
+++ b/Show More
		`@ -1,2 +0,0 @@`
			`#n:public`
			`!<md> [6267, 0, null, null, -2147483648, -2147483648]`
`@ -1,4 +1,4 @@`
	`package services`	`package security`

	`import "golang.org/x/crypto/bcrypt"`	`import "golang.org/x/crypto/bcrypt"`