From d620d04c97895db074cf75a89cfe56c1fe291d03 Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 13:46:37 -0400
Subject: [PATCH 01/34] fix session last_seen code

---
 src/sessions.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sessions.js b/src/sessions.js
index d743323..42a5693 100644
--- a/src/sessions.js
+++ b/src/sessions.js
@@ -7,7 +7,7 @@ const SESSION_CREATE =
   "INSERT INTO sessions (`id`, `user_id`, `login`, `last_seen`, `expiration`) VALUES (?, ?, NOW(), NOW(), NOW() + INTERVAL 5 DAY)";
 const SESSION_DESTROY = "DELETE FROM sessions WHERE `id` = ?";
 const SESSION_UPDATE =
-  "UPDATE sessions SET `expiration` = NOW() + INTERVAL 5 DAY WHERE `id` = ?";
+  "UPDATE sessions SET `last_seen` = NOW(), `expiration` = NOW() + INTERVAL 5 DAY WHERE `id` = ?";
 const SESSION_GET = "SELECT * FROM sessions WHERE id = ?";
 const SESSION_EXPIRED_DELETE = "DELETE FROM sessions WHERE expiration < NOW()";
 

From 8316c55ac26a426186dccf1deebdb600bf65cd9c Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 13:47:11 -0400
Subject: [PATCH 02/34] update changelog

---
 public/help.html | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/help.html b/public/help.html
index 882741d..756e872 100644
--- a/public/help.html
+++ b/public/help.html
@@ -63,6 +63,10 @@ <h1>Fullsend</h1>
         <div class="row mt-5">
             <div class="col">
                 <h2>Changelog</h2><br>
+                <h3>v1.7.1</h3>
+                <p>
+                    Fixes session <code>last_seen</code> code
+                </p>
                 <h3>v1.7.0</h3>
                 <p>
                     Refactors SMS code to handle upcoming API deprecation

From a484b7dec7bc6a55eca3e9fa8cd7d84fd784b461 Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 13:47:18 -0400
Subject: [PATCH 03/34] 1.7.1

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c9bcbb7..d559a36 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "fullsend",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "fullsend",
-      "version": "1.7.0",
+      "version": "1.7.1",
       "license": "MIT",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index f3869a8..41b3f01 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fullsend",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "description": "Fullsend allows allowed users to send bulk text messages to groups of recipients",
   "main": "server.js",
   "scripts": {

From 506b7a39c867391fba60632b4771d9784d927acb Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 13:47:44 -0400
Subject: [PATCH 04/34] 1.7.2

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d559a36..7746e60 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "fullsend",
-  "version": "1.7.1",
+  "version": "1.7.2",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "fullsend",
-      "version": "1.7.1",
+      "version": "1.7.2",
       "license": "MIT",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index 41b3f01..68471cb 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fullsend",
-  "version": "1.7.1",
+  "version": "1.7.2",
   "description": "Fullsend allows allowed users to send bulk text messages to groups of recipients",
   "main": "server.js",
   "scripts": {

From 8817cf3a40f6ba5bacdebfd942912ab3c2cfdcef Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 13:48:56 -0400
Subject: [PATCH 05/34] trying to fix versioning

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7746e60..c9bcbb7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "fullsend",
-  "version": "1.7.2",
+  "version": "1.7.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "fullsend",
-      "version": "1.7.2",
+      "version": "1.7.0",
       "license": "MIT",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index 68471cb..f3869a8 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fullsend",
-  "version": "1.7.2",
+  "version": "1.7.0",
   "description": "Fullsend allows allowed users to send bulk text messages to groups of recipients",
   "main": "server.js",
   "scripts": {

From 71bff33fa12a70be7bd92c94c0a3b2f6411ba283 Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 13:49:00 -0400
Subject: [PATCH 06/34] 1.7.1

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c9bcbb7..d559a36 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "fullsend",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "fullsend",
-      "version": "1.7.0",
+      "version": "1.7.1",
       "license": "MIT",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index f3869a8..41b3f01 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fullsend",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "description": "Fullsend allows allowed users to send bulk text messages to groups of recipients",
   "main": "server.js",
   "scripts": {

From 98a6a288c9862766241b708077030c9920c77fad Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 14:15:49 -0400
Subject: [PATCH 07/34] try to fix session logout code

---
 package-lock.json | 1243 +++++++++++++++++++++++++++++----------------
 package.json      |    4 +-
 public/js/main.js |    8 +-
 3 files changed, 803 insertions(+), 452 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d559a36..34d4ef8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,9 +14,9 @@
         "dotenv": "^16.0.1",
         "express": "^4.18.1",
         "mariadb": "^3.0.0",
-        "nodemon": "^2.0.20",
+        "nodemon": "^3.1.10",
         "path": "^0.12.7",
-        "twilio": "^3.79.0"
+        "twilio": "^5.10.3"
       }
     },
     "node_modules/@alloc/quick-lru": {
@@ -106,17 +106,21 @@
       "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
       "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
     },
-    "node_modules/asap": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
-      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA=="
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
+      "license": "MIT"
     },
     "node_modules/axios": {
-      "version": "0.26.1",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-0.26.1.tgz",
-      "integrity": "sha512-fPwcX4EvnSHuInCMItEhAGnaSEXRBjtzh9fOtsE6E1G6p7vl7edEeZe11QHf18+6+9gR5PbKV/sGKNaD8YaMeA==",
+      "version": "1.12.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
+      "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
+      "license": "MIT",
       "dependencies": {
-        "follow-redirects": "^1.14.8"
+        "follow-redirects": "^1.15.6",
+        "form-data": "^4.0.4",
+        "proxy-from-env": "^1.1.0"
       }
     },
     "node_modules/balanced-match": {
@@ -138,20 +142,21 @@
       }
     },
     "node_modules/body-parser": {
-      "version": "1.20.0",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
-      "integrity": "sha512-DfJ+q6EPcGKZD1QWUjSpqp+Q7bDQTsQIF4zfUAtZ6qk+H/3/QRhg9CEp39ss+/T2vw0+HaidC0ecJj/DRLIaKg==",
+      "version": "1.20.3",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz",
+      "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==",
+      "license": "MIT",
       "dependencies": {
         "bytes": "3.1.2",
-        "content-type": "~1.0.4",
+        "content-type": "~1.0.5",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "destroy": "1.2.0",
         "http-errors": "2.0.0",
         "iconv-lite": "0.4.24",
         "on-finished": "2.4.1",
-        "qs": "6.10.3",
-        "raw-body": "2.5.1",
+        "qs": "6.13.0",
+        "raw-body": "2.5.2",
         "type-is": "~1.6.18",
         "unpipe": "1.0.0"
       },
@@ -161,20 +166,22 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.11",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "version": "1.1.12",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
       }
     },
     "node_modules/braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "license": "MIT",
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       },
       "engines": {
         "node": ">=8"
@@ -183,23 +190,42 @@
     "node_modules/buffer-equal-constant-time": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
-      "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA=="
+      "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==",
+      "license": "BSD-3-Clause"
     },
     "node_modules/bytes": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
       "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.8"
       }
     },
-    "node_modules/call-bind": {
+    "node_modules/call-bind-apply-helpers": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz",
-      "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "license": "MIT",
       "dependencies": {
-        "function-bind": "^1.1.1",
-        "get-intrinsic": "^1.0.2"
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -231,6 +257,18 @@
         "fsevents": "~2.3.2"
       }
     },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "license": "MIT",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
@@ -248,17 +286,19 @@
       }
     },
     "node_modules/content-type": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
-      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==",
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.6"
       }
     },
     "node_modules/cookie": {
-      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
-      "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==",
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+      "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.6"
       }
@@ -269,9 +309,10 @@
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
     },
     "node_modules/dayjs": {
-      "version": "1.11.4",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.4.tgz",
-      "integrity": "sha512-Zj/lPM5hOvQ1Bf7uAvewDaUcsJoI6JmNqmHhHl3nyumwe0XHwt8sWdOVAPACJzCebL8gQCi+K49w7iKWnGwX9g=="
+      "version": "1.11.18",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.18.tgz",
+      "integrity": "sha512-zFBQ7WFRvVRhKcWoUh+ZA1g2HVgUbsZm9sbddh8EC5iv93sui8DVVz1Npvz+r6meo9VKfa8NyLWBsQK1VvIKPA==",
+      "license": "MIT"
     },
     "node_modules/debug": {
       "version": "2.6.9",
@@ -281,6 +322,15 @@
         "ms": "2.0.0"
       }
     },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
     "node_modules/denque": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz",
@@ -314,10 +364,25 @@
         "node": ">=12"
       }
     },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/ecdsa-sig-formatter": {
       "version": "1.0.11",
       "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
       "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+      "license": "Apache-2.0",
       "dependencies": {
         "safe-buffer": "^5.0.1"
       }
@@ -328,57 +393,106 @@
       "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
     },
     "node_modules/encodeurl": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
-      "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.8"
       }
     },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.6",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/escape-html": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
-      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
+      "license": "MIT"
     },
     "node_modules/etag": {
       "version": "1.8.1",
       "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
       "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.6"
       }
     },
     "node_modules/express": {
-      "version": "4.18.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.18.1.tgz",
-      "integrity": "sha512-zZBcOX9TfehHQhtupq57OF8lFZ3UZi08Y97dwFCkD8p9d/d2Y3M+ykKcwaMDEL+4qyUolgBDX6AblpR3fL212Q==",
+      "version": "4.21.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.0",
+        "body-parser": "1.20.3",
         "content-disposition": "0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.5.0",
+        "cookie": "0.7.1",
         "cookie-signature": "1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
-        "encodeurl": "~1.0.2",
+        "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.2.0",
+        "finalhandler": "1.3.1",
         "fresh": "0.5.2",
         "http-errors": "2.0.0",
-        "merge-descriptors": "1.0.1",
+        "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
         "on-finished": "2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.7",
+        "path-to-regexp": "0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.10.3",
+        "qs": "6.13.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.18.0",
-        "serve-static": "1.15.0",
+        "send": "0.19.0",
+        "serve-static": "1.16.2",
         "setprototypeof": "1.2.0",
         "statuses": "2.0.1",
         "type-is": "~1.6.18",
@@ -387,12 +501,17 @@
       },
       "engines": {
         "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+      "license": "MIT",
       "dependencies": {
         "to-regex-range": "^5.0.1"
       },
@@ -401,12 +520,13 @@
       }
     },
     "node_modules/finalhandler": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
-      "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==",
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz",
+      "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==",
+      "license": "MIT",
       "dependencies": {
         "debug": "2.6.9",
-        "encodeurl": "~1.0.2",
+        "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "on-finished": "2.4.1",
         "parseurl": "~1.3.3",
@@ -418,15 +538,16 @@
       }
     },
     "node_modules/follow-redirects": {
-      "version": "1.15.1",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz",
-      "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==",
+      "version": "1.15.11",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
+      "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==",
       "funding": [
         {
           "type": "individual",
           "url": "https://github.com/sponsors/RubenVerborgh"
         }
       ],
+      "license": "MIT",
       "engines": {
         "node": ">=4.0"
       },
@@ -436,6 +557,22 @@
         }
       }
     },
+    "node_modules/form-data": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+      "license": "MIT",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
     "node_modules/forwarded": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
@@ -448,6 +585,7 @@
       "version": "0.5.2",
       "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
       "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.6"
       }
@@ -466,23 +604,51 @@
       }
     },
     "node_modules/function-bind": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
     },
     "node_modules/get-intrinsic": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.2.tgz",
-      "integrity": "sha512-Jfm3OyCxHh9DJyc28qGk+JmfkpO41A4XkneDSujN9MDXrm4oDKdHvndhZ2dN94+ERNfkYJWDclW6k2L/ZGHjXA==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "license": "MIT",
       "dependencies": {
-        "function-bind": "^1.1.1",
-        "has": "^1.0.3",
-        "has-symbols": "^1.0.3"
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/glob-parent": {
       "version": "5.1.2",
       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
@@ -494,15 +660,16 @@
         "node": ">= 6"
       }
     },
-    "node_modules/has": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
-      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
-      "dependencies": {
-        "function-bind": "^1.1.1"
-      },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "license": "MIT",
       "engines": {
-        "node": ">= 0.4.0"
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
       }
     },
     "node_modules/has-flag": {
@@ -514,9 +681,25 @@
       }
     },
     "node_modules/has-symbols": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz",
-      "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+      "license": "MIT",
+      "dependencies": {
+        "has-symbols": "^1.0.3"
+      },
       "engines": {
         "node": ">= 0.4"
       },
@@ -524,6 +707,18 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/http-errors": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
@@ -576,6 +771,7 @@
       "version": "0.4.24",
       "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
       "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "license": "MIT",
       "dependencies": {
         "safer-buffer": ">= 2.1.2 < 3"
       },
@@ -635,14 +831,16 @@
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "license": "MIT",
       "engines": {
         "node": ">=0.12.0"
       }
     },
     "node_modules/jsonwebtoken": {
-      "version": "8.5.1",
-      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz",
-      "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==",
+      "version": "9.0.2",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
+      "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==",
+      "license": "MIT",
       "dependencies": {
         "jws": "^3.2.2",
         "lodash.includes": "^4.3.0",
@@ -653,32 +851,26 @@
         "lodash.isstring": "^4.0.1",
         "lodash.once": "^4.0.0",
         "ms": "^2.1.1",
-        "semver": "^5.6.0"
+        "semver": "^7.5.4"
       },
       "engines": {
-        "node": ">=4",
-        "npm": ">=1.4.28"
+        "node": ">=12",
+        "npm": ">=6"
       }
     },
     "node_modules/jsonwebtoken/node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
-    },
-    "node_modules/jsonwebtoken/node_modules/semver": {
-      "version": "5.7.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
-      "bin": {
-        "semver": "bin/semver"
-      }
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
     },
     "node_modules/jwa": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz",
-      "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==",
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.2.tgz",
+      "integrity": "sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==",
+      "license": "MIT",
       "dependencies": {
-        "buffer-equal-constant-time": "1.0.1",
+        "buffer-equal-constant-time": "^1.0.1",
         "ecdsa-sig-formatter": "1.0.11",
         "safe-buffer": "^5.0.1"
       }
@@ -687,50 +879,53 @@
       "version": "3.2.2",
       "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
       "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
+      "license": "MIT",
       "dependencies": {
         "jwa": "^1.4.1",
         "safe-buffer": "^5.0.1"
       }
     },
-    "node_modules/lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
-    },
     "node_modules/lodash.includes": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
-      "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w=="
+      "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
+      "license": "MIT"
     },
     "node_modules/lodash.isboolean": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
-      "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg=="
+      "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==",
+      "license": "MIT"
     },
     "node_modules/lodash.isinteger": {
       "version": "4.0.4",
       "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
-      "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA=="
+      "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==",
+      "license": "MIT"
     },
     "node_modules/lodash.isnumber": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
-      "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw=="
+      "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==",
+      "license": "MIT"
     },
     "node_modules/lodash.isplainobject": {
       "version": "4.0.6",
       "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
-      "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA=="
+      "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
+      "license": "MIT"
     },
     "node_modules/lodash.isstring": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
-      "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw=="
+      "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==",
+      "license": "MIT"
     },
     "node_modules/lodash.once": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
-      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg=="
+      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
+      "license": "MIT"
     },
     "node_modules/mariadb": {
       "version": "3.0.0",
@@ -760,6 +955,15 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/media-typer": {
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
@@ -769,9 +973,13 @@
       }
     },
     "node_modules/merge-descriptors": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
-      "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w=="
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
     },
     "node_modules/methods": {
       "version": "1.1.2",
@@ -785,6 +993,7 @@
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
       "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "license": "MIT",
       "bin": {
         "mime": "cli.js"
       },
@@ -831,11 +1040,12 @@
       }
     },
     "node_modules/moment-timezone": {
-      "version": "0.5.34",
-      "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.34.tgz",
-      "integrity": "sha512-3zAEHh2hKUs3EXLESx/wsgw6IQdusOT8Bxm3D9UrHPQR7zlMmzwybC8zHEM1tQ4LJwP7fcxrWr8tuBg05fFCbg==",
+      "version": "0.5.48",
+      "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.48.tgz",
+      "integrity": "sha512-f22b8LV1gbTO2ms2j2z13MuPogNoh5UzxL3nzNAYKGraILnbGc9NEE6dyiiiLv46DGRb8A4kg8UKWLjPthxBHw==",
+      "license": "MIT",
       "dependencies": {
-        "moment": ">= 2.9.0"
+        "moment": "^2.29.4"
       },
       "engines": {
         "node": "*"
@@ -855,17 +1065,18 @@
       }
     },
     "node_modules/nodemon": {
-      "version": "2.0.20",
-      "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.20.tgz",
-      "integrity": "sha512-Km2mWHKKY5GzRg6i1j5OxOHQtuvVsgskLfigG25yTtbyfRGn/GNvIbRyOf1PSCKJ2aT/58TiuUsuOU5UToVViw==",
+      "version": "3.1.10",
+      "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.10.tgz",
+      "integrity": "sha512-WDjw3pJ0/0jMFmyNDp3gvY2YizjLmmOUQo6DEBY+JgdvW/yQ9mEeSw6H5ythl5Ny2ytb7f9C2nIbjSxMNzbJXw==",
+      "license": "MIT",
       "dependencies": {
         "chokidar": "^3.5.2",
-        "debug": "^3.2.7",
+        "debug": "^4",
         "ignore-by-default": "^1.0.1",
         "minimatch": "^3.1.2",
         "pstree.remy": "^1.1.8",
-        "semver": "^5.7.1",
-        "simple-update-notifier": "^1.0.7",
+        "semver": "^7.5.3",
+        "simple-update-notifier": "^2.0.0",
         "supports-color": "^5.5.0",
         "touch": "^3.1.0",
         "undefsafe": "^2.0.5"
@@ -874,7 +1085,7 @@
         "nodemon": "bin/nodemon.js"
       },
       "engines": {
-        "node": ">=8.10.0"
+        "node": ">=10"
       },
       "funding": {
         "type": "opencollective",
@@ -882,25 +1093,27 @@
       }
     },
     "node_modules/nodemon/node_modules/debug": {
-      "version": "3.2.7",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
-      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "license": "MIT",
       "dependencies": {
-        "ms": "^2.1.1"
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
       }
     },
     "node_modules/nodemon/node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
-    },
-    "node_modules/nodemon/node_modules/semver": {
-      "version": "5.7.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
-      "bin": {
-        "semver": "bin/semver"
-      }
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
     },
     "node_modules/normalize-path": {
       "version": "3.0.0",
@@ -911,9 +1124,13 @@
       }
     },
     "node_modules/object-inspect": {
-      "version": "1.12.2",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
-      "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==",
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
       }
@@ -933,6 +1150,7 @@
       "version": "1.3.3",
       "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
       "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.8"
       }
@@ -947,9 +1165,10 @@
       }
     },
     "node_modules/path-to-regexp": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
-      "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==",
+      "license": "MIT"
     },
     "node_modules/picomatch": {
       "version": "2.3.1",
@@ -970,11 +1189,6 @@
         "semver-compare": "^1.0.0"
       }
     },
-    "node_modules/pop-iterate": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/pop-iterate/-/pop-iterate-1.0.1.tgz",
-      "integrity": "sha512-HRCx4+KJE30JhX84wBN4+vja9bNfysxg1y28l0DuJmkoaICiv2ZSilKddbS48pq50P8d2erAhqDLbp47yv3MbQ=="
-    },
     "node_modules/process": {
       "version": "0.11.10",
       "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz",
@@ -995,27 +1209,24 @@
         "node": ">= 0.10"
       }
     },
+    "node_modules/proxy-from-env": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
+      "license": "MIT"
+    },
     "node_modules/pstree.remy": {
       "version": "1.1.8",
       "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz",
       "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w=="
     },
-    "node_modules/q": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/q/-/q-2.0.3.tgz",
-      "integrity": "sha512-gv6vLGcmAOg96/fgo3d9tvA4dJNZL3fMyBqVRrGxQ+Q/o4k9QzbJ3NQF9cOO/71wRodoXhaPgphvMFU68qVAJQ==",
-      "dependencies": {
-        "asap": "^2.0.0",
-        "pop-iterate": "^1.0.1",
-        "weak-map": "^1.0.5"
-      }
-    },
     "node_modules/qs": {
-      "version": "6.10.3",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.10.3.tgz",
-      "integrity": "sha512-wr7M2E0OFRfIfJZjKGieI8lBKb7fRCH4Fv5KNPEs7gJ8jadvotdsS08PzOKR7opXhZ/Xkjtt3WF9g38drmyRqQ==",
+      "version": "6.13.0",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
+      "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
+      "license": "BSD-3-Clause",
       "dependencies": {
-        "side-channel": "^1.0.4"
+        "side-channel": "^1.0.6"
       },
       "engines": {
         "node": ">=0.6"
@@ -1024,23 +1235,20 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/querystringify": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
-      "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ=="
-    },
     "node_modules/range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
       "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.6"
       }
     },
     "node_modules/raw-body": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
-      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+      "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
+      "license": "MIT",
       "dependencies": {
         "bytes": "3.1.2",
         "http-errors": "2.0.0",
@@ -1062,16 +1270,6 @@
         "node": ">=8.10.0"
       }
     },
-    "node_modules/requires-port": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
-      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ=="
-    },
-    "node_modules/rootpath": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/rootpath/-/rootpath-0.1.2.tgz",
-      "integrity": "sha512-R3wLbuAYejpxQjL/SjXo1Cjv4wcJECnMRT/FlcCfTwCBhaji9rWaRCoVEQ1SPiTJ4kKK+yh+bZLAV7SCafoDDw=="
-    },
     "node_modules/safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -1101,15 +1299,28 @@
       "resolved": "https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz",
       "integrity": "sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q=="
     },
+    "node_modules/semver": {
+      "version": "7.7.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
+      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/semver-compare": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/semver-compare/-/semver-compare-1.0.0.tgz",
       "integrity": "sha512-YM3/ITh2MJ5MtzaM429anh+x2jiLVjqILF4m4oyQB18W7Ggea7BfqdH/wGMK7dDiMghv/6WG7znWMwUDzJiXow=="
     },
     "node_modules/send": {
-      "version": "0.18.0",
-      "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
-      "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==",
+      "version": "0.19.0",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz",
+      "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==",
+      "license": "MIT",
       "dependencies": {
         "debug": "2.6.9",
         "depd": "2.0.0",
@@ -1129,20 +1340,31 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/send/node_modules/encodeurl": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+      "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/send/node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
     },
     "node_modules/serve-static": {
-      "version": "1.15.0",
-      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz",
-      "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==",
+      "version": "1.16.2",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz",
+      "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==",
+      "license": "MIT",
       "dependencies": {
-        "encodeurl": "~1.0.2",
+        "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "parseurl": "~1.3.3",
-        "send": "0.18.0"
+        "send": "0.19.0"
       },
       "engines": {
         "node": ">= 0.8.0"
@@ -1154,35 +1376,87 @@
       "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
     },
     "node_modules/side-channel": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
-      "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "license": "MIT",
       "dependencies": {
-        "call-bind": "^1.0.0",
-        "get-intrinsic": "^1.0.2",
-        "object-inspect": "^1.9.0"
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/simple-update-notifier": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.0.7.tgz",
-      "integrity": "sha512-BBKgR84BJQJm6WjWFMHgLVuo61FBDSj1z/xSFUIozqO6wO7ii0JxCqlIud7Enr/+LhlbNI0whErq96P2qHNWew==",
+    "node_modules/side-channel-list": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
+      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+      "license": "MIT",
       "dependencies": {
-        "semver": "~7.0.0"
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3"
       },
       "engines": {
-        "node": ">=8.10.0"
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/simple-update-notifier/node_modules/semver": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz",
-      "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==",
-      "bin": {
-        "semver": "bin/semver.js"
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/simple-update-notifier": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz",
+      "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==",
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": ">=10"
       }
     },
     "node_modules/statuses": {
@@ -1208,6 +1482,7 @@
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
       "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "license": "MIT",
       "dependencies": {
         "is-number": "^7.0.0"
       },
@@ -1249,24 +1524,21 @@
       }
     },
     "node_modules/twilio": {
-      "version": "3.79.0",
-      "resolved": "https://registry.npmjs.org/twilio/-/twilio-3.79.0.tgz",
-      "integrity": "sha512-Vn4J3tklWGL5YpNG9H7tRT8FfnYrzvh3ORotJsE+AlN9oXWFPE8ALzbl24x3FfPqJ2Pja0eepfamb3pQKGdNzA==",
+      "version": "5.10.3",
+      "resolved": "https://registry.npmjs.org/twilio/-/twilio-5.10.3.tgz",
+      "integrity": "sha512-msve3uADprpG+LRlthOxBUJWZDczGe+mdzotG7Wluaf8nn8fSIK0n2fX3INR26Xedeea/azmAdLK0c2rJhIHpQ==",
+      "license": "MIT",
       "dependencies": {
-        "axios": "^0.26.1",
-        "dayjs": "^1.8.29",
+        "axios": "^1.12.0",
+        "dayjs": "^1.11.9",
         "https-proxy-agent": "^5.0.0",
-        "jsonwebtoken": "^8.5.1",
-        "lodash": "^4.17.21",
-        "q": "2.0.x",
+        "jsonwebtoken": "^9.0.2",
         "qs": "^6.9.4",
-        "rootpath": "^0.1.2",
         "scmp": "^2.1.0",
-        "url-parse": "^1.5.9",
         "xmlbuilder": "^13.0.2"
       },
       "engines": {
-        "node": ">=6.0"
+        "node": ">=14.0"
       }
     },
     "node_modules/type-is": {
@@ -1290,19 +1562,11 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
       "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.8"
       }
     },
-    "node_modules/url-parse": {
-      "version": "1.5.10",
-      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
-      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
-      "dependencies": {
-        "querystringify": "^2.1.1",
-        "requires-port": "^1.0.0"
-      }
-    },
     "node_modules/util": {
       "version": "0.10.4",
       "resolved": "https://registry.npmjs.org/util/-/util-0.10.4.tgz",
@@ -1332,11 +1596,6 @@
         "node": ">= 0.8"
       }
     },
-    "node_modules/weak-map": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/weak-map/-/weak-map-1.0.8.tgz",
-      "integrity": "sha512-lNR9aAefbGPpHO7AEnY0hCFjz1eTkWCXYvkTRrTHs9qv8zJp+SkVYpzfLIFXQQiG3tVvbNFQgVg2bQS8YGgxyw=="
-    },
     "node_modules/xmlbuilder": {
       "version": "13.0.2",
       "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz",
@@ -1413,17 +1672,19 @@
       "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
       "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
     },
-    "asap": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
-      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA=="
+    "asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
     },
     "axios": {
-      "version": "0.26.1",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-0.26.1.tgz",
-      "integrity": "sha512-fPwcX4EvnSHuInCMItEhAGnaSEXRBjtzh9fOtsE6E1G6p7vl7edEeZe11QHf18+6+9gR5PbKV/sGKNaD8YaMeA==",
+      "version": "1.12.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
+      "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
       "requires": {
-        "follow-redirects": "^1.14.8"
+        "follow-redirects": "^1.15.6",
+        "form-data": "^4.0.4",
+        "proxy-from-env": "^1.1.0"
       }
     },
     "balanced-match": {
@@ -1442,39 +1703,39 @@
       "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA=="
     },
     "body-parser": {
-      "version": "1.20.0",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
-      "integrity": "sha512-DfJ+q6EPcGKZD1QWUjSpqp+Q7bDQTsQIF4zfUAtZ6qk+H/3/QRhg9CEp39ss+/T2vw0+HaidC0ecJj/DRLIaKg==",
+      "version": "1.20.3",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz",
+      "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==",
       "requires": {
         "bytes": "3.1.2",
-        "content-type": "~1.0.4",
+        "content-type": "~1.0.5",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "destroy": "1.2.0",
         "http-errors": "2.0.0",
         "iconv-lite": "0.4.24",
         "on-finished": "2.4.1",
-        "qs": "6.10.3",
-        "raw-body": "2.5.1",
+        "qs": "6.13.0",
+        "raw-body": "2.5.2",
         "type-is": "~1.6.18",
         "unpipe": "1.0.0"
       }
     },
     "brace-expansion": {
-      "version": "1.1.11",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "version": "1.1.12",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
       "requires": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
       }
     },
     "braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "requires": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       }
     },
     "buffer-equal-constant-time": {
@@ -1487,13 +1748,22 @@
       "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
       "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="
     },
-    "call-bind": {
+    "call-bind-apply-helpers": {
       "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz",
-      "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
       "requires": {
-        "function-bind": "^1.1.1",
-        "get-intrinsic": "^1.0.2"
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      }
+    },
+    "call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "requires": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
       }
     },
     "chokidar": {
@@ -1511,6 +1781,14 @@
         "readdirp": "~3.6.0"
       }
     },
+    "combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "requires": {
+        "delayed-stream": "~1.0.0"
+      }
+    },
     "concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
@@ -1525,14 +1803,14 @@
       }
     },
     "content-type": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
-      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA=="
     },
     "cookie": {
-      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
-      "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw=="
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+      "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w=="
     },
     "cookie-signature": {
       "version": "1.0.6",
@@ -1540,9 +1818,9 @@
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
     },
     "dayjs": {
-      "version": "1.11.4",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.4.tgz",
-      "integrity": "sha512-Zj/lPM5hOvQ1Bf7uAvewDaUcsJoI6JmNqmHhHl3nyumwe0XHwt8sWdOVAPACJzCebL8gQCi+K49w7iKWnGwX9g=="
+      "version": "1.11.18",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.18.tgz",
+      "integrity": "sha512-zFBQ7WFRvVRhKcWoUh+ZA1g2HVgUbsZm9sbddh8EC5iv93sui8DVVz1Npvz+r6meo9VKfa8NyLWBsQK1VvIKPA=="
     },
     "debug": {
       "version": "2.6.9",
@@ -1552,6 +1830,11 @@
         "ms": "2.0.0"
       }
     },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ=="
+    },
     "denque": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz",
@@ -1572,6 +1855,16 @@
       "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.0.1.tgz",
       "integrity": "sha512-1K6hR6wtk2FviQ4kEiSjFiH5rpzEVi8WW0x96aztHVMhEspNpc4DVOUTEHtEva5VThQ8IaBX1Pe4gSzpVVUsKQ=="
     },
+    "dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "requires": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      }
+    },
     "ecdsa-sig-formatter": {
       "version": "1.0.11",
       "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
@@ -1586,9 +1879,38 @@
       "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
     },
     "encodeurl": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
-      "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg=="
+    },
+    "es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g=="
+    },
+    "es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw=="
+    },
+    "es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "requires": {
+        "es-errors": "^1.3.0"
+      }
+    },
+    "es-set-tostringtag": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+      "requires": {
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.6",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      }
     },
     "escape-html": {
       "version": "1.0.3",
@@ -1601,36 +1923,36 @@
       "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg=="
     },
     "express": {
-      "version": "4.18.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.18.1.tgz",
-      "integrity": "sha512-zZBcOX9TfehHQhtupq57OF8lFZ3UZi08Y97dwFCkD8p9d/d2Y3M+ykKcwaMDEL+4qyUolgBDX6AblpR3fL212Q==",
+      "version": "4.21.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
       "requires": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.0",
+        "body-parser": "1.20.3",
         "content-disposition": "0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.5.0",
+        "cookie": "0.7.1",
         "cookie-signature": "1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
-        "encodeurl": "~1.0.2",
+        "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.2.0",
+        "finalhandler": "1.3.1",
         "fresh": "0.5.2",
         "http-errors": "2.0.0",
-        "merge-descriptors": "1.0.1",
+        "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
         "on-finished": "2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.7",
+        "path-to-regexp": "0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.10.3",
+        "qs": "6.13.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.18.0",
-        "serve-static": "1.15.0",
+        "send": "0.19.0",
+        "serve-static": "1.16.2",
         "setprototypeof": "1.2.0",
         "statuses": "2.0.1",
         "type-is": "~1.6.18",
@@ -1639,20 +1961,20 @@
       }
     },
     "fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "requires": {
         "to-regex-range": "^5.0.1"
       }
     },
     "finalhandler": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
-      "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==",
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz",
+      "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==",
       "requires": {
         "debug": "2.6.9",
-        "encodeurl": "~1.0.2",
+        "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "on-finished": "2.4.1",
         "parseurl": "~1.3.3",
@@ -1661,9 +1983,21 @@
       }
     },
     "follow-redirects": {
-      "version": "1.15.1",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz",
-      "integrity": "sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA=="
+      "version": "1.15.11",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
+      "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ=="
+    },
+    "form-data": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+      "requires": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
+        "mime-types": "^2.1.12"
+      }
     },
     "forwarded": {
       "version": "0.2.0",
@@ -1682,18 +2016,34 @@
       "optional": true
     },
     "function-bind": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA=="
     },
     "get-intrinsic": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.2.tgz",
-      "integrity": "sha512-Jfm3OyCxHh9DJyc28qGk+JmfkpO41A4XkneDSujN9MDXrm4oDKdHvndhZ2dN94+ERNfkYJWDclW6k2L/ZGHjXA==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
       "requires": {
-        "function-bind": "^1.1.1",
-        "has": "^1.0.3",
-        "has-symbols": "^1.0.3"
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      }
+    },
+    "get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "requires": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
       }
     },
     "glob-parent": {
@@ -1704,13 +2054,10 @@
         "is-glob": "^4.0.1"
       }
     },
-    "has": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
-      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
-      "requires": {
-        "function-bind": "^1.1.1"
-      }
+    "gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg=="
     },
     "has-flag": {
       "version": "3.0.0",
@@ -1718,9 +2065,25 @@
       "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw=="
     },
     "has-symbols": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz",
-      "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A=="
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ=="
+    },
+    "has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+      "requires": {
+        "has-symbols": "^1.0.3"
+      }
+    },
+    "hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "requires": {
+        "function-bind": "^1.1.2"
+      }
     },
     "http-errors": {
       "version": "2.0.0",
@@ -1808,9 +2171,9 @@
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="
     },
     "jsonwebtoken": {
-      "version": "8.5.1",
-      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz",
-      "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==",
+      "version": "9.0.2",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
+      "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==",
       "requires": {
         "jws": "^3.2.2",
         "lodash.includes": "^4.3.0",
@@ -1821,27 +2184,22 @@
         "lodash.isstring": "^4.0.1",
         "lodash.once": "^4.0.0",
         "ms": "^2.1.1",
-        "semver": "^5.6.0"
+        "semver": "^7.5.4"
       },
       "dependencies": {
         "ms": {
           "version": "2.1.3",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
           "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
-        },
-        "semver": {
-          "version": "5.7.1",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ=="
         }
       }
     },
     "jwa": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz",
-      "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==",
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.2.tgz",
+      "integrity": "sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==",
       "requires": {
-        "buffer-equal-constant-time": "1.0.1",
+        "buffer-equal-constant-time": "^1.0.1",
         "ecdsa-sig-formatter": "1.0.11",
         "safe-buffer": "^5.0.1"
       }
@@ -1855,11 +2213,6 @@
         "safe-buffer": "^5.0.1"
       }
     },
-    "lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
-    },
     "lodash.includes": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
@@ -1919,15 +2272,20 @@
         }
       }
     },
+    "math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g=="
+    },
     "media-typer": {
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
       "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ=="
     },
     "merge-descriptors": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
-      "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w=="
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ=="
     },
     "methods": {
       "version": "1.1.2",
@@ -1966,11 +2324,11 @@
       "integrity": "sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w=="
     },
     "moment-timezone": {
-      "version": "0.5.34",
-      "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.34.tgz",
-      "integrity": "sha512-3zAEHh2hKUs3EXLESx/wsgw6IQdusOT8Bxm3D9UrHPQR7zlMmzwybC8zHEM1tQ4LJwP7fcxrWr8tuBg05fFCbg==",
+      "version": "0.5.48",
+      "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.48.tgz",
+      "integrity": "sha512-f22b8LV1gbTO2ms2j2z13MuPogNoh5UzxL3nzNAYKGraILnbGc9NEE6dyiiiLv46DGRb8A4kg8UKWLjPthxBHw==",
       "requires": {
-        "moment": ">= 2.9.0"
+        "moment": "^2.29.4"
       }
     },
     "ms": {
@@ -1984,39 +2342,34 @@
       "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="
     },
     "nodemon": {
-      "version": "2.0.20",
-      "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.20.tgz",
-      "integrity": "sha512-Km2mWHKKY5GzRg6i1j5OxOHQtuvVsgskLfigG25yTtbyfRGn/GNvIbRyOf1PSCKJ2aT/58TiuUsuOU5UToVViw==",
+      "version": "3.1.10",
+      "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.10.tgz",
+      "integrity": "sha512-WDjw3pJ0/0jMFmyNDp3gvY2YizjLmmOUQo6DEBY+JgdvW/yQ9mEeSw6H5ythl5Ny2ytb7f9C2nIbjSxMNzbJXw==",
       "requires": {
         "chokidar": "^3.5.2",
-        "debug": "^3.2.7",
+        "debug": "^4",
         "ignore-by-default": "^1.0.1",
         "minimatch": "^3.1.2",
         "pstree.remy": "^1.1.8",
-        "semver": "^5.7.1",
-        "simple-update-notifier": "^1.0.7",
+        "semver": "^7.5.3",
+        "simple-update-notifier": "^2.0.0",
         "supports-color": "^5.5.0",
         "touch": "^3.1.0",
         "undefsafe": "^2.0.5"
       },
       "dependencies": {
         "debug": {
-          "version": "3.2.7",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
-          "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+          "version": "4.4.3",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+          "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
           "requires": {
-            "ms": "^2.1.1"
+            "ms": "^2.1.3"
           }
         },
         "ms": {
           "version": "2.1.3",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
           "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
-        },
-        "semver": {
-          "version": "5.7.1",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ=="
         }
       }
     },
@@ -2026,9 +2379,9 @@
       "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
     },
     "object-inspect": {
-      "version": "1.12.2",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
-      "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ=="
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="
     },
     "on-finished": {
       "version": "2.4.1",
@@ -2053,9 +2406,9 @@
       }
     },
     "path-to-regexp": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
-      "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
     },
     "picomatch": {
       "version": "2.3.1",
@@ -2070,11 +2423,6 @@
         "semver-compare": "^1.0.0"
       }
     },
-    "pop-iterate": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/pop-iterate/-/pop-iterate-1.0.1.tgz",
-      "integrity": "sha512-HRCx4+KJE30JhX84wBN4+vja9bNfysxg1y28l0DuJmkoaICiv2ZSilKddbS48pq50P8d2erAhqDLbp47yv3MbQ=="
-    },
     "process": {
       "version": "0.11.10",
       "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz",
@@ -2089,43 +2437,33 @@
         "ipaddr.js": "1.9.1"
       }
     },
+    "proxy-from-env": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
+    },
     "pstree.remy": {
       "version": "1.1.8",
       "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz",
       "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w=="
     },
-    "q": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/q/-/q-2.0.3.tgz",
-      "integrity": "sha512-gv6vLGcmAOg96/fgo3d9tvA4dJNZL3fMyBqVRrGxQ+Q/o4k9QzbJ3NQF9cOO/71wRodoXhaPgphvMFU68qVAJQ==",
-      "requires": {
-        "asap": "^2.0.0",
-        "pop-iterate": "^1.0.1",
-        "weak-map": "^1.0.5"
-      }
-    },
     "qs": {
-      "version": "6.10.3",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.10.3.tgz",
-      "integrity": "sha512-wr7M2E0OFRfIfJZjKGieI8lBKb7fRCH4Fv5KNPEs7gJ8jadvotdsS08PzOKR7opXhZ/Xkjtt3WF9g38drmyRqQ==",
+      "version": "6.13.0",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
+      "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
       "requires": {
-        "side-channel": "^1.0.4"
+        "side-channel": "^1.0.6"
       }
     },
-    "querystringify": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
-      "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ=="
-    },
     "range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
       "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
     },
     "raw-body": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
-      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+      "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
       "requires": {
         "bytes": "3.1.2",
         "http-errors": "2.0.0",
@@ -2141,16 +2479,6 @@
         "picomatch": "^2.2.1"
       }
     },
-    "requires-port": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
-      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ=="
-    },
-    "rootpath": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/rootpath/-/rootpath-0.1.2.tgz",
-      "integrity": "sha512-R3wLbuAYejpxQjL/SjXo1Cjv4wcJECnMRT/FlcCfTwCBhaji9rWaRCoVEQ1SPiTJ4kKK+yh+bZLAV7SCafoDDw=="
-    },
     "safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -2166,15 +2494,20 @@
       "resolved": "https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz",
       "integrity": "sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q=="
     },
+    "semver": {
+      "version": "7.7.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
+      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="
+    },
     "semver-compare": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/semver-compare/-/semver-compare-1.0.0.tgz",
       "integrity": "sha512-YM3/ITh2MJ5MtzaM429anh+x2jiLVjqILF4m4oyQB18W7Ggea7BfqdH/wGMK7dDiMghv/6WG7znWMwUDzJiXow=="
     },
     "send": {
-      "version": "0.18.0",
-      "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
-      "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==",
+      "version": "0.19.0",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz",
+      "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==",
       "requires": {
         "debug": "2.6.9",
         "depd": "2.0.0",
@@ -2191,6 +2524,11 @@
         "statuses": "2.0.1"
       },
       "dependencies": {
+        "encodeurl": {
+          "version": "1.0.2",
+          "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+          "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
+        },
         "ms": {
           "version": "2.1.3",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@@ -2199,14 +2537,14 @@
       }
     },
     "serve-static": {
-      "version": "1.15.0",
-      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz",
-      "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==",
+      "version": "1.16.2",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz",
+      "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==",
       "requires": {
-        "encodeurl": "~1.0.2",
+        "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "parseurl": "~1.3.3",
-        "send": "0.18.0"
+        "send": "0.19.0"
       }
     },
     "setprototypeof": {
@@ -2215,28 +2553,55 @@
       "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
     },
     "side-channel": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
-      "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "requires": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      }
+    },
+    "side-channel-list": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
+      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+      "requires": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3"
+      }
+    },
+    "side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "requires": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      }
+    },
+    "side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
       "requires": {
-        "call-bind": "^1.0.0",
-        "get-intrinsic": "^1.0.2",
-        "object-inspect": "^1.9.0"
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
       }
     },
     "simple-update-notifier": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.0.7.tgz",
-      "integrity": "sha512-BBKgR84BJQJm6WjWFMHgLVuo61FBDSj1z/xSFUIozqO6wO7ii0JxCqlIud7Enr/+LhlbNI0whErq96P2qHNWew==",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz",
+      "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==",
       "requires": {
-        "semver": "~7.0.0"
-      },
-      "dependencies": {
-        "semver": {
-          "version": "7.0.0",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz",
-          "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A=="
-        }
+        "semver": "^7.5.3"
       }
     },
     "statuses": {
@@ -2284,20 +2649,16 @@
       }
     },
     "twilio": {
-      "version": "3.79.0",
-      "resolved": "https://registry.npmjs.org/twilio/-/twilio-3.79.0.tgz",
-      "integrity": "sha512-Vn4J3tklWGL5YpNG9H7tRT8FfnYrzvh3ORotJsE+AlN9oXWFPE8ALzbl24x3FfPqJ2Pja0eepfamb3pQKGdNzA==",
+      "version": "5.10.3",
+      "resolved": "https://registry.npmjs.org/twilio/-/twilio-5.10.3.tgz",
+      "integrity": "sha512-msve3uADprpG+LRlthOxBUJWZDczGe+mdzotG7Wluaf8nn8fSIK0n2fX3INR26Xedeea/azmAdLK0c2rJhIHpQ==",
       "requires": {
-        "axios": "^0.26.1",
-        "dayjs": "^1.8.29",
+        "axios": "^1.12.0",
+        "dayjs": "^1.11.9",
         "https-proxy-agent": "^5.0.0",
-        "jsonwebtoken": "^8.5.1",
-        "lodash": "^4.17.21",
-        "q": "2.0.x",
+        "jsonwebtoken": "^9.0.2",
         "qs": "^6.9.4",
-        "rootpath": "^0.1.2",
         "scmp": "^2.1.0",
-        "url-parse": "^1.5.9",
         "xmlbuilder": "^13.0.2"
       }
     },
@@ -2320,15 +2681,6 @@
       "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
       "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ=="
     },
-    "url-parse": {
-      "version": "1.5.10",
-      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
-      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
-      "requires": {
-        "querystringify": "^2.1.1",
-        "requires-port": "^1.0.0"
-      }
-    },
     "util": {
       "version": "0.10.4",
       "resolved": "https://registry.npmjs.org/util/-/util-0.10.4.tgz",
@@ -2354,11 +2706,6 @@
       "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
       "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="
     },
-    "weak-map": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/weak-map/-/weak-map-1.0.8.tgz",
-      "integrity": "sha512-lNR9aAefbGPpHO7AEnY0hCFjz1eTkWCXYvkTRrTHs9qv8zJp+SkVYpzfLIFXQQiG3tVvbNFQgVg2bQS8YGgxyw=="
-    },
     "xmlbuilder": {
       "version": "13.0.2",
       "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz",
diff --git a/package.json b/package.json
index 41b3f01..cf298fa 100644
--- a/package.json
+++ b/package.json
@@ -22,8 +22,8 @@
     "dotenv": "^16.0.1",
     "express": "^4.18.1",
     "mariadb": "^3.0.0",
-    "nodemon": "^2.0.20",
+    "nodemon": "^3.1.10",
     "path": "^0.12.7",
-    "twilio": "^3.79.0"
+    "twilio": "^5.10.3"
   }
 }
diff --git a/public/js/main.js b/public/js/main.js
index f33d3a3..050d9da 100644
--- a/public/js/main.js
+++ b/public/js/main.js
@@ -73,9 +73,13 @@ const isAdmin = async (userId = null) => {
   return userInfo.admin;
 };
 
-const logout = () => {
+const logout = async () => {
   const session = getCookie("fullsend_session");
-  fetch("/api/logout", { headers: { session: session } });
+  try {
+    await fetch("/api/logout", { method: "POST", headers: { session } });
+  } catch (e) {
+    console.error("Logout request failed:", e);
+  }
   document.cookie = "fullsend_session=; expires=Thu, 01 Jan 1970 00:00:00 UTC;";
   window.location.href = "/";
 };

From 42d06aec858a5ace9bed7213bf461f7f826d8ae7 Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 14:21:14 -0400
Subject: [PATCH 08/34] trying

---
 public/js/main.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/js/main.js b/public/js/main.js
index 050d9da..2652345 100644
--- a/public/js/main.js
+++ b/public/js/main.js
@@ -76,7 +76,7 @@ const isAdmin = async (userId = null) => {
 const logout = async () => {
   const session = getCookie("fullsend_session");
   try {
-    await fetch("/api/logout", { method: "POST", headers: { session } });
+    await fetch("/api/logout", { headers: { session } });
   } catch (e) {
     console.error("Logout request failed:", e);
   }

From f862a62bfd4a0837c4d2111c34c16c21c9ec2dfb Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 14:23:00 -0400
Subject: [PATCH 09/34] update changelog

---
 public/help.html | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/help.html b/public/help.html
index 756e872..1bd9567 100644
--- a/public/help.html
+++ b/public/help.html
@@ -63,6 +63,11 @@ <h1>Fullsend</h1>
         <div class="row mt-5">
             <div class="col">
                 <h2>Changelog</h2><br>
+                <h3>v1.7.2</h3>
+                <p>
+                    Fixes logout session handling
+                </p>
+                
                 <h3>v1.7.1</h3>
                 <p>
                     Fixes session <code>last_seen</code> code

From 88f91c4166fd5e8e6000b99ad0c825ed0de2c2cb Mon Sep 17 00:00:00 2001
From: Dan Bruce <dan@ddbruce.com>
Date: Sat, 25 Oct 2025 14:23:05 -0400
Subject: [PATCH 10/34] 1.7.2

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 34d4ef8..e9bb240 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "fullsend",
-  "version": "1.7.1",
+  "version": "1.7.2",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "fullsend",
-      "version": "1.7.1",
+      "version": "1.7.2",
       "license": "MIT",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index cf298fa..71f351d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fullsend",
-  "version": "1.7.1",
+  "version": "1.7.2",
   "description": "Fullsend allows allowed users to send bulk text messages to groups of recipients",
   "main": "server.js",
   "scripts": {

From 9e631b5af736684215f837abc509ee26963dd560 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 19:46:31 -0400
Subject: [PATCH 11/34] disabled send button during sending loop

---
 public/fullsend.html  |  2 +-
 public/js/fullsend.js | 45 +++++++++++++++++++++++++++----------------
 2 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/public/fullsend.html b/public/fullsend.html
index 7e2dfe0..736a9d2 100644
--- a/public/fullsend.html
+++ b/public/fullsend.html
@@ -112,7 +112,7 @@ <h4>Send a message</h4>
                         </div>
                     </div>
                     <p><small>Even if you're not in the receipient group(s) or listed as an individual recipient, you will receive a copy of this message as the sender. This may take up to several minutes when there are many recipients.</small></p>
-                    <button type="submit" class="btn btn-primary mb-3" onclick="sendMessage(); return false;">Send message!</button>
+                    <button id="sendButton" type="submit" class="btn btn-primary mb-3" onclick="sendMessage(); return false;" disabled>Send message!</button>
                     <div id="noRecipientsError" class="invalid-feedback">
                         You must select at least one recipient individual or group.
                     </div>
diff --git a/public/js/fullsend.js b/public/js/fullsend.js
index 634eb24..933affe 100644
--- a/public/js/fullsend.js
+++ b/public/js/fullsend.js
@@ -52,7 +52,7 @@ const getSelectedGroups = (categories = false) => {
   } 
   return selectedGroups;
 };
-            
+
 const getSelectedGroupsCategories = () => {
   const groups = new Set(getSelectedGroups(true));
   let text = "";
@@ -64,8 +64,8 @@ const getSelectedGroupsCategories = () => {
 
 const getSelectedIndividuals = () => {
   const selectedIndividuals = $("#fullsendIndividualRecipients")
-    .select2("data")
-    .map((x) => x.id);
+  .select2("data")
+  .map((x) => x.id);
   return selectedIndividuals;
 };
 
@@ -76,14 +76,14 @@ const handleSwitch = async (e) => {
   const modalBody = document.getElementById("recipientModalBody");
   const viewListButton = document.getElementById("viewRecipientList");
   let atLeastOneContact = false;
-
+  
   let switchList = [];
   for (const switchA of switches) {
     if (switchA.checked) {
       switchList.push(switchA.value);
     }
   }
-
+  
   if (switchList.length > 0) {
     const contactList = (
       await (
@@ -95,7 +95,7 @@ const handleSwitch = async (e) => {
         )
       ).json()
     ).data;
-
+    
     if (contactList.length > 0) {
       modalBody.innerHTML = `<table class="table">
     <thead>
@@ -104,18 +104,18 @@ const handleSwitch = async (e) => {
         <th scope="col">Last</th>
         <th scope="col">Phone number</th>
       </tr></thead><tbody id="tableBody"></tbody></table>`;
-
+      
       for (const contact of contactList) {
         document.getElementById(
           "tableBody"
         ).innerHTML += `<tr><td>${contact.first_name}</td><td>${contact.last_name}</td><td>${contact.phone_number}</td></tr>`;
       }
-
+      
       atLeastOneContact = true;
       viewListButton.disabled = false;
     }
   }
-
+  
   if (!atLeastOneContact) {
     modalBody.innerHTML = "None";
     viewListButton.disabled = true;
@@ -135,14 +135,17 @@ const sendMessage = async () => {
   }
   const selectedGroups = getSelectedGroups();
   const selectedIndividuals = getSelectedIndividuals();
-
+  
   if (selectedGroups.length == 0 && selectedIndividuals.length == 0) {
     document.getElementById("noRecipientsError").style.display = "block";
     error = true;
   }
   if (error) return -1;
-
+  
   const session = getCookie("fullsend_session");
+
+  document.getElementById("sendButton").disabled = true;
+
   const result = await fetch("/auth/api/messages/send", {
     method: "POST",
     headers: { "Content-Type": "application/json", session: session },
@@ -158,13 +161,21 @@ const sendMessage = async () => {
   Your message has been sent!
   <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
 </div>`;
-
+  
   document.getElementById("fullsendForm").reset();
   $("#fullsendIndividualRecipients").val(null).trigger("change");
 };
 
 const handleMessagePreview = () => {
   const fsmText = document.getElementById("fullsendMessage").value.trim();
+  
+  if (fsmText != "") {
+    document.getElementById("sendButton").disabled = false;
+  }
+  else {
+    document.getElementById("sendButton").disabled = true;
+  }
+  
   const selectedCategories = getSelectedGroupsCategories();
   document.getElementById("preview").innerHTML = (fsmText == "") ? "<span style=\"color:#888\">Your preview will appear here...</span>": fsmText + "<br>" + selectedCategories;
 };
@@ -172,7 +183,7 @@ const handleMessagePreview = () => {
 const pageOnLoadFunctions = async () => {
   const groups = await getGroups();
   const recipientSwitch = document.getElementById("recipientSwitch");
-
+  
   for (const group of groups) {
     document.getElementById(
       "fullsendGroupRecipients"
@@ -180,19 +191,19 @@ const pageOnLoadFunctions = async () => {
                             <label class="form-check-label" for="recipientSwitch-${group.id}">${group.name}</label><br>
                             `;
   }
-
+  
   const contacts = await getContacts();
-
+  
   for (const contact of contacts) {
     document.getElementById(
       "fullsendIndividualRecipients"
     ).innerHTML += `<option value=${contact.id}>${contact.first_name} ${contact.last_name}</option>`;
   }
-
+  
   const recipientListModal = new bootstrap.Modal(
     document.getElementById("recipientListModal")
   );
-
+  
   $("select").select2({
     theme: "bootstrap-5",
   });

From 324bad64f4288de67e71ff0f77143247492e4af7 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 19:49:15 -0400
Subject: [PATCH 12/34] add delay to dev sending mode

---
 src/messages.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/messages.js b/src/messages.js
index 703d878..c1f8670 100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -75,7 +75,7 @@ exports.sendMessage = async (pool, userId, text, groups, individuals) => {
   } else {
     console.log("Sending disabled...");
     for (const number of numbers) {
-      console.log(`to: ${number}`);
+      setTimeout(console.log(`to: ${number}`), 50);
     }
     console.log(`body: ${cleanText}`);
   }

From 4aa5e59218d4b3a970d58b513962203b7085cc89 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 19:55:24 -0400
Subject: [PATCH 13/34] update timeout

---
 src/messages.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/messages.js b/src/messages.js
index c1f8670..92b4c03 100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -75,7 +75,7 @@ exports.sendMessage = async (pool, userId, text, groups, individuals) => {
   } else {
     console.log("Sending disabled...");
     for (const number of numbers) {
-      setTimeout(console.log(`to: ${number}`), 50);
+      setTimeout(console.log(`to: ${number}`), 150);
     }
     console.log(`body: ${cleanText}`);
   }

From e32654002bd399013a25f109110aca988afa3bb9 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 19:58:29 -0400
Subject: [PATCH 14/34] update timeout code

---
 src/messages.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/messages.js b/src/messages.js
index 92b4c03..e3851e1 100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -75,7 +75,7 @@ exports.sendMessage = async (pool, userId, text, groups, individuals) => {
   } else {
     console.log("Sending disabled...");
     for (const number of numbers) {
-      setTimeout(console.log(`to: ${number}`), 150);
+      setTimeout(() => console.log(`to: ${number}`), 150);
     }
     console.log(`body: ${cleanText}`);
   }

From fff065dcf4ddeb4410ff5a8bd78a9f8af74a5d24 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 20:03:39 -0400
Subject: [PATCH 15/34] try it with async/await

---
 src/messages.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/messages.js b/src/messages.js
index e3851e1..9fa20b0 100644
--- a/src/messages.js
+++ b/src/messages.js
@@ -75,7 +75,8 @@ exports.sendMessage = async (pool, userId, text, groups, individuals) => {
   } else {
     console.log("Sending disabled...");
     for (const number of numbers) {
-      setTimeout(() => console.log(`to: ${number}`), 150);
+      console.log(`to: ${number}`);
+      await new Promise(res => setTimeout(res, 100));
     }
     console.log(`body: ${cleanText}`);
   }

From a4d4810b533ad555f701f683762a2826a9e6f590 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 20:15:11 -0400
Subject: [PATCH 16/34] disable textarea while sending

---
 public/js/fullsend.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/public/js/fullsend.js b/public/js/fullsend.js
index 933affe..b2d975f 100644
--- a/public/js/fullsend.js
+++ b/public/js/fullsend.js
@@ -143,9 +143,10 @@ const sendMessage = async () => {
   if (error) return -1;
   
   const session = getCookie("fullsend_session");
-
+  
   document.getElementById("sendButton").disabled = true;
-
+  document.getElementById("fullsendMessage").disabled = true;
+  
   const result = await fetch("/auth/api/messages/send", {
     method: "POST",
     headers: { "Content-Type": "application/json", session: session },
@@ -163,6 +164,7 @@ const sendMessage = async () => {
 </div>`;
   
   document.getElementById("fullsendForm").reset();
+  document.getElementById("fullsendMessage").disabled = false;
   $("#fullsendIndividualRecipients").val(null).trigger("change");
 };
 

From 84079bcfb49efea8f26dd40cbc434e5e6bb752ab Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 20:48:31 -0400
Subject: [PATCH 17/34] 1.7.3

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e9bb240..2386ca0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "fullsend",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "fullsend",
-      "version": "1.7.2",
+      "version": "1.7.3",
       "license": "MIT",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index 71f351d..45c0fda 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fullsend",
-  "version": "1.7.2",
+  "version": "1.7.3",
   "description": "Fullsend allows allowed users to send bulk text messages to groups of recipients",
   "main": "server.js",
   "scripts": {

From 925c9d416cabae03bc421e809379b2508896a1d6 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Tue, 28 Oct 2025 20:49:56 -0400
Subject: [PATCH 18/34] update changelog

---
 public/help.html | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/help.html b/public/help.html
index 09da28b..ccd8608 100644
--- a/public/help.html
+++ b/public/help.html
@@ -63,6 +63,10 @@ <h1>Fullsend</h1>
         <div class="row mt-5">
             <div class="col">
                 <h2>Changelog</h2><br>
+                <h3>v1.7.3</h3>
+                <p>
+                    Adds blocking and timeouts to discourage users from sending the same message multiple times before the server has completed ingesting the message/recipient pairs
+                </p>
                 <h3>v1.7.2</h3>
                 <p>
                     Fixes logout session handling

From 1f940aa491a0c36ae635ce34ff4cc5be43dbe51d Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 10:57:01 -0500
Subject: [PATCH 19/34] oauth from copilot

---
 package-lock.json | 199 ++++++++++++++++++++++++++++++++++++++++++++++
 package.json      |   3 +
 server.js         | 101 ++++++++++++-----------
 src/auth.js       |  77 ++++++++++++++++++
 src/sessions.js   |  59 ++++----------
 src/users.js      |   5 ++
 6 files changed, 348 insertions(+), 96 deletions(-)
 create mode 100644 src/auth.js

diff --git a/package-lock.json b/package-lock.json
index 2386ca0..fa4af76 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,8 +13,11 @@
         "body-parser": "^1.20.0",
         "dotenv": "^16.0.1",
         "express": "^4.18.1",
+        "express-session": "^1.17.3",
+        "jose": "^4.15.0",
         "mariadb": "^3.0.0",
         "nodemon": "^3.1.10",
+        "openid-client": "^5.2.0",
         "path": "^0.12.7",
         "twilio": "^5.10.3"
       }
@@ -507,6 +510,37 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express-session": {
+      "version": "1.18.2",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.2.tgz",
+      "integrity": "sha512-SZjssGQC7TzTs9rpPDuUrR23GNZ9+2+IkA/+IJWmvQilTr5OSliEHGF+D9scbIpdC6yGtTI0/VhaHoVes2AN/A==",
+      "dependencies": {
+        "cookie": "0.7.2",
+        "cookie-signature": "1.0.7",
+        "debug": "2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.1.0",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "5.2.1",
+        "uid-safe": "~2.1.5"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/express-session/node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/express-session/node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA=="
+    },
     "node_modules/fill-range": {
       "version": "7.1.1",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
@@ -836,6 +870,14 @@
         "node": ">=0.12.0"
       }
     },
+    "node_modules/jose": {
+      "version": "4.15.9",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz",
+      "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "node_modules/jsonwebtoken": {
       "version": "9.0.2",
       "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
@@ -927,6 +969,17 @@
       "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
       "license": "MIT"
     },
+    "node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/mariadb": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/mariadb/-/mariadb-3.0.0.tgz",
@@ -1123,6 +1176,14 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/object-hash": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz",
+      "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
     "node_modules/object-inspect": {
       "version": "1.13.4",
       "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
@@ -1135,6 +1196,14 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/oidc-token-hash": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.2.0.tgz",
+      "integrity": "sha512-6gj2m8cJZ+iSW8bm0FXdGF0YhIQbKrfP4yWTNzxc31U6MOjfEmB1rHvlYvxI1B7t7BCi1F2vYTT6YhtQRG4hxw==",
+      "engines": {
+        "node": "^10.13.0 || >=12.0.0"
+      }
+    },
     "node_modules/on-finished": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
@@ -1146,6 +1215,28 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/on-headers": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz",
+      "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/openid-client": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.7.1.tgz",
+      "integrity": "sha512-jDBPgSVfTnkIh71Hg9pRvtJc6wTwqjRkN88+gCFtYWrlP4Yx2Dsrow8uPi3qLr/aeymPF3o2+dS+wOpglK04ew==",
+      "dependencies": {
+        "jose": "^4.15.9",
+        "lru-cache": "^6.0.0",
+        "object-hash": "^2.2.0",
+        "oidc-token-hash": "^5.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "node_modules/parseurl": {
       "version": "1.3.3",
       "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
@@ -1235,6 +1326,14 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -1553,6 +1652,17 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "dependencies": {
+        "random-bytes": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/undefsafe": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
@@ -1603,6 +1713,11 @@
       "engines": {
         "node": ">=6.0"
       }
+    },
+    "node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
     }
   },
   "dependencies": {
@@ -1960,6 +2075,33 @@
         "vary": "~1.1.2"
       }
     },
+    "express-session": {
+      "version": "1.18.2",
+      "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.2.tgz",
+      "integrity": "sha512-SZjssGQC7TzTs9rpPDuUrR23GNZ9+2+IkA/+IJWmvQilTr5OSliEHGF+D9scbIpdC6yGtTI0/VhaHoVes2AN/A==",
+      "requires": {
+        "cookie": "0.7.2",
+        "cookie-signature": "1.0.7",
+        "debug": "2.6.9",
+        "depd": "~2.0.0",
+        "on-headers": "~1.1.0",
+        "parseurl": "~1.3.3",
+        "safe-buffer": "5.2.1",
+        "uid-safe": "~2.1.5"
+      },
+      "dependencies": {
+        "cookie": {
+          "version": "0.7.2",
+          "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+          "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w=="
+        },
+        "cookie-signature": {
+          "version": "1.0.7",
+          "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+          "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA=="
+        }
+      }
+    },
     "fill-range": {
       "version": "7.1.1",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
@@ -2170,6 +2312,11 @@
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng=="
     },
+    "jose": {
+      "version": "4.15.9",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz",
+      "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA=="
+    },
     "jsonwebtoken": {
       "version": "9.0.2",
       "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
@@ -2248,6 +2395,14 @@
       "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
       "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg=="
     },
+    "lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "requires": {
+        "yallist": "^4.0.0"
+      }
+    },
     "mariadb": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/mariadb/-/mariadb-3.0.0.tgz",
@@ -2378,11 +2533,21 @@
       "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
       "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
     },
+    "object-hash": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz",
+      "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw=="
+    },
     "object-inspect": {
       "version": "1.13.4",
       "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
       "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="
     },
+    "oidc-token-hash": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.2.0.tgz",
+      "integrity": "sha512-6gj2m8cJZ+iSW8bm0FXdGF0YhIQbKrfP4yWTNzxc31U6MOjfEmB1rHvlYvxI1B7t7BCi1F2vYTT6YhtQRG4hxw=="
+    },
     "on-finished": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
@@ -2391,6 +2556,22 @@
         "ee-first": "1.1.1"
       }
     },
+    "on-headers": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz",
+      "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A=="
+    },
+    "openid-client": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.7.1.tgz",
+      "integrity": "sha512-jDBPgSVfTnkIh71Hg9pRvtJc6wTwqjRkN88+gCFtYWrlP4Yx2Dsrow8uPi3qLr/aeymPF3o2+dS+wOpglK04ew==",
+      "requires": {
+        "jose": "^4.15.9",
+        "lru-cache": "^6.0.0",
+        "object-hash": "^2.2.0",
+        "oidc-token-hash": "^5.0.3"
+      }
+    },
     "parseurl": {
       "version": "1.3.3",
       "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
@@ -2455,6 +2636,11 @@
         "side-channel": "^1.0.6"
       }
     },
+    "random-bytes": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz",
+      "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ=="
+    },
     "range-parser": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -2671,6 +2857,14 @@
         "mime-types": "~2.1.24"
       }
     },
+    "uid-safe": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
+      "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==",
+      "requires": {
+        "random-bytes": "~1.0.0"
+      }
+    },
     "undefsafe": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
@@ -2710,6 +2904,11 @@
       "version": "13.0.2",
       "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz",
       "integrity": "sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ=="
+    },
+    "yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
     }
   }
 }
diff --git a/package.json b/package.json
index 45c0fda..c3cb09f 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,9 @@
     "body-parser": "^1.20.0",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",
+  "express-session": "^1.17.3",
+  "openid-client": "^5.2.0",
+  "jose": "^4.15.0",
     "mariadb": "^3.0.0",
     "nodemon": "^3.1.10",
     "path": "^0.12.7",
diff --git a/server.js b/server.js
index 570d87d..8a9c8c4 100644
--- a/server.js
+++ b/server.js
@@ -11,6 +11,7 @@ const groups = require("./src/groups.js");
 const titles = require("./src/titles.js");
 const users = require("./src/users.js");
 const sessions = require("./src/sessions.js");
+const auth = require("./src/auth.js");
 const messages = require("./src/messages.js");
 
 const { version } = require("./package.json");
@@ -28,34 +29,22 @@ const pool = mariadb.createPool({
 // Initialize express app
 const PORT = process.env.PORT || 8080;
 
-const isLoggedIn = async (req, res, next) => {
-  //"Checking session...
-  if (req.headers.session) {
-    //A session token was passed back, now checking if it is valid...
-    const session = await sessions.getSession(pool, req.headers.session);
-    if (session.data[0]) {
-      req.body.sessionInfo = session.data[0];
-      // Valid session token found
-      sessions.sessionUpdate(pool, req.headers.session);
-      next();
-    } else {
-      //The token passed back is invalid
-      res.status(401).send({ code: 401, error: "Unauthorized" });
-    }
-  } else {
-    // "No session token passed back
-    res.status(401).send({ code: 401, error: "Unauthorized" });
-  }
-};
+// Initialize OIDC discovery (will be awaited before server starts)
+// Note: initOidc is async; we'll call it before starting the server below.
+
+const isLoggedIn = auth.isLoggedIn;
 
 const isAdmin = async (req, res, next) => {
-  const userInfo = (await users.getUser(pool, req.body.sessionInfo.user_id))
-    .data[0];
-  if (userInfo.admin == 1) {
-    next();
-  } else {
-    res.status(403).send({ code: 403, error: "Forbidden" });
+  // Map Keycloak username to local users table to check admin flag
+  const username = req.body.sessionInfo && req.body.sessionInfo.username;
+  if (!username) return res.status(403).send({ code: 403, error: "Forbidden" });
+
+  const userInfoResp = await users.getUserByUsername(pool, username);
+  const userInfo = userInfoResp.data && userInfoResp.data[0];
+  if (userInfo && userInfo.admin == 1) {
+    return next();
   }
+  return res.status(403).send({ code: 403, error: "Forbidden" });
 };
 
 // auth router, anything on this router requires signin
@@ -164,31 +153,22 @@ authRouter.get("/api/user/:user", async ({ params: { user: user } }, res) => {
   res.send(response_data);
 });
 
-authRouter.get(
-  "/api/session/:session",
-  async ({ params: { session: session } }, res) => {
-    const response_data = await sessions.getSession(pool, session);
-    res.send(response_data);
+authRouter.get("/api/session/info", async (req, res) => {
+  if (req.body.sessionInfo) {
+    res.send({ success: true, data: req.body.sessionInfo });
+  } else {
+    res.status(404).send({ success: false, error: "No session info" });
   }
-);
+});
 
-app.get("/api/logout", async (req, res) => {
-  const response_data = await sessions.logout(pool, req.headers.session);
-  if (response_data.success) {
-    response_data.data.insertId = response_data.data.insertId;
-    res.send(response_data);
-  }
+app.get('/api/login', (req, res) => {
+  // Login handled by Keycloak. Frontend should redirect users to Keycloak login.
+  res.send({ info: 'Login handled by Keycloak OIDC' });
 });
 
-app.post("/api/login", async (req, res) => {
-  const sessionId = await sessions.login(
-    pool,
-    req.body.username,
-    req.body.password
-  );
-  sessionId
-    ? res.send({ session: sessionId })
-    : res.status(403).send({ code: 403, error: "Invalid login" });
+app.get('/api/logout', (req, res) => {
+  // Logout handled by Keycloak end-session endpoint; provide info to client
+  res.send({ info: 'Logout via Keycloak end-session endpoint' });
 });
 
 authRouter.post("/api/users/update/password", isAdmin, async (req, res) => {
@@ -221,10 +201,21 @@ authRouter.post(
 );
 
 authRouter.post("/api/messages/send", async (req, res) => {
-  const userId = await sessions.getSession(pool, req.headers.session);
+  // Derive local user id from Keycloak username
+  const username = req.body.sessionInfo && req.body.sessionInfo.username;
+  let userId;
+  if (username) {
+    const userResp = await users.getUserByUsername(pool, username);
+    if (userResp && userResp.data && userResp.data[0]) {
+      userId = userResp.data[0].id;
+    }
+  }
+
+  if (!userId) return res.status(403).send({ code: 403, error: "Forbidden" });
+
   const response_data = await messages.sendMessage(
     pool,
-    userId.data[0].user_id,
+    userId,
     req.body.message,
     req.body.groups,
     req.body.individuals
@@ -232,6 +223,14 @@ authRouter.post("/api/messages/send", async (req, res) => {
   res.send(response_data);
 });
 
-server.listen(PORT, () => {
-  console.log("Fullsend is up!");
-});
+(async () => {
+  try {
+    await auth.initOidc();
+    server.listen(PORT, () => {
+      console.log("Fullsend is up!");
+    });
+  } catch (err) {
+    console.error('Failed to initialize OIDC:', err && err.message);
+    process.exit(1);
+  }
+})();
diff --git a/src/auth.js b/src/auth.js
new file mode 100644
index 0000000..4b61ff0
--- /dev/null
+++ b/src/auth.js
@@ -0,0 +1,77 @@
+const { Issuer } = require("openid-client");
+const { createRemoteJWKSet, jwtVerify, decodeJwt } = require("jose");
+
+let oidc = null;
+
+async function initOidc() {
+  if (oidc) return oidc;
+  const issuerUrl = process.env.KEYCLOAK_ISSUER || process.env.KEYCLOAK_URL;
+  if (!issuerUrl) throw new Error("KEYCLOAK_ISSUER or KEYCLOAK_URL must be set (example: https://auth.example.com/realms/realmname)");
+
+  const issuer = await Issuer.discover(issuerUrl);
+  oidc = {
+    issuerUrl: issuer.issuer,
+    jwksUri: issuer.metadata.jwks_uri,
+    issuerObj: issuer,
+  };
+  return oidc;
+}
+
+// Middleware: look for Authorization: Bearer <token> header and verify using JWKS
+async function isLoggedIn(req, res, next) {
+  try {
+    const authHeader = req.headers.authorization || req.headers.Authorization;
+    if (!authHeader) return res.status(401).send({ code: 401, error: "Unauthorized" });
+    const match = String(authHeader).match(/Bearer (.+)/i);
+    if (!match) return res.status(401).send({ code: 401, error: "Unauthorized" });
+    const token = match[1];
+
+    const oidcCfg = await initOidc();
+    const JWKS = createRemoteJWKSet(new URL(oidcCfg.jwksUri));
+
+    const verifyOpts = {
+      issuer: oidcCfg.issuerUrl,
+    };
+    if (process.env.KEYCLOAK_CLIENT) verifyOpts.audience = process.env.KEYCLOAK_CLIENT;
+
+    const { payload } = await jwtVerify(token, JWKS, verifyOpts);
+
+    req.body.sessionInfo = {
+      token,
+      user_id: payload.sub,
+      username: payload.preferred_username || payload.username,
+      email: payload.email,
+      realm_access: payload.realm_access,
+      resource_access: payload.resource_access,
+      claims: payload,
+    };
+    return next();
+  } catch (e) {
+    console.error("isLoggedIn error", e && e.message);
+    return res.status(401).send({ code: 401, error: "Unauthorized" });
+  }
+}
+
+function isAdmin(req, res, next) {
+  const payload = req.body.sessionInfo && req.body.sessionInfo.claims;
+  if (!payload) return res.status(403).send({ code: 403, error: "Forbidden" });
+
+  const realmRoles = (payload.realm_access && payload.realm_access.roles) || [];
+  const clientRoles = [];
+  if (payload.resource_access && process.env.KEYCLOAK_CLIENT) {
+    const ra = payload.resource_access[process.env.KEYCLOAK_CLIENT];
+    if (ra && ra.roles) clientRoles.push(...ra.roles);
+  }
+
+  const roles = [...realmRoles, ...clientRoles];
+  const adminRole = process.env.KEYCLOAK_ADMIN_ROLE || "admin";
+  if (roles.includes(adminRole)) return next();
+
+  return res.status(403).send({ code: 403, error: "Forbidden" });
+}
+
+module.exports = {
+  initOidc,
+  isLoggedIn,
+  isAdmin,
+};
diff --git a/src/sessions.js b/src/sessions.js
index 42a5693..b5cc6cf 100644
--- a/src/sessions.js
+++ b/src/sessions.js
@@ -1,53 +1,22 @@
-const { execQuery } = require("./db");
-const bcrypt = require("bcryptjs");
-const crypto = require("crypto");
+// Sessions are now managed by Keycloak OIDC. Keep compatibility exports
+// so other modules that import `sessions` won't immediately break.
 
-const AUTHENTICATE = "SELECT id, password FROM users WHERE username = ?";
-const SESSION_CREATE =
-  "INSERT INTO sessions (`id`, `user_id`, `login`, `last_seen`, `expiration`) VALUES (?, ?, NOW(), NOW(), NOW() + INTERVAL 5 DAY)";
-const SESSION_DESTROY = "DELETE FROM sessions WHERE `id` = ?";
-const SESSION_UPDATE =
-  "UPDATE sessions SET `last_seen` = NOW(), `expiration` = NOW() + INTERVAL 5 DAY WHERE `id` = ?";
-const SESSION_GET = "SELECT * FROM sessions WHERE id = ?";
-const SESSION_EXPIRED_DELETE = "DELETE FROM sessions WHERE expiration < NOW()";
-
-const deleteExpiredSessions = (pool) => {
-  execQuery(pool, SESSION_EXPIRED_DELETE, null);
-};
-
-exports.getUsers = async (pool, sessionId) => {
-  return execQuery(pool, SESSION_GET, sessionId);
-};
-
-exports.login = async (pool, username, password) => {
-  deleteExpiredSessions(pool);
-
-  const authedUser = await execQuery(pool, AUTHENTICATE, username);
-  if (authedUser.data[0]) {
-    const id = authedUser.data[0].id;
-    const saved_hash = authedUser.data[0].password;
-    const matches = bcrypt.compareSync(password, saved_hash);
-    if (matches) {
-      const session_id = crypto.randomBytes(20).toString("hex");
-      const session_results = await execQuery(pool, SESSION_CREATE, [
-        session_id,
-        id,
-      ]);
-      return session_results.success ? session_id : undefined;
-    }
-  }
-  return undefined;
+exports.getSession = async () => {
+  // Not applicable: session information is carried in the Keycloak grant on req.kauth
+  return { success: false, error: "Use Keycloak sessions via req.kauth" };
 };
 
-exports.sessionUpdate = async (pool, sessionId) => {
-  return execQuery(pool, SESSION_UPDATE, sessionId);
+exports.login = async () => {
+  // Local login is deprecated. Use Keycloak login flow.
+  return { success: false, error: "Use Keycloak OIDC login" };
 };
 
-exports.logout = async (pool, sessionId) => {
-  return execQuery(pool, SESSION_DESTROY, sessionId);
+exports.logout = async () => {
+  // Keycloak logout will be handled via Keycloak endpoint and middleware
+  return { success: false, error: "Use Keycloak logout endpoint" };
 };
 
-exports.getSession = (pool, sessionId) => {
-  deleteExpiredSessions(pool);
-  return execQuery(pool, SESSION_GET, sessionId);
+exports.sessionUpdate = async () => {
+  // No-op under Keycloak
+  return { success: false, error: "Session updates handled by Keycloak" };
 };
diff --git a/src/users.js b/src/users.js
index 0801a44..060bb85 100644
--- a/src/users.js
+++ b/src/users.js
@@ -5,6 +5,8 @@ const USERS_GET =
   "SELECT id, first_name, last_name, username, title, admin FROM users ORDER BY last_name";
 const USER_GET =
   "SELECT first_name, last_name, username, admin FROM users WHERE id = ?";
+const USER_GET_BY_USERNAME =
+  "SELECT id, first_name, last_name, username, admin FROM users WHERE username = ?";
 const USER_ID_PHONE_GET = "SELECT phone_number FROM contacts WHERE user_id = ?";
 const PASSWORD_UPDATE = "UPDATE users SET password = ? WHERE id = ?";
 
@@ -12,6 +14,9 @@ exports.getUsers = async (pool) => execQuery(pool, USERS_GET, null);
 
 exports.getUser = async (pool, user) => execQuery(pool, USER_GET, user);
 
+exports.getUserByUsername = async (pool, username) =>
+  execQuery(pool, USER_GET_BY_USERNAME, username);
+
 exports.getUserPhoneNumber = async (pool, user) => {
   const result = await execQuery(pool, USER_ID_PHONE_GET, user);
   if (result.data[0]) {

From aac077da70e8dc8245e5ded2da7810fd13670451 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 11:20:27 -0500
Subject: [PATCH 20/34] work

---
 public/index.html |  2 +-
 server.js         | 45 +++++++++++++++++++---
 src/auth.js       | 97 +++++++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 135 insertions(+), 9 deletions(-)

diff --git a/public/index.html b/public/index.html
index a1a9dc0..f915a7b 100644
--- a/public/index.html
+++ b/public/index.html
@@ -44,7 +44,7 @@
                         <a class="nav-link disabled" href="/" id="navVersion"></a>
                     </li>
                     <li class="nav-item">
-                        <a class="nav-link" href="login" id="login">Log in</a>
+                        <a class="nav-link" href="/api/login" id="login">Log in</a>
                         <!-- <a class="nav-link" href="" id="logout" onclick="logout()">Log out</a> -->
                     </li>
                 </ul>
diff --git a/server.js b/server.js
index 8a9c8c4..0d6ea32 100644
--- a/server.js
+++ b/server.js
@@ -13,6 +13,7 @@ const users = require("./src/users.js");
 const sessions = require("./src/sessions.js");
 const auth = require("./src/auth.js");
 const messages = require("./src/messages.js");
+const session = require('express-session');
 
 const { version } = require("./package.json");
 const { response } = require("express");
@@ -29,6 +30,14 @@ const pool = mariadb.createPool({
 // Initialize express app
 const PORT = process.env.PORT || 8080;
 
+// Session middleware (required for server-side login flow)
+app.use(session({
+  secret: process.env.SESSION_SECRET || 'a very long secret',
+  resave: false,
+  saveUninitialized: false,
+  cookie: { secure: false }, // set secure: true if using HTTPS
+}));
+
 // Initialize OIDC discovery (will be awaited before server starts)
 // Note: initOidc is async; we'll call it before starting the server below.
 
@@ -161,14 +170,40 @@ authRouter.get("/api/session/info", async (req, res) => {
   }
 });
 
-app.get('/api/login', (req, res) => {
-  // Login handled by Keycloak. Frontend should redirect users to Keycloak login.
-  res.send({ info: 'Login handled by Keycloak OIDC' });
+app.get('/api/login', async (req, res) => {
+  try {
+    const url = await auth.getAuthorizationUrl(req);
+    return res.redirect(url);
+  } catch (err) {
+    console.error('login redirect failed', err && err.message);
+    return res.status(500).send({ error: 'Login redirect failed' });
+  }
+});
+
+app.get('/api/callback', async (req, res) => {
+  try {
+    await auth.handleCallback(req);
+    // Redirect to app home or post-login page
+    return res.redirect('/fullsend');
+  } catch (err) {
+    console.error('callback handling failed', err && err.message);
+    return res.status(500).send({ error: 'Callback processing failed' });
+  }
 });
 
 app.get('/api/logout', (req, res) => {
-  // Logout handled by Keycloak end-session endpoint; provide info to client
-  res.send({ info: 'Logout via Keycloak end-session endpoint' });
+  try {
+    const logoutUrl = auth.getLogoutUrl(req);
+    // destroy local session
+    if (req.session) {
+      req.session.destroy(() => {});
+    }
+    if (logoutUrl) return res.redirect(logoutUrl);
+    return res.redirect('/');
+  } catch (err) {
+    console.error('logout failed', err && err.message);
+    return res.status(500).send({ error: 'Logout failed' });
+  }
 });
 
 authRouter.post("/api/users/update/password", isAdmin, async (req, res) => {
diff --git a/src/auth.js b/src/auth.js
index 4b61ff0..7d8eb13 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,7 +1,8 @@
-const { Issuer } = require("openid-client");
-const { createRemoteJWKSet, jwtVerify, decodeJwt } = require("jose");
+const { Issuer, generators } = require("openid-client");
+const { createRemoteJWKSet, jwtVerify } = require("jose");
 
 let oidc = null;
+let client = null;
 
 async function initOidc() {
   if (oidc) return oidc;
@@ -17,9 +18,95 @@ async function initOidc() {
   return oidc;
 }
 
-// Middleware: look for Authorization: Bearer <token> header and verify using JWKS
+async function initClient() {
+  if (client) return client;
+  const oidcCfg = await initOidc();
+  const issuer = oidcCfg.issuerObj;
+  const clientId = process.env.KEYCLOAK_CLIENT;
+  const clientSecret = process.env.KEYCLOAK_CLIENT_SECRET;
+  const redirectUri = process.env.KEYCLOAK_REDIRECT_URI || "http://localhost:8080/api/callback";
+
+  if (!clientId) throw new Error("KEYCLOAK_CLIENT must be set for Authorization Code flow");
+
+  client = new issuer.Client({
+    client_id: clientId,
+    client_secret: clientSecret,
+    redirect_uris: [redirectUri],
+    response_types: ["code"],
+  });
+
+  return client;
+}
+
+async function getAuthorizationUrl(req) {
+  const oidcClient = await initClient();
+  const redirectUri = process.env.KEYCLOAK_REDIRECT_URI || "http://localhost:8080/api/callback";
+
+  const codeVerifier = generators.codeVerifier();
+  const codeChallenge = await generators.codeChallenge(codeVerifier);
+  const state = generators.random();
+
+  // store verifier+state in session
+  if (!req.session) throw new Error("Session middleware required for login flow");
+  req.session.code_verifier = codeVerifier;
+  req.session.state = state;
+
+  const url = oidcClient.authorizationUrl({
+    scope: "openid profile email",
+    redirect_uri: redirectUri,
+    code_challenge: codeChallenge,
+    code_challenge_method: "S256",
+    state,
+  });
+  return url;
+}
+
+async function handleCallback(req) {
+  const oidcClient = await initClient();
+  const redirectUri = process.env.KEYCLOAK_REDIRECT_URI || "http://localhost:8080/api/callback";
+  if (!req.session) throw new Error("Session middleware required for callback");
+  const params = oidcClient.callbackParams(req);
+  const codeVerifier = req.session.code_verifier;
+  const state = req.session.state;
+  const tokenSet = await oidcClient.callback(redirectUri, params, { code_verifier: codeVerifier, state });
+
+  // store tokenSet and claims in session
+  req.session.tokenSet = tokenSet;
+  req.session.claims = tokenSet.claims();
+  return tokenSet;
+}
+
+function getLogoutUrl(req) {
+  if (!oidc) return null;
+  const endSession = oidc.issuerObj.metadata.end_session_endpoint;
+  if (!endSession) return null;
+  const postLogout = process.env.KEYCLOAK_POST_LOGOUT_REDIRECT || "http://localhost:8080/";
+  const idToken = req.session && req.session.tokenSet && req.session.tokenSet.id_token;
+  const url = new URL(endSession);
+  if (idToken) url.searchParams.set('id_token_hint', idToken);
+  url.searchParams.set('post_logout_redirect_uri', postLogout);
+  return url.toString();
+}
+
+// Middleware: prefer session token, otherwise Authorization Bearer header
 async function isLoggedIn(req, res, next) {
   try {
+    // If there's a token in session (server-side flow), use its claims
+    if (req.session && req.session.tokenSet) {
+      const claims = req.session.claims || (req.session.tokenSet.claims && req.session.tokenSet.claims());
+      req.body.sessionInfo = {
+        token: req.session.tokenSet.access_token,
+        user_id: claims && claims.sub,
+        username: (claims && (claims.preferred_username || claims.username)),
+        email: claims && claims.email,
+        realm_access: claims && claims.realm_access,
+        resource_access: claims && claims.resource_access,
+        claims,
+      };
+      return next();
+    }
+
+    // otherwise fallback to Authorization header verification
     const authHeader = req.headers.authorization || req.headers.Authorization;
     if (!authHeader) return res.status(401).send({ code: 401, error: "Unauthorized" });
     const match = String(authHeader).match(/Bearer (.+)/i);
@@ -72,6 +159,10 @@ function isAdmin(req, res, next) {
 
 module.exports = {
   initOidc,
+  initClient,
+  getAuthorizationUrl,
+  handleCallback,
+  getLogoutUrl,
   isLoggedIn,
   isAdmin,
 };

From d6072e6bd55c2751277932fd3dce6d42b544797c Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 11:29:31 -0500
Subject: [PATCH 21/34] work

---
 public/help.html    |  4 +--
 public/js/login.js  | 26 ++------------
 public/js/main.js   | 83 ++++++++++++---------------------------------
 public/privacy.html |  4 +--
 public/terms.html   |  4 +--
 server.js           | 15 +++++++-
 6 files changed, 44 insertions(+), 92 deletions(-)

diff --git a/public/help.html b/public/help.html
index ccd8608..f405fb2 100644
--- a/public/help.html
+++ b/public/help.html
@@ -44,8 +44,8 @@
                         <a class="nav-link disabled" href="/" id="navVersion"></a>
                     </li>
                     <li class="nav-item">
-                        <a class="nav-link" href="login" id="login" style="display:none;">Log in</a>
-                        <a class="nav-link" href="" id="logout" onclick="logout()" style="display:none;">Log out</a>
+                        <a class="nav-link" href="/api/login" id="login" style="display:none;">Log in</a>
+                        <a class="nav-link" href="/api/logout" id="logout" onclick="logout()" style="display:none;">Log out</a>
                     </li>
                 </ul>
             </div>
diff --git a/public/js/login.js b/public/js/login.js
index 372191b..962e597 100644
--- a/public/js/login.js
+++ b/public/js/login.js
@@ -4,30 +4,8 @@ const handle403 = () => {
 };
 
 const login = async () => {
-  const username = document.getElementById("loginUsername").value;
-  const password = document.getElementById("loginPassword").value;
-
-  const session = await (
-    await fetch("/api/login", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        username: username,
-        password: password,
-      }),
-    })
-  ).json();
-
-  if (session.code && session.code == 403) {
-    return handle403();
-  }
-
-  const days = 5;
-  const expires = new Date(Date.now() + days * 86400 * 1000).toUTCString();
-
-  document.cookie = `fullsend_session=${await session.session}; expires=${expires}`;
-
-  window.location.href = "/fullsend";
+  // Redirect to server which initiates Keycloak login
+  window.location.href = "/api/login";
 };
 
 const pageOnLoadFunctions = async () => {
diff --git a/public/js/main.js b/public/js/main.js
index 2652345..05f39e6 100644
--- a/public/js/main.js
+++ b/public/js/main.js
@@ -1,18 +1,4 @@
-const getCookie = (cname) => {
-  let name = cname + "=";
-  let decodedCookie = decodeURIComponent(document.cookie);
-  let ca = decodedCookie.split(";");
-  for (let i = 0; i < ca.length; i++) {
-    let c = ca[i];
-    while (c.charAt(0) == " ") {
-      c = c.substring(1);
-    }
-    if (c.indexOf(name) == 0) {
-      return c.substring(name.length, c.length);
-    }
-  }
-  return undefined;
-};
+// cookie helper removed — server now manages sessions via OIDC
 
 const getVersion = async () => {
   const version = (await fetch("/api/version")).text();
@@ -24,64 +10,40 @@ const printVersionInNav = async () => {
 };
 
 const checkLogin = async () => {
-  const session = getCookie("fullsend_session");
-  const login = (
-    await fetch("/auth/api/session/" + session, {
-      headers: { session: session },
-    })
-  ).json();
-  if ((await login).code == 401) {
-    logout();
-  }
-  return login;
+  // Ask the server for session info (server reads token from session or Authorization)
+  const resp = await fetch('/auth/api/session/info');
+  if (resp.status === 200) return resp.json();
+  return { success: false };
 };
 
 const isLoggedIn = async () => {
-  const session = getCookie("fullsend_session");
-  if (!session) return false;
-  const login = (
-    await fetch("/auth/api/session/" + session, {
-      headers: { session: session },
-    })
-  ).json();
-  if ((await login).code == 401) {
-    return false;
-  }
-
-  const days = 5;
-  const expires = new Date(Date.now() + days * 86400 * 1000).toUTCString();
-
-  document.cookie = `fullsend_session=${session}; expires=${expires}`;
-
-  return true;
+  const info = await checkLogin();
+  return info && info.success;
 };
 
 const isAdmin = async (userId = null) => {
-  const session = getCookie("fullsend_session");
-  if (!session) return;
-
-  if (!userId) {
-    userId = (await checkLogin()).data[0].user_id;
+  const info = await checkLogin();
+  if (!info || !info.success) return false;
+  // If server returned localUser, respect that flag; otherwise inspect claims
+  if (info.data && info.data.localUser && info.data.localUser.admin) return true;
+  const claims = info.data && info.data.sessionInfo && info.data.sessionInfo.claims;
+  if (!claims) return false;
+  const realmRoles = (claims.realm_access && claims.realm_access.roles) || [];
+  if (realmRoles.includes(process.env.KEYCLOAK_ADMIN_ROLE || 'admin')) return true;
+  if (claims.resource_access && process.env.KEYCLOAK_CLIENT) {
+    const ra = claims.resource_access[process.env.KEYCLOAK_CLIENT];
+    if (ra && ra.roles && ra.roles.includes(process.env.KEYCLOAK_ADMIN_ROLE || 'admin')) return true;
   }
-  const userInfo = (
-    await (
-      await fetch(`/auth/api/user/${userId}`, {
-        headers: { session: session },
-      })
-    ).json()
-  ).data[0];
-  return userInfo.admin;
+  return false;
 };
 
 const logout = async () => {
-  const session = getCookie("fullsend_session");
   try {
-    await fetch("/api/logout", { headers: { session } });
+    window.location.href = '/api/logout';
   } catch (e) {
-    console.error("Logout request failed:", e);
+    console.error('Logout failed', e);
+    window.location.href = '/';
   }
-  document.cookie = "fullsend_session=; expires=Thu, 01 Jan 1970 00:00:00 UTC;";
-  window.location.href = "/";
 };
 
 const checkForRedirect = async () => {
@@ -101,7 +63,6 @@ const checkForRedirect = async () => {
 
   for (const page of [authPages, adminPages]) {
     if (window.location.pathname == page && !isLoggedInVar) {
-      logout();
       window.location.href = "/";
       return;
     }
diff --git a/public/privacy.html b/public/privacy.html
index 75e6c6d..01d13d3 100644
--- a/public/privacy.html
+++ b/public/privacy.html
@@ -44,8 +44,8 @@
                         <a class="nav-link disabled" href="/" id="navVersion"></a>
                     </li>
                     <li class="nav-item">
-                        <a class="nav-link" href="login" id="login" style="display:none;">Log in</a>
-                        <a class="nav-link" href="" id="logout" onclick="logout()" style="display:none;">Log out</a>
+                        <a class="nav-link" href="/api/login" id="login" style="display:none;">Log in</a>
+                        <a class="nav-link" href="/api/logout" id="logout" onclick="logout()" style="display:none;">Log out</a>
                     </li>
                 </ul>
             </div>
diff --git a/public/terms.html b/public/terms.html
index 3010a4f..9255bd6 100644
--- a/public/terms.html
+++ b/public/terms.html
@@ -44,8 +44,8 @@
                         <a class="nav-link disabled" href="/" id="navVersion"></a>
                     </li>
                     <li class="nav-item">
-                        <a class="nav-link" href="login" id="login" style="display:none;">Log in</a>
-                        <a class="nav-link" href="" id="logout" onclick="logout()" style="display:none;">Log out</a>
+                        <a class="nav-link" href="/api/login" id="login" style="display:none;">Log in</a>
+                        <a class="nav-link" href="/api/logout" id="logout" onclick="logout()" style="display:none;">Log out</a>
                     </li>
                 </ul>
             </div>
diff --git a/server.js b/server.js
index 0d6ea32..ae46def 100644
--- a/server.js
+++ b/server.js
@@ -164,7 +164,20 @@ authRouter.get("/api/user/:user", async ({ params: { user: user } }, res) => {
 
 authRouter.get("/api/session/info", async (req, res) => {
   if (req.body.sessionInfo) {
-    res.send({ success: true, data: req.body.sessionInfo });
+    const sessionInfo = req.body.sessionInfo;
+    // Try to map to a local user record for convenience
+    let localUser = null;
+    try {
+      if (sessionInfo.username) {
+        const userResp = await users.getUserByUsername(pool, sessionInfo.username);
+        if (userResp && userResp.data && userResp.data[0]) {
+          localUser = userResp.data[0];
+        }
+      }
+    } catch (e) {
+      console.error('local user lookup failed', e && e.message);
+    }
+    res.send({ success: true, data: { sessionInfo, localUser } });
   } else {
     res.status(404).send({ success: false, error: "No session info" });
   }

From 2f0c28ac16090b58d6de7eee357e5258a31f0bda Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 11:50:26 -0500
Subject: [PATCH 22/34] changes

---
 public/js/changepassword.js   | 13 ++---------
 public/js/fullsend.js         | 43 +++++------------------------------
 public/js/group-management.js | 38 +++++--------------------------
 src/db.js                     |  8 +++++--
 4 files changed, 20 insertions(+), 82 deletions(-)

diff --git a/public/js/changepassword.js b/public/js/changepassword.js
index 233d2ab..d33813d 100644
--- a/public/js/changepassword.js
+++ b/public/js/changepassword.js
@@ -1,12 +1,5 @@
 const loadUsers = async () => {
-  const session = getCookie("fullsend_session");
-  const users = (
-    await (
-      await fetch(`/auth/api/users`, {
-        headers: { session: session },
-      })
-    ).json()
-  ).data;
+  const users = (await (await fetch(`/auth/api/users`)).json()).data;
   for (const user of users) {
     document.getElementById(
       "changePasswordUsername"
@@ -40,11 +33,9 @@ const changePassword = async () => {
   }
   if (error) return -1;
 
-  const session = getCookie("fullsend_session");
-
   const result = await fetch("/auth/api/users/update/password", {
     method: "POST",
-    headers: { "Content-Type": "application/json", session: session },
+    headers: { "Content-Type": "application/json" },
     body: JSON.stringify({
       userId: userId,
       password: password,
diff --git a/public/js/fullsend.js b/public/js/fullsend.js
index b2d975f..ec19ca1 100644
--- a/public/js/fullsend.js
+++ b/public/js/fullsend.js
@@ -1,40 +1,19 @@
 //TODO: this doesn't actually need isLoggedIn here, I don't think...
 //Pretty sure the redirect if not logged in (line 73ish) will cover that
 const getGroups = async () => {
-  const session = getCookie("fullsend_session");
-  return (
-    await (
-      await fetch("/auth/api/groups/insequence", {
-        headers: { session: session },
-      })
-    ).json()
-  ).data;
+  return (await (await fetch("/auth/api/groups/insequence")).json()).data;
 };
 
 const getContactNumbersInGroup = async (group) => {
-  const session = getCookie("fullsend_session");
   let numbers = [];
-  const contacts = (
-    await (
-      await fetch(`/auth/api/group/${group}/contacts`, {
-        headers: { session: session },
-      })
-    ).json()
-  ).data;
+  const contacts = (await (await fetch(`/auth/api/group/${group}/contacts`)).json()).data;
   for (const contact of contacts) {
     numbers.push(contact.phone_number);
   }
 };
 
 const getContacts = async () => {
-  const session = getCookie("fullsend_session");
-  const contacts = (
-    await (
-      await fetch("/auth/api/contacts?active=1&filtered=1", {
-        headers: { session: session },
-      })
-    ).json()
-  ).data;
+  const contacts = (await (await fetch("/auth/api/contacts?active=1&filtered=1")).json()).data;
   return contacts;
 };
 
@@ -71,7 +50,6 @@ const getSelectedIndividuals = () => {
 
 const handleSwitch = async (e) => {
   handleMessagePreview();
-  const session = getCookie("fullsend_session");
   const switches = document.getElementsByClassName("recipientSwitch");
   const modalBody = document.getElementById("recipientModalBody");
   const viewListButton = document.getElementById("viewRecipientList");
@@ -85,16 +63,7 @@ const handleSwitch = async (e) => {
   }
   
   if (switchList.length > 0) {
-    const contactList = (
-      await (
-        await fetch(
-          `/auth/api/groups/contacts?groups=${switchList.join(",")}`,
-          {
-            headers: { session: session },
-          }
-        )
-      ).json()
-    ).data;
+    const contactList = (await (await fetch(`/auth/api/groups/contacts?groups=${switchList.join(",")}`)).json()).data;
     
     if (contactList.length > 0) {
       modalBody.innerHTML = `<table class="table">
@@ -142,14 +111,14 @@ const sendMessage = async () => {
   }
   if (error) return -1;
   
-  const session = getCookie("fullsend_session");
+  
   
   document.getElementById("sendButton").disabled = true;
   document.getElementById("fullsendMessage").disabled = true;
   
   const result = await fetch("/auth/api/messages/send", {
     method: "POST",
-    headers: { "Content-Type": "application/json", session: session },
+    headers: { "Content-Type": "application/json" },
     body: JSON.stringify({
       message: message,
       groups: selectedGroups,
diff --git a/public/js/group-management.js b/public/js/group-management.js
index 1c1bba8..42b000e 100644
--- a/public/js/group-management.js
+++ b/public/js/group-management.js
@@ -1,27 +1,10 @@
 let recipientListReady = false;
 let currentGroup;
 
-const getGroups = async () => {
-  const session = getCookie("fullsend_session");
-  return (
-    await (
-      await fetch("/auth/api/groups/insequence", {
-        headers: { session: session },
-      })
-    ).json()
-  ).data;
-};
+const getGroups = async () => (await (await fetch("/auth/api/groups/insequence")).json()).data;
 
 const loadContacts = async () => {
-  const session = getCookie("fullsend_session");
-
-  const contacts = await (
-    await (
-      await fetch("/auth/api/contacts?active=1", {
-        headers: { session: session },
-      })
-    ).json()
-  ).data;
+  const contacts = (await (await fetch("/auth/api/contacts?active=1")).json()).data;
 
   document.getElementById("groupManagementRecipientsLabel").style.display =
     "block";
@@ -38,15 +21,7 @@ const loadContacts = async () => {
 const setGroupContacts = async (groupId) => {
   recipientListReady = false;
 
-  const session = getCookie("fullsend_session");
-
-  const contacts = await (
-    await (
-      await fetch(`/auth/api/group/${groupId}/contacts`, {
-        headers: { session: session },
-      })
-    ).json()
-  ).data;
+  const contacts = (await (await fetch(`/auth/api/group/${groupId}/contacts`)).json()).data;
 
   const checkboxes = document.getElementsByClassName("recipient-switch");
   for (const checkbox of checkboxes) {
@@ -62,8 +37,7 @@ const setGroupContacts = async (groupId) => {
 };
 
 const handleSwitch = async (e) => {
-  const session = getCookie("fullsend_session");
-
+  
   if (!recipientListReady) return;
   const userId = e.target.value;
   const action = e.target.checked ? "add" : "remove";
@@ -71,7 +45,7 @@ const handleSwitch = async (e) => {
   if (action == "add") {
     const result = await fetch("/auth/api/groups/update/addcontact", {
       method: "POST",
-      headers: { "Content-Type": "application/json", session: session },
+      headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
         contactId: userId,
         groupId: currentGroup,
@@ -81,7 +55,7 @@ const handleSwitch = async (e) => {
   } else if (action == "remove") {
     const result = await fetch("/auth/api/groups/update/removecontact", {
       method: "POST",
-      headers: { "Content-Type": "application/json", session: session },
+      headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
         contactId: userId,
         groupId: currentGroup,
diff --git a/src/db.js b/src/db.js
index 686e086..5f682f9 100644
--- a/src/db.js
+++ b/src/db.js
@@ -1,8 +1,12 @@
 const execQuery = async (pool, q, args = null, db = null) => {
   let conn;
   try {
-    conn = await pool.getConnection();
-    await conn.query(`USE ${db || process.env.PRIMARY_DB_NAME};`);
+  conn = await pool.getConnection();
+  const dbName = db || process.env.PRIMARY_DB_NAME;
+  // Wrap database name in backticks to allow hyphens and other chars.
+  // Also escape any backticks that might be present in the name.
+  const safeDbName = dbName ? `\`${String(dbName).replace(/`/g, '``')}\`` : null;
+  if (safeDbName) await conn.query(`USE ${safeDbName};`);
     const results = await (args != null ? conn.query(q, args) : conn.query(q));
     const response = { success: true };
     if (results) {

From 5ed02da95b8c5e12e3d18393f8a194bb8d0a60ca Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 11:59:51 -0500
Subject: [PATCH 23/34] work on user syncing and stuff

---
 server.js    | 18 +++++++++++++++++-
 src/users.js | 30 ++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index ae46def..2500a9a 100644
--- a/server.js
+++ b/server.js
@@ -177,7 +177,9 @@ authRouter.get("/api/session/info", async (req, res) => {
     } catch (e) {
       console.error('local user lookup failed', e && e.message);
     }
-    res.send({ success: true, data: { sessionInfo, localUser } });
+  // If we have a localUser stored in session (created during callback), prefer that
+  const sessionLocalUser = req.session && req.session.localUser ? req.session.localUser : localUser;
+  res.send({ success: true, data: { sessionInfo, localUser: sessionLocalUser } });
   } else {
     res.status(404).send({ success: false, error: "No session info" });
   }
@@ -196,6 +198,20 @@ app.get('/api/login', async (req, res) => {
 app.get('/api/callback', async (req, res) => {
   try {
     await auth.handleCallback(req);
+    // Ensure a local user exists for the logged in Keycloak user
+    try {
+      const claims = req.session && req.session.claims;
+      if (claims) {
+        const addResp = await users.addUserIfNotExists(pool, claims);
+        if (addResp && addResp.success && addResp.user) {
+          // store local user on session for convenience
+          req.session.localUser = addResp.user;
+        }
+      }
+    } catch (e) {
+      console.error('addUserIfNotExists failed', e && e.message);
+    }
+
     // Redirect to app home or post-login page
     return res.redirect('/fullsend');
   } catch (err) {
diff --git a/src/users.js b/src/users.js
index 060bb85..963c1f3 100644
--- a/src/users.js
+++ b/src/users.js
@@ -9,6 +9,7 @@ const USER_GET_BY_USERNAME =
   "SELECT id, first_name, last_name, username, admin FROM users WHERE username = ?";
 const USER_ID_PHONE_GET = "SELECT phone_number FROM contacts WHERE user_id = ?";
 const PASSWORD_UPDATE = "UPDATE users SET password = ? WHERE id = ?";
+const USER_CREATE = "INSERT INTO users (first_name, last_name, username, password, admin) VALUES (?, ?, ?, ?, 0)";
 
 exports.getUsers = async (pool) => execQuery(pool, USERS_GET, null);
 
@@ -30,3 +31,32 @@ exports.changePassword = async (pool, user, plaintextPassword) => {
   const hashedPassword = bcrypt.hashSync(plaintextPassword, 10);
   return await execQuery(pool, PASSWORD_UPDATE, [hashedPassword, user]);
 };
+
+// Creates a local user record from OIDC claims if the username does not already exist.
+exports.addUserIfNotExists = async (pool, claims) => {
+  if (!claims) return { success: false, error: 'No claims' };
+  const username = claims.preferred_username || claims.username || (claims.email ? claims.email.split('@')[0] : undefined);
+  if (!username) return { success: false, error: 'No username claim' };
+
+  // Check if user already exists
+  const existing = await exports.getUserByUsername(pool, username);
+  if (existing && existing.data && existing.data[0]) {
+    return { success: true, user: existing.data[0] };
+  }
+
+  // Build name fields from claims
+  const firstName = claims.given_name || (claims.name ? claims.name.split(' ')[0] : '');
+  const lastName = claims.family_name || (claims.name ? claims.name.split(' ').slice(1).join(' ') : '');
+
+  // Create a random password hash since authentication is via Keycloak
+  const randomPassword = Math.random().toString(36) + Date.now().toString(36);
+  const hashedPassword = bcrypt.hashSync(randomPassword, 10);
+
+  const createResp = await execQuery(pool, USER_CREATE, [firstName || '', lastName || '', username, hashedPassword]);
+  if (createResp && createResp.success) {
+    // Return the inserted user record (fetch by username to include id)
+    const newUser = await exports.getUserByUsername(pool, username);
+    return { success: true, user: newUser.data && newUser.data[0] };
+  }
+  return { success: false };
+};

From 013060a5783edcb00222c318deb69583a767a8c3 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:08:50 -0500
Subject: [PATCH 24/34] admin work

---
 server.js   | 15 +++------------
 src/auth.js | 45 +++++++++++++++++++++++++++++++++++----------
 2 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/server.js b/server.js
index 2500a9a..843a11f 100644
--- a/server.js
+++ b/server.js
@@ -43,18 +43,9 @@ app.use(session({
 
 const isLoggedIn = auth.isLoggedIn;
 
-const isAdmin = async (req, res, next) => {
-  // Map Keycloak username to local users table to check admin flag
-  const username = req.body.sessionInfo && req.body.sessionInfo.username;
-  if (!username) return res.status(403).send({ code: 403, error: "Forbidden" });
-
-  const userInfoResp = await users.getUserByUsername(pool, username);
-  const userInfo = userInfoResp.data && userInfoResp.data[0];
-  if (userInfo && userInfo.admin == 1) {
-    return next();
-  }
-  return res.status(403).send({ code: 403, error: "Forbidden" });
-};
+// Use Keycloak roles for admin checks. If you want to rely on local DB admin flag
+// instead, change this to query users.getUserByUsername.
+const isAdmin = auth.isAdmin;
 
 // auth router, anything on this router requires signin
 const authRouter = express.Router();
diff --git a/src/auth.js b/src/auth.js
index 7d8eb13..4ffa9f4 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -73,6 +73,29 @@ async function handleCallback(req) {
   // store tokenSet and claims in session
   req.session.tokenSet = tokenSet;
   req.session.claims = tokenSet.claims();
+
+  // Also verify / decode the access token to capture roles (Keycloak typically puts roles in the access token)
+  try {
+    const oidcCfg = await initOidc();
+    const JWKS = createRemoteJWKSet(new URL(oidcCfg.jwksUri));
+    const verifyOpts = { issuer: oidcCfg.issuerUrl };
+    if (process.env.KEYCLOAK_CLIENT) verifyOpts.audience = process.env.KEYCLOAK_CLIENT;
+    const accessToken = tokenSet.access_token;
+    if (accessToken) {
+      const { payload } = await jwtVerify(accessToken, JWKS, verifyOpts);
+      req.session.accessClaims = payload;
+    }
+  } catch (e) {
+    // Fallback: don't block login if access token verification fails; try to decode without verification
+    try {
+      const { decodeJwt } = require('jose');
+      if (tokenSet && tokenSet.access_token) {
+        req.session.accessClaims = decodeJwt(tokenSet.access_token);
+      }
+    } catch (e2) {
+      console.warn('access token decode failed', e2 && e2.message);
+    }
+  }
   return tokenSet;
 }
 
@@ -93,16 +116,18 @@ async function isLoggedIn(req, res, next) {
   try {
     // If there's a token in session (server-side flow), use its claims
     if (req.session && req.session.tokenSet) {
-      const claims = req.session.claims || (req.session.tokenSet.claims && req.session.tokenSet.claims());
-      req.body.sessionInfo = {
-        token: req.session.tokenSet.access_token,
-        user_id: claims && claims.sub,
-        username: (claims && (claims.preferred_username || claims.username)),
-        email: claims && claims.email,
-        realm_access: claims && claims.realm_access,
-        resource_access: claims && claims.resource_access,
-        claims,
-      };
+        const claims = req.session.claims || (req.session.tokenSet.claims && req.session.tokenSet.claims());
+        const accessClaims = req.session.accessClaims || {};
+        req.body.sessionInfo = {
+          token: req.session.tokenSet.access_token,
+          user_id: claims && claims.sub,
+          username: (claims && (claims.preferred_username || claims.username)),
+          email: claims && claims.email,
+          // prefer realm/resource roles from access token, fall back to id token
+          realm_access: accessClaims.realm_access || claims && claims.realm_access,
+          resource_access: accessClaims.resource_access || claims && claims.resource_access,
+          claims: { id_token: claims, access_token: accessClaims },
+        };
       return next();
     }
 

From 483cbf1abe66789c354610d0fdb2f854c5965aa3 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:13:08 -0500
Subject: [PATCH 25/34] more admin work

---
 public/js/main.js | 13 +++++++++----
 server.js         |  3 +++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/public/js/main.js b/public/js/main.js
index 05f39e6..22afe1c 100644
--- a/public/js/main.js
+++ b/public/js/main.js
@@ -29,10 +29,15 @@ const isAdmin = async (userId = null) => {
   const claims = info.data && info.data.sessionInfo && info.data.sessionInfo.claims;
   if (!claims) return false;
   const realmRoles = (claims.realm_access && claims.realm_access.roles) || [];
-  if (realmRoles.includes(process.env.KEYCLOAK_ADMIN_ROLE || 'admin')) return true;
-  if (claims.resource_access && process.env.KEYCLOAK_CLIENT) {
-    const ra = claims.resource_access[process.env.KEYCLOAK_CLIENT];
-    if (ra && ra.roles && ra.roles.includes(process.env.KEYCLOAK_ADMIN_ROLE || 'admin')) return true;
+  // Server should expose which role name represents admin; fall back to 'admin'
+  const adminRole = (info.data && info.data.sessionInfo && info.data.sessionInfo.adminRole) || 'admin';
+  if (realmRoles.includes(adminRole)) return true;
+  if (claims.resource_access) {
+    // Try to find admin role in any client resource_access entry
+    for (const clientKey of Object.keys(claims.resource_access)) {
+      const ra = claims.resource_access[clientKey];
+      if (ra && ra.roles && ra.roles.includes(adminRole)) return true;
+    }
   }
   return false;
 };
diff --git a/server.js b/server.js
index 843a11f..43615df 100644
--- a/server.js
+++ b/server.js
@@ -156,6 +156,9 @@ authRouter.get("/api/user/:user", async ({ params: { user: user } }, res) => {
 authRouter.get("/api/session/info", async (req, res) => {
   if (req.body.sessionInfo) {
     const sessionInfo = req.body.sessionInfo;
+    // Expose the configured admin role name to the client so browser-side checks
+    // don't need to rely on Node-only process.env variables.
+    sessionInfo.adminRole = process.env.KEYCLOAK_ADMIN_ROLE || 'admin';
     // Try to map to a local user record for convenience
     let localUser = null;
     try {

From 1ea65923451836454efad88258e9cdae25282ba5 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:27:48 -0500
Subject: [PATCH 26/34] auth work

---
 src/auth.js | 98 ++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 78 insertions(+), 20 deletions(-)

diff --git a/src/auth.js b/src/auth.js
index 4ffa9f4..467dddf 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -116,18 +116,59 @@ async function isLoggedIn(req, res, next) {
   try {
     // If there's a token in session (server-side flow), use its claims
     if (req.session && req.session.tokenSet) {
-        const claims = req.session.claims || (req.session.tokenSet.claims && req.session.tokenSet.claims());
-        const accessClaims = req.session.accessClaims || {};
-        req.body.sessionInfo = {
-          token: req.session.tokenSet.access_token,
-          user_id: claims && claims.sub,
-          username: (claims && (claims.preferred_username || claims.username)),
-          email: claims && claims.email,
-          // prefer realm/resource roles from access token, fall back to id token
-          realm_access: accessClaims.realm_access || claims && claims.realm_access,
-          resource_access: accessClaims.resource_access || claims && claims.resource_access,
-          claims: { id_token: claims, access_token: accessClaims },
-        };
+      const oidcClient = await initClient();
+      const accessToken = req.session.tokenSet.access_token;
+      let accessClaims = req.session.accessClaims || {};
+
+      // Try introspection if available (requires client credentials), else call userinfo
+      try {
+        if (typeof oidcClient.introspect === 'function') {
+          const introspectResp = await oidcClient.introspect(accessToken);
+          if (!introspectResp || introspectResp.active !== true) {
+            // token inactive -> clear session and reject
+            try { req.session.destroy(() => {}); } catch (e) {}
+            return res.status(401).send({ code: 401, error: 'Unauthorized' });
+          }
+          // introspectResp contains token metadata but not always full role claims; fall back to stored accessClaims when present
+        } else {
+          // Fallback: call userinfo endpoint to verify session is still valid and retrieve claims
+          try {
+            const userinfo = await oidcClient.userinfo(accessToken);
+            if (userinfo) {
+              accessClaims = userinfo;
+            }
+          } catch (e) {
+            // userinfo failed -> treat as logged out
+            try { req.session.destroy(() => {}); } catch (e2) {}
+            return res.status(401).send({ code: 401, error: 'Unauthorized' });
+          }
+        }
+      } catch (e) {
+        // If introspection/userinfo call fails, attempt to rely on stored accessClaims or jwt verification
+        accessClaims = req.session.accessClaims || accessClaims;
+      }
+
+      // normalize sessionInfo to include access token claims (so downstream checks are uniform)
+      const idClaims = req.session.claims || (req.session.tokenSet.claims && req.session.tokenSet.claims());
+      req.body.sessionInfo = {
+        token: accessToken,
+        user_id: idClaims && idClaims.sub,
+        username: (idClaims && (idClaims.preferred_username || idClaims.username)),
+        email: idClaims && idClaims.email,
+        realm_access: accessClaims && accessClaims.realm_access,
+        resource_access: accessClaims && accessClaims.resource_access,
+        // expose the access token claims directly for easier checks
+        claims: accessClaims || {},
+      };
+
+      // Enforce fullsend_access role for all users
+      const requiredRole = process.env.KEYCLOAK_FULLSEND_ROLE || 'fullsend_access';
+      const hasRealm = (req.body.sessionInfo.realm_access && req.body.sessionInfo.realm_access.roles && req.body.sessionInfo.realm_access.roles.includes(requiredRole));
+      const hasResource = req.body.sessionInfo.resource_access && Object.values(req.body.sessionInfo.resource_access).some(r => r && r.roles && r.roles.includes(requiredRole));
+      if (!hasRealm && !hasResource) {
+        return res.status(403).send({ code: 403, error: `Forbidden - missing required role: ${requiredRole}` });
+      }
+
       return next();
     }
 
@@ -147,7 +188,6 @@ async function isLoggedIn(req, res, next) {
     if (process.env.KEYCLOAK_CLIENT) verifyOpts.audience = process.env.KEYCLOAK_CLIENT;
 
     const { payload } = await jwtVerify(token, JWKS, verifyOpts);
-
     req.body.sessionInfo = {
       token,
       user_id: payload.sub,
@@ -157,6 +197,14 @@ async function isLoggedIn(req, res, next) {
       resource_access: payload.resource_access,
       claims: payload,
     };
+
+    // Enforce fullsend_access role for bearer tokens as well
+    const requiredRole = process.env.KEYCLOAK_FULLSEND_ROLE || 'fullsend_access';
+    const hasRealm = (payload.realm_access && payload.realm_access.roles && payload.realm_access.roles.includes(requiredRole));
+    const hasResource = payload.resource_access && Object.values(payload.resource_access).some(r => r && r.roles && r.roles.includes(requiredRole));
+    if (!hasRealm && !hasResource) {
+      return res.status(403).send({ code: 403, error: `Forbidden - missing required role: ${requiredRole}` });
+    }
     return next();
   } catch (e) {
     console.error("isLoggedIn error", e && e.message);
@@ -165,18 +213,28 @@ async function isLoggedIn(req, res, next) {
 }
 
 function isAdmin(req, res, next) {
-  const payload = req.body.sessionInfo && req.body.sessionInfo.claims;
-  if (!payload) return res.status(403).send({ code: 403, error: "Forbidden" });
+  // sessionInfo.claims is normalized to access token claims in isLoggedIn
+  const claims = req.body.sessionInfo && req.body.sessionInfo.claims;
+  if (!claims) return res.status(403).send({ code: 403, error: "Forbidden" });
 
-  const realmRoles = (payload.realm_access && payload.realm_access.roles) || [];
+  const realmRoles = (claims.realm_access && claims.realm_access.roles) || [];
   const clientRoles = [];
-  if (payload.resource_access && process.env.KEYCLOAK_CLIENT) {
-    const ra = payload.resource_access[process.env.KEYCLOAK_CLIENT];
-    if (ra && ra.roles) clientRoles.push(...ra.roles);
+  if (claims.resource_access) {
+    // Try to extract roles from configured client first
+    if (process.env.KEYCLOAK_CLIENT && claims.resource_access[process.env.KEYCLOAK_CLIENT]) {
+      const ra = claims.resource_access[process.env.KEYCLOAK_CLIENT];
+      if (ra && ra.roles) clientRoles.push(...ra.roles);
+    } else {
+      // otherwise flatten all client roles
+      for (const k of Object.keys(claims.resource_access)) {
+        const ra = claims.resource_access[k];
+        if (ra && ra.roles) clientRoles.push(...ra.roles);
+      }
+    }
   }
 
   const roles = [...realmRoles, ...clientRoles];
-  const adminRole = process.env.KEYCLOAK_ADMIN_ROLE || "admin";
+  const adminRole = (req.body.sessionInfo && req.body.sessionInfo.adminRole) || process.env.KEYCLOAK_ADMIN_ROLE || "admin";
   if (roles.includes(adminRole)) return next();
 
   return res.status(403).send({ code: 403, error: "Forbidden" });

From dca8877d0c1ce4886afd175465d987ebcc076efd Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:39:13 -0500
Subject: [PATCH 27/34] admin/auth work

---
 public/js/fullsend.js | 24 ++++++++++++---
 src/auth.js           | 70 +++++++++++++++++++++++++++++--------------
 2 files changed, 68 insertions(+), 26 deletions(-)

diff --git a/public/js/fullsend.js b/public/js/fullsend.js
index ec19ca1..81a09b8 100644
--- a/public/js/fullsend.js
+++ b/public/js/fullsend.js
@@ -1,20 +1,36 @@
 //TODO: this doesn't actually need isLoggedIn here, I don't think...
 //Pretty sure the redirect if not logged in (line 73ish) will cover that
+const safeJsonFetch = async (url, options = {}) => {
+  try {
+    const resp = await fetch(url, options);
+    if (!resp.ok) {
+      console.error('Fetch failed', url, resp.status, resp.statusText);
+      return null;
+    }
+    return await resp.json();
+  } catch (e) {
+    console.error('Network error fetching', url, e && e.message);
+    return null;
+  }
+};
+
 const getGroups = async () => {
-  return (await (await fetch("/auth/api/groups/insequence")).json()).data;
+  const resp = await safeJsonFetch("/auth/api/groups/insequence");
+  return resp ? resp.data : [];
 };
 
 const getContactNumbersInGroup = async (group) => {
   let numbers = [];
-  const contacts = (await (await fetch(`/auth/api/group/${group}/contacts`)).json()).data;
+  const resp = await safeJsonFetch(`/auth/api/group/${group}/contacts`);
+  const contacts = resp ? resp.data : [];
   for (const contact of contacts) {
     numbers.push(contact.phone_number);
   }
 };
 
 const getContacts = async () => {
-  const contacts = (await (await fetch("/auth/api/contacts?active=1&filtered=1")).json()).data;
-  return contacts;
+  const resp = await safeJsonFetch("/auth/api/contacts?active=1&filtered=1");
+  return resp ? resp.data : [];
 };
 
 const getSelectedGroups = (categories = false) => {
diff --git a/src/auth.js b/src/auth.js
index 467dddf..85cdb52 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -96,6 +96,25 @@ async function handleCallback(req) {
       console.warn('access token decode failed', e2 && e2.message);
     }
   }
+  // If we still don't have role information, try userinfo (useful if access token is opaque)
+  try {
+    if (!req.session.accessClaims || (!req.session.accessClaims.realm_access && !req.session.accessClaims.resource_access)) {
+      if (tokenSet && tokenSet.access_token) {
+        try {
+          const oidcClient = await initClient();
+          const ui = await oidcClient.userinfo(tokenSet.access_token);
+          if (ui) {
+            req.session.accessClaims = ui;
+          }
+        } catch (uiErr) {
+          // userinfo may not be available; don't block login
+          console.warn('userinfo fetch failed', uiErr && uiErr.message);
+        }
+      }
+    }
+  } catch (e) {
+    // ignore
+  }
   return tokenSet;
 }
 
@@ -118,34 +137,41 @@ async function isLoggedIn(req, res, next) {
     if (req.session && req.session.tokenSet) {
       const oidcClient = await initClient();
       const accessToken = req.session.tokenSet.access_token;
+      // Prefer the already-decoded accessClaims stored at login
       let accessClaims = req.session.accessClaims || {};
 
-      // Try introspection if available (requires client credentials), else call userinfo
+      // Try to verify the access token via JWKS (fast, no client secret required)
       try {
-        if (typeof oidcClient.introspect === 'function') {
-          const introspectResp = await oidcClient.introspect(accessToken);
-          if (!introspectResp || introspectResp.active !== true) {
-            // token inactive -> clear session and reject
-            try { req.session.destroy(() => {}); } catch (e) {}
-            return res.status(401).send({ code: 401, error: 'Unauthorized' });
-          }
-          // introspectResp contains token metadata but not always full role claims; fall back to stored accessClaims when present
-        } else {
-          // Fallback: call userinfo endpoint to verify session is still valid and retrieve claims
-          try {
-            const userinfo = await oidcClient.userinfo(accessToken);
-            if (userinfo) {
-              accessClaims = userinfo;
+        const oidcCfg = await initOidc();
+        const JWKS = createRemoteJWKSet(new URL(oidcCfg.jwksUri));
+        const verifyOpts = { issuer: oidcCfg.issuerUrl };
+        if (process.env.KEYCLOAK_CLIENT) verifyOpts.audience = process.env.KEYCLOAK_CLIENT;
+        if (accessToken) {
+          const { payload } = await jwtVerify(accessToken, JWKS, verifyOpts);
+          accessClaims = payload || accessClaims;
+        }
+      } catch (e) {
+        // If jwt verification fails, don't immediately destroy session.
+        // If introspection is available (and client secret configured), use it to check active status.
+        try {
+          if (process.env.KEYCLOAK_CLIENT_SECRET && typeof oidcClient.introspect === 'function') {
+            const introspectResp = await oidcClient.introspect(accessToken);
+            if (!introspectResp || introspectResp.active !== true) {
+              try { req.session.destroy(() => {}); } catch (e2) {}
+              return res.status(401).send({ code: 401, error: 'Unauthorized' });
+            }
+          } else {
+            // As a last resort, try userinfo but do not destroy session if it fails; fall back to stored claims
+            try {
+              const userinfo = await oidcClient.userinfo(accessToken);
+              if (userinfo) accessClaims = userinfo;
+            } catch (e2) {
+              // ignore; we'll use whatever we have in session
             }
-          } catch (e) {
-            // userinfo failed -> treat as logged out
-            try { req.session.destroy(() => {}); } catch (e2) {}
-            return res.status(401).send({ code: 401, error: 'Unauthorized' });
           }
+        } catch (e2) {
+          // ignore and continue with stored claims
         }
-      } catch (e) {
-        // If introspection/userinfo call fails, attempt to rely on stored accessClaims or jwt verification
-        accessClaims = req.session.accessClaims || accessClaims;
       }
 
       // normalize sessionInfo to include access token claims (so downstream checks are uniform)

From fb5709e53229b3d53fe9f939dcebb06905ab0108 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:47:35 -0500
Subject: [PATCH 28/34] admin/auth work

---
 public/js/fullsend.js |  4 +++-
 server.js             | 14 ++++++++++++++
 src/auth.js           | 19 -------------------
 3 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/public/js/fullsend.js b/public/js/fullsend.js
index 81a09b8..a883d0b 100644
--- a/public/js/fullsend.js
+++ b/public/js/fullsend.js
@@ -26,6 +26,7 @@ const getContactNumbersInGroup = async (group) => {
   for (const contact of contacts) {
     numbers.push(contact.phone_number);
   }
+  return numbers;
 };
 
 const getContacts = async () => {
@@ -79,7 +80,8 @@ const handleSwitch = async (e) => {
   }
   
   if (switchList.length > 0) {
-    const contactList = (await (await fetch(`/auth/api/groups/contacts?groups=${switchList.join(",")}`)).json()).data;
+    const contactResp = await safeJsonFetch(`/auth/api/groups/contacts?groups=${switchList.join(",")}`);
+    const contactList = contactResp ? contactResp.data : [];
     
     if (contactList.length > 0) {
       modalBody.innerHTML = `<table class="table">
diff --git a/server.js b/server.js
index 43615df..d12278f 100644
--- a/server.js
+++ b/server.js
@@ -189,6 +189,20 @@ app.get('/api/login', async (req, res) => {
   }
 });
 
+// Debug endpoint (no role enforcement) to inspect session info during development
+app.get('/api/debug/session', async (req, res) => {
+  try {
+    if (req.session && req.session.tokenSet) {
+      const sessionInfo = req.session.claims || (req.session.tokenSet.claims && req.session.tokenSet.claims());
+      return res.send({ success: true, data: { sessionInfo, localUser: req.session.localUser || null } });
+    }
+    return res.status(404).send({ success: false, error: 'No session' });
+  } catch (e) {
+    console.error('debug session failed', e && e.message);
+    return res.status(500).send({ success: false, error: 'Server error' });
+  }
+});
+
 app.get('/api/callback', async (req, res) => {
   try {
     await auth.handleCallback(req);
diff --git a/src/auth.js b/src/auth.js
index 85cdb52..e03f524 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -96,25 +96,6 @@ async function handleCallback(req) {
       console.warn('access token decode failed', e2 && e2.message);
     }
   }
-  // If we still don't have role information, try userinfo (useful if access token is opaque)
-  try {
-    if (!req.session.accessClaims || (!req.session.accessClaims.realm_access && !req.session.accessClaims.resource_access)) {
-      if (tokenSet && tokenSet.access_token) {
-        try {
-          const oidcClient = await initClient();
-          const ui = await oidcClient.userinfo(tokenSet.access_token);
-          if (ui) {
-            req.session.accessClaims = ui;
-          }
-        } catch (uiErr) {
-          // userinfo may not be available; don't block login
-          console.warn('userinfo fetch failed', uiErr && uiErr.message);
-        }
-      }
-    }
-  } catch (e) {
-    // ignore
-  }
   return tokenSet;
 }
 

From 18ff5f0925a57a96fe3ccc21ba0b24129331c46f Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:52:49 -0500
Subject: [PATCH 29/34] add no-access page

---
 public/js/fullsend.js |  3 +--
 public/no-access.html | 17 +++++++++++++++++
 server.js             | 23 +++++++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 public/no-access.html

diff --git a/public/js/fullsend.js b/public/js/fullsend.js
index a883d0b..e3a5acd 100644
--- a/public/js/fullsend.js
+++ b/public/js/fullsend.js
@@ -170,8 +170,7 @@ const handleMessagePreview = () => {
 };
 
 const pageOnLoadFunctions = async () => {
-  const groups = await getGroups();
-  const recipientSwitch = document.getElementById("recipientSwitch");
+const recipientSwitch = document.getElementById("recipientSwitch");
   
   for (const group of groups) {
     document.getElementById(
diff --git a/public/no-access.html b/public/no-access.html
new file mode 100644
index 0000000..ed9021e
--- /dev/null
+++ b/public/no-access.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>No Access</title>
+    <link href="/public/css/style.css" rel="stylesheet">
+  </head>
+  <body>
+    <div class="container">
+      <h1>Access denied</h1>
+      <p>It looks like your account does not have permission to use Fullsend.</p>
+      <p>If you believe this is an error, please contact your administrator to request the <code>fullsend_access</code> role.</p>
+      <p><a href="/">Return to home</a></p>
+    </div>
+  </body>
+</html>
\ No newline at end of file
diff --git a/server.js b/server.js
index d12278f..5e5f73a 100644
--- a/server.js
+++ b/server.js
@@ -220,6 +220,29 @@ app.get('/api/callback', async (req, res) => {
       console.error('addUserIfNotExists failed', e && e.message);
     }
 
+    // After login, ensure the user has the required Fullsend role. If not,
+    // redirect to a friendly page explaining lack of access.
+    try {
+      const requiredRole = process.env.KEYCLOAK_FULLSEND_ROLE || 'fullsend_access';
+      const accessClaims = req.session && req.session.accessClaims ? req.session.accessClaims : (req.session && req.session.claims ? req.session.claims : null);
+      let hasRole = false;
+      if (accessClaims) {
+        const realmRoles = (accessClaims.realm_access && accessClaims.realm_access.roles) || [];
+        if (realmRoles.includes(requiredRole)) hasRole = true;
+        if (!hasRole && accessClaims.resource_access) {
+          for (const k of Object.keys(accessClaims.resource_access)) {
+            const ra = accessClaims.resource_access[k];
+            if (ra && ra.roles && ra.roles.includes(requiredRole)) { hasRole = true; break; }
+          }
+        }
+      }
+      if (!hasRole) {
+        return res.redirect('/no-access');
+      }
+    } catch (e) {
+      console.error('post-login role check failed', e && e.message);
+    }
+
     // Redirect to app home or post-login page
     return res.redirect('/fullsend');
   } catch (err) {

From 1f2e48d03039e8243ac16c9a1186342a661c48e8 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:56:11 -0500
Subject: [PATCH 30/34] add route for no-access page

---
 server.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server.js b/server.js
index 5e5f73a..68622e0 100644
--- a/server.js
+++ b/server.js
@@ -90,6 +90,11 @@ app.get("/group-management", (req, res) => {
   res.sendFile(path.join(__dirname, "public/group-management.html"));
 });
 
+app.get("/no-access", (req, res) => {
+  res.sendFile(path.join(__dirname, "public/no-access.html"));
+});
+
+
 app.get("/api", async (req, res) => {
   res.send(`fullsend server is online<br>v${version}`);
 });

From 1aa4be6e09923ad2941ff85431201fcc9cceabca Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 12:57:41 -0500
Subject: [PATCH 31/34] clean up no-access page

---
 public/no-access.html | 68 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 56 insertions(+), 12 deletions(-)

diff --git a/public/no-access.html b/public/no-access.html
index ed9021e..7b19aed 100644
--- a/public/no-access.html
+++ b/public/no-access.html
@@ -1,17 +1,61 @@
 <!doctype html>
 <html lang="en">
-  <head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>No Access</title>
-    <link href="/public/css/style.css" rel="stylesheet">
-  </head>
-  <body>
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="apple-touch-icon" sizes="180x180" href="/public/img/favicon/apple-touch-icon.png">
+    <link rel="icon" type="image/png" sizes="32x32" href="/public/img/favicon/favicon-32x32.png">
+    <link rel="icon" type="image/png" sizes="16x16" href="/public/img/favicon/favicon-16x16.png">
+    <link rel="manifest" href="/public/img/favicon/site.webmanifest">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-gH2yIJqKdNHPEq0n4Mqa/HGKIhSkIHeL5AyhkYV8i59U5AR6csBvApHHNl/vI1Bx" crossorigin="anonymous">
+    <link rel="stylesheet" href="/public/css/style.css">
+    <script src="/public/js/main.js"></script>
+    <script src="/public/js/help.js"></script>
+    <title>Fullsend | SMS notification from the web</title>
+</head>
+<body>
+    <nav class="navbar navbar-expand-lg bg-light">
+        <div class="container-fluid">
+            <a class="navbar-brand" href="#">Fullsend</a>
+            <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+            <div class="collapse navbar-collapse" id="navbarSupportedContent">
+                <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+                    <li class="nav-item">
+                        <a class="nav-link" href="/">Home</a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link active" href="/help">Help</a>
+                    </li>
+                    <li class="nav-item dropdown">
+                        <a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" id="adminNavLink" style="display:none;">
+                            Admin
+                        </a>
+                        <ul class="dropdown-menu">
+                            <li><a class="dropdown-item" href="/group-management">Group management</a></li>
+                            <li><a class="dropdown-item" href="/changepassword">Change user password</a></li>
+                        </ul>
+                    </li>
+                </ul>
+                <ul class="navbar-nav d-flex">
+                    <li class="nav-item">
+                        <a class="nav-link disabled" href="/" id="navVersion"></a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link" href="/api/login" id="login" style="display:none;">Log in</a>
+                        <a class="nav-link" href="/api/logout" id="logout" onclick="logout()" style="display:none;">Log out</a>
+                    </li>
+                </ul>
+            </div>
+        </div>
+    </nav>
     <div class="container">
-      <h1>Access denied</h1>
-      <p>It looks like your account does not have permission to use Fullsend.</p>
-      <p>If you believe this is an error, please contact your administrator to request the <code>fullsend_access</code> role.</p>
-      <p><a href="/">Return to home</a></p>
+        <h1>Access denied</h1>
+        <p>It looks like your account does not have permission to use Fullsend.</p>
+        <p>If you believe this is an error, please contact your administrator to request the <code>fullsend_access</code> role.</p>
+        <p><a href="/">Return to home</a></p>
     </div>
-  </body>
+</body>
 </html>
\ No newline at end of file

From 56594ecba0f834b6d1576b4b010c68869cc7354b Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 13:02:02 -0500
Subject: [PATCH 32/34] fix something

---
 public/js/fullsend.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/public/js/fullsend.js b/public/js/fullsend.js
index e3a5acd..9bbe050 100644
--- a/public/js/fullsend.js
+++ b/public/js/fullsend.js
@@ -1,5 +1,3 @@
-//TODO: this doesn't actually need isLoggedIn here, I don't think...
-//Pretty sure the redirect if not logged in (line 73ish) will cover that
 const safeJsonFetch = async (url, options = {}) => {
   try {
     const resp = await fetch(url, options);
@@ -170,8 +168,9 @@ const handleMessagePreview = () => {
 };
 
 const pageOnLoadFunctions = async () => {
-const recipientSwitch = document.getElementById("recipientSwitch");
-  
+  const groups = await getGroups();
+  const recipientSwitch = document.getElementById("recipientSwitch");
+
   for (const group of groups) {
     document.getElementById(
       "fullsendGroupRecipients"

From 12ed8d47534061f9fd6bd1dcba226202bbf33544 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 13:05:06 -0500
Subject: [PATCH 33/34] 1.8.0

---
 package-lock.json | 4 ++--
 package.json      | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index fa4af76..783638f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "fullsend",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "fullsend",
-      "version": "1.7.3",
+      "version": "1.8.0",
       "license": "MIT",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index c3cb09f..06ee37c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fullsend",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "description": "Fullsend allows allowed users to send bulk text messages to groups of recipients",
   "main": "server.js",
   "scripts": {
@@ -21,9 +21,9 @@
     "body-parser": "^1.20.0",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",
-  "express-session": "^1.17.3",
-  "openid-client": "^5.2.0",
-  "jose": "^4.15.0",
+    "express-session": "^1.17.3",
+    "openid-client": "^5.2.0",
+    "jose": "^4.15.0",
     "mariadb": "^3.0.0",
     "nodemon": "^3.1.10",
     "path": "^0.12.7",

From 341c679f5683c5890edb84688c7fdb3faecde270 Mon Sep 17 00:00:00 2001
From: Dan Bruce <ddbruce@users.noreply.github.com>
Date: Sun, 28 Dec 2025 13:09:23 -0500
Subject: [PATCH 34/34] update help

---
 public/help.html | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/help.html b/public/help.html
index f405fb2..cdcc5a3 100644
--- a/public/help.html
+++ b/public/help.html
@@ -63,6 +63,10 @@ <h1>Fullsend</h1>
         <div class="row mt-5">
             <div class="col">
                 <h2>Changelog</h2><br>
+                <h3>v1.8.0</h3>
+                <p>
+                    Adds (finally!) authentication via OpenID Connect (OIDC) and Keycloak. Users must have the <code>fullsend_access</code> role in Keycloak to use the application and <code>fullsend_admin</code> to administer it.
+                </p>
                 <h3>v1.7.3</h3>
                 <p>
                     Adds blocking and timeouts to discourage users from sending the same message multiple times before the server has completed ingesting the message/recipient pairs