diff --git a/.gitignore b/.gitignore
index c3251931..5f722e9e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,13 @@
+build
+
+# IntelliJ IDEA
 .idea
 
 # Gradle
 .gradle
-build
+
 # Gradle binaries
-# These are not needed for building the project with Docker
-# These would be needed to build the projct without Docker, so instead just install Gradle on your system
-gradle
+# just install gradle lol
+gradle/wrapper
 gradlew
 gradlew.bat
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 50c77b02..804f2448 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -145,7 +145,7 @@ Canvas manipulation
 
 did a bunch of commits on master
 
-### v0.6
+## v0.6
 Rework project architecture
 
 ### v0.6.0
@@ -154,4 +154,13 @@ Typescript refactor
 
 ### v0.6.1
 Fix build system
-- Rework rollup with typescript and environment variables
\ No newline at end of file
+- Rework rollup with typescript and environment variables
+
+## v0.7
+HTTP improvements
+
+### v0.7.0
+Rework authentication
+- Robust exception handling
+- Password based authentication schemes
+- Log in, log out, registration pages
\ No newline at end of file
diff --git a/scribbleshare-app/Dockerfile b/app/Dockerfile
similarity index 79%
rename from scribbleshare-app/Dockerfile
rename to app/Dockerfile
index ab629164..2c7e425f 100644
--- a/scribbleshare-app/Dockerfile
+++ b/app/Dockerfile
@@ -5,11 +5,11 @@ FROM node:15 AS scribbleshare-frontend-build
 
 WORKDIR /usr/src/app
 
-COPY scribbleshare-frontend .
+COPY frontend .
 
 RUN npm install
-RUN chmod +x build.sh \
-build.sh
+RUN chmod +x build.sh
+RUN ./build.sh
 
 
 #
@@ -25,7 +25,7 @@ WORKDIR /usr/app
 COPY --from=scribbleshare-frontend-build /usr/src/app/build ./html
 
 # Copy jar (should already be built with gradle shadowJar)
-COPY scribbleshare-backend/build/libs/scribbleshare-backend-all.jar scribbleshare-backend.jar
+COPY backend/build/libs/scribbleshare-backend-all.jar scribbleshare-backend.jar
 
 HEALTHCHECK --interval=5s --timeout=5s --retries=5 CMD curl --fail http://localhost:80/healthcheck || exit 1
 
diff --git a/scribbleshare-app/scribbleshare-backend/build.gradle b/app/backend/build.gradle
similarity index 83%
rename from scribbleshare-app/scribbleshare-backend/build.gradle
rename to app/backend/build.gradle
index daa7acd7..2984fcf7 100644
--- a/scribbleshare-app/scribbleshare-backend/build.gradle
+++ b/app/backend/build.gradle
@@ -3,12 +3,8 @@ plugins {
     id 'com.github.johnrengelman.shadow' version '6.1.0'
 }
 
-repositories {
-    mavenCentral()
-}
-
 dependencies {
-    implementation project(':scribbleshare-commons')
+    implementation project(':commons')
 }
 
 // https://github.com/johnrengelman/shadow/issues/609#issuecomment-795983873
diff --git a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java
similarity index 87%
rename from scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java
rename to app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java
index 07c5ff86..1222cc20 100644
--- a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackend.java
@@ -2,9 +2,9 @@
 
 import io.netty.channel.ChannelFuture;
 import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.backend.data.database.ScribbleshareBackendDatabase;
+import net.stzups.scribbleshare.backend.data.database.implementations.PostgresDatabase;
 import net.stzups.scribbleshare.backend.server.BackendHttpServerInitializer;
-import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
-import net.stzups.scribbleshare.data.database.implementations.PostgresDatabase;
 
 public class ScribbleshareBackend extends Scribbleshare implements AutoCloseable {
     private final ScribbleshareBackendConfig config;
@@ -33,7 +33,7 @@ public static void main(String[] args) throws Exception {
         }
     }
 
-    public ScribbleshareDatabase getDatabase() {
+    public ScribbleshareBackendDatabase getDatabase() {
         return database;
     }
 
diff --git a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java
similarity index 60%
rename from scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java
rename to app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java
index 39e3fc4e..1b769355 100644
--- a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfig.java
@@ -1,8 +1,8 @@
 package net.stzups.scribbleshare.backend;
 
+import net.stzups.netty.http.handler.handlers.FileRequestHandler;
 import net.stzups.scribbleshare.ScribbleshareConfig;
-import net.stzups.scribbleshare.backend.server.http.HttpServerHandler;
 
-public interface ScribbleshareBackendConfig extends ScribbleshareConfig, HttpServerHandler.Config {
+public interface ScribbleshareBackendConfig extends ScribbleshareConfig, FileRequestHandler.Config {
 
 }
diff --git a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java
similarity index 76%
rename from scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java
rename to app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java
index 882c99ef..72f14925 100644
--- a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/ScribbleshareBackendConfigImplementation.java
@@ -1,13 +1,14 @@
 package net.stzups.scribbleshare.backend;
 
+import net.stzups.config.ConfigKey;
+import net.stzups.config.OptionalConfigKey;
 import net.stzups.scribbleshare.ScribbleshareConfigImplementation;
-import net.stzups.scribbleshare.config.ConfigKey;
-import net.stzups.scribbleshare.config.OptionalConfigKey;
 
 public class ScribbleshareBackendConfigImplementation extends ScribbleshareConfigImplementation implements ScribbleshareBackendConfig {
     private static final ConfigKey<String> HTML_ROOT = new OptionalConfigKey<>("html.root", "html");
     private static final ConfigKey<String> MIME_TYPES_FILE_PATH = new OptionalConfigKey<>("mimetypes.path", "mime.types");
     private static final ConfigKey<Integer> HTTP_CACHE_SECONDS = new OptionalConfigKey<>("http.cache.seconds", 0);
+    private static final ConfigKey<String> DEBUG_JS_ROOT = new OptionalConfigKey<>("debug.js.root", "");
 
     @Override
     public String getHttpRoot() {
@@ -24,4 +25,9 @@ public String getMimeTypesFilePath() {
         return getString(MIME_TYPES_FILE_PATH);
     }
 
+    @Override
+    public String getDebugJsRoot() {
+        return getString(DEBUG_JS_ROOT);
+    }
+
 }
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSession.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSession.java
new file mode 100644
index 00000000..68ed0fa2
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSession.java
@@ -0,0 +1,102 @@
+package net.stzups.scribbleshare.backend.data;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.netty.http.exception.exceptions.UnauthorizedException;
+import net.stzups.scribbleshare.backend.data.database.databases.PersistentHttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.scribbleshare.data.objects.authentication.AuthenticationResult;
+import net.stzups.scribbleshare.data.objects.authentication.UserSession;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpSessionCookie;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+import net.stzups.util.DebugString;
+
+import java.sql.Timestamp;
+import java.time.Duration;
+import java.time.Instant;
+
+public class PersistentHttpUserSession extends UserSession {
+    private static final Duration MAX_AGE = Duration.ofDays(90);
+
+    public static final String LOGIN_PATH = "/";
+
+    public PersistentHttpUserSession(HttpConfig config, HttpUserSession httpSession, HttpResponse response) {
+        super(httpSession.getUser());
+        new PersistentHttpUserSessionCookie(getId(), generateToken()).setCookie(config, response);
+    }
+
+    public PersistentHttpUserSession(long id, Timestamp creation, Timestamp expiration, long userId, ByteBuf byteBuf) {
+        super(id, creation, expiration, userId, byteBuf);
+    }
+
+    public AuthenticationResult validate(HttpSessionCookie cookie) {
+        if (!Instant.now().isBefore(getCreated().toInstant().plus(MAX_AGE)))
+            return AuthenticationResult.STALE;
+
+        return validate(cookie.getToken());
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(PersistentHttpUserSession.class, super.toString())
+                .toString();
+    }
+
+    /** get and expire persistent http user session */
+
+    public static<T extends PersistentHttpSessionDatabase> PersistentHttpUserSession getSession(T database, FullHttpRequest request, HttpResponse response) throws UnauthorizedException, InternalServerException {
+        PersistentHttpUserSessionCookie cookie = PersistentHttpUserSessionCookie.getCookie(request);
+        if (cookie == null) {
+            return null;
+        }
+
+        PersistentHttpUserSession session;
+        try {
+            session = database.getPersistentHttpUserSession(cookie);
+
+            if (session == null) {
+                throw new UnauthorizedException("No " + PersistentHttpUserSession.class + " for " + cookie);
+            }
+
+            database.expirePersistentHttpUserSession(session);
+            PersistentHttpUserSessionCookie.clearCookie(response);
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+
+        AuthenticationResult result = session.validate(cookie);
+        if (result != AuthenticationResult.SUCCESS) {
+            throw new UnauthorizedException("Validating " + cookie + " for " + session + " resulted in " + result);
+        }
+
+        return session;
+    }
+
+     /** logs in if not authenticated, or null if no auth */
+    public static<T extends HttpSessionDatabase & PersistentHttpSessionDatabase & UserDatabase> HttpUserSession logIn(HttpConfig config, T database, FullHttpRequest request, HttpResponse response) throws UnauthorizedException, InternalServerException, BadRequestException {
+        PersistentHttpUserSession session = getSession(database, request, response);
+        if (session == null) {
+            return null;
+        }
+
+        User user;
+        try {
+            user = database.getUser(session.getUser());
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        if (user == null) {
+            throw new InternalServerException("User somehow does not exist " + user);
+        }
+
+        HttpUserSession s = new HttpUserSession(config, user, response);
+        return createHttpSession(config, database, user, headers);
+    }
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSessionCookie.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSessionCookie.java
new file mode 100644
index 00000000..eb5ce6af
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/PersistentHttpUserSessionCookie.java
@@ -0,0 +1,66 @@
+package net.stzups.scribbleshare.backend.data;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.HttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.handler.codec.http.cookie.Cookie;
+import net.stzups.netty.http.HttpUtils;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpSessionCookie;
+import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.util.DebugString;
+
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
+
+public class PersistentHttpUserSessionCookie extends HttpSessionCookie {
+    private static final String COOKIE_NAME = "persistent_session";
+    private static final Duration MAX_AGE = Duration.ofDays(90);
+
+    PersistentHttpUserSessionCookie(ByteBuf byteBuf) throws DeserializationException {
+        super(byteBuf);
+    }
+
+    PersistentHttpUserSessionCookie(long id, byte[] token) {
+        super(id, token);
+    }
+
+  /*  @Override
+    protected static void setCookie(HttpConfig config, DefaultCookie cookie) {
+
+    }*/
+
+    public void setCookie(HttpConfig config, HttpHeaders headers) {
+        Cookie cookie = getCookie(config, COOKIE_NAME);
+        cookie.setMaxAge(MAX_AGE.get(ChronoUnit.SECONDS)); //persistent cookie
+        cookie.setPath("/login");//todo
+        HttpUtils.setCookie(headers, cookie);
+    }
+
+    public static PersistentHttpUserSessionCookie getCookie(HttpRequest request) throws BadRequestException {
+        ByteBuf byteBuf = HttpSessionCookie.getCookie(request, COOKIE_NAME);
+        if (byteBuf != null) {
+            try {
+                return new PersistentHttpUserSessionCookie(byteBuf);
+            } catch (DeserializationException e) {
+                throw new BadRequestException("Malformed cookie", e);
+            } finally {
+                byteBuf.release();
+            }
+        }
+
+        return null;
+    }
+
+    public static void clearCookie(HttpResponse response) {
+        HttpSessionCookie.clearCookie(COOKIE_NAME, response);
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(PersistentHttpUserSessionCookie.class, super.toString())
+                .toString();
+    }
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/ScribbleshareBackendDatabase.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/ScribbleshareBackendDatabase.java
new file mode 100644
index 00000000..98f20603
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/ScribbleshareBackendDatabase.java
@@ -0,0 +1,7 @@
+package net.stzups.scribbleshare.backend.data.database;
+
+import net.stzups.scribbleshare.backend.data.database.databases.PersistentHttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
+
+public interface ScribbleshareBackendDatabase extends ScribbleshareDatabase, PersistentHttpSessionDatabase {
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/databases/PersistentHttpSessionDatabase.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/databases/PersistentHttpSessionDatabase.java
new file mode 100644
index 00000000..ca1aa658
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/databases/PersistentHttpSessionDatabase.java
@@ -0,0 +1,24 @@
+package net.stzups.scribbleshare.backend.data.database.databases;
+
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSession;
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSessionCookie;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpSessionCookie;
+import org.jetbrains.annotations.Nullable;
+
+public interface PersistentHttpSessionDatabase {
+    /**
+     * @param cookie {@link HttpSessionCookie} of {@link PersistentHttpUserSession}
+     * @return null if {@link PersistentHttpUserSession} does not exist
+     */
+    @Nullable
+    PersistentHttpUserSession getPersistentHttpUserSession(PersistentHttpUserSessionCookie cookie) throws DatabaseException;
+
+    void addPersistentHttpUserSession(PersistentHttpUserSession persistentHttpSession) throws DatabaseException;
+
+    /**
+     * Expire existing {@link PersistentHttpUserSession}
+     * todo fail silently or loudly if the persistent http user session does not exist?
+     */
+    void expirePersistentHttpUserSession(PersistentHttpUserSession persistentHttpUserSession) throws DatabaseException;
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/implementations/PostgresDatabase.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/implementations/PostgresDatabase.java
new file mode 100644
index 00000000..5af53839
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/data/database/implementations/PostgresDatabase.java
@@ -0,0 +1,81 @@
+package net.stzups.scribbleshare.backend.data.database.implementations;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.ByteBufInputStream;
+import io.netty.buffer.Unpooled;
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSession;
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSessionCookie;
+import net.stzups.scribbleshare.backend.data.database.ScribbleshareBackendDatabase;
+import net.stzups.scribbleshare.data.database.exception.ConnectionException;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.Resource;
+import org.jetbrains.annotations.Nullable;
+
+import java.io.IOException;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Timestamp;
+import java.time.Instant;
+
+public class PostgresDatabase extends net.stzups.scribbleshare.data.database.implementations.PostgresDatabase implements ScribbleshareBackendDatabase {
+    public PostgresDatabase(Config config) throws ConnectionException {
+        super(config);
+    }
+
+    @Override
+    public void addPersistentHttpUserSession(PersistentHttpUserSession persistentHttpSession) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO persistent_user_sessions(id, created, expired, user_id, data) VALUES (?, ?, ?, ?, ?)")) {
+            preparedStatement.setLong(1, persistentHttpSession.getId());
+            preparedStatement.setTimestamp(2, persistentHttpSession.getCreated());
+            preparedStatement.setTimestamp(3, persistentHttpSession.getExpired());
+            preparedStatement.setLong(4, persistentHttpSession.getUser());
+
+            ByteBuf byteBuf = Unpooled.buffer();
+            persistentHttpSession.serialize(byteBuf);
+            preparedStatement.setBinaryStream(5, new ByteBufInputStream(byteBuf));
+            byteBuf.release();
+
+            preparedStatement.execute();
+        } catch (SQLException e) {
+            throw new DatabaseException(e);
+        }
+    }
+
+    @Override
+    public @Nullable PersistentHttpUserSession getPersistentHttpUserSession(PersistentHttpUserSessionCookie cookie) throws DatabaseException {//todo combine
+        PersistentHttpUserSession persistentHttpSession;
+
+        try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM persistent_user_sessions WHERE id=?")) {
+            preparedStatement.setLong(1, cookie.getId());
+            try (ResultSet resultSet = preparedStatement.executeQuery()) {
+                if (!resultSet.next()) {
+                    return null;
+                }
+
+                persistentHttpSession = new PersistentHttpUserSession(
+                        resultSet.getLong("id"),
+                        resultSet.getTimestamp("created"),
+                        resultSet.getTimestamp("expired"),
+                        resultSet.getLong("user_id"),
+                        Unpooled.wrappedBuffer(resultSet.getBinaryStream("data").readAllBytes()));
+            }
+        } catch (IOException e) {
+            throw new RuntimeException("Exception while getting " + Resource.class.getSimpleName() + " for " + cookie, e);
+        } catch (SQLException e) {
+            throw new DatabaseException("Exception while getting " + PersistentHttpUserSession.class.getSimpleName() + " for " + cookie);
+        }
+
+        return persistentHttpSession;
+    }
+
+    @Override
+    public void expirePersistentHttpUserSession(PersistentHttpUserSession session) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("UPDATE persistent_user_sessions SET expired=? WHERE id=?; ")) {
+            preparedStatement.setTimestamp(1, Timestamp.from(Instant.now()));
+            preparedStatement.setLong(2, session.getId());
+        } catch (SQLException e) {
+            throw new DatabaseException("Exception while expiring " + session, e);
+        }
+    }
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/BackendHttpServerInitializer.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/BackendHttpServerInitializer.java
new file mode 100644
index 00000000..7bafb5dc
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/BackendHttpServerInitializer.java
@@ -0,0 +1,45 @@
+package net.stzups.scribbleshare.backend.server;
+
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.socket.SocketChannel;
+import io.netty.handler.codec.http.HttpContentCompressor;
+import io.netty.handler.stream.ChunkedWriteHandler;
+import net.stzups.netty.http.DefaultHttpServerHandler;
+import net.stzups.netty.http.HttpServerHandler;
+import net.stzups.netty.http.HttpServerInitializer;
+import net.stzups.netty.http.handler.handlers.FileRequestHandler;
+import net.stzups.scribbleshare.backend.ScribbleshareBackendConfig;
+import net.stzups.scribbleshare.backend.data.database.ScribbleshareBackendDatabase;
+import net.stzups.scribbleshare.backend.server.handlers.AutoHandler;
+import net.stzups.scribbleshare.backend.server.handlers.DocumentRequestHandler;
+import net.stzups.scribbleshare.backend.server.handlers.LoginRequestHandler;
+import net.stzups.scribbleshare.backend.server.handlers.LogoutRequestHandler;
+import net.stzups.scribbleshare.backend.server.handlers.RegisterRequestHandler;
+
+import javax.net.ssl.SSLException;
+
+@ChannelHandler.Sharable
+public class BackendHttpServerInitializer extends HttpServerInitializer {
+    private final HttpServerHandler httpServerHandler;
+
+    public BackendHttpServerInitializer(ScribbleshareBackendConfig config, ScribbleshareBackendDatabase database) throws SSLException {
+        super(config);
+        httpServerHandler = new DefaultHttpServerHandler()
+                .addLast(new DocumentRequestHandler<>(config, database))
+                .addLast(new LoginRequestHandler<>(config, database))
+                .addLast(new LogoutRequestHandler(config))
+                .addLast(new RegisterRequestHandler<>(config, database))
+                .addLast(new AutoHandler<>(config, database))
+                .addLast(new FileRequestHandler(config));
+    }
+
+    @Override
+    protected void initChannel(SocketChannel channel) {
+        super.initChannel(channel);
+
+        channel.pipeline()
+                .addLast(new HttpContentCompressor())
+                .addLast(new ChunkedWriteHandler())
+                .addLast(httpServerHandler);
+    }
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/AutoHandler.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/AutoHandler.java
new file mode 100644
index 00000000..c8789af4
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/AutoHandler.java
@@ -0,0 +1,35 @@
+package net.stzups.scribbleshare.backend.server.handlers;
+
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import net.stzups.netty.http.exception.HttpException;
+import net.stzups.netty.http.handler.HttpHandler;
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSession;
+import net.stzups.scribbleshare.backend.data.database.databases.PersistentHttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+
+public class AutoHandler<T extends HttpSessionDatabase & PersistentHttpSessionDatabase & UserDatabase> extends HttpHandler {
+    private final HttpConfig config;
+    private final T database;
+
+    public AutoHandler(HttpConfig config, T database) {
+        super("/");
+        this.config = config;
+        this.database = database;
+    }
+
+    @Override
+    public boolean handle(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response) throws HttpException {
+        HttpUserSession session = HttpUserSession.getSession(database, request);
+        if (session != null) {
+            return false;
+        }
+
+        HttpUserSession a = PersistentHttpUserSession.logIn(config, database, request, response);
+        return false;
+    }
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/DocumentRequestHandler.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/DocumentRequestHandler.java
new file mode 100644
index 00000000..a0b0bbed
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/DocumentRequestHandler.java
@@ -0,0 +1,136 @@
+package net.stzups.scribbleshare.backend.server.handlers;
+
+import io.netty.buffer.ByteBufInputStream;
+import io.netty.buffer.Unpooled;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpChunkedInput;
+import io.netty.handler.codec.http.HttpHeaderNames;
+import io.netty.handler.codec.http.HttpMethod;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.handler.stream.ChunkedStream;
+import net.stzups.netty.http.exception.HttpException;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.netty.http.exception.exceptions.MethodNotAllowedException;
+import net.stzups.netty.http.exception.exceptions.NotFoundException;
+import net.stzups.netty.http.exception.exceptions.UnauthorizedException;
+import net.stzups.netty.http.handler.RequestHandler;
+import net.stzups.netty.http.objects.Route;
+import net.stzups.scribbleshare.data.database.databases.DocumentDatabase;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.ResourceDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.Document;
+import net.stzups.scribbleshare.data.objects.Resource;
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.scribbleshare.data.objects.authentication.AuthenticatedUserSession;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.server.http.handler.handlers.HttpAuthenticator;
+
+import static net.stzups.netty.http.HttpUtils.send;
+
+public class DocumentRequestHandler<T extends ResourceDatabase & DocumentDatabase & HttpSessionDatabase & UserDatabase> extends RequestHandler {
+    private static final long MAX_AGE_NO_EXPIRE = 31536000;//one year, max age of a cookie
+
+    private final T database;
+
+    public DocumentRequestHandler(HttpConfig config, T database) {
+        super(config, "/", "/document");
+        this.database = database;
+    }
+
+    @Override
+    public void handleRequest(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response) throws HttpException {
+        Route route = new Route(request.uri());
+        AuthenticatedUserSession session = HttpAuthenticator.authenticateHttpUserSession(database, request);
+
+        if (session == null) {
+            throw new UnauthorizedException("No authentication");
+        }
+
+        User user = session.getUser();
+
+        long documentId;
+        try {
+            documentId = Long.parseLong(route.get(2));
+        } catch (NumberFormatException e) {
+            throw new BadRequestException("Exception while parsing " + route.get(2), e);
+        }
+
+        if (!user.getOwnedDocuments().contains(documentId) && !user.getSharedDocuments().contains(documentId)) {
+            throw new NotFoundException("User tried to open document they don't have access to");
+            //todo public documents
+        }
+
+        // user has access to the document
+
+        if (route.length() == 3) { // get document or submit new resource to document
+            if (request.method().equals(HttpMethod.GET)) {
+                //todo
+                throw new NotFoundException("todo not implemented yet");
+                                /*Resource resource = BackendServerInitializer.getDatabase(ctx).getResource(documentId, documentId);
+                                if (resource == null) { //indicates an empty unsaved canvas, so serve that
+                                    send(ctx, request, Canvas.getEmptyCanvas());
+                                    return;
+                                }
+                                HttpHeaders headers = new DefaultHttpHeaders();
+                                headers.set(HttpHeaderNames.CACHE_CONTROL, "private,max-age=0");//cache but always revalidate
+                                sendChunkedResource(ctx, request, headers, new ChunkedStream(new ByteBufInputStream(resource.getData())), resource.getLastModified());//todo don't fetch entire document from db if not modified*/
+            } else if (request.method().equals(HttpMethod.POST)) { //todo validation/security for submitted resources
+                Document document;
+                try {
+                    document = database.getDocument(documentId);
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+                if (document == null)
+                    throw new NotFoundException("Document with id " + documentId + " for user " + user + " somehow does not exist");
+
+                try {
+                    send(ctx, request, response, Unpooled.copyLong(database.addResource(document.getId(), new Resource(request.content()))));
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+            } else {
+                throw new MethodNotAllowedException(request.method());
+            }
+        } else { // route.length == 4, get resource from document
+            // does the document have this resource?
+            long resourceId;
+            try {
+                resourceId = Long.parseLong(route.get(3));
+            } catch (NumberFormatException e) {
+                throw new BadRequestException("Exception while parsing " + route.get(3), e);
+            }
+
+            Document document;
+            try {
+                document = database.getDocument(documentId);
+            } catch (DatabaseException e) {
+                throw new InternalServerException(e);
+            }
+            if (document == null)
+                throw new NotFoundException("Document with id " + documentId + " for user " + user + " somehow does not exist");
+
+            if (request.method().equals(HttpMethod.GET)) {
+                // get resource, resource must exist on the document
+                Resource resource;
+                try {
+                    resource = database.getResource(resourceId, documentId);
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+                if (resource == null) {
+                    throw new NotFoundException("Resource does not exist");
+                }
+
+                response.headers().add(HttpHeaderNames.CACHE_CONTROL, "private,max-age=" + MAX_AGE_NO_EXPIRE + ",immutable");//cache and never revalidate - permanent
+                send(ctx, request, response, new HttpChunkedInput(new ChunkedStream(new ByteBufInputStream(resource.getData()))));
+            } else {
+                throw new MethodNotAllowedException(request.method());
+            }
+        }
+    }
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/LoginRequestHandler.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/LoginRequestHandler.java
new file mode 100644
index 00000000..e5b87b0a
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/LoginRequestHandler.java
@@ -0,0 +1,141 @@
+package net.stzups.scribbleshare.backend.server.handlers;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.Unpooled;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import net.stzups.netty.http.exception.HttpException;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.netty.http.handler.RequestHandler;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSession;
+import net.stzups.scribbleshare.backend.data.database.databases.PersistentHttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.LoginDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+import net.stzups.scribbleshare.data.objects.authentication.login.Login;
+
+import java.nio.charset.StandardCharsets;
+
+import static net.stzups.netty.http.HttpUtils.send;
+
+public class LoginRequestHandler<T extends LoginDatabase & UserDatabase & HttpSessionDatabase & PersistentHttpSessionDatabase> extends RequestHandler {
+    private static class LoginRequest {
+        private final String username;
+        private final String password;
+        private final boolean remember;
+
+        LoginRequest(ByteBuf byteBuf) {
+            username = readString(byteBuf);
+            password = readString(byteBuf);
+            remember = byteBuf.readBoolean();
+        }
+    }
+
+    private enum LoginResponseResult {
+        SUCCESS(0),
+        FAILED(1)
+        ;
+        private final int id;
+
+        LoginResponseResult(int id) {
+            this.id = id;
+        }
+
+        public void serialize(ByteBuf byteBuf) {
+            byteBuf.writeByte((byte) id);
+        }
+    }
+
+    private static class LoginResponse {
+        private final LoginResponseResult status;
+
+        LoginResponse(LoginResponseResult result) {
+            this.status = result;
+        }
+
+        public void serialize(ByteBuf byteBuf) {
+            status.serialize(byteBuf);
+        }
+    }
+
+    static final String LOGIN_PAGE = "/login"; // the login page, where login requests should come from
+    private static final String LOGIN_PATH = "/login"; // where login requests should go
+
+    private final HttpConfig config;
+    private final T database;
+
+    public LoginRequestHandler(HttpConfig config, T database) {
+        super(config, LOGIN_PAGE, LOGIN_PATH);
+        this.database = database;
+        this.config = config;
+    }
+
+    @Override
+    public void handleRequest(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response) throws HttpException {
+        LoginRequest loginRequest = new LoginRequest(request.content());
+
+        Login login;
+        try {
+            login = database.getLogin(loginRequest.username);
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        if (!Login.verify(login, loginRequest.password.getBytes(StandardCharsets.UTF_8))) {
+            //todo rate limit and generic error handling
+            if (login == null) {
+                Scribbleshare.getLogger(ctx).info("Failed login attempt with bad username " + loginRequest.username);
+            } else {
+                Scribbleshare.getLogger(ctx).info("Failed login attempt with bad password for username " + loginRequest.username);
+            }
+
+            ByteBuf byteBuf = Unpooled.buffer();
+            new LoginResponse(LoginResponseResult.FAILED).serialize(byteBuf);
+            send(ctx, request, response, byteBuf);
+            byteBuf.release();
+            return;
+        }
+
+        assert login != null : "Verified logins should never be null";
+
+        User user;
+        try {
+            user = database.getUser(login.getId());
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        if (user == null) {
+            throw new InternalServerException("No user for id " + login.getId());
+        }
+
+        HttpUserSession userSession = new HttpUserSession(config, user, response);
+        try {
+            database.addHttpSession(userSession);
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        if (loginRequest.remember) {
+            PersistentHttpUserSession persistentHttpUserSession = new PersistentHttpUserSession(config, userSession, response);
+            try {
+                database.addPersistentHttpUserSession(persistentHttpUserSession);
+            } catch (DatabaseException e) {
+                throw new InternalServerException(e);
+            }
+        }
+
+        response.headers().set(headers);
+        ByteBuf byteBuf = Unpooled.buffer();
+        new LoginResponse(LoginResponseResult.SUCCESS).serialize(byteBuf);
+        send(ctx, request, response, byteBuf);
+        Scribbleshare.getLogger(ctx).info("Logged in as " + user);
+    }
+
+    static String readString(ByteBuf byteBuf) {
+        return byteBuf.readCharSequence(byteBuf.readUnsignedByte(), StandardCharsets.UTF_8).toString();
+    }
+}
\ No newline at end of file
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/LogoutRequestHandler.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/LogoutRequestHandler.java
new file mode 100644
index 00000000..98a68992
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/LogoutRequestHandler.java
@@ -0,0 +1,32 @@
+package net.stzups.scribbleshare.backend.server.handlers;
+
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.handler.codec.http.HttpResponseStatus;
+import net.stzups.netty.http.exception.HttpException;
+import net.stzups.netty.http.handler.RequestHandler;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.backend.data.PersistentHttpUserSessionCookie;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSessionCookie;
+
+import static net.stzups.netty.http.HttpUtils.sendRedirect;
+
+public class LogoutRequestHandler extends RequestHandler {
+    private static final String LOGOUT_PAGE = "/logout"; // the logout page, where logout requests should come from
+    private static final String LOGOUT_PATH = "/logout"; // where logout requests should go
+    private static final String LOGOUT_SUCCESS = LoginRequestHandler.LOGIN_PAGE;
+
+    public LogoutRequestHandler(HttpConfig config) {
+        super(config, LOGOUT_PAGE, LOGOUT_PATH);
+    }
+
+    @Override
+    protected void handleRequest(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response) throws HttpException { //todo validate
+        HttpUserSessionCookie.clearCookie(response);
+        PersistentHttpUserSessionCookie.clearCookie(response);
+        sendRedirect(ctx, request, response, HttpResponseStatus.SEE_OTHER, LOGOUT_SUCCESS);
+        Scribbleshare.getLogger(ctx).info("Logged out");
+    }
+}
diff --git a/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/RegisterRequestHandler.java b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/RegisterRequestHandler.java
new file mode 100644
index 00000000..25a09cdf
--- /dev/null
+++ b/app/backend/src/main/java/net/stzups/scribbleshare/backend/server/handlers/RegisterRequestHandler.java
@@ -0,0 +1,150 @@
+package net.stzups.scribbleshare.backend.server.handlers;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.Unpooled;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import net.stzups.netty.http.exception.HttpException;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.netty.http.handler.RequestHandler;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.LoginDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+import net.stzups.scribbleshare.data.objects.authentication.login.Login;
+import net.stzups.scribbleshare.server.http.handler.handlers.HttpAuthenticator;
+
+import static net.stzups.netty.http.HttpUtils.send;
+import static net.stzups.scribbleshare.backend.server.handlers.LoginRequestHandler.readString;
+
+public class RegisterRequestHandler<T extends HttpSessionDatabase & UserDatabase & LoginDatabase> extends RequestHandler {
+    private static class RegisterRequest {
+        private final String username;
+        private final byte[] password;
+
+        RegisterRequest(ByteBuf byteBuf) {
+            username = readString(byteBuf);
+            password = new byte[byteBuf.readUnsignedByte()];
+            byteBuf.readBytes(password);
+        }
+    }
+
+    private enum RegisterResponseResult {
+        SUCCESS(0),
+        USERNAME_TAKEN(1)
+        ;
+
+        private final int id;
+
+        private RegisterResponseResult(int id) {
+            this.id = id;
+        }
+
+        public void serialize(ByteBuf byteBuf) {
+            byteBuf.writeByte((byte) id);
+        }
+    }
+    private static class RegisterResponse {
+        private final RegisterResponseResult result;
+
+        private RegisterResponse(RegisterResponseResult result) {
+            this.result = result;
+        }
+
+        public void serialize(ByteBuf byteBuf) {
+            result.serialize(byteBuf);
+        }
+    }
+
+    static final String REGISTER_PAGE = "/register"; // the register page, where register requests should come from
+    private static final String REGISTER_PATH = "/register"; // where register requests should go
+    private static final String REGISTER_SUCCESS = LoginRequestHandler.LOGIN_PAGE; // redirect for a good register, should be the login page
+
+    private final T database;
+
+    public RegisterRequestHandler(HttpConfig config, T database) {
+        super(config, REGISTER_PAGE, REGISTER_PATH);
+        this.database = database;
+    }
+
+    @Override
+    public void handleRequest(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response) throws HttpException {
+
+        // validate
+        RegisterRequest registerRequest = new RegisterRequest(request.content());
+
+        //todo validate
+        if (false) {
+
+            throw new BadRequestException("Invalid todo");
+        }
+
+        User user;
+        HttpUserSession session = HttpAuthenticator.getHttpUserSession(database, request);
+        if (session != null) {
+            User u;
+            try {
+                u = database.getUser(session.getUser());
+            } catch (DatabaseException e) {
+                throw new InternalServerException(e);
+            }
+            if (u == null) {
+                throw new InternalServerException("User somehow does not exist for " + session);
+            }
+            if (u.isRegistered()) {
+                Scribbleshare.getLogger(ctx).info("Registered user is creating a new account");
+                user = new User(registerRequest.username);
+                try {
+                    database.addUser(user);
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+            } else {
+                Scribbleshare.getLogger(ctx).info("Temporary user is registering");
+                user = u;
+            }
+        } else {
+            Scribbleshare.getLogger(ctx).info("Brand new user is registering");
+            user = new User(registerRequest.username);
+            try {
+                database.addUser(user);
+            } catch (DatabaseException e) {
+                throw new InternalServerException(e);
+            }
+        }
+
+
+        assert !user.isRegistered();
+
+        Login login = new Login(user, registerRequest.password);
+        boolean loginAdded;
+        try {
+            loginAdded = database.addLogin(login);
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        RegisterResponseResult result;
+        if (!loginAdded) {
+            //todo hard rate limit
+            Scribbleshare.getLogger(ctx).info("Tried to register with duplicate username " + registerRequest.username);
+
+            result = RegisterResponseResult.USERNAME_TAKEN;//todo delete old user????? because it was already added above and now its dead
+        } else {
+            result = RegisterResponseResult.SUCCESS;
+        }
+
+        if (result == RegisterResponseResult.SUCCESS) {
+            Scribbleshare.getLogger(ctx).info("Registered with username " + registerRequest.username + " for user " + user);
+        }
+
+        ByteBuf byteBuf = Unpooled.buffer();
+        new RegisterResponse(result).serialize(byteBuf);
+        send(ctx, request, response, byteBuf);
+    }
+}
diff --git a/scribbleshare-app/scribbleshare-backend/src/main/resources/mime.types b/app/backend/src/main/resources/mime.types
similarity index 100%
rename from scribbleshare-app/scribbleshare-backend/src/main/resources/mime.types
rename to app/backend/src/main/resources/mime.types
diff --git a/scribbleshare-app/scribbleshare-frontend/build.sh b/app/frontend/build.sh
similarity index 89%
rename from scribbleshare-app/scribbleshare-frontend/build.sh
rename to app/frontend/build.sh
index bbbf399b..512b373f 100644
--- a/scribbleshare-app/scribbleshare-frontend/build.sh
+++ b/app/frontend/build.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 
 # Clean up old build
 rm -rf build
diff --git a/scribbleshare-app/scribbleshare-frontend/package.json b/app/frontend/package.json
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/package.json
rename to app/frontend/package.json
diff --git a/app/frontend/rollup.config.js b/app/frontend/rollup.config.js
new file mode 100644
index 00000000..3b9c2ec5
--- /dev/null
+++ b/app/frontend/rollup.config.js
@@ -0,0 +1,32 @@
+import {nodeResolve} from '@rollup/plugin-node-resolve';
+import typescript from '@rollup/plugin-typescript';
+import {terser} from "rollup-plugin-terser";
+
+const plugins =  [
+  nodeResolve(),
+  terser({
+    mangle: {
+      properties:true,
+    },
+  }),
+  typescript(),
+]
+
+export default [
+  {
+    input: 'src/scripts/index.ts',
+    output: {
+      file: 'build/scripts/index.js',
+      format: 'iife',
+    },
+    plugins: plugins
+  },
+  {
+    input: 'src/scripts/logout.ts',
+    output: {
+      file: 'build/scripts/logout.js',
+      format: 'iife',
+    },
+    plugins: plugins
+  }
+];
diff --git a/scribbleshare-app/scribbleshare-frontend/src/assets/circle.png b/app/frontend/src/assets/circle.png
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/assets/circle.png
rename to app/frontend/src/assets/circle.png
diff --git a/scribbleshare-app/scribbleshare-frontend/src/assets/default.png b/app/frontend/src/assets/default.png
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/assets/default.png
rename to app/frontend/src/assets/default.png
diff --git a/scribbleshare-app/scribbleshare-frontend/src/assets/pointer.png b/app/frontend/src/assets/pointer.png
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/assets/pointer.png
rename to app/frontend/src/assets/pointer.png
diff --git a/scribbleshare-app/scribbleshare-frontend/src/assets/scribbleshare.png b/app/frontend/src/assets/scribbleshare.png
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/assets/scribbleshare.png
rename to app/frontend/src/assets/scribbleshare.png
diff --git a/scribbleshare-app/scribbleshare-frontend/src/assets/square.png b/app/frontend/src/assets/square.png
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/assets/square.png
rename to app/frontend/src/assets/square.png
diff --git a/scribbleshare-app/scribbleshare-frontend/src/assets/trash.png b/app/frontend/src/assets/trash.png
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/assets/trash.png
rename to app/frontend/src/assets/trash.png
diff --git a/scribbleshare-app/scribbleshare-frontend/src/assets/triangle.png b/app/frontend/src/assets/triangle.png
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/assets/triangle.png
rename to app/frontend/src/assets/triangle.png
diff --git a/scribbleshare-app/scribbleshare-frontend/src/favicon.ico b/app/frontend/src/favicon.ico
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/favicon.ico
rename to app/frontend/src/favicon.ico
diff --git a/scribbleshare-app/scribbleshare-frontend/src/index.css b/app/frontend/src/index.css
similarity index 93%
rename from scribbleshare-app/scribbleshare-frontend/src/index.css
rename to app/frontend/src/index.css
index 6364c2f0..6a70a219 100644
--- a/scribbleshare-app/scribbleshare-frontend/src/index.css
+++ b/app/frontend/src/index.css
@@ -110,4 +110,10 @@ aside button:active {
 
 input[type="radio"] {
     visibility: hidden;
+}
+
+#loginModal {
+    display: flex;
+    flex-direction: column;
+    justify-content: flex-end;
 }
\ No newline at end of file
diff --git a/scribbleshare-app/scribbleshare-frontend/src/index.html b/app/frontend/src/index.html
similarity index 97%
rename from scribbleshare-app/scribbleshare-frontend/src/index.html
rename to app/frontend/src/index.html
index c5ad8efa..2a3ec6df 100644
--- a/scribbleshare-app/scribbleshare-frontend/src/index.html
+++ b/app/frontend/src/index.html
@@ -6,7 +6,7 @@
         <link rel="icon" href="favicon.ico" type="image/x-icon"/>
         <link rel="stylesheet" href="style.css">
         <link rel="stylesheet" href="index.css">
-        <script type="module" src="scripts/main.js"></script>
+        <script type="module" src="scripts/index.js"></script>
     </head>
     <body>
         <aside>
diff --git a/app/frontend/src/login.html b/app/frontend/src/login.html
new file mode 100644
index 00000000..7131cb6b
--- /dev/null
+++ b/app/frontend/src/login.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Login</title>
+        <script type="module" src="scripts/login.js"></script>
+    </head>
+    <body>
+        <form id="login">
+            <input type="text" placeholder="username" name="username" required>
+            <input type="password" placeholder="password" name="password" required>
+            <input type="checkbox" checked="checked" name="remember">Remember me
+            <button type="submit">Log in</button>
+        </form>
+    </body>
+</html>
\ No newline at end of file
diff --git a/app/frontend/src/logout.html b/app/frontend/src/logout.html
new file mode 100644
index 00000000..0aaabdc0
--- /dev/null
+++ b/app/frontend/src/logout.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Logout</title>
+        <script type="module" src="scripts/logout.js"></script>
+    </head>
+    <body>
+        <form id="logout">
+            <button type="submit">Log out</button>
+        </form>
+    </body>
+</html>
\ No newline at end of file
diff --git a/app/frontend/src/register.html b/app/frontend/src/register.html
new file mode 100644
index 00000000..6bb2c205
--- /dev/null
+++ b/app/frontend/src/register.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Register</title>
+        <script type="module" src="scripts/register.js"></script>
+    </head>
+    <body>
+        <form id="register">
+            <input type="text" placeholder="username" name="username" required>
+            <input type="password" placeholder="password" name="password" required>
+            <button type="submit">Register</button>
+        </form>
+    </body>
+</html>
\ No newline at end of file
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Client.ts b/app/frontend/src/scripts/common/Client.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Client.ts
rename to app/frontend/src/scripts/common/Client.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Color.ts b/app/frontend/src/scripts/common/Color.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Color.ts
rename to app/frontend/src/scripts/common/Color.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/ColorSelector.ts b/app/frontend/src/scripts/common/ColorSelector.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/ColorSelector.ts
rename to app/frontend/src/scripts/common/ColorSelector.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Document.ts b/app/frontend/src/scripts/common/Document.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Document.ts
rename to app/frontend/src/scripts/common/Document.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Environment.ts b/app/frontend/src/scripts/common/Environment.ts
similarity index 87%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Environment.ts
rename to app/frontend/src/scripts/common/Environment.ts
index 906150dd..0f8afa57 100644
--- a/scribbleshare-app/scribbleshare-frontend/src/scripts/Environment.ts
+++ b/app/frontend/src/scripts/common/Environment.ts
@@ -5,7 +5,7 @@ interface Environment {
 
 class DevEnvironment implements Environment {
     getApiHost(): string {
-        return 'http://localhost';
+        return 'http://localhost:3456';
     }
 
     getWebsocketHost(): string {
@@ -19,7 +19,7 @@ class ProductionEnvironment implements Environment {
     }
 
     getWebsocketHost(): string {
-        return 'ws://scribbleshare.com:18080/scribblesocket';
+        return 'ws://scribbleshare.com:8080/scribblesocket';
     }
 }
 
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/FileUpload.ts b/app/frontend/src/scripts/common/FileUpload.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/FileUpload.ts
rename to app/frontend/src/scripts/common/FileUpload.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Invite.ts b/app/frontend/src/scripts/common/Invite.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Invite.ts
rename to app/frontend/src/scripts/common/Invite.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Modal.ts b/app/frontend/src/scripts/common/Modal.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Modal.ts
rename to app/frontend/src/scripts/common/Modal.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Mouse.ts b/app/frontend/src/scripts/common/Mouse.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Mouse.ts
rename to app/frontend/src/scripts/common/Mouse.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/MouseMove.ts b/app/frontend/src/scripts/common/MouseMove.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/MouseMove.ts
rename to app/frontend/src/scripts/common/MouseMove.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/ShapeSelector.ts b/app/frontend/src/scripts/common/ShapeSelector.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/ShapeSelector.ts
rename to app/frontend/src/scripts/common/ShapeSelector.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/Sidebar.ts b/app/frontend/src/scripts/common/Sidebar.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/Sidebar.ts
rename to app/frontend/src/scripts/common/Sidebar.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/ToolSelector.ts b/app/frontend/src/scripts/common/ToolSelector.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/ToolSelector.ts
rename to app/frontend/src/scripts/common/ToolSelector.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/User.ts b/app/frontend/src/scripts/common/User.ts
similarity index 97%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/User.ts
rename to app/frontend/src/scripts/common/User.ts
index 0bb8a7cf..bc0527ed 100644
--- a/scribbleshare-app/scribbleshare-frontend/src/scripts/User.ts
+++ b/app/frontend/src/scripts/common/User.ts
@@ -1,6 +1,6 @@
 import socket from "./protocol/WebSocketHandler.js";
 import ServerMessageType from "./protocol/server/ServerMessageType.js";
-import ServerMessageAddUser from "./protocol/server/messages/ServerMessageAddUser";
+import ServerMessageAddUser from "./protocol/server/messages/ServerMessageAddUser.js";
 import ServerMessage from "./protocol/server/ServerMessage.js";
 
 const users = new Map<bigint, User>();
diff --git a/app/frontend/src/scripts/common/api/Api.ts b/app/frontend/src/scripts/common/api/Api.ts
new file mode 100644
index 00000000..bc00796d
--- /dev/null
+++ b/app/frontend/src/scripts/common/api/Api.ts
@@ -0,0 +1,75 @@
+import ByteBuffer from "../protocol/ByteBuffer.js";
+import LoginRequest from "./protocol/request/requests/LoginRequest.js";
+import Environment from "../Environment.js"
+import RegisterRequest from "./protocol/request/requests/RegisterRequest.js";
+import LoginResponse from "./protocol/response/responses/LoginResponse.js";
+import RegisterResponse from "./protocol/response/responses/RegisterResponse.js";
+
+class Api {
+    uri: string;
+
+    constructor(uri: string) {
+        this.uri = uri;
+    }
+
+    login(loginRequest: LoginRequest): Promise<LoginResponse> {
+        return new Promise((resolve, reject) => {
+            let request = new XMLHttpRequest();
+            request.responseType = 'arraybuffer';
+            request.open('POST', this.uri + '/login');
+
+            request.addEventListener('load', (event) => {
+                if (request.status === 200) {
+                    resolve(new LoginResponse(new ByteBuffer(request.response)));
+                } else {
+                    reject(request.status)
+                }
+            });
+
+            let byteBuffer = new ByteBuffer();
+            loginRequest.serialize(byteBuffer);
+            request.send(byteBuffer.getBuffer());
+        })
+    }
+
+    register(registerRequest: RegisterRequest): Promise<RegisterResponse> {
+        return new Promise((resolve, reject) => {
+            let request = new XMLHttpRequest();
+            request.responseType = 'arraybuffer';
+            request.open('POST', this.uri + '/register');
+
+            request.addEventListener('load', (event) => {
+                if (request.status === 200) {
+                    resolve(new RegisterResponse(new ByteBuffer(request.response)));
+                } else {
+                    reject(request.status)
+                }
+            });
+
+            let byteBuffer = new ByteBuffer();
+            registerRequest.serialize(byteBuffer);
+            request.send(byteBuffer.getBuffer());
+        })
+    }
+
+    logout(): Promise<void> {
+        return new Promise((resolve, reject) => {
+            let request = new XMLHttpRequest();
+            request.responseType = 'arraybuffer'
+            request.open('POST', this.uri + '/logout');
+
+            request.addEventListener('load', (event) => {
+                if (request.status === 200) {
+                    resolve();
+                } else {
+                    reject(request.status);
+                }
+            })
+
+            request.send();
+        });
+    }
+}
+
+export default new Api(Environment.getApiHost());
+
diff --git a/app/frontend/src/scripts/common/api/protocol/request/ApiRequest.ts b/app/frontend/src/scripts/common/api/protocol/request/ApiRequest.ts
new file mode 100644
index 00000000..1d69abc2
--- /dev/null
+++ b/app/frontend/src/scripts/common/api/protocol/request/ApiRequest.ts
@@ -0,0 +1,5 @@
+import ByteBuffer from "../../../protocol/ByteBuffer.js";
+
+export default abstract class ApiRequest {
+    abstract serialize(byteBuffer: ByteBuffer): void;
+}
\ No newline at end of file
diff --git a/app/frontend/src/scripts/common/api/protocol/request/requests/LoginRequest.ts b/app/frontend/src/scripts/common/api/protocol/request/requests/LoginRequest.ts
new file mode 100644
index 00000000..3c920de3
--- /dev/null
+++ b/app/frontend/src/scripts/common/api/protocol/request/requests/LoginRequest.ts
@@ -0,0 +1,21 @@
+import ByteBuffer from "../../../../protocol/ByteBuffer.js";
+import ApiRequest from "../ApiRequest.js"
+
+export default class LoginRequest extends ApiRequest {
+    username: string;
+    password: string;
+    remember: boolean;
+
+    constructor(form: HTMLFormElement) {
+        super();
+        this.username = form.username.value;
+        this.password = form.password.value;
+        this.remember = form.remember.value === "on";
+    }
+
+    serialize(byteBuffer: ByteBuffer): void {
+        byteBuffer.writeString8(this.username);
+        byteBuffer.writeString8(this.password);
+        byteBuffer.writeBoolean(this.remember);
+    }
+}
\ No newline at end of file
diff --git a/app/frontend/src/scripts/common/api/protocol/request/requests/RegisterRequest.ts b/app/frontend/src/scripts/common/api/protocol/request/requests/RegisterRequest.ts
new file mode 100644
index 00000000..32570b1c
--- /dev/null
+++ b/app/frontend/src/scripts/common/api/protocol/request/requests/RegisterRequest.ts
@@ -0,0 +1,18 @@
+import ApiRequest from "../ApiRequest.js";
+import ByteBuffer from "../../../../protocol/ByteBuffer.js";
+
+export default class RegisterRequest extends ApiRequest {
+    username: string;
+    password: string;
+
+    constructor(form: HTMLFormElement) {
+        super();
+        this.username = form.username.value;
+        this.password = form.password.value;
+    }
+
+    serialize(byteBuffer: ByteBuffer) {
+        byteBuffer.writeString8(this.username);
+        byteBuffer.writeString8(this.password);
+    }
+}
\ No newline at end of file
diff --git a/app/frontend/src/scripts/common/api/protocol/response/responses/LoginResponse.ts b/app/frontend/src/scripts/common/api/protocol/response/responses/LoginResponse.ts
new file mode 100644
index 00000000..16c0dfc5
--- /dev/null
+++ b/app/frontend/src/scripts/common/api/protocol/response/responses/LoginResponse.ts
@@ -0,0 +1,14 @@
+import ByteBuffer from "../../../../protocol/ByteBuffer.js";
+
+export default class LoginResponse {
+    result: LoginResponseResult;
+
+    constructor(byteBuffer: ByteBuffer) {
+        this.result = byteBuffer.readUint8();
+    }
+}
+
+export enum LoginResponseResult {
+    SUCCESS,
+    FAILED
+}
\ No newline at end of file
diff --git a/app/frontend/src/scripts/common/api/protocol/response/responses/RegisterResponse.ts b/app/frontend/src/scripts/common/api/protocol/response/responses/RegisterResponse.ts
new file mode 100644
index 00000000..3b04c7ba
--- /dev/null
+++ b/app/frontend/src/scripts/common/api/protocol/response/responses/RegisterResponse.ts
@@ -0,0 +1,14 @@
+import ByteBuffer from "../../../../protocol/ByteBuffer.js";
+
+export default class RegisterResponse {
+    result: RegisterResponseResult;
+
+    constructor(byteBuffer: ByteBuffer) {
+        this.result = byteBuffer.readUint8();
+    }
+}
+
+export enum RegisterResponseResult {
+    SUCCESS,
+    USERNAME_TAKEN
+}
\ No newline at end of file
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/Canvas.ts b/app/frontend/src/scripts/common/canvas/Canvas.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/Canvas.ts
rename to app/frontend/src/scripts/common/canvas/Canvas.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/CanvasObject.ts b/app/frontend/src/scripts/common/canvas/canvasObject/CanvasObject.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/CanvasObject.ts
rename to app/frontend/src/scripts/common/canvas/canvasObject/CanvasObject.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/CanvasObjectType.ts b/app/frontend/src/scripts/common/canvas/canvasObject/CanvasObjectType.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/CanvasObjectType.ts
rename to app/frontend/src/scripts/common/canvas/canvasObject/CanvasObjectType.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/EntityCanvasObject.ts b/app/frontend/src/scripts/common/canvas/canvasObject/EntityCanvasObject.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/EntityCanvasObject.ts
rename to app/frontend/src/scripts/common/canvas/canvasObject/EntityCanvasObject.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/CanvasImage.ts b/app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/CanvasImage.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/CanvasImage.ts
rename to app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/CanvasImage.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/CanvasMouse.ts b/app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/CanvasMouse.ts
similarity index 92%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/CanvasMouse.ts
rename to app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/CanvasMouse.ts
index 7fadaeb5..bcd28ff8 100644
--- a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/CanvasMouse.ts
+++ b/app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/CanvasMouse.ts
@@ -1,6 +1,6 @@
 import {ctx} from "../../Canvas.js";
 import CanvasObject from "../CanvasObject.js";
-import ByteBuffer from "../../../protocol/ByteBuffer";
+import ByteBuffer from "../../../protocol/ByteBuffer.js";
 import CanvasObjectType from "../CanvasObjectType.js";
 
 const pointerImage = document.createElement('img');
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/Line.ts b/app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/Line.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/Line.ts
rename to app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/Line.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/Shape.ts b/app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/Shape.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasObject/canvasObjects/Shape.ts
rename to app/frontend/src/scripts/common/canvas/canvasObject/canvasObjects/Shape.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/CanvasUpdate.ts b/app/frontend/src/scripts/common/canvas/canvasUpdate/CanvasUpdate.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/CanvasUpdate.ts
rename to app/frontend/src/scripts/common/canvas/canvasUpdate/CanvasUpdate.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/CanvasUpdateType.ts b/app/frontend/src/scripts/common/canvas/canvasUpdate/CanvasUpdateType.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/CanvasUpdateType.ts
rename to app/frontend/src/scripts/common/canvas/canvasUpdate/CanvasUpdateType.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/CanvasUpdates.ts b/app/frontend/src/scripts/common/canvas/canvasUpdate/CanvasUpdates.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/CanvasUpdates.ts
rename to app/frontend/src/scripts/common/canvas/canvasUpdate/CanvasUpdates.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.ts b/app/frontend/src/scripts/common/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.ts
rename to app/frontend/src/scripts/common/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.ts b/app/frontend/src/scripts/common/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.ts
rename to app/frontend/src/scripts/common/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.ts b/app/frontend/src/scripts/common/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.ts
rename to app/frontend/src/scripts/common/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/ByteBuffer.ts b/app/frontend/src/scripts/common/protocol/ByteBuffer.ts
similarity index 97%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/ByteBuffer.ts
rename to app/frontend/src/scripts/common/protocol/ByteBuffer.ts
index fc463220..7ee1ea20 100644
--- a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/ByteBuffer.ts
+++ b/app/frontend/src/scripts/common/protocol/ByteBuffer.ts
@@ -73,6 +73,10 @@ export default class ByteBuffer {
         return btoa(this.readString8());
     }
 
+    readBoolean() {
+        return this.readUint8() == 1;
+    }
+
     readInt8() {
         let value = this.view.getInt8(this.position);
         this.position += 1;
@@ -171,6 +175,10 @@ export default class ByteBuffer {
         this.writeString32(atob(value));
     }
 
+    writeBoolean(value: boolean) {
+        this.writeUint8(value ? 1 : 0);
+    }
+
     writeInt8(value: number) {
         this.checkResize(1);
         this.view.setInt8(this.position, value);
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/SocketEventType.ts b/app/frontend/src/scripts/common/protocol/SocketEventType.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/SocketEventType.ts
rename to app/frontend/src/scripts/common/protocol/SocketEventType.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/WebSocketHandler.ts b/app/frontend/src/scripts/common/protocol/WebSocketHandler.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/WebSocketHandler.ts
rename to app/frontend/src/scripts/common/protocol/WebSocketHandler.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/ClientMessage.ts b/app/frontend/src/scripts/common/protocol/client/ClientMessage.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/ClientMessage.ts
rename to app/frontend/src/scripts/common/protocol/client/ClientMessage.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/ClientMessageType.ts b/app/frontend/src/scripts/common/protocol/client/ClientMessageType.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/ClientMessageType.ts
rename to app/frontend/src/scripts/common/protocol/client/ClientMessageType.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageCanvasUpdate.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageCanvasUpdate.ts
similarity index 98%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageCanvasUpdate.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageCanvasUpdate.ts
index d00fe559..3e43d8bd 100644
--- a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageCanvasUpdate.ts
+++ b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageCanvasUpdate.ts
@@ -1,7 +1,7 @@
 import ClientMessage from "../ClientMessage.js";
 import ClientMessageType from "../ClientMessageType.js";
 import ByteBuffer from "../../ByteBuffer.js";
-import CanvasUpdates from "../../../canvas/canvasUpdate/CanvasUpdates";
+import CanvasUpdates from "../../../canvas/canvasUpdate/CanvasUpdates.js";
 
 export default class ClientMessageCanvasUpdate extends ClientMessage {
     canvasUpdatesArray: CanvasUpdates[];
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageCreateDocument.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageCreateDocument.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageCreateDocument.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageCreateDocument.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageDeleteDocument.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageDeleteDocument.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageDeleteDocument.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageDeleteDocument.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageGetInvite.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageGetInvite.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageGetInvite.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageGetInvite.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageHandshake.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageHandshake.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageHandshake.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageHandshake.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageMouseMove.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageMouseMove.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageMouseMove.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageMouseMove.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageOpenDocument.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageOpenDocument.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageOpenDocument.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageOpenDocument.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageUpdateDocument.ts b/app/frontend/src/scripts/common/protocol/client/messages/ClientMessageUpdateDocument.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/client/messages/ClientMessageUpdateDocument.ts
rename to app/frontend/src/scripts/common/protocol/client/messages/ClientMessageUpdateDocument.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/ServerMessage.ts b/app/frontend/src/scripts/common/protocol/server/ServerMessage.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/ServerMessage.ts
rename to app/frontend/src/scripts/common/protocol/server/ServerMessage.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/ServerMessageType.ts b/app/frontend/src/scripts/common/protocol/server/ServerMessageType.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/ServerMessageType.ts
rename to app/frontend/src/scripts/common/protocol/server/ServerMessageType.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageAddClient.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageAddClient.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageAddClient.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageAddClient.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageAddUser.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageAddUser.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageAddUser.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageAddUser.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageCanvasUpdate.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageCanvasUpdate.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageCanvasUpdate.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageCanvasUpdate.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageDeleteDocument.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageDeleteDocument.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageDeleteDocument.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageDeleteDocument.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageGetInvite.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageGetInvite.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageGetInvite.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageGetInvite.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageHandshake.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageHandshake.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageHandshake.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageHandshake.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageMouseMove.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageMouseMove.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageMouseMove.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageMouseMove.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageOpenDocument.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageOpenDocument.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageOpenDocument.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageOpenDocument.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageRemoveClient.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageRemoveClient.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageRemoveClient.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageRemoveClient.ts
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageUpdateDocument.ts b/app/frontend/src/scripts/common/protocol/server/messages/ServerMessageUpdateDocument.ts
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/scripts/protocol/server/messages/ServerMessageUpdateDocument.ts
rename to app/frontend/src/scripts/common/protocol/server/messages/ServerMessageUpdateDocument.ts
diff --git a/app/frontend/src/scripts/index.ts b/app/frontend/src/scripts/index.ts
new file mode 100644
index 00000000..6459f79e
--- /dev/null
+++ b/app/frontend/src/scripts/index.ts
@@ -0,0 +1,2 @@
+import './common/Document.js';
+import './common/FileUpload.js'
\ No newline at end of file
diff --git a/app/frontend/src/scripts/login.ts b/app/frontend/src/scripts/login.ts
new file mode 100644
index 00000000..72112b94
--- /dev/null
+++ b/app/frontend/src/scripts/login.ts
@@ -0,0 +1,24 @@
+import LoginRequest from "./common/api/protocol/request/requests/LoginRequest.js";
+import api from "./common/api/Api.js"
+import LoginResponse, {LoginResponseResult} from "./common/api/protocol/response/responses/LoginResponse.js";
+
+
+document.getElementById('login')!.addEventListener('submit', (event) => {
+    event.preventDefault();
+    api.login(new LoginRequest(event.target as HTMLFormElement))
+        .then((loginResponse: LoginResponse) => {
+            switch (loginResponse.result) {
+                case LoginResponseResult.FAILED:
+                    window.alert('Incorrect username or password');
+                    break;
+                case LoginResponseResult.SUCCESS:
+                    window.location.href = '/';
+                    break;
+                default:
+                    throw new Error('Unknown response ' + loginResponse);
+            }
+        })
+        .catch((e: number) => {
+            window.alert('Unknown error ' + e);
+        });
+});
\ No newline at end of file
diff --git a/app/frontend/src/scripts/logout.ts b/app/frontend/src/scripts/logout.ts
new file mode 100644
index 00000000..ca831b32
--- /dev/null
+++ b/app/frontend/src/scripts/logout.ts
@@ -0,0 +1,13 @@
+import api from "./common/api/Api.js"
+
+document.getElementById('logout')!.addEventListener('submit', (event) => {
+    event.preventDefault();
+    api.logout()
+        .then(() => {
+            window.location.href = '/';
+        })
+        .catch((e: number) => {
+            window.alert('Unknown error ' + e);
+        });
+
+});
\ No newline at end of file
diff --git a/app/frontend/src/scripts/register.ts b/app/frontend/src/scripts/register.ts
new file mode 100644
index 00000000..8dc0caa1
--- /dev/null
+++ b/app/frontend/src/scripts/register.ts
@@ -0,0 +1,24 @@
+import api from "./common/api/Api.js"
+import RegisterRequest from "./common/api/protocol/request/requests/RegisterRequest.js";
+import RegisterResponse, {RegisterResponseResult} from "./common/api/protocol/response/responses/RegisterResponse.js";
+
+document.getElementById('register')!.addEventListener('submit', (event) => {
+    console.log(event);
+    event.preventDefault();
+    api.register(new RegisterRequest(event.target as HTMLFormElement))
+        .then((registerResponse: RegisterResponse) => {
+            switch (registerResponse.result) {
+                case RegisterResponseResult.USERNAME_TAKEN:
+                    window.alert('Username already taken');
+                    break;
+                case RegisterResponseResult.SUCCESS:
+                    window.location.href = '/login';
+                    break;
+                default:
+                    throw new Error('Unknown response ' + registerResponse);
+            }
+        })
+        .catch((e: number) => {
+            window.alert('Unknown error ' + e);
+        });
+});
\ No newline at end of file
diff --git a/scribbleshare-app/scribbleshare-frontend/src/style.css b/app/frontend/src/style.css
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/src/style.css
rename to app/frontend/src/style.css
diff --git a/scribbleshare-app/scribbleshare-frontend/tsconfig.json b/app/frontend/tsconfig.json
similarity index 100%
rename from scribbleshare-app/scribbleshare-frontend/tsconfig.json
rename to app/frontend/tsconfig.json
diff --git a/scribbleshare-app/scribbleshare.properties b/app/scribbleshare.properties
similarity index 62%
rename from scribbleshare-app/scribbleshare.properties
rename to app/scribbleshare.properties
index 16818b9d..81dce9e0 100644
--- a/scribbleshare-app/scribbleshare.properties
+++ b/app/scribbleshare.properties
@@ -2,6 +2,8 @@ ssl=false
 postgres.url=jdbc:postgresql://localhost:5432/scribbleshare
 postgres.user=scribbleshare_backend
 postgres.password=changeme
-html.root=scribbleshare-frontend/build
+html.root=frontend/src
 domain=localhost
-port=3456
\ No newline at end of file
+port=3456
+debug.js.root=frontend/build
+origin=http://localhost:3456
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
new file mode 100644
index 00000000..015732a6
--- /dev/null
+++ b/build.gradle
@@ -0,0 +1,8 @@
+allprojects {
+    repositories {
+        mavenCentral()
+        maven {
+            url "https://jitpack.io"
+        }
+    }
+}
\ No newline at end of file
diff --git a/commons/build.gradle b/commons/build.gradle
new file mode 100644
index 00000000..8735a547
--- /dev/null
+++ b/commons/build.gradle
@@ -0,0 +1,15 @@
+plugins {
+    id 'java-library'
+}
+
+apply from: rootProject.file('gradle/test.gradle')
+apply from: rootProject.file('gradle/jmh.gradle')
+
+dependencies {
+    api 'com.github.stzups:netty-http:master-SNAPSHOT'
+    implementation 'org.postgresql:postgresql:42.2.13'
+    implementation 'redis.clients:jedis:3.5.2'
+    implementation 'at.favre.lib:bcrypt:0.9.0'
+    api 'com.github.stzups:config:master-SNAPSHOT'
+    api 'org.jetbrains:annotations:16.0.2'
+}
\ No newline at end of file
diff --git a/commons/src/jmh/java/canvas/CanvasBenchmark.java b/commons/src/jmh/java/canvas/CanvasBenchmark.java
new file mode 100644
index 00000000..bf88b039
--- /dev/null
+++ b/commons/src/jmh/java/canvas/CanvasBenchmark.java
@@ -0,0 +1,43 @@
+package canvas;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.Unpooled;
+import net.stzups.scribbleshare.data.objects.canvas.Canvas;
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.Fork;
+import org.openjdk.jmh.annotations.Measurement;
+import org.openjdk.jmh.annotations.Scope;
+import org.openjdk.jmh.annotations.Setup;
+import org.openjdk.jmh.annotations.TearDown;
+import org.openjdk.jmh.annotations.Warmup;
+
+@Fork(1)
+@Warmup(iterations = 3)
+@Measurement(iterations = 3)
+public class CanvasBenchmark {
+    @org.openjdk.jmh.annotations.State(Scope.Benchmark)
+    public static class State {
+        ByteBuf byteBuf;
+        Canvas canvas;
+
+        @Setup
+        public void setup() {
+            byteBuf = Unpooled.buffer();
+
+            canvas = new Canvas();
+            canvas.serialize(byteBuf);
+            byteBuf.resetReaderIndex();
+            byteBuf.resetWriterIndex();
+        }
+
+        @TearDown
+        public void teardown() {
+            byteBuf.release();
+        }
+    }
+
+    @Benchmark
+    public void serialize(State state) {
+        state.canvas.serialize(state.byteBuf);
+    }
+}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/Scribbleshare.java b/commons/src/main/java/net/stzups/scribbleshare/Scribbleshare.java
similarity index 84%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/Scribbleshare.java
rename to commons/src/main/java/net/stzups/scribbleshare/Scribbleshare.java
index 2c9918e7..f92cd4ea 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/Scribbleshare.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/Scribbleshare.java
@@ -4,12 +4,12 @@
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.util.AttributeKey;
-import net.stzups.scribbleshare.server.Server;
-import net.stzups.scribbleshare.server.http.HttpServerInitializer;
-import net.stzups.scribbleshare.util.LogFactory;
-import net.stzups.scribbleshare.config.configs.ArgumentConfig;
-import net.stzups.scribbleshare.config.configs.EnvironmentVariableConfig;
-import net.stzups.scribbleshare.config.configs.PropertiesConfig;
+import net.stzups.config.configs.ArgumentConfig;
+import net.stzups.config.configs.EnvironmentVariableConfig;
+import net.stzups.config.configs.PropertiesConfig;
+import net.stzups.netty.Server;
+import net.stzups.netty.http.HttpServerInitializer;
+import net.stzups.util.LogFactory;
 
 import java.util.logging.Logger;
 
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfig.java b/commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfig.java
similarity index 85%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfig.java
rename to commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfig.java
index 87ea1212..a9feba2d 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfig.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfig.java
@@ -1,8 +1,8 @@
 package net.stzups.scribbleshare;
 
+import net.stzups.netty.http.HttpServerInitializer;
 import net.stzups.scribbleshare.data.database.implementations.PostgresDatabase;
 import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
-import net.stzups.scribbleshare.server.http.HttpServerInitializer;
 
 public interface ScribbleshareConfig extends PostgresDatabase.Config, HttpServerInitializer.Config, HttpConfig {
     String getEnvironmentVariablePrefix();
@@ -10,4 +10,5 @@ public interface ScribbleshareConfig extends PostgresDatabase.Config, HttpServer
     int getPort();
     String getDomain();
     String getName();
+    String getOrigin();
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfigImplementation.java b/commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfigImplementation.java
similarity index 89%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfigImplementation.java
rename to commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfigImplementation.java
index 2228ff78..954e165a 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfigImplementation.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/ScribbleshareConfigImplementation.java
@@ -1,9 +1,9 @@
 package net.stzups.scribbleshare;
 
-import net.stzups.scribbleshare.config.Config;
-import net.stzups.scribbleshare.config.ConfigKey;
-import net.stzups.scribbleshare.config.OptionalConfigKey;
-import net.stzups.scribbleshare.config.RequiredConfigKey;
+import net.stzups.config.Config;
+import net.stzups.config.ConfigKey;
+import net.stzups.config.OptionalConfigKey;
+import net.stzups.config.RequiredConfigKey;
 
 public class ScribbleshareConfigImplementation extends Config implements ScribbleshareConfig {
     private static final ConfigKey<String> NAME = new OptionalConfigKey<>("name", "Scribbleshare");
@@ -25,6 +25,13 @@ public class ScribbleshareConfigImplementation extends Config implements Scribbl
 
     public static final ConfigKey<Boolean> DEBUG_LOG_TRAFFIC = new OptionalConfigKey<>("debug.log.traffic", false);
 
+    private static final ConfigKey<String> ORIGIN = new OptionalConfigKey<>("origin", "");
+
+    @Override
+    public String getOrigin() {
+        return getString(ORIGIN);
+    }
+
     @Override
     public String getEnvironmentVariablePrefix() {
         return getString(ENVIRONMENT_VARIABLE_PREFIX);
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/ScribbleshareDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/ScribbleshareDatabase.java
new file mode 100644
index 00000000..ccae2297
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/ScribbleshareDatabase.java
@@ -0,0 +1,11 @@
+package net.stzups.scribbleshare.data.database;
+
+import net.stzups.scribbleshare.data.database.databases.DocumentDatabase;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.InviteCodeDatabase;
+import net.stzups.scribbleshare.data.database.databases.LoginDatabase;
+import net.stzups.scribbleshare.data.database.databases.ResourceDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+
+public interface ScribbleshareDatabase extends DocumentDatabase, HttpSessionDatabase, InviteCodeDatabase, LoginDatabase, ResourceDatabase, UserDatabase {
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/DocumentDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/DocumentDatabase.java
new file mode 100644
index 00000000..e40bda8a
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/DocumentDatabase.java
@@ -0,0 +1,20 @@
+package net.stzups.scribbleshare.data.database.databases;
+
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.Document;
+import net.stzups.scribbleshare.data.objects.User;
+import org.jetbrains.annotations.Nullable;
+
+public interface DocumentDatabase {
+    Document createDocument(User owner) throws DatabaseException;
+
+    /**
+     * @param id id of document
+     * @return null if {@link Document} does not exist
+     */
+    @Nullable Document getDocument(long id) throws DatabaseException;
+
+    void updateDocument(Document document) throws DatabaseException;
+    //todo fail silently or throw exception if document does not exist?
+    void deleteDocument(Document document) throws DatabaseException;
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/HttpSessionDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/HttpSessionDatabase.java
new file mode 100644
index 00000000..f20e0140
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/HttpSessionDatabase.java
@@ -0,0 +1,22 @@
+package net.stzups.scribbleshare.data.database.databases;
+
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSessionCookie;
+import org.jetbrains.annotations.Nullable;
+
+public interface HttpSessionDatabase {
+    /**
+     * @param cookie cookie of {@link HttpUserSession}
+     * @return null if the {@link HttpUserSession} does not exist
+     */
+    @Nullable HttpUserSession getHttpSession(HttpUserSessionCookie cookie) throws DatabaseException;
+
+    void addHttpSession(HttpUserSession httpUserSession) throws DatabaseException;
+
+    /**
+     * Expire existing {@link HttpUserSession}
+     * todo fail if does not exist?
+     */
+    void expireHttpSession(HttpUserSession httpUserSession) throws DatabaseException;
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/InviteCodeDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/InviteCodeDatabase.java
new file mode 100644
index 00000000..a0ba6f82
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/InviteCodeDatabase.java
@@ -0,0 +1,20 @@
+package net.stzups.scribbleshare.data.database.databases;
+
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.Document;
+import net.stzups.scribbleshare.data.objects.InviteCode;
+import org.jetbrains.annotations.Nullable;
+
+public interface InviteCodeDatabase {
+    /**
+     * @param code code of {@link InviteCode}
+     * @return null if the {@link InviteCode} does not exist
+     */
+    @Nullable InviteCode getInviteCode(String code) throws DatabaseException;
+
+    /**
+     * @param document {@link Document} of {@link InviteCode}
+     * @return null if the {@link InviteCode} does not exist
+     */
+    @Nullable InviteCode getInviteCode(Document document) throws DatabaseException;
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/LoginDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/LoginDatabase.java
new file mode 100644
index 00000000..8dfd0079
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/LoginDatabase.java
@@ -0,0 +1,19 @@
+package net.stzups.scribbleshare.data.database.databases;
+
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.authentication.login.Login;
+import org.jetbrains.annotations.Nullable;
+
+public interface LoginDatabase {
+    /**
+     * It is important when verifying logins that the operation takes the same amount of time regardless of whether a {@link Login} exists for a provided username, or the result of the verification of the login.
+     * @param username username of {@link Login}
+     * @return null if {@link Login} does not exist
+     */
+    @Nullable Login getLogin(String username) throws DatabaseException;
+
+    /**
+     * @return false if the login with duplicate username already exists
+     */
+    boolean addLogin(Login login) throws DatabaseException;
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/ResourceDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/ResourceDatabase.java
new file mode 100644
index 00000000..757e8060
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/ResourceDatabase.java
@@ -0,0 +1,22 @@
+package net.stzups.scribbleshare.data.database.databases;
+
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.Resource;
+import org.jetbrains.annotations.Nullable;
+
+public interface ResourceDatabase {
+    /**
+     * @param owner owner of new {@link Resource}
+     * @return id of the newly added {@link Resource}
+     */
+    long addResource(long owner, Resource resource) throws DatabaseException;
+
+    void updateResource(long id, long owner, Resource resource) throws DatabaseException;
+
+    /**
+     * @param id id of {@link Resource}
+     * @param owner owner of {@link Resource}
+     * @return null if the {@link Resource} does not exist
+     */
+    @Nullable Resource getResource(long id, long owner) throws DatabaseException;
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/UserDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/UserDatabase.java
new file mode 100644
index 00000000..e85b918a
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/databases/UserDatabase.java
@@ -0,0 +1,17 @@
+package net.stzups.scribbleshare.data.database.databases;
+
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.User;
+import org.jetbrains.annotations.Nullable;
+
+public interface UserDatabase {
+    void addUser(User user) throws DatabaseException;
+
+    /**
+     * @param id id of {@link User}
+     * @return null if the {@link User} does not exist
+     */
+    @Nullable User getUser(long id) throws DatabaseException;
+
+    void updateUser(User user) throws DatabaseException;
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/exception/ConnectionException.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/exception/ConnectionException.java
new file mode 100644
index 00000000..98b34d04
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/exception/ConnectionException.java
@@ -0,0 +1,14 @@
+package net.stzups.scribbleshare.data.database.exception;
+
+/**
+ * Thrown when an exception occurs while establishing a connection to the database
+ * Should only be thrown when the database is initialized. If the database connections fails later, it should throw a {@link DatabaseException}
+ */
+public class ConnectionException extends DatabaseException {
+    public ConnectionException(Throwable cause) {
+        super(cause);
+    }
+    public ConnectionException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/database/exception/DatabaseException.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/exception/DatabaseException.java
new file mode 100644
index 00000000..f3fcfb08
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/exception/DatabaseException.java
@@ -0,0 +1,16 @@
+package net.stzups.scribbleshare.data.database.exception;
+
+/**
+ * Thrown when there is any exception while handling a database transaction.
+ */
+public class DatabaseException extends Exception {
+    public DatabaseException(String message, Throwable cause) {
+        super(message, cause);
+    }
+    public DatabaseException(String message) {
+        super(message);
+    }
+    public DatabaseException(Throwable cause) {
+        super(cause);
+    }
+}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/PostgresDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/PostgresDatabase.java
similarity index 57%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/PostgresDatabase.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/PostgresDatabase.java
index 020e08ce..1d28f6a7 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/PostgresDatabase.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/PostgresDatabase.java
@@ -5,14 +5,17 @@
 import io.netty.buffer.Unpooled;
 import net.stzups.scribbleshare.Scribbleshare;
 import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
+import net.stzups.scribbleshare.data.database.exception.ConnectionException;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
 import net.stzups.scribbleshare.data.objects.Document;
 import net.stzups.scribbleshare.data.objects.InviteCode;
 import net.stzups.scribbleshare.data.objects.Resource;
 import net.stzups.scribbleshare.data.objects.User;
-import net.stzups.scribbleshare.data.objects.authentication.http.HttpSession;
-import net.stzups.scribbleshare.data.objects.authentication.http.PersistentHttpSession;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSessionCookie;
+import net.stzups.scribbleshare.data.objects.authentication.login.Login;
 import net.stzups.scribbleshare.data.objects.canvas.Canvas;
-import org.postgresql.util.PSQLException;
+import org.jetbrains.annotations.Nullable;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -29,29 +32,74 @@
 import java.util.Random;
 
 public class PostgresDatabase implements AutoCloseable, ScribbleshareDatabase {
+    @Override
+    public Login getLogin(String username) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM logins WHERE username=?")) {
+            preparedStatement.setString(1, username);
+            try (ResultSet resultSet = preparedStatement.executeQuery()) {
+                if (resultSet.next()) {
+                    return new Login(username, resultSet.getLong("user_id"), resultSet.getBytes("hashed_password"));
+                } else {
+                    return null;
+                }
+            }
+        } catch (SQLException e) {
+            throw new DatabaseException("Exception while getting login for username " + username, e);
+        }
+    }
+
+    @Override
+    public boolean addLogin(Login login) throws DatabaseException {
+        if (getLogin(login.getUsername()) != null) {
+            return false;
+        }
+        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO logins(username, user_id, hashed_password) VALUES(?, ?, ?)")) {
+            preparedStatement.setString(1, login.getUsername());
+            preparedStatement.setLong(2, login.getId());
+            preparedStatement.setBinaryStream(3, new ByteArrayInputStream(login.getHashedPassword()));
+            preparedStatement.execute();
+        } catch (SQLException e) {
+            /*if (e.getSQLState().equals("23505")) { // PostgreSQL error code unique_violation
+                return false;
+            } else {
+            }*/
+            throw new DatabaseException(e);
+        }
+
+        return true;
+    }
+
     public interface Config {
         String getUrl();
+
         String getUser();
+
         String getPassword();
+
         int getMaxRetries();
     }
 
     private static final Random RANDOM = new Random();
-    private Connection connection;
+    protected Connection connection;
 
     private final Map<Long, Document> documents = new HashMap<>();
 
-    public PostgresDatabase(PostgresDatabase.Config config) throws Exception {
-        Class.forName("org.postgresql.Driver");
+    public PostgresDatabase(PostgresDatabase.Config config) throws ConnectionException {
+        try {
+            Class.forName("org.postgresql.Driver");
+        } catch (ClassNotFoundException e) {
+            throw new RuntimeException("Exception while finding PostgreSQL JDBC driver", e);
+        }
+
         int retries = 0;
         while (connection == null) {
             try {
                 connection = DriverManager.getConnection(config.getUrl(), config.getUser(), config.getPassword());
-            } catch (PSQLException e) {
+            } catch (SQLException e) {
                 if (e.getCause() instanceof ConnectException && (config.getMaxRetries() < 0 || retries < config.getMaxRetries())) {
                     Scribbleshare.getLogger().info("Retrying PostgreSQL database connection (" + ++retries + "/" + config.getMaxRetries() + " retries)");
                 } else {
-                    throw e;
+                    throw new ConnectionException(e);
                 }
             }
         }
@@ -59,66 +107,64 @@ public PostgresDatabase(PostgresDatabase.Config config) throws Exception {
 
     @Override
     public void close() throws SQLException {
-        connection.close();    
+        connection.close();
     }
 
     @Override
-    public User createUser() {
-        User user = new User(RANDOM.nextLong(), new Long[0], new Long[0]);
-        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO users(id, owned_documents, shared_documents) VALUES (?, ?, ?)")) {
+    public void addUser(User user) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO users(id, owned_documents, shared_documents, username) VALUES (?, ?, ?, ?)")) {
             preparedStatement.setLong(1, user.getId());
             preparedStatement.setArray(2, connection.createArrayOf("bigint", user.getOwnedDocuments().toArray()));
             preparedStatement.setArray(3, connection.createArrayOf("bigint", user.getSharedDocuments().toArray()));
+            preparedStatement.setString(4, user.getUsername());
             preparedStatement.execute();
         } catch (SQLException e) {
-            e.printStackTrace();
+            throw new DatabaseException("Exception while getting " + user, e);
         }
-        return user;
     }
 
     @Override
-    public User getUser(long id) {
+    public @Nullable User getUser(long id) throws DatabaseException {
         try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM users WHERE id=?")) {
             preparedStatement.setLong(1, id);
             try (ResultSet resultSet = preparedStatement.executeQuery()) {
-                if (resultSet.next()) {
-                    return new User(id,
-                            (Long[]) (resultSet.getArray("owned_documents").getArray()),
-                            (Long[]) (resultSet.getArray("shared_documents").getArray()));
-                } else {
+                if (!resultSet.next()) {
                     return null;
                 }
+
+                return new User(id,
+                        (Long[]) (resultSet.getArray("owned_documents").getArray()),
+                        (Long[]) (resultSet.getArray("shared_documents").getArray()),
+                        resultSet.getString("username"));
             }
         } catch (SQLException e) {
-            e.printStackTrace();
-            return null;
+            throw new DatabaseException("Exception while getting " + User.class.getSimpleName() + " with id " + id, e);
         }
     }
 
     @Override
-    public void updateUser(User user) {
-        try (PreparedStatement preparedStatement = connection.prepareStatement("UPDATE users SET owned_documents=?, shared_documents=? WHERE id=?")){
+    public void updateUser(User user) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("UPDATE users SET owned_documents=?, shared_documents=? WHERE id=?")) {
             preparedStatement.setArray(1, connection.createArrayOf("bigint", user.getOwnedDocuments().toArray()));
             preparedStatement.setArray(2, connection.createArrayOf("bigint", user.getSharedDocuments().toArray()));
             preparedStatement.setLong(3, user.getId());
             preparedStatement.execute();
         } catch (SQLException e) {
-            e.printStackTrace();
+            throw new DatabaseException("Exception while updating user " + user, e);
         }
     }
 
     @Override
-    public Document createDocument(User owner) {
+    public Document createDocument(User owner) throws DatabaseException {
         Document document = new Document(owner);
-        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO documents(id, owner, name) VALUES (?, ?, ?)")){
+        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO documents(id, owner, name) VALUES (?, ?, ?)")) {
             preparedStatement.setLong(1, document.getId());
             preparedStatement.setLong(2, document.getOwner());
             preparedStatement.setString(3, document.getName());
             preparedStatement.execute();
             documents.put(document.getId(), document);
         } catch (SQLException e) {
-            e.printStackTrace();
-            return null;
+            throw new DatabaseException("Exception while creating new " + Document.class.getSimpleName() + " with owner " + owner, e);
         }
         addResource(document.getId(), document.getId(), new Resource(Canvas.getEmptyCanvas()));
         owner.getOwnedDocuments().add(document.getId());
@@ -127,43 +173,40 @@ public Document createDocument(User owner) {
     }
 
     @Override
-    public Document getDocument(long id) {
+    public @Nullable Document getDocument(long id) throws DatabaseException {
         Document document = documents.get(id);
         if (document == null) {
             try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM documents WHERE id=?")) {
                 preparedStatement.setLong(1, id);
                 try (ResultSet resultSet = preparedStatement.executeQuery()) {
-                    if (resultSet.next()) {
-                        document = new Document(id,
-                                resultSet.getLong("owner"),
-                                resultSet.getString("name"));
-                        documents.put(document.getId(), document);
-                    } else {
-                        System.out.println("Document with id " + id + " does not exist");
+                    if (!resultSet.next()) {
                         return null;
                     }
+                    document = new Document(id,
+                            resultSet.getLong("owner"),
+                            resultSet.getString("name"));
+                    documents.put(document.getId(), document);
                 }
             } catch (SQLException e) {
-                e.printStackTrace();
-                return null;
+                throw new DatabaseException("Exception while getting " + Document.class.getSimpleName() + " with id " + id, e);
             }
         }
         return document;
     }
 
     @Override
-    public void updateDocument(Document document) {
+    public void updateDocument(Document document) throws DatabaseException {
         try (PreparedStatement preparedStatement = connection.prepareStatement("UPDATE documents SET name=? WHERE id=?")) {
             preparedStatement.setString(1, document.getName());
             preparedStatement.setLong(2, document.getId());
             preparedStatement.execute();
         } catch (SQLException e) {
-            e.printStackTrace();
+            throw new DatabaseException("Exception while updating " + document, e);
         }
     }
 
     @Override
-    public void deleteDocument(Document document) {//todo
+    public void deleteDocument(Document document) throws DatabaseException {//todo
         documents.remove(document.getId());
         try (PreparedStatement preparedStatement = connection.prepareStatement("DELETE FROM documents WHERE id=?; DELETE FROM resources WHERE owner=?; DELETE FROM invite_codes WHERE document=?;")) {
             preparedStatement.setLong(1, document.getId());
@@ -171,12 +214,12 @@ public void deleteDocument(Document document) {//todo
             preparedStatement.setLong(3, document.getId());
             preparedStatement.execute();
         } catch (SQLException e) {
-            e.printStackTrace();
+            throw new DatabaseException("Exception while deleting " + document, e);
         }
     }
 
     @Override
-    public InviteCode getInviteCode(String code) {//gets a document for an existing invite code
+    public InviteCode getInviteCode(String code) throws DatabaseException {//gets a document for an existing invite code
         if (code.length() != InviteCode.INVITE_CODE_LENGTH) {
             return null;
         }
@@ -186,16 +229,16 @@ public InviteCode getInviteCode(String code) {//gets a document for an existing
                 if (!resultSet.next()) {
                     return null;
                 }
+
                 return new InviteCode(code, resultSet.getLong(1));
             }
         } catch (SQLException e) {
-            e.printStackTrace();
-            return null;
+            throw new DatabaseException("Exception while getting " + InviteCode.class.getSimpleName() + " with code " + code, e);
         }
     }
 
     @Override
-    public InviteCode getInviteCode(Document document) {//gets an invite code for a document
+    public @Nullable InviteCode getInviteCode(Document document) throws DatabaseException {//gets an invite code for a document
         //check if invite code already exists, otherwise generate a new one
         try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT code FROM invite_codes WHERE document=?")) {
             preparedStatement.setLong(1, document.getId());
@@ -205,8 +248,7 @@ public InviteCode getInviteCode(Document document) {//gets an invite code for a
                 }
             }
         } catch (SQLException e) {
-            e.printStackTrace();
-            return null;
+            throw new DatabaseException("Exception while getting " + InviteCode.class.getSimpleName() + " code for " + document, e);
         }
         //invite code does not already exist, so a new one must be made
         InviteCode inviteCode = new InviteCode(document);
@@ -216,62 +258,71 @@ public InviteCode getInviteCode(Document document) {//gets an invite code for a
             preparedStatement.execute();
             return inviteCode;
         } catch (SQLException e) {
-            e.printStackTrace();
-            return null;
+            throw new DatabaseException("Exception while inserting new " + inviteCode + " for " + document, e);
         }
     }
 
     @Override
-    public void addPersistentHttpSession(PersistentHttpSession persistentHttpSession) {
-        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO persistent_user_sessions(id, \"user\", creation_time, hashed_token) VALUES (?, ?, ?, ?)")) {
-            preparedStatement.setLong(1, persistentHttpSession.getId());
-            preparedStatement.setLong(2, persistentHttpSession.getUser());
-            preparedStatement.setTimestamp(3, persistentHttpSession.getCreation());
-            preparedStatement.setBinaryStream(4, new ByteArrayInputStream(persistentHttpSession.getHashedToken()));
-            preparedStatement.execute();
+    public @Nullable HttpUserSession getHttpSession(HttpUserSessionCookie cookie) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM user_sessions WHERE id=?")) {
+            preparedStatement.setLong(1, cookie.getId());
+            try (ResultSet resultSet = preparedStatement.executeQuery()) {
+                if (!resultSet.next()) {
+                    return null;
+                }
+
+                return new HttpUserSession(
+                        resultSet.getLong("id"),
+                        resultSet.getTimestamp("created"),
+                        resultSet.getTimestamp("expired"),
+                        resultSet.getLong("user_id"),
+                        Unpooled.wrappedBuffer(resultSet.getBinaryStream("data").readAllBytes()));
+            }
+        } catch (IOException e) {
+            throw new RuntimeException("Exception while getting " + HttpUserSession.class.getSimpleName() + " for " + cookie, e);
         } catch (SQLException e) {
-            e.printStackTrace();//todo error handling
+            throw new DatabaseException("Exception while getting " + HttpUserSession.class.getSimpleName() + " for " + cookie, e);
         }
     }
 
     @Override
-    public HttpSession getHttpSession(long id) {
-        try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT value FROM key_value WHERE key=?")) {
-            preparedStatement.setLong(1, id);
-            try (ResultSet resultSet = preparedStatement.executeQuery()) {
-                if (resultSet.next()) {
-                    return new HttpSession(id, Unpooled.wrappedBuffer(resultSet.getBinaryStream("value").readAllBytes()));
-                } else {
-                    return null;
-                }
-            }
-        } catch (SQLException | IOException e) {
-            e.printStackTrace();
-            return null;
+    public void addHttpSession(HttpUserSession httpUserSession) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO user_sessions(id, created, expired, user_id, data) VALUES (?, ?, ?, ?, ?)")) {
+            preparedStatement.setLong(1, httpUserSession.getId());
+            preparedStatement.setTimestamp(2, httpUserSession.getCreated());
+            preparedStatement.setTimestamp(3, httpUserSession.getExpired());
+            preparedStatement.setLong(4, httpUserSession.getUser());
+
+            ByteBuf byteBuf = Unpooled.buffer();
+            httpUserSession.serialize(byteBuf);
+            preparedStatement.setBinaryStream(5, new ByteBufInputStream(byteBuf));
+            byteBuf.release();
+
+            preparedStatement.execute();
+        } catch (SQLException e) {
+            throw new DatabaseException("Exception while adding " + httpUserSession, e);
         }
     }
 
     @Override
-    public void addHttpSession(HttpSession httpSession) {
-        ByteBuf byteBuf = Unpooled.buffer();
-        httpSession.serialize(byteBuf);
-        try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO key_value(key, value) VALUES (?, ?)")) {
-            preparedStatement.setLong(1, httpSession.getId());
-            preparedStatement.setBinaryStream(2, new ByteBufInputStream(byteBuf));
+    public void expireHttpSession(HttpUserSession httpUserSession) throws DatabaseException {
+        try (PreparedStatement preparedStatement = connection.prepareStatement("UPDATE user_sessions SET expired=? WHERE id=?")) {
+            preparedStatement.setTimestamp(1, Timestamp.from(Instant.now()));
+            preparedStatement.setLong(2, httpUserSession.getUser());
             preparedStatement.execute();
         } catch (SQLException e) {
-            e.printStackTrace();
+            throw new DatabaseException(e);
         }
     }
 
     @Override
-    public long addResource(long owner, Resource resource) {
+    public long addResource(long owner, Resource resource) throws DatabaseException {
         long id = RANDOM.nextLong();
         addResource(id, owner, resource);
         return id;
     }
 
-    private void addResource(long id, long owner, Resource resource) {
+    private void addResource(long id, long owner, Resource resource) throws DatabaseException {
         try (PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO resources(id, owner, last_modified, data) VALUES (?, ?, ?, ?)")) {
             preparedStatement.setLong(1, id);
             preparedStatement.setLong(2, owner);
@@ -279,12 +330,12 @@ private void addResource(long id, long owner, Resource resource) {
             preparedStatement.setBinaryStream(4, new ByteBufInputStream(resource.getData()));
             preparedStatement.execute();
         } catch (SQLException e) {
-            throw new RuntimeException(e);
+            throw new DatabaseException("Exception while adding " + Resource.class.getSimpleName() + " with id " + id, e);
         }
     }
 
     @Override
-    public void updateResource(long id, long owner, Resource data) {
+    public void updateResource(long id, long owner, Resource data) throws DatabaseException {
         try (PreparedStatement preparedStatement = connection.prepareStatement("UPDATE resources SET last_modified=?, data=? WHERE id=? AND owner=?")) {
             preparedStatement.setTimestamp(1, Timestamp.from(Instant.now()));
             preparedStatement.setBinaryStream(2, new ByteBufInputStream(data.getData()));
@@ -292,56 +343,26 @@ public void updateResource(long id, long owner, Resource data) {
             preparedStatement.setLong(4, owner);
             preparedStatement.execute();
         } catch (SQLException e) {
-            e.printStackTrace();
+            throw new DatabaseException("Exception while updating " + Resource.class.getSimpleName() + " with id " + id, e);
         }
     }
 
     @Override
-    public Resource getResource(long id, long owner) {
+    public @Nullable Resource getResource(long id, long owner) throws DatabaseException {
         try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM resources WHERE id=? AND owner=?")) {
             preparedStatement.setLong(1, id);
             preparedStatement.setLong(2, owner);
             try (ResultSet resultSet = preparedStatement.executeQuery()) {
-                if (resultSet.next()) {
-                    return new Resource(resultSet.getTimestamp("last_modified"), Unpooled.wrappedBuffer(resultSet.getBinaryStream("data").readAllBytes()));
-                } else {
+                if (!resultSet.next()) {
                     return null;
                 }
-            }
-        } catch (SQLException | IOException e) {
-            throw new RuntimeException(e);//todo error handling??
-        }
-    }
 
-    /**
-     * Remove a user session for a token and return the removed user session
-     */
-    @Override
-    public PersistentHttpSession getAndRemovePersistentHttpSession(long id) {//todo combine
-        PersistentHttpSession persistentHttpSession;
-
-        try (PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM persistent_user_sessions WHERE id=?")) {
-            preparedStatement.setLong(1, id);
-            try (ResultSet resultSet = preparedStatement.executeQuery()) {
-                if (resultSet.next()) {
-                    persistentHttpSession = new PersistentHttpSession(id, resultSet.getLong("user"), resultSet.getTimestamp("creation_time"), resultSet.getBinaryStream("hashed_token").readAllBytes());
-                } else {
-                    System.out.println("PersistentUserSession with id " + id + " does not exist");
-                    return null;
-                }
+                return new Resource(resultSet.getTimestamp("last_modified"), Unpooled.wrappedBuffer(resultSet.getBinaryStream("data").readAllBytes()));
             }
-        } catch (SQLException | IOException e) {
-            e.printStackTrace();
-            return null;
-        }
-
-        try (PreparedStatement preparedStatement = connection.prepareStatement("DELETE FROM persistent_user_sessions WHERE id=?")) {
-            preparedStatement.setLong(1, id);
-            preparedStatement.execute();
-            return persistentHttpSession;
+        } catch (IOException e) {
+            throw new RuntimeException("Exception while getting " + Resource.class.getSimpleName() + " with id " + id, e);
         } catch (SQLException e) {
-            e.printStackTrace();
-            return null;
+            throw new DatabaseException("Exception while getting " + Resource.class.getSimpleName() + " with id " + id, e);
         }
     }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/RedisDatabase.java b/commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/RedisDatabase.java
similarity index 65%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/RedisDatabase.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/RedisDatabase.java
index 2610f55d..42227ea8 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/RedisDatabase.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/database/implementations/RedisDatabase.java
@@ -1,12 +1,8 @@
 package net.stzups.scribbleshare.data.database.implementations;
 
-import io.netty.buffer.ByteBuf;
-import io.netty.buffer.Unpooled;
-import net.stzups.scribbleshare.data.database.databases.SessionDatabase;
-import net.stzups.scribbleshare.data.objects.authentication.http.HttpSession;
 import redis.clients.jedis.Jedis;
 
-public class RedisDatabase implements AutoCloseable, SessionDatabase {
+public class RedisDatabase implements AutoCloseable {
     private final Jedis jedis;
 
     public RedisDatabase(String host) {
@@ -17,23 +13,23 @@ public RedisDatabase(String host) {
     public void close() {
         jedis.close();
     }
-
+/*
 
     @Override
-    public HttpSession getHttpSession(long id) {
+    public HttpUserSession getHttpSession(long id) {
         byte[] b = jedis.get(Unpooled.copyLong(id).array());
         if (b == null) {
             return null;
         }
-        return new HttpSession(id, Unpooled.wrappedBuffer(b));
+        return new HttpUserSession(id, Unpooled.wrappedBuffer(b));
     }
 
     @Override
-    public void addHttpSession(HttpSession httpSession) {
+    public void addHttpSession(HttpUserSession httpSession) {
         ByteBuf byteBuf = Unpooled.buffer();
         httpSession.serialize(byteBuf);
         jedis.set(Unpooled.copyLong(httpSession.getId()).array(), byteBuf.array());
-    }
+    }*/
 
 /*
     @Override
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/Document.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/Document.java
similarity index 86%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/Document.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/Document.java
index 4ec13a10..9f1fbfc0 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/Document.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/Document.java
@@ -1,5 +1,8 @@
 package net.stzups.scribbleshare.data.objects;
 
+
+import net.stzups.util.DebugString;
+
 import java.util.Random;
 
 public class Document {
@@ -46,7 +49,10 @@ public void setName(String name) {
 
     @Override
     public String toString() {
-        return "Document{id=" + id + ",name=" + name + "}";
+        return DebugString.get(Document.class)
+                .add("id", id)
+                .add("name", name)
+                .toString();
     }
 
     @Override
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/InviteCode.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/InviteCode.java
similarity index 72%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/InviteCode.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/InviteCode.java
index 5fccc7bf..56920b4b 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/InviteCode.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/InviteCode.java
@@ -1,6 +1,7 @@
 package net.stzups.scribbleshare.data.objects;
 
 import net.stzups.scribbleshare.util.RandomString;
+import net.stzups.util.DebugString;
 
 public class InviteCode {
     public static final int INVITE_CODE_LENGTH = 6;
@@ -24,4 +25,12 @@ public String getCode() {
     public long getDocument() {
         return document;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(InviteCode.class)
+                .add("code", code)
+                .add("document", document)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/Resource.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/Resource.java
similarity index 76%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/Resource.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/Resource.java
index 32cfccf9..1d23cdcc 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/Resource.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/Resource.java
@@ -1,11 +1,11 @@
 package net.stzups.scribbleshare.data.objects;
 
 import io.netty.buffer.ByteBuf;
+import net.stzups.util.DebugString;
 
 import java.sql.Timestamp;
 import java.time.Instant;
 
-
 public class Resource {
     private final Timestamp lastModified; //negative value indicates immutable, 0 indicates no cache
     private final ByteBuf data;
@@ -27,4 +27,11 @@ public Timestamp getLastModified() {
     public ByteBuf getData() {
         return data;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(Resource.class)
+                .add("lastModifed", lastModified)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/User.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/User.java
similarity index 57%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/User.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/User.java
index f5b75100..188ef494 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/User.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/User.java
@@ -1,18 +1,31 @@
 package net.stzups.scribbleshare.data.objects;
 
+import net.stzups.util.DebugString;
+
 import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Random;
 import java.util.Set;
 
 public class User {
+    private static final Random RANDOM = new Random();
     private final long id;
     private final Set<Long> ownedDocuments;
     private final Set<Long> sharedDocuments;
+    private final String username;
+
+    public User() {
+        this("");
+    }
 
-    public User(long id, Long[] ownedDocuments, Long[] sharedDocuments) {
+    public User(String username) {
+        this(RANDOM.nextLong(), new Long[0], new Long[0], username);
+    }
+    public User(long id, Long[] ownedDocuments, Long[] sharedDocuments, String username) {
         this.id = id;
         this.ownedDocuments = new HashSet<>(Arrays.asList(ownedDocuments));
         this.sharedDocuments = new HashSet<>(Arrays.asList(sharedDocuments));
+        this.username = username;
     }
 
     public long getId() {
@@ -27,9 +40,21 @@ public Set<Long> getSharedDocuments() {
         return sharedDocuments;
     }
 
+    public boolean isRegistered() {
+        return !username.equals("");
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
     @Override
     public String toString() {
-        return "User{id=" + id + ",ownedDocuments=" + ownedDocuments + ",sharedDocuments=" + sharedDocuments + "}";
+        return DebugString.get(User.class)
+                .add("id", id)
+                .add("ownedDocuments", ownedDocuments)
+                .add("sharedDocuments", sharedDocuments)
+                .toString();
     }
 
     @Override
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/AuthenticatedUserSession.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/AuthenticatedUserSession.java
new file mode 100644
index 00000000..6d254bb1
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/AuthenticatedUserSession.java
@@ -0,0 +1,23 @@
+package net.stzups.scribbleshare.data.objects.authentication;
+
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.util.DebugString;
+
+public class AuthenticatedUserSession {
+    private final User user;
+
+    public AuthenticatedUserSession(User user) {
+        this.user = user;
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(AuthenticatedUserSession.class)
+                .add("user", user)
+                .toString();
+    }
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/AuthenticationResult.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/AuthenticationResult.java
new file mode 100644
index 00000000..423d1949
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/AuthenticationResult.java
@@ -0,0 +1,8 @@
+package net.stzups.scribbleshare.data.objects.authentication;
+
+public enum AuthenticationResult {
+    SUCCESS,
+    EXPIRED,
+    BAD_TOKEN,
+    STALE
+}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/Permissions.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/Permissions.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/Permissions.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/Permissions.java
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/UserSession.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/UserSession.java
new file mode 100644
index 00000000..bd0636e7
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/UserSession.java
@@ -0,0 +1,110 @@
+package net.stzups.scribbleshare.data.objects.authentication;
+
+import io.netty.buffer.ByteBuf;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpSessionCookie;
+import net.stzups.util.DebugString;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.sql.Timestamp;
+import java.time.Instant;
+import java.util.Arrays;
+
+public class UserSession {
+    private static final int HASHED_TOKEN_LENGTH = 32;
+
+    private static final SecureRandom secureRandom = new SecureRandom();
+    private static final MessageDigest messageDigest;
+
+    static {
+        try {
+            messageDigest = MessageDigest.getInstance("SHA-256");
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private final long id;
+    private final Timestamp created;
+    private final Timestamp expired;
+    private final long userId;
+    private final byte[] hashedToken = new byte[HASHED_TOKEN_LENGTH];
+
+    protected UserSession(long userId) {
+        id = secureRandom.nextLong();
+        created = new Timestamp(Instant.now().toEpochMilli());
+        expired = created;
+        this.userId = userId;
+    }
+
+    public UserSession(long id, Timestamp created, Timestamp expired, long userId, ByteBuf byteBuf) {
+        this.id = id;
+        this.created = created;
+        this.expired = expired;
+        this.userId = userId;
+        byteBuf.readBytes(hashedToken);
+    }
+
+    protected byte[] generateToken() {
+        byte[] token = new byte[HttpSessionCookie.TOKEN_LENGTH];
+        secureRandom.nextBytes(token);
+
+        System.arraycopy(messageDigest.digest(token), 0, hashedToken, 0, hashedToken.length);
+        return token;
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public long getUser() {
+        return userId;
+    }
+
+    public Timestamp getCreated() {
+        return created;
+    }
+
+    public Timestamp getExpired() {
+        return expired;
+    }
+
+    public byte[] getHashedToken() {
+        return hashedToken;
+    }
+
+    protected AuthenticationResult validate(byte[] token) {
+        if (!Arrays.equals(messageDigest.digest(token), this.hashedToken))
+            return AuthenticationResult.BAD_TOKEN;
+
+        if (!created.equals(expired))
+            return AuthenticationResult.EXPIRED;
+
+        return AuthenticationResult.SUCCESS;
+    }
+
+    public void serialize(ByteBuf byteBuf) {
+        byteBuf.writeBytes(hashedToken);
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(UserSession.class)
+                .add("id", id)
+                .add("userId", userId)
+                .add("created", created)
+                .add("expires", expired)
+                .toString();
+    }
+
+    @Override
+    public int hashCode() {
+        return Long.hashCode(id);
+    }
+
+    @Override
+    public boolean equals(Object object) {
+        return object instanceof UserSession && id == ((UserSession) object).id;
+    }
+}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpConfig.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpConfig.java
similarity index 77%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpConfig.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpConfig.java
index 5fc62464..d15d8df0 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpConfig.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpConfig.java
@@ -3,4 +3,6 @@
 public interface HttpConfig {
     String getDomain();
     boolean getSSL();
+    int getPort();
+    String getOrigin();
 }
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpSessionCookie.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpSessionCookie.java
new file mode 100644
index 00000000..5cad52ae
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpSessionCookie.java
@@ -0,0 +1,101 @@
+package net.stzups.scribbleshare.data.objects.authentication.http;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.Unpooled;
+import io.netty.handler.codec.base64.Base64;
+import io.netty.handler.codec.http.HttpHeaderNames;
+import io.netty.handler.codec.http.HttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.handler.codec.http.cookie.Cookie;
+import io.netty.handler.codec.http.cookie.CookieHeaderNames;
+import io.netty.handler.codec.http.cookie.DefaultCookie;
+import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
+import net.stzups.netty.http.HttpUtils;
+import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.util.DebugString;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Set;
+
+public class HttpSessionCookie {
+    public static final int TOKEN_LENGTH = 16;
+
+    private final long id;
+    private final byte[] token;
+
+    protected HttpSessionCookie(ByteBuf byteBuf) throws DeserializationException {
+        try {
+            id = byteBuf.readLong();
+            token = new byte[TOKEN_LENGTH];
+            byteBuf.readBytes(token);
+        } catch (IndexOutOfBoundsException e) {
+            throw new DeserializationException("Exception while deserializing HttpSessionCookie", e);
+        }
+    }
+
+    protected HttpSessionCookie(long id, byte[] token) {
+        this.id = id;
+        this.token = token;
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public byte[] getToken() {
+        return token;
+    }
+
+    protected Cookie getCookie(HttpConfig config, String name) {
+        ByteBuf tokenBuffer = Unpooled.buffer();
+        tokenBuffer.writeLong(id);
+        tokenBuffer.writeBytes(token);
+        ByteBuf tokenBase64 = Base64.encode(tokenBuffer);
+        tokenBuffer.release();
+
+        DefaultCookie cookie = new DefaultCookie(name, tokenBase64.toString(StandardCharsets.UTF_8));
+        tokenBase64.release();
+
+        cookie.setDomain(config.getDomain());
+        if (config.getSSL()) cookie.setSecure(true);
+        cookie.setHttpOnly(true);
+        cookie.setSameSite(CookieHeaderNames.SameSite.Strict);
+
+        return cookie;
+    }
+
+    protected static void clearCookie(String name, HttpResponse response) {
+        DefaultCookie cookie = new DefaultCookie(name, "");
+
+        cookie.setMaxAge(0);
+
+        HttpUtils.setCookie(response.headers(), cookie);
+    }
+
+    protected static ByteBuf getCookie(HttpRequest request, String name) {
+        String cookiesHeader = request.headers().get(HttpHeaderNames.COOKIE);
+        if (cookiesHeader == null)
+            return null;
+
+        Set<Cookie> cookies = ServerCookieDecoder.STRICT.decode(cookiesHeader);
+        for (Cookie cookie : cookies) {
+            if (!cookie.name().equals(name)) {
+                continue;
+            }
+
+            ByteBuf valueBase64 = Unpooled.wrappedBuffer(cookie.value().getBytes(StandardCharsets.UTF_8));
+            ByteBuf value = Base64.decode(valueBase64);
+            valueBase64.release();
+            return value;
+        }
+
+        return null;
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(HttpSessionCookie.class)
+                .add("id", id)
+                .toString();
+    }
+}
\ No newline at end of file
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpUserSession.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpUserSession.java
new file mode 100644
index 00000000..9880da6a
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpUserSession.java
@@ -0,0 +1,101 @@
+package net.stzups.scribbleshare.data.objects.authentication.http;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.netty.http.exception.exceptions.UnauthorizedException;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.scribbleshare.data.objects.authentication.AuthenticatedUserSession;
+import net.stzups.scribbleshare.data.objects.authentication.AuthenticationResult;
+import net.stzups.scribbleshare.data.objects.authentication.UserSession;
+import net.stzups.util.DebugString;
+
+import java.sql.Timestamp;
+import java.time.Duration;
+import java.time.Instant;
+
+public class HttpUserSession extends UserSession {
+    private static final Duration MAX_AGE = Duration.ofDays(1);
+
+    protected HttpUserSession(long user) {
+        super(user);
+    }
+
+    public HttpUserSession(HttpConfig config, User user, HttpResponse response) {
+        super(user.getId());
+        new HttpUserSessionCookie(getId(), generateToken()).setCookie(config, response.headers());
+    }
+
+    public HttpUserSession(long id, Timestamp creation, Timestamp expiration, long userId, ByteBuf byteBuf) {
+        super(id, creation, expiration, userId, byteBuf);
+    }
+
+    public AuthenticationResult validate(HttpSessionCookie cookie) {
+        if (!Instant.now().isBefore(getCreated().toInstant().plus(MAX_AGE)))
+            return AuthenticationResult.STALE;
+
+        return validate(cookie.getToken());
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(HttpUserSession.class, super.toString())
+                .toString();
+    }
+
+
+    public static <T extends HttpSessionDatabase> HttpUserSession getSession(T database, FullHttpRequest request) throws UnauthorizedException, InternalServerException {
+        HttpUserSessionCookie cookie;
+        try {
+            cookie = HttpUserSessionCookie.getCookie(request);
+        } catch (BadRequestException e) {
+            throw new UnauthorizedException("Malformed cookie", e);
+        }
+        if (cookie == null) {
+            return null;
+        }
+
+        HttpUserSession session;
+        try {
+            session = database.getHttpSession(cookie);
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        if (session == null) {
+            throw new UnauthorizedException("No " + HttpUserSession.class + " for " + cookie);
+        }
+
+        AuthenticationResult result = session.validate(cookie);
+        if (result != AuthenticationResult.SUCCESS) {
+            throw new UnauthorizedException("Validating " + cookie + " for " + session + " resulted in " + result);
+        }
+
+        return session;
+    }
+
+
+    /** authenticates, or null if no authentication */
+    public static <T extends HttpSessionDatabase & UserDatabase> AuthenticatedUserSession authenticateHttpUserSession(T database, FullHttpRequest request) throws UnauthorizedException, InternalServerException {
+        HttpUserSession session = getSession(database, request);
+        if (session == null) {
+            return null;
+        }
+
+        User user;
+        try {
+            user = database.getUser(session.getUser());
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+
+        if (user == null) {
+            throw new InternalServerException("Unknown user for authentication");
+        }
+        return new AuthenticatedUserSession(user);
+    }
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpUserSessionCookie.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpUserSessionCookie.java
new file mode 100644
index 00000000..99752dfa
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpUserSessionCookie.java
@@ -0,0 +1,51 @@
+package net.stzups.scribbleshare.data.objects.authentication.http;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.HttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import net.stzups.netty.http.HttpUtils;
+import net.stzups.netty.http.exception.exceptions.BadRequestException;
+import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.util.DebugString;
+
+public class HttpUserSessionCookie extends HttpSessionCookie {
+    private static final String COOKIE_NAME = "session";
+
+    public HttpUserSessionCookie(ByteBuf byteBuf) throws DeserializationException {
+        super(byteBuf);
+    }
+
+    public HttpUserSessionCookie(long id, byte[] token) {
+        super(id, token);
+    }
+
+    public void setCookie(HttpConfig config, HttpHeaders headers) {
+        HttpUtils.setCookie(headers, getCookie(config, COOKIE_NAME));
+    }
+
+    public static HttpUserSessionCookie getCookie(HttpRequest request) throws BadRequestException {
+        ByteBuf byteBuf = HttpSessionCookie.getCookie(request, COOKIE_NAME);
+        if (byteBuf != null) {
+            try {
+                return new HttpUserSessionCookie(byteBuf);
+            } catch (DeserializationException e) {
+                throw new BadRequestException("Malformed cookie", e);
+            } finally {
+                byteBuf.release();
+            }
+        }
+
+        return null;
+    }
+
+    public static void clearCookie(HttpResponse response) {
+        HttpSessionCookie.clearCookie(COOKIE_NAME, response);
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(HttpUserSessionCookie.class, super.toString())
+                .toString();
+    }
+}
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/login/Login.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/login/Login.java
new file mode 100644
index 00000000..70bee852
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/login/Login.java
@@ -0,0 +1,87 @@
+package net.stzups.scribbleshare.data.objects.authentication.login;
+
+import at.favre.lib.crypto.bcrypt.BCrypt;
+import net.stzups.scribbleshare.data.objects.User;
+import net.stzups.util.DebugString;
+
+import java.util.Arrays;
+
+public class Login {
+    private static final int COST = 6; // todo
+
+    private static final BCrypt.Hasher HASHER = BCrypt.withDefaults();
+    private static final BCrypt.Verifyer VERIFIER = BCrypt.verifyer();
+
+    private static final byte[] DUMMY = new byte[0];
+    private static final byte[] HASHED_DUMMY;
+    static {
+        HASHED_DUMMY = HASHER.hash(COST, DUMMY); // todo new byte[0] - use a different dummy plaintext?
+    }
+
+    private final String username;
+    private final long id;
+    private final byte[] hashedPassword;
+
+    public Login(User user, byte[] password) {
+        this.id = user.getId();
+        this.username = user.getUsername();
+        this.hashedPassword = HASHER.hash(COST, password);
+        Arrays.fill(password, (byte) 0);
+    }
+
+    public Login(String username, long id, byte[] hashedPassword) {
+        this.username = username;
+        this.id = id;
+        this.hashedPassword = hashedPassword;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public byte[] getHashedPassword() {
+        return hashedPassword;
+    }
+
+    public static boolean verify(Login login, byte[] plaintext) {
+        byte[] hashedPassword;
+        if (login == null) {
+            hashedPassword = HASHED_DUMMY; // still verify hash even when we know it will fail to protect against timing attack
+        } else {
+            hashedPassword = login.hashedPassword;
+        }
+
+        boolean verified = VERIFIER.verify(plaintext, hashedPassword).verified;
+
+        if (Arrays.equals(plaintext, DUMMY)) {
+            assert !verified : "Dummy should be unverified";
+            return false;
+        }
+
+        // might as well clear the tokens after using them, as they should only be verified once and discarded
+        Arrays.fill(plaintext, (byte) 0);
+        if (hashedPassword != HASHED_DUMMY) { // don't clear dummy, it will be reused
+            Arrays.fill(hashedPassword, (byte) 0);
+        }
+
+
+        if (login == null) {
+            assert !verified : "Null login should be unverified";
+            return false;
+        }
+
+        return verified;
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(Login.class)
+                .add("username", username)
+                .add("id", id)
+                .toString();
+    }
+}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Canvas.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Canvas.java
similarity index 88%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Canvas.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Canvas.java
index 253db879..8c05a30e 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Canvas.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Canvas.java
@@ -8,6 +8,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdates;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationLengthException;
+import net.stzups.util.DebugString;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -83,8 +84,20 @@ public void serialize(ByteBuf byteBuf) {
         }
     }
 
+    @Override
+    public boolean equals(Object object) {
+        if (!(object instanceof Canvas)) {
+            return false;
+        }
+
+        Canvas canvas = (Canvas) object;
+        return canvas.canvasObjects.equals(canvasObjects);
+    }
+
     @Override
     public String toString() {
-        return "Canvas{canvasObjects=" + canvasObjects.size() + "}";
+        return DebugString.get(Canvas.class)
+                .add("canvasObjects", canvasObjects)
+                .toString();
     }
 }
diff --git a/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Color.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Color.java
new file mode 100644
index 00000000..d4f14076
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/Color.java
@@ -0,0 +1,31 @@
+package net.stzups.scribbleshare.data.objects.canvas;
+
+import io.netty.buffer.ByteBuf;
+import net.stzups.util.DebugString;
+
+public class Color {
+    private final byte red;
+    private final byte green;
+    private final byte blue;
+
+    public Color(ByteBuf byteBuf) {
+        red = byteBuf.readByte();
+        green = byteBuf.readByte();
+        blue = byteBuf.readByte();
+    }
+
+    public void serialize(ByteBuf byteBuf) {
+        byteBuf.writeByte(red);
+        byteBuf.writeByte(green);
+        byteBuf.writeByte(blue);
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(Color.class)
+                .add("red", red & 0xff)
+                .add("green", green & 0xff)
+                .add("blue", blue & 0xff)
+                .toString();
+    }
+}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObject.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObject.java
similarity index 89%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObject.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObject.java
index e7d1c997..58612ad6 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObject.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObject.java
@@ -6,6 +6,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.canvasObjects.Line;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.canvasObjects.Shape;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.util.DebugString;
 
 public class CanvasObject {//todo make abstract?
     private short x;
@@ -30,6 +31,14 @@ public void serialize(ByteBuf byteBuf) {
         byteBuf.writeShort(y);
     }
 
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasMouse.class)
+                .add("x", x)
+                .add("y", y)
+                .toString();
+    }
+
     public static CanvasObject deserialize(CanvasObjectType type, ByteBuf byteBuf) throws DeserializationException {
         CanvasObject canvasObject;
         switch (type) {
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObjectType.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObjectType.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObjectType.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/CanvasObjectType.java
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/EntityCanvasObject.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/EntityCanvasObject.java
similarity index 67%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/EntityCanvasObject.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/EntityCanvasObject.java
index 730855d7..34157ad9 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/EntityCanvasObject.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/EntityCanvasObject.java
@@ -1,6 +1,7 @@
 package net.stzups.scribbleshare.data.objects.canvas.canvasObject;
 
 import io.netty.buffer.ByteBuf;
+import net.stzups.util.DebugString;
 
 public class EntityCanvasObject extends CanvasObject {
     private final short width;
@@ -21,4 +22,13 @@ public void serialize(ByteBuf byteBuf) {
         byteBuf.writeShort(height);
         byteBuf.writeByte(rotation);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(EntityCanvasObject.class, super.toString())
+                .add("width", width)
+                .add("height", height)
+                .add("rotation", rotation)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasImage.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasImage.java
similarity index 76%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasImage.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasImage.java
index 56193310..667f924f 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasImage.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasImage.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.CanvasObjectType;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.EntityCanvasObject;
+import net.stzups.util.DebugString;
 
 public class CanvasImage extends EntityCanvasObject {
     private final long id;
@@ -22,4 +23,11 @@ public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         byteBuf.writeLong(id);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasImage.class, super.toString())
+                .add("id", id)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasMouse.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasMouse.java
similarity index 76%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasMouse.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasMouse.java
index 5e6a44ce..1795a07e 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasMouse.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/CanvasMouse.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.CanvasObject;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.CanvasObjectType;
+import net.stzups.util.DebugString;
 
 public class CanvasMouse extends CanvasObject {
     public CanvasMouse(ByteBuf byteBuf) {
@@ -18,4 +19,10 @@ public CanvasObjectType getCanvasObjectType() {
     public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasMouse.class, super.toString())
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Line.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Line.java
similarity index 69%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Line.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Line.java
index fb9d0f4e..0d1ce8b0 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Line.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Line.java
@@ -1,8 +1,10 @@
 package net.stzups.scribbleshare.data.objects.canvas.canvasObject.canvasObjects;
 
 import io.netty.buffer.ByteBuf;
+import net.stzups.scribbleshare.data.objects.canvas.Color;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.CanvasObject;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.CanvasObjectType;
+import net.stzups.util.DebugString;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -17,27 +19,26 @@ private Point(ByteBuf byteBuf) {
             this.y = byteBuf.readShort();
         }
 
-        public Point(short x, short y) {
-            this.x = x;
-            this.y = y;
-        }
-
         private void serialize(ByteBuf byteBuf) {
             byteBuf.writeShort(x);
             byteBuf.writeShort(y);
         }
+
+        @Override
+        public String toString() {
+            return DebugString.get(Point.class)
+                    .add("x", x)
+                    .add("y", y)
+                    .toString();
+        }
     }
 
     private final List<Point> points = new ArrayList<>();
-    private final byte red;
-    private final byte green;
-    private final byte blue;
+    private final Color color;
 
     public Line(ByteBuf byteBuf) {
         super(byteBuf);
-        this.red = byteBuf.readByte();
-        this.green = byteBuf.readByte();
-        this.blue = byteBuf.readByte();
+        color = new Color(byteBuf);
         int length = byteBuf.readUnsignedByte();
         for (int i = 0; i < length; i++)  {
             points.add(new Point(byteBuf));
@@ -52,12 +53,18 @@ public CanvasObjectType getCanvasObjectType() {
     @Override
     public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
-        byteBuf.writeByte(red);
-        byteBuf.writeByte(green);
-        byteBuf.writeByte(blue);
+        color.serialize(byteBuf);
         byteBuf.writeByte((byte) points.size());
         for (Point point : points) {
             point.serialize(byteBuf);
         }
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(Line.class, super.toString())
+                .add("points", points)
+                .add("color", color)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Shape.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Shape.java
similarity index 81%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Shape.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Shape.java
index 293f1b3b..6eca9793 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Shape.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasObject/canvasObjects/Shape.java
@@ -2,10 +2,12 @@
 
 import io.netty.buffer.ByteBuf;
 import io.netty.util.collection.IntObjectHashMap;
+import net.stzups.scribbleshare.data.objects.canvas.Color;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.CanvasObjectType;
 import net.stzups.scribbleshare.data.objects.canvas.canvasObject.EntityCanvasObject;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationTypeException;
+import net.stzups.util.DebugString;
 
 import java.util.EnumSet;
 import java.util.Map;
@@ -41,16 +43,12 @@ public static Type deserialize(ByteBuf byteBuf) throws DeserializationException
     }
 
     private final Type type;
-    private final byte red;
-    private final byte green;
-    private final byte blue;
+    private final Color color;
 
     public Shape(ByteBuf byteBuf) throws DeserializationException {
         super(byteBuf);
         this.type = Type.deserialize(byteBuf);
-        this.red = byteBuf.readByte();
-        this.green = byteBuf.readByte();
-        this.blue = byteBuf.readByte();
+        color = new Color(byteBuf);
     }
 
     @Override
@@ -61,8 +59,14 @@ public CanvasObjectType getCanvasObjectType() {
     public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         byteBuf.writeByte((byte) type.id);
-        byteBuf.writeByte(red);
-        byteBuf.writeByte(green);
-        byteBuf.writeByte(blue);
+        color.serialize(byteBuf);
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(Shape.class, super.toString())
+                .add("type", type)
+                .add("color", color)
+                .toString();
     }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdate.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdate.java
similarity index 89%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdate.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdate.java
index 33da4f54..5a3ec8ea 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdate.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdate.java
@@ -7,6 +7,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.canvasUpdates.CanvasUpdateMove;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationTypeException;
+import net.stzups.util.DebugString;
 
 public abstract class CanvasUpdate {
     private final byte dt;
@@ -23,6 +24,13 @@ public void serialize(ByteBuf byteBuf) {
         byteBuf.writeByte(dt);
     }
 
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasUpdate.class)
+                .add("dt", dt)
+                .toString();
+    }
+
     static CanvasUpdate deserialize(CanvasUpdateType type, ByteBuf byteBuf) throws DeserializationException {
         CanvasUpdate canvasUpdate;
         switch (type) {
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateException.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateException.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateException.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateException.java
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateType.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateType.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateType.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdateType.java
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdates.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdates.java
similarity index 87%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdates.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdates.java
index bd3a1ffb..05b6d719 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdates.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/CanvasUpdates.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.Canvas;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationLengthException;
+import net.stzups.util.DebugString;
 
 public class CanvasUpdates {
     private final short id;
@@ -40,4 +41,12 @@ public void serialize(ByteBuf byteBuf) {
             canvasUpdates.serialize(byteBuf);
         }
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasUpdate.class)
+                .add("id", id)
+                .add("canvasUpdates", canvasUpdates)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.java
similarity index 84%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.java
index 89794c87..240f32bd 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateDelete.java
@@ -1,10 +1,11 @@
 package net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.canvasUpdates;
 
 import io.netty.buffer.ByteBuf;
-import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateException;
 import net.stzups.scribbleshare.data.objects.canvas.Canvas;
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdate;
+import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateException;
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateType;
+import net.stzups.util.DebugString;
 
 public class CanvasUpdateDelete extends CanvasUpdate {
     public CanvasUpdateDelete(ByteBuf byteBuf) {
@@ -23,6 +24,12 @@ public void update(Canvas canvas, short id) throws CanvasUpdateException {
         }
     }
 
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasUpdateDelete.class, super.toString())
+                .toString();
+    }
+
     @Override
     public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.java
similarity index 86%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.java
index 1e3e00e4..c8259d52 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateInsert.java
@@ -8,6 +8,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateException;
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateType;
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.util.DebugString;
 
 public class CanvasUpdateInsert extends CanvasUpdate {
     private final CanvasObject canvasObject;
@@ -35,4 +36,11 @@ public void serialize(ByteBuf byteBuf) {
         canvasObject.getCanvasObjectType().serialize(byteBuf);
         canvasObject.serialize(byteBuf);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasUpdateInsert.class, super.toString())
+                .add("canvasObject", canvasObject)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.java
similarity index 84%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.java
index 3eaeb001..db044dda 100644
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.java
+++ b/commons/src/main/java/net/stzups/scribbleshare/data/objects/canvas/canvasUpdate/canvasUpdates/CanvasUpdateMove.java
@@ -6,6 +6,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdate;
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateException;
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateType;
+import net.stzups.util.DebugString;
 
 public class CanvasUpdateMove extends CanvasUpdate {
     private final CanvasObject canvasObject;
@@ -34,4 +35,11 @@ public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         canvasObject.serialize(byteBuf);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(CanvasUpdateMove.class, super.toString())
+                .add("canvasObject", canvasObject)
+                .toString();
+    }
 }
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationException.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationException.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationException.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationException.java
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationLengthException.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationLengthException.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationLengthException.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationLengthException.java
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationTypeException.java b/commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationTypeException.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationTypeException.java
rename to commons/src/main/java/net/stzups/scribbleshare/data/objects/exceptions/DeserializationTypeException.java
diff --git a/commons/src/main/java/net/stzups/scribbleshare/server/http/handler/handlers/HttpAuthenticator.java b/commons/src/main/java/net/stzups/scribbleshare/server/http/handler/handlers/HttpAuthenticator.java
new file mode 100644
index 00000000..539aac7f
--- /dev/null
+++ b/commons/src/main/java/net/stzups/scribbleshare/server/http/handler/handlers/HttpAuthenticator.java
@@ -0,0 +1,57 @@
+package net.stzups.scribbleshare.server.http.handler.handlers;
+
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import io.netty.util.AttributeKey;
+import net.stzups.netty.http.exception.HttpException;
+import net.stzups.netty.http.exception.exceptions.NotFoundException;
+import net.stzups.netty.http.exception.exceptions.UnauthorizedException;
+import net.stzups.netty.http.handler.HttpHandler;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.data.database.databases.HttpSessionDatabase;
+import net.stzups.scribbleshare.data.database.databases.UserDatabase;
+import net.stzups.scribbleshare.data.objects.authentication.AuthenticatedUserSession;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpUserSession;
+
+@ChannelHandler.Sharable
+public class HttpAuthenticator<T extends UserDatabase & HttpSessionDatabase> extends HttpHandler {
+    private static final AttributeKey<AuthenticatedUserSession> USER = AttributeKey.valueOf(HttpAuthenticator.class, "USER");
+    public static AuthenticatedUserSession getUser(ChannelHandlerContext ctx) {
+        return ctx.channel().attr(USER).get();
+    }
+
+    private final T database;
+    private final String uri;
+
+    public HttpAuthenticator(T database) {
+        this(database, null);
+    }
+
+    public HttpAuthenticator(T database, String uri) {
+        super("/");
+        this.database = database;
+        this.uri = uri;
+    }
+
+    public boolean handle(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response) throws HttpException {
+        if (uri != null && !request.uri().equals(uri)) {
+            throw new NotFoundException("Bad uri");
+        }
+
+        AuthenticatedUserSession user = ctx.channel().attr(USER).get();
+        if (user != null) {
+            return true;
+        }
+
+        AuthenticatedUserSession session = HttpUserSession.authenticateHttpUserSession(database, request);
+        if (session == null) {
+            throw new UnauthorizedException("No authentication");
+        }
+
+        Scribbleshare.getLogger(ctx).info("" + session);
+        ctx.channel().attr(USER).set(session);
+        return true;
+    }
+}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/util/RandomString.java b/commons/src/main/java/net/stzups/scribbleshare/util/RandomString.java
similarity index 100%
rename from scribbleshare-commons/src/main/java/net/stzups/scribbleshare/util/RandomString.java
rename to commons/src/main/java/net/stzups/scribbleshare/util/RandomString.java
diff --git a/commons/src/test/java/net/stzups/scribbleshare/data/objects/canvas/CanvasTest.java b/commons/src/test/java/net/stzups/scribbleshare/data/objects/canvas/CanvasTest.java
new file mode 100644
index 00000000..8253c7fb
--- /dev/null
+++ b/commons/src/test/java/net/stzups/scribbleshare/data/objects/canvas/CanvasTest.java
@@ -0,0 +1,48 @@
+package net.stzups.scribbleshare.data.objects.canvas;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.Unpooled;
+import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class CanvasTest {
+    @Test
+    public void serializeEmpty() throws DeserializationException {
+        Canvas canvas = new Canvas();
+
+        ByteBuf byteBuf = Unpooled.buffer();
+        canvas.serialize(byteBuf);
+
+        Canvas c;
+        c = new Canvas(byteBuf);
+        byteBuf.release();
+
+        assertEquals(canvas, c);
+    }
+
+    private static final int MULTIPLE_AMOUNT = 5;
+
+    @Test
+    public void serializeEmptyMultiple() throws DeserializationException {
+        Canvas[] canvases = new Canvas[MULTIPLE_AMOUNT];
+        for (int i = 0; i < canvases.length; i++) {
+            canvases[i] = new Canvas();
+        }
+
+        ByteBuf byteBuf = Unpooled.buffer();
+        byteBuf.writeInt(canvases.length);
+        for (Canvas canvas : canvases) {
+            canvas.serialize(byteBuf);
+        }
+
+        Canvas[] c = new Canvas[byteBuf.readInt()];
+        for (int i = 0; i < c.length; i++) {
+            c[i] = new Canvas(byteBuf);
+        }
+
+        assertArrayEquals(canvases, c);
+    }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
index 554514b9..dfedbf89 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,60 +1,62 @@
 services:
 # WebSocket backend
-    scribbleshare-room:
-        image: stzups/scribbleshare-room
+    room:
+        image: stzups/room
         build:
-            context: scribbleshare-room
+            context: room
         ports:
             - "8080:80"
         depends_on:
-            scribbleshare-postgres:
+            postgres:
                 condition: service_healthy
-#            scribbleshare-keydb:
+#            keydb:
 #                condition: service_healthy
         environment:
             scribbleshare.ssl: "false"
-            scribbleshare.postgres.url: "jdbc:postgresql://scribbleshare-postgres:5432/scribbleshare"
+            scribbleshare.postgres.url: "jdbc:postgresql://postgres:5432/scribbleshare"
             scribbleshare.postgres.user: "scribbleshare_room"
             scribbleshare.postgres.password: "changeme"
-            scribbleshare.domain: "scribbleshare.com"
+            scribbleshare.domain: "scribbleshare.com:8080"
+            scribbleshare.origin: "http://scribbleshare.com"
 #            scribbleshare.redis.url: "redis://default:changeme@scribbleshare-keydb:6379"
 # App backend
-    scribbleshare-app:
-        image: stzups/scribbleshare-app
+    app:
+        image: stzups/app
         ports:
             - "80:80"
         build:
-            context: scribbleshare-app
+            context: app
         depends_on:
-            scribbleshare-postgres:
+            postgres:
                 condition: service_healthy
-#            scribbleshare-keydb:
+#            keydb:
 #                condition: service_healthy
         environment:
             scribbleshare.ssl: "false"
-            scribbleshare.postgres.url: "jdbc:postgresql://scribbleshare-postgres:5432/scribbleshare"
+            scribbleshare.postgres.url: "jdbc:postgresql://postgres:5432/scribbleshare"
             scribbleshare.postgres.user: "scribbleshare_backend"
             scribbleshare.postgres.password: "changeme"
             scribbleshare.domain: "scribbleshare.com"
+            scribbleshare.origin: "http://scribbleshare.com"
 #            scribbleshare.redis.url: "redis://default:changeme@scribbleshare-keydb:6379"
 # Reverse proxy
-#    scribbleshare-nginx:
-#        image: stzups/scribbleshare-nginx
+#    nginx:
+#        image: nginx
 #        networks:
-#            - scribbleshare-network
-#            - scribbleshare-external-network
+#            - network
+#            - external-network
 #        build:
-#            context: scribbleshare-nginx
+#            context: nginx
 #        depends_on:
-#            scribbleshare-app:
+#            app:
 #                condition: service_healthy
 #        ports:
 #            - "80:80"
 # Database
-    scribbleshare-postgres:
-        image: stzups/scribbleshare-postgres
-        build:
-            context: scribbleshare-postgres
+    postgres:
+        image: postgres
+        volumes:
+            - ./postgres/sql:/docker-entrypoint-initdb.d/
 #        ports:
 #            - "5432:5432"
         healthcheck:
@@ -64,11 +66,12 @@ services:
             retries: 5
         environment:
             POSTGRES_PASSWORD: "changeme"
-#    scribbleshare-keydb:
-#        build:
-#            context: scribbleshare-keydb
+#    keydb:
+#        image: eqalpha/keydb
 #        ports:
 #            - "6379:6379"
+#        volumes:
+#            - ./keydb/usr/local/etc/redis/redis.conf
 #        healthcheck:
 #            test: [ "CMD", "keydb-cli", "ping" ]
 #            interval: 5s
diff --git a/scribbleshare-electron/package-lock.json b/electron/package-lock.json
similarity index 100%
rename from scribbleshare-electron/package-lock.json
rename to electron/package-lock.json
diff --git a/scribbleshare-electron/package.json b/electron/package.json
similarity index 100%
rename from scribbleshare-electron/package.json
rename to electron/package.json
diff --git a/scribbleshare-electron/src/favicon.ico b/electron/src/favicon.ico
similarity index 100%
rename from scribbleshare-electron/src/favicon.ico
rename to electron/src/favicon.ico
diff --git a/scribbleshare-electron/src/index.js b/electron/src/index.js
similarity index 100%
rename from scribbleshare-electron/src/index.js
rename to electron/src/index.js
diff --git a/gradle/jmh.gradle b/gradle/jmh.gradle
new file mode 100644
index 00000000..fc7ffd67
--- /dev/null
+++ b/gradle/jmh.gradle
@@ -0,0 +1,17 @@
+sourceSets {
+    jmh {
+        compileClasspath += sourceSets.test.runtimeClasspath
+        runtimeClasspath += sourceSets.test.runtimeClasspath
+    }
+}
+
+dependencies {
+    jmhCompile project
+    jmhCompile 'org.openjdk.jmh:jmh-core:1.18'
+    jmhAnnotationProcessor 'org.openjdk.jmh:jmh-generator-annprocess:1.18'
+}
+
+task jmh(type: JavaExec, description: 'Executing JMH benchmarks') {
+    classpath = sourceSets.jmh.runtimeClasspath
+    main = 'org.openjdk.jmh.Main'
+}
\ No newline at end of file
diff --git a/gradle/test.gradle b/gradle/test.gradle
new file mode 100644
index 00000000..86d42f50
--- /dev/null
+++ b/gradle/test.gradle
@@ -0,0 +1,8 @@
+dependencies {
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.7.0'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.7.0'
+}
+
+test {
+    useJUnitPlatform()
+}
diff --git a/scribbleshare-keydb/redis.conf b/keydb/redis.conf
similarity index 100%
rename from scribbleshare-keydb/redis.conf
rename to keydb/redis.conf
diff --git a/scribbleshare-nginx/nginx.conf b/nginx/nginx.conf
similarity index 100%
rename from scribbleshare-nginx/nginx.conf
rename to nginx/nginx.conf
diff --git a/scribbleshare-postgres/sql/0-init.sql b/postgres/sql/0-init.sql
similarity index 100%
rename from scribbleshare-postgres/sql/0-init.sql
rename to postgres/sql/0-init.sql
diff --git a/scribbleshare-postgres/sql/1-scribbleshare.sql b/postgres/sql/1-scribbleshare.sql
similarity index 65%
rename from scribbleshare-postgres/sql/1-scribbleshare.sql
rename to postgres/sql/1-scribbleshare.sql
index 7397cf52..165e7d1d 100644
--- a/scribbleshare-postgres/sql/1-scribbleshare.sql
+++ b/postgres/sql/1-scribbleshare.sql
@@ -11,24 +11,49 @@ GRANT USAGE ON SCHEMA public TO scribbleshare_backend;
 GRANT CONNECT ON DATABASE scribbleshare TO scribbleshare_room;
 GRANT USAGE ON SCHEMA public TO scribbleshare_room;
 
-CREATE TABLE persistent_user_sessions(
-     id bigint NOT NULL,
-     "user" bigint NOT NULL,
-     creation_time timestamp,
-     hashed_token bytea NOT NULL,
-     PRIMARY KEY (id)
-);
-GRANT SELECT, INSERT, DELETE ON persistent_user_sessions TO scribbleshare_backend;
-
 CREATE TABLE users(
     id bigint NOT NULL,
     owned_documents bigint[] NOT NULL,
     shared_documents bigint[] NOT NULL,
+    username varchar(256) NOT NULL,
     PRIMARY KEY (id)
 );
 GRANT SELECT, INSERT, UPDATE ON users TO scribbleshare_backend;
 GRANT SELECT, UPDATE ON users TO scribbleshare_room;
 
+CREATE TABLE persistent_user_sessions(
+      id bigint NOT NULL,
+      created timestamp NOT NULL,
+      expired timestamp NOT NULL,
+      user_id bigint NOT NULL,
+      data bytea NOT NULL,
+      PRIMARY KEY (id)
+);
+GRANT SELECT, UPDATE, INSERT ON persistent_user_sessions TO scribbleshare_backend;
+
+CREATE TABLE user_sessions(
+     id bigint NOT NULL,
+     created timestamp NOT NULL,
+     expired timestamp NOT NULL,
+     user_id bigint NOT NULL,
+     data bytea NOT NULL,
+     PRIMARY KEY (id)
+);
+GRANT SELECT, UPDATE, INSERT ON user_sessions TO scribbleshare_backend;
+GRANT SELECT, UPDATE ON user_sessions TO scribbleshare_room;
+
+CREATE TABLE logins(
+    username varchar(256) NOT NULL,
+    user_id bigint NOT NULL,
+    hashed_password bytea NOT NULL,
+    PRIMARY KEY (username)
+);
+GRANT SELECT, INSERT ON logins TO scribbleshare_backend;
+
+
+
+
+
 CREATE TABLE documents(
     id bigint NOT NULL,
     owner bigint NOT NULL,
@@ -54,11 +79,3 @@ CREATE TABLE invite_codes(
     PRIMARY KEY (code)
 );
 GRANT SELECT, INSERT, DELETE ON invite_codes TO scribbleshare_room;
-
-CREATE TABLE key_value(
-    key bigint NOT NULL,
-    value bytea NOT NULL,
-    PRIMARY KEY (key)
-);
-GRANT SELECT, INSERT ON key_value TO scribbleshare_backend;
-GRANT SELECT ON key_value TO scribbleshare_room;
diff --git a/scribbleshare-room/Dockerfile b/room/Dockerfile
similarity index 100%
rename from scribbleshare-room/Dockerfile
rename to room/Dockerfile
diff --git a/scribbleshare-room/build.gradle b/room/build.gradle
similarity index 78%
rename from scribbleshare-room/build.gradle
rename to room/build.gradle
index 1b460726..c0a7cc8f 100644
--- a/scribbleshare-room/build.gradle
+++ b/room/build.gradle
@@ -3,12 +3,10 @@ plugins {
     id 'com.github.johnrengelman.shadow' version '6.1.0'
 }
 
-repositories {
-    mavenCentral()
-}
+apply from: rootProject.file('gradle/test.gradle')
 
 dependencies {
-    implementation project(':scribbleshare-commons')
+    implementation project(':commons')
 }
 
 // https://github.com/johnrengelman/shadow/issues/609#issuecomment-795983873
diff --git a/scribbleshare-room/run.sh b/room/run.sh
similarity index 100%
rename from scribbleshare-room/run.sh
rename to room/run.sh
diff --git a/scribbleshare-room/scribbleshare.properties b/room/scribbleshare.properties
similarity index 79%
rename from scribbleshare-room/scribbleshare.properties
rename to room/scribbleshare.properties
index 3ef244a8..9e06b2b4 100644
--- a/scribbleshare-room/scribbleshare.properties
+++ b/room/scribbleshare.properties
@@ -3,4 +3,5 @@ postgres.url=jdbc:postgresql://localhost:5432/scribbleshare
 postgres.user=scribbleshare_room
 postgres.password=changeme
 domain=localhost
-port=18080
\ No newline at end of file
+port=18080
+origin=http://localhost:3456
\ No newline at end of file
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoom.java b/room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoom.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoom.java
rename to room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoom.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfig.java b/room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfig.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfig.java
rename to room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfig.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfigImplementation.java b/room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfigImplementation.java
similarity index 80%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfigImplementation.java
rename to room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfigImplementation.java
index c8d217b3..dec99a04 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfigImplementation.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/ScribbleshareRoomConfigImplementation.java
@@ -1,8 +1,8 @@
 package net.stzups.scribbleshare.room;
 
+import net.stzups.config.ConfigKey;
+import net.stzups.config.OptionalConfigKey;
 import net.stzups.scribbleshare.ScribbleshareConfigImplementation;
-import net.stzups.scribbleshare.config.ConfigKey;
-import net.stzups.scribbleshare.config.OptionalConfigKey;
 
 public class ScribbleshareRoomConfigImplementation extends ScribbleshareConfigImplementation implements ScribbleshareRoomConfig {
     private static final ConfigKey<String> WEBSOCKET_PATH = new OptionalConfigKey<>("websocket.path", "/scribblesocket");
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/RoomHttpServerInitializer.java b/room/src/main/java/net/stzups/scribbleshare/room/server/RoomHttpServerInitializer.java
similarity index 60%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/RoomHttpServerInitializer.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/RoomHttpServerInitializer.java
index 73d36716..35cb77e5 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/RoomHttpServerInitializer.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/RoomHttpServerInitializer.java
@@ -3,21 +3,31 @@
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.socket.SocketChannel;
+import io.netty.handler.codec.http.FullHttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
 import io.netty.handler.codec.http.websocketx.WebSocketServerProtocolHandler;
 import io.netty.handler.codec.http.websocketx.extensions.compression.WebSocketServerCompressionHandler;
 import io.netty.util.AttributeKey;
+import net.stzups.netty.http.DefaultHttpServerHandler;
+import net.stzups.netty.http.HttpServerHandler;
+import net.stzups.netty.http.HttpServerInitializer;
+import net.stzups.netty.http.exception.exceptions.NotFoundException;
+import net.stzups.netty.http.handler.HttpHandler;
+import net.stzups.netty.http.handler.handlers.OriginHandler;
 import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
+import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
 import net.stzups.scribbleshare.room.server.websocket.ClientMessageHandler;
 import net.stzups.scribbleshare.room.server.websocket.protocol.ClientMessageDecoder;
 import net.stzups.scribbleshare.room.server.websocket.protocol.ServerMessageEncoder;
-import net.stzups.scribbleshare.server.http.HttpServerInitializer;
+import net.stzups.scribbleshare.server.http.handler.handlers.HttpAuthenticator;
 
 import javax.net.ssl.SSLException;
 
 @ChannelHandler.Sharable
 public class RoomHttpServerInitializer extends HttpServerInitializer {
-    public interface Config extends HttpServerInitializer.Config {
+    public interface Config extends HttpServerInitializer.Config, HttpConfig {
         String getWebsocketPath();
+        String getOrigin();
     }
 
     private static final AttributeKey<ScribbleshareDatabase> DATABASE = AttributeKey.valueOf(RoomHttpServerInitializer.class, "DATABASE");
@@ -30,15 +40,28 @@ public static ScribbleshareDatabase getDatabase(ChannelHandlerContext ctx) {
 
     private final ServerMessageEncoder serverMessageEncoder = new ServerMessageEncoder();
     private final ClientMessageDecoder clientMessageDecoder = new ClientMessageDecoder();
-    private final ClientMessageHandler clientMessageHandler = new ClientMessageHandler();
-    private final HttpAuthenticator httpAuthenticator;
+    private final ClientMessageHandler clientMessageHandler;
+    private final HttpServerHandler httpServerHandler;
 
 
     public RoomHttpServerInitializer(Config config, ScribbleshareDatabase database) throws SSLException {
         super(config);
         this.config = config;
         this.database = database;
-        httpAuthenticator = new HttpAuthenticator(config, database);
+        clientMessageHandler = new ClientMessageHandler();
+        httpServerHandler = new DefaultHttpServerHandler()
+                .addLast(new OriginHandler(config))
+                .addLast(new HttpHandler("/") {
+                    @Override
+                    public boolean handle(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response) throws NotFoundException {
+                        if (!request.uri().equals(config.getWebsocketPath())) {
+                            throw new NotFoundException("Bad uri " + request.uri());
+                        }
+
+                        return false;
+                    }
+                })
+                .addLast(new HttpAuthenticator<>(database));
     }
 
     @Override
@@ -48,7 +71,7 @@ protected void initChannel(SocketChannel channel) {
         channel.attr(DATABASE).set(database);
 
         channel.pipeline()
-                .addLast(httpAuthenticator)
+                .addLast(httpServerHandler)
                 .addLast(new WebSocketServerCompressionHandler())
                 .addLast(new WebSocketServerProtocolHandler(config.getWebsocketPath(), null, true))
                 .addLast(serverMessageEncoder)
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Client.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Client.java
similarity index 79%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Client.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Client.java
index 21ed36f0..9a9b1536 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Client.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Client.java
@@ -4,6 +4,7 @@
 import io.netty.channel.Channel;
 import net.stzups.scribbleshare.data.objects.User;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
+import net.stzups.util.DebugString;
 
 import java.util.ArrayList;
 import java.util.Collections;
@@ -19,7 +20,7 @@ public class Client {
 
     private List<ServerMessage> messages = new ArrayList<>();
 
-    Client(User user, Channel channel) {
+    public Client(User user, Channel channel) {
         this.user = user;
         this.channel = channel;
         regenerateId();
@@ -42,22 +43,22 @@ public short regenerateId() {
         }
     }
 
-    void queueMessage(ServerMessage serverMessage) {
+    public void queueMessage(ServerMessage serverMessage) {
         messages.add(serverMessage);
     }
 
-    void sendMessage(ServerMessage serverMessage) {
+    public void sendMessage(ServerMessage serverMessage) {
         channel.writeAndFlush(Collections.singletonList(serverMessage));
     }
 
-    void flushMessages() {
+    public void flushMessages() {
         if (messages.size() > 0) {
             channel.writeAndFlush(messages);
             messages = new ArrayList<>();//clear() won't work here as the above line does not block and writes later
         }
     }
 
-    void disconnect() {
+    public void disconnect() {
         try {
             channel.close().sync();
         } catch (InterruptedException e) {
@@ -72,7 +73,11 @@ public void serialize(ByteBuf byteBuf) {
 
     @Override
     public String toString() {
-        return "Client{user=" + user + ",address=" + channel.remoteAddress() + "}";
+        return DebugString.get(Client.class)
+                .add("user", user)
+                .add("address", channel.remoteAddress())
+                .add("id", id)
+                .toString();
     }
 
     @Override
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageException.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageException.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageException.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageException.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageHandler.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageHandler.java
similarity index 67%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageHandler.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageHandler.java
index f282503b..c290a4ee 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageHandler.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/ClientMessageHandler.java
@@ -5,32 +5,25 @@
 import io.netty.channel.SimpleChannelInboundHandler;
 import io.netty.util.Attribute;
 import io.netty.util.AttributeKey;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
 import net.stzups.scribbleshare.Scribbleshare;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
+import net.stzups.scribbleshare.room.server.websocket.state.State;
+import net.stzups.scribbleshare.room.server.websocket.state.states.InitialState;
 
 import java.util.logging.Level;
 
 @ChannelHandler.Sharable
 public class ClientMessageHandler extends SimpleChannelInboundHandler<ClientMessage> {
     private static final AttributeKey<State> STATE = AttributeKey.valueOf(ClientMessageHandler.class, "STATE");
-    private static final AttributeKey<Client> CLIENT = AttributeKey.valueOf(ClientMessageHandler.class, "CLIENT");
-    private static final AttributeKey<Room> ROOM = AttributeKey.valueOf(ClientMessageHandler.class, "ROOM");
 
     public static Attribute<State> getState(ChannelHandlerContext ctx) {
         return ctx.channel().attr(STATE);
     }
 
-    public static Attribute<Client> getClient(ChannelHandlerContext ctx) {
-        return ctx.channel().attr(CLIENT);
-    }
-
-    public static Attribute<Room> getRoom(ChannelHandlerContext ctx) {
-        return ctx.channel().attr(ROOM);
-    }
-
     @Override
     public void channelActive(ChannelHandlerContext ctx) {
-        State.INITIAL.setState(ctx);
+        State.setState(ctx, new InitialState());
     }
 
     @Override
@@ -45,11 +38,16 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object event) {
 
     @Override
     public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
-        Scribbleshare.getLogger(ctx).log(Level.WARNING, "Unhandled exception while in connection state " + getState(ctx).get(), cause);
+        Scribbleshare.getLogger(ctx).log(Level.WARNING, "Unhandled exception while in " + getState(ctx).get(), cause);
     }
 
     @Override
-    protected void channelRead0(ChannelHandlerContext ctx, ClientMessage message) throws ClientMessageException {
-        ctx.channel().attr(STATE).get().message(ctx, message);
+    protected void channelRead0(ChannelHandlerContext ctx, ClientMessage message) {
+        try {
+            ctx.channel().attr(STATE).get().message(ctx, message);
+        } catch (ClientMessageException | InternalServerException e) {
+            Scribbleshare.getLogger(ctx).log(Level.WARNING, "Exception while handling message while in " + getState(ctx), e);
+            //todo send exception to client
+        }
     }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Room.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Room.java
similarity index 71%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Room.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Room.java
index 31e3d4ab..7d8eeb3f 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Room.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/Room.java
@@ -2,8 +2,10 @@
 
 import io.netty.buffer.ByteBuf;
 import io.netty.buffer.Unpooled;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
 import net.stzups.scribbleshare.Scribbleshare;
 import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
 import net.stzups.scribbleshare.data.objects.Document;
 import net.stzups.scribbleshare.data.objects.Resource;
 import net.stzups.scribbleshare.data.objects.canvas.Canvas;
@@ -13,6 +15,7 @@
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageAddUser;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageOpenDocument;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageRemoveClient;
+import net.stzups.util.DebugString;
 
 import java.util.HashMap;
 import java.util.HashSet;
@@ -20,8 +23,9 @@
 import java.util.Set;
 import java.util.Timer;
 import java.util.TimerTask;
+import java.util.logging.Level;
 
-class Room {
+public class Room {
     private static final int SEND_PERIOD = 1000;
 
     private static final  Map<Document, Room> rooms = new HashMap<>();
@@ -42,16 +46,25 @@ public void run() {
     private final Document document;
     private final Canvas canvas;
 
-    Room(ScribbleshareDatabase database, Document document) throws DeserializationException {
+    Room(ScribbleshareDatabase database, Document document) throws DeserializationException, InternalServerException {
         this.database = database;
         this.document = document;
-        ByteBuf canvas = database.getResource(document.getId(), document.getId()).getData();
+        Resource resource;
+        try {
+            resource = database.getResource(document.getId(), document.getId());
+        } catch (DatabaseException e) {
+            throw new InternalServerException(e);
+        }
+        if (resource == null) {
+            throw new InternalServerException("Somehow there is no resource for " + document);
+        }
+        ByteBuf canvas = resource.getData();
         this.canvas = new Canvas(canvas);
         rooms.put(document, this);
         Scribbleshare.getLogger().info("Started " + this);
     }
 
-    static Room getRoom(ScribbleshareDatabase database, Document document) throws DeserializationException {
+    public static Room getRoom(ScribbleshareDatabase database, Document document) throws DeserializationException, InternalServerException {
         Room room = rooms.get(document);
         if (room == null) {
             return new Room(database, document);
@@ -59,18 +72,22 @@ static Room getRoom(ScribbleshareDatabase database, Document document) throws De
         return room;
     }
 
-    void end() {
+    public void end() {
         rooms.remove(document);
         if (canvas.isDirty()) {
             ByteBuf byteBuf = Unpooled.buffer();
             canvas.serialize(byteBuf);
-            database.updateResource(document.getId(), document.getId(), new Resource(byteBuf));//todo autosave?
+            try {
+                database.updateResource(document.getId(), document.getId(), new Resource(byteBuf));//todo autosave?
+            } catch (DatabaseException e) {
+                Scribbleshare.getLogger().log(Level.WARNING, "Failed to save canvas to database", e);
+            }
         }
         //todo
         Scribbleshare.getLogger().info("Ended room " + this);
     }
 
-    Document getDocument() {
+    public Document getDocument() {
         return document;
     }
 
@@ -82,7 +99,7 @@ public Canvas getCanvas() {
      * Creates a new client using its channel.
      * todo
      */
-    void addClient(Client client) {
+    public void addClient(Client client) {
 
         //for the new client
         client.queueMessage(new ServerMessageOpenDocument(document, canvas));//todo
@@ -104,7 +121,7 @@ void addClient(Client client) {
      *
      * @param client client to remove
      */
-    void removeClient(Client client) {
+    public void removeClient(Client client) {
         clients.remove(client);
         sendMessage(new ServerMessageRemoveClient(client));
         Scribbleshare.getLogger().info("Removed " + client + " to " + this);
@@ -119,7 +136,7 @@ void removeClient(Client client) {
      * @param serverMessage message to send
      * @param except client to exclude
      */
-    void sendPacketExcept(ServerMessage serverMessage, Client except) {
+    public void sendPacketExcept(ServerMessage serverMessage, Client except) {
         for (Client client : clients) {
             if (except != client) {
                 client.sendMessage(serverMessage);
@@ -132,13 +149,13 @@ void sendPacketExcept(ServerMessage serverMessage, Client except) {
      *
      * @param serverMessage the message to send
      */
-    void sendMessage(ServerMessage serverMessage) {
+    public void sendMessage(ServerMessage serverMessage) {
         for (Client client : clients) {
             client.sendMessage(serverMessage);
         }
     }
 
-    void queueMessageExcept(ServerMessage serverMessage, Client except) {
+    public void queueMessageExcept(ServerMessage serverMessage, Client except) {
         for (Client client : clients) {
             if (except != client) {
                 client.queueMessage(serverMessage);
@@ -146,13 +163,13 @@ void queueMessageExcept(ServerMessage serverMessage, Client except) {
         }
     }
 
-    void queueMessage(ServerMessage serverMessage) {
+    public void queueMessage(ServerMessage serverMessage) {
         for (Client client : clients) {
             client.queueMessage(serverMessage);
         }
     }
 
-    void flushMessages() {
+    public void flushMessages() {
         for (Client client : clients) {
             client.flushMessages();
         }
@@ -164,6 +181,10 @@ private void update() {
 
     @Override
     public String toString() {
-        return "Room{document=" + document + "}";
+        return DebugString.get(Room.class)
+                .add("document", document)
+                .add("canvas", canvas)
+                .add("clients", clients)
+                .toString();
     }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ClientMessageDecoder.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ClientMessageDecoder.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ClientMessageDecoder.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ClientMessageDecoder.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/Message.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/Message.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/Message.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/Message.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ServerMessageEncoder.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ServerMessageEncoder.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ServerMessageEncoder.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/ServerMessageEncoder.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessage.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessage.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessage.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessage.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessageType.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessageType.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessageType.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/ClientMessageType.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdate.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdate.java
similarity index 83%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdate.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdate.java
index 4cb67da4..79524cad 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdate.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdate.java
@@ -6,6 +6,7 @@
 import net.stzups.scribbleshare.data.objects.exceptions.DeserializationLengthException;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessageType;
+import net.stzups.util.D.DebugString;
 
 public class ClientMessageCanvasUpdate extends ClientMessage {
     private final CanvasUpdates[] canvasUpdatesArray;
@@ -26,4 +27,11 @@ public ClientMessageType getMessageType() {
     public CanvasUpdates[] getCanvasUpdatesArray() {
         return canvasUpdatesArray;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ClientMessageCanvasUpdate.class)
+                .add("canvasUpdatesArray", canvasUpdatesArray)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCreateDocument.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCreateDocument.java
similarity index 74%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCreateDocument.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCreateDocument.java
index 6ccc2f7f..68e0c289 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCreateDocument.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCreateDocument.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessageType;
+import net.stzups.util.D.DebugString;
 
 public class ClientMessageCreateDocument extends ClientMessage {
     public ClientMessageCreateDocument(ByteBuf byteBuf) {
@@ -13,4 +14,10 @@ public ClientMessageCreateDocument(ByteBuf byteBuf) {
     public ClientMessageType getMessageType() {
         return ClientMessageType.CREATE_DOCUMENT;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ClientMessageCreateDocument.class)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageDeleteDocument.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageDeleteDocument.java
similarity index 75%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageDeleteDocument.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageDeleteDocument.java
index 977f21ab..b2f4c69d 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageDeleteDocument.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageDeleteDocument.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessageType;
+import net.stzups.util.D.DebugString;
 
 public class ClientMessageDeleteDocument extends ClientMessage {
     private final long id;
@@ -19,4 +20,11 @@ public ClientMessageType getMessageType() {
     public long getId() {
         return id;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ClientMessageDeleteDocument.class)
+                .add("id", id)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageGetInvite.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageGetInvite.java
similarity index 73%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageGetInvite.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageGetInvite.java
index 9d232cf8..a38e1284 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageGetInvite.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageGetInvite.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessageType;
+import net.stzups.scribbleshare.util.DebugString;
 
 public class ClientMessageGetInvite extends ClientMessage {
     public ClientMessageGetInvite(ByteBuf byteBuf) {
@@ -13,4 +14,10 @@ public ClientMessageGetInvite(ByteBuf byteBuf) {
     public ClientMessageType getMessageType() {
         return ClientMessageType.GET_INVITE;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ClientMessageGetInvite.class)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageHandshake.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageHandshake.java
similarity index 75%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageHandshake.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageHandshake.java
index 3da331b6..665137bd 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageHandshake.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageHandshake.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessageType;
+import net.stzups.util.D.DebugString;
 
 public class ClientMessageHandshake extends ClientMessage {
     private final String code;
@@ -19,4 +20,11 @@ public ClientMessageType getMessageType() {
     public String getCode() {
         return code;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ClientMessageHandshake.class)
+                .add("code", code)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageOpenDocument.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageOpenDocument.java
similarity index 75%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageOpenDocument.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageOpenDocument.java
index 7cc48c75..bf75efd8 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageOpenDocument.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageOpenDocument.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessageType;
+import net.stzups.util.D.DebugString;
 
 public class ClientMessageOpenDocument extends ClientMessage {
     private final long id;
@@ -19,4 +20,11 @@ public ClientMessageType getMessageType() {
     public long getId() {
         return id;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ClientMessageOpenDocument.class)
+                .add("id", id)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageUpdateDocument.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageUpdateDocument.java
similarity index 75%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageUpdateDocument.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageUpdateDocument.java
index b20ad695..0ceb6654 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageUpdateDocument.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageUpdateDocument.java
@@ -3,6 +3,7 @@
 import io.netty.buffer.ByteBuf;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessageType;
+import net.stzups.util.D.DebugString;
 
 public class ClientMessageUpdateDocument extends ClientMessage {
     private final long id;
@@ -25,4 +26,12 @@ public long getId() {
     public String getName() {
         return name;
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ClientMessageUpdateDocument.class)
+                .add("id", id)
+                .add("name", name)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessage.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessage.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessage.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessage.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessageType.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessageType.java
similarity index 100%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessageType.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/ServerMessageType.java
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddClient.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddClient.java
similarity index 82%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddClient.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddClient.java
index 5035803f..2f4cf4a0 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddClient.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddClient.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.room.server.websocket.Client;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 import java.util.Collections;
 import java.util.Set;
@@ -32,4 +33,11 @@ public void serialize(ByteBuf byteBuf) {
             client.serialize(byteBuf);
         }
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageAddClient.class)
+                .add("clients", clients)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddUser.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddUser.java
similarity index 78%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddUser.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddUser.java
index bd7936ed..b08bd3e4 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddUser.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageAddUser.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.data.objects.User;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageAddUser extends ServerMessage {
     private final User user;
@@ -22,4 +23,11 @@ public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         byteBuf.writeLong(user.getId());
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageAddUser.class)
+                .add("user", user)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageCanvasUpdate.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageCanvasUpdate.java
similarity index 80%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageCanvasUpdate.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageCanvasUpdate.java
index 514dacb4..82b84fc3 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageCanvasUpdate.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageCanvasUpdate.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdates;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageCanvasUpdate extends ServerMessage {
     private final CanvasUpdates[] canvasUpdates;
@@ -25,4 +26,11 @@ public void serialize(ByteBuf byteBuf) {
             canvasUpdates.serialize(byteBuf);
         }
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageCanvasUpdate.class)
+                .add("canvasUpdates", canvasUpdates)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageDeleteDocument.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageDeleteDocument.java
similarity index 78%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageDeleteDocument.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageDeleteDocument.java
index f755d8e1..84968aee 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageDeleteDocument.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageDeleteDocument.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.data.objects.Document;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageDeleteDocument extends ServerMessage {
     private final long id;
@@ -22,4 +23,11 @@ public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         byteBuf.writeLong(id);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageDeleteDocument.class)
+                .add("id", id)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageGetInvite.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageGetInvite.java
similarity index 78%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageGetInvite.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageGetInvite.java
index 0e426daf..c870e2e9 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageGetInvite.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageGetInvite.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.data.objects.InviteCode;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageGetInvite extends ServerMessage {
     private final String code;
@@ -22,4 +23,11 @@ public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         writeString(code, byteBuf);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageGetInvite.class)
+                .add("code", code)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageHandshake.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageHandshake.java
similarity index 78%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageHandshake.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageHandshake.java
index 566f9a46..ba046ecd 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageHandshake.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageHandshake.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.room.server.websocket.Client;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageHandshake extends ServerMessage {
     private final Client client;
@@ -21,4 +22,11 @@ public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         byteBuf.writeShort(client.getId());
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageHandshake.class)
+                .add("client", client)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageOpenDocument.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageOpenDocument.java
similarity index 78%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageOpenDocument.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageOpenDocument.java
index c255c596..9871d734 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageOpenDocument.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageOpenDocument.java
@@ -5,6 +5,7 @@
 import net.stzups.scribbleshare.data.objects.canvas.Canvas;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageOpenDocument extends ServerMessage {
     private final Document document;
@@ -26,4 +27,12 @@ public void serialize(ByteBuf byteBuf) {
         byteBuf.writeLong(document.getId());
         canvas.serialize(byteBuf);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageOpenDocument.class)
+                .add("document", document)
+                .add("canvas", canvas)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageRemoveClient.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageRemoveClient.java
similarity index 78%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageRemoveClient.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageRemoveClient.java
index 9cbf4ebe..dd89db3f 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageRemoveClient.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageRemoveClient.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.room.server.websocket.Client;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageRemoveClient extends ServerMessage {
     private final Client client;
@@ -22,4 +23,11 @@ public void serialize(ByteBuf byteBuf) {
         super.serialize(byteBuf);
         byteBuf.writeShort(client.getId());
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageRemoveClient.class)
+                .add("client", client)
+                .toString();
+    }
 }
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageUpdateDocument.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageUpdateDocument.java
similarity index 80%
rename from scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageUpdateDocument.java
rename to room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageUpdateDocument.java
index 1175c533..cab00ae1 100644
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageUpdateDocument.java
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/messages/ServerMessageUpdateDocument.java
@@ -4,6 +4,7 @@
 import net.stzups.scribbleshare.data.objects.Document;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessage;
 import net.stzups.scribbleshare.room.server.websocket.protocol.server.ServerMessageType;
+import net.stzups.util.DebugString;
 
 public class ServerMessageUpdateDocument extends ServerMessage {
     private final Document document;
@@ -29,4 +30,12 @@ public void serialize(ByteBuf byteBuf) {
         byteBuf.writeLong(document.getId());
         writeString(document.getName(), byteBuf);
     }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ServerMessageUpdateDocument.class)
+                .add("document", document)
+                .add("shared", shared)
+                .toString();
+    }
 }
diff --git a/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/State.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/State.java
new file mode 100644
index 00000000..e12d7c70
--- /dev/null
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/State.java
@@ -0,0 +1,31 @@
+package net.stzups.scribbleshare.room.server.websocket.state;
+
+import io.netty.channel.ChannelHandlerContext;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.room.server.websocket.ClientMessageException;
+import net.stzups.scribbleshare.room.server.websocket.ClientMessageHandler;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
+import net.stzups.scribbleshare.room.server.websocket.state.states.InitialState;
+
+public abstract class State {
+    public static void setState(ChannelHandlerContext ctx, State state) {
+        ClientMessageHandler.getState(ctx).set(state);
+
+        if (!(state instanceof InitialState)) {
+            Scribbleshare.getLogger(ctx).info(state.toString());
+        }
+    }
+
+    public void channelInactive(ChannelHandlerContext ctx) {
+        //todo throw new UnsupportedOperationException("Unhandled channel close");
+    }
+
+    public void userEventTriggered(ChannelHandlerContext ctx, Object event) {
+        throw new UnsupportedOperationException("Unhandled Netty userEventTriggered " + event);
+    }
+
+    public void message(ChannelHandlerContext ctx, ClientMessage clientMessage) throws ClientMessageException, InternalServerException {
+        throw new UnsupportedOperationException("Unhandled ClientMessage " + clientMessage.getClass().getSimpleName());
+    }
+}
diff --git a/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/HandshakeState.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/HandshakeState.java
new file mode 100644
index 00000000..0061572a
--- /dev/null
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/HandshakeState.java
@@ -0,0 +1,132 @@
+package net.stzups.scribbleshare.room.server.websocket.state.states;
+
+import io.netty.channel.ChannelHandlerContext;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.Document;
+import net.stzups.scribbleshare.data.objects.InviteCode;
+import net.stzups.scribbleshare.data.objects.authentication.AuthenticatedUserSession;
+import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.scribbleshare.room.server.RoomHttpServerInitializer;
+import net.stzups.scribbleshare.room.server.websocket.Client;
+import net.stzups.scribbleshare.room.server.websocket.ClientMessageException;
+import net.stzups.scribbleshare.room.server.websocket.Room;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageHandshake;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageAddUser;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageHandshake;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageUpdateDocument;
+import net.stzups.scribbleshare.room.server.websocket.state.State;
+import net.stzups.util.DebugString;
+
+import java.util.logging.Level;
+
+public class HandshakeState extends State {
+    private final AuthenticatedUserSession session;
+
+    public HandshakeState(AuthenticatedUserSession session) {
+        this.session = session;
+    }
+
+    @Override
+    public void message(ChannelHandlerContext ctx, ClientMessage clientMessage) throws ClientMessageException, InternalServerException {
+        Room room = null;//todo
+        switch (clientMessage.getMessageType()) {
+            case HANDSHAKE: {
+                ClientMessageHandshake clientPacketHandshake = (ClientMessageHandshake) clientMessage;
+
+                Scribbleshare.getLogger(ctx).info("Handshake with invite " + clientPacketHandshake.getCode() + ", " + session);
+
+                Client client = new Client(session.getUser(), ctx.channel());
+
+                client.queueMessage(new ServerMessageHandshake(client));
+                InviteCode inviteCode;
+                try {
+                    inviteCode = RoomHttpServerInitializer.getDatabase(ctx).getInviteCode(clientPacketHandshake.getCode());
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+                client.queueMessage(new ServerMessageAddUser(client.getUser()));
+                //figure out which document to open first
+                if (inviteCode != null) {
+                    Document document;
+                    try {
+                        document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(inviteCode.getDocument());
+                    } catch (DatabaseException e) {
+                        throw new InternalServerException(e);
+                    }
+                    if (document == null) {
+                        throw new ClientMessageException(clientMessage, "Somehow used invite code for non existent document");
+                    }
+
+                    //if this isn't the user's own document and this isn't part of the user's shared documents then add and update
+                    if (document.getOwner() != client.getUser().getId()) {
+                        if (client.getUser().getSharedDocuments().add(document.getId())) {
+                            try {
+                                RoomHttpServerInitializer.getDatabase(ctx).updateUser(client.getUser());
+                            } catch (DatabaseException e) {
+                                e.printStackTrace();
+                                //todo
+                            }
+                        }
+                    }
+                    try {
+                        room = Room.getRoom(RoomHttpServerInitializer.getDatabase(ctx), document);
+                    } catch (DeserializationException e) {
+                        throw new ClientMessageException(clientMessage, e);
+                    }
+                } else {
+                    if (client.getUser().getOwnedDocuments().size() == 0) {
+                        try {
+                            RoomHttpServerInitializer.getDatabase(ctx).createDocument(client.getUser());
+                        } catch (DatabaseException e) {
+                            Scribbleshare.getLogger().log(Level.WARNING, "Failed to create document for new user with no documents", e);
+                        }
+                    }
+                }
+                client.getUser().getOwnedDocuments().removeIf((id) -> {
+                    Document document;
+                    try {
+                        document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(id);
+                    } catch (DatabaseException e) {
+                        throw new RuntimeException(new InternalServerException(e));//todo
+                    }
+                    if (document == null) {
+                        return true;
+                    } else {
+                        client.queueMessage(new ServerMessageUpdateDocument(document));
+                        return false;
+                    }
+                });//todo this is bad
+                client.getUser().getSharedDocuments().removeIf((id) -> {
+                    Document document;
+                    try {
+                        document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(id);
+                    } catch (DatabaseException e) {
+                        throw new RuntimeException(new InternalServerException(e));//todo
+                    }
+                    if (document == null) {
+                        return true;
+                    } else {
+                        client.queueMessage(new ServerMessageUpdateDocument(document));
+                        return false;
+                    }
+                });
+                client.flushMessages();
+
+                setState(ctx, new ReadyState(client));
+                break;
+            }
+            default:
+                super.message(ctx, clientMessage);
+        }
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(HandshakeState.class)
+                .add("session", session)
+                .toString();
+    }
+}
diff --git a/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/InitialState.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/InitialState.java
new file mode 100644
index 00000000..bd61d065
--- /dev/null
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/InitialState.java
@@ -0,0 +1,34 @@
+package net.stzups.scribbleshare.room.server.websocket.state.states;
+
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.websocketx.WebSocketServerProtocolHandler;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.room.server.websocket.state.State;
+import net.stzups.scribbleshare.server.http.handler.handlers.HttpAuthenticator;
+import net.stzups.util.DebugString;
+
+public class InitialState extends State {
+
+    public InitialState() {
+
+    }
+
+    @Override
+    public void userEventTriggered(ChannelHandlerContext ctx, Object event) {
+        if (event instanceof WebSocketServerProtocolHandler.HandshakeComplete) {
+            Scribbleshare.getLogger(ctx).info("WebSocket connection initialized");
+            setState(ctx, new HandshakeState(HttpAuthenticator.getUser(ctx)));
+            return;
+        }
+
+        if (event instanceof WebSocketServerProtocolHandler.ServerHandshakeStateEvent) return; //deprecated but still fired
+
+        super.userEventTriggered(ctx, event);
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(InitialState.class)
+                .toString();
+    }
+}
diff --git a/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/ReadyState.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/ReadyState.java
new file mode 100644
index 00000000..3e2bea83
--- /dev/null
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/ReadyState.java
@@ -0,0 +1,117 @@
+package net.stzups.scribbleshare.room.server.websocket.state.states;
+
+import io.netty.channel.ChannelHandlerContext;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.Document;
+import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
+import net.stzups.scribbleshare.room.server.RoomHttpServerInitializer;
+import net.stzups.scribbleshare.room.server.websocket.Client;
+import net.stzups.scribbleshare.room.server.websocket.ClientMessageException;
+import net.stzups.scribbleshare.room.server.websocket.Room;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageOpenDocument;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageUpdateDocument;
+import net.stzups.scribbleshare.room.server.websocket.state.State;
+import net.stzups.util.DebugString;
+
+public class ReadyState extends State {
+    private final Client client;
+
+    ReadyState(Client client) {
+        this.client = client;
+    }
+
+    @Override
+    public void message(ChannelHandlerContext ctx, ClientMessage clientMessage) throws ClientMessageException, InternalServerException {
+
+        switch (clientMessage.getMessageType()) {
+            case OPEN_DOCUMENT: {
+                ClientMessageOpenDocument clientPacketOpenDocument = (ClientMessageOpenDocument) clientMessage;
+                Document document;
+                try {
+                    document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(clientPacketOpenDocument.getId());
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+                if (document != null) {
+                    //open
+                    Room room;
+                    try {
+                        room = Room.getRoom(RoomHttpServerInitializer.getDatabase(ctx), document);
+                    } catch (DeserializationException e) {
+                        throw new ClientMessageException(clientMessage, e);
+                    }
+                    room.addClient(client);
+                    setState(ctx, new RoomState(client, room));
+                } else {
+                    Scribbleshare.getLogger(ctx).warning(client + " tried to open document not that does not exist");
+                }
+                break;
+            }
+            case CREATE_DOCUMENT: {
+                //create
+                Document document;
+                try {
+                    document = RoomHttpServerInitializer.getDatabase(ctx).createDocument(client.getUser());
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+                client.sendMessage(new ServerMessageUpdateDocument(document));
+                //open
+                Room room;
+                try {
+                    room = Room.getRoom(RoomHttpServerInitializer.getDatabase(ctx), document);
+                } catch (DeserializationException e) {
+                    throw new ClientMessageException(clientMessage, e);
+                }
+                room.addClient(client);
+                setState(ctx, new RoomState(client, room));
+                break;
+            }
+/*            case DELETE_DOCUMENT: {
+                ClientMessageDeleteDocument clientMessageDeleteDocument = (ClientMessageDeleteDocument) clientMessage;
+                if (clientMessageDeleteDocument.getId() == room.getDocument().getId()) {
+                    Scribbleshare.getLogger(ctx).info("Deleting live document " + room.getDocument());
+                    room.sendMessage(new ServerMessageDeleteDocument(room.getDocument()));
+                    room.end();
+                    RoomHttpServerInitializer.getDatabase(ctx).deleteDocument(room.getDocument());
+                    break;
+                } else {
+                    throw new ClientMessageException(clientMessage, "Tried to delete document which is not currently open");
+                }
+*//*                        Document document = ScribbleshareRoom.getDatabase().getDocument(clientMessageDeleteDocument.getId());
+                if (document == null) {
+                    throw new MessageException(clientMessage, "Tried to delete document with id " + clientMessageDeleteDocument.getId() + " that does not exist");
+                }
+                if (document.getOwner() != client.getUser().getId()) {
+                    throw new MessageException(clientMessage, "Tried to delete document with id " + document.getId() +" which they do not own");
+                }
+                ServerInitializer.getLogger(ctx).info("Deleting dead document " + room.getDocument());
+                ScribbleshareRoom.getDatabase().deleteDocument(room.getDocument());*//*
+                //Room.getRoom(document);
+                //break;//todo better update logic
+            }
+            case UPDATE_DOCUMENT: {
+                ClientMessageUpdateDocument clientMessageUpdateDocument = (ClientMessageUpdateDocument) clientMessage;
+                if (clientMessageUpdateDocument.getName().length() > 64) {
+                    throw new ClientMessageException(clientMessage, "Tried to change name to string that is too long (" + clientMessageUpdateDocument.getName().length() + ")");
+                }
+                room.getDocument().setName(clientMessageUpdateDocument.getName());
+                room.queueMessageExcept(new ServerMessageUpdateDocument(room.getDocument()), client);
+                RoomHttpServerInitializer.getDatabase(ctx).updateDocument(room.getDocument());
+                break;//todo better update logic
+            }*/
+            default:
+                super.message(ctx, clientMessage);
+        }
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(ReadyState.class)
+                .add("client", client)
+                .toString();
+    }
+}
diff --git a/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/RoomState.java b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/RoomState.java
new file mode 100644
index 00000000..1917d0ea
--- /dev/null
+++ b/room/src/main/java/net/stzups/scribbleshare/room/server/websocket/state/states/RoomState.java
@@ -0,0 +1,111 @@
+package net.stzups.scribbleshare.room.server.websocket.state.states;
+
+import io.netty.channel.ChannelHandlerContext;
+import net.stzups.netty.http.exception.exceptions.InternalServerException;
+import net.stzups.scribbleshare.Scribbleshare;
+import net.stzups.scribbleshare.data.database.exception.DatabaseException;
+import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateException;
+import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdates;
+import net.stzups.scribbleshare.room.server.RoomHttpServerInitializer;
+import net.stzups.scribbleshare.room.server.websocket.Client;
+import net.stzups.scribbleshare.room.server.websocket.ClientMessageException;
+import net.stzups.scribbleshare.room.server.websocket.Room;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageCanvasUpdate;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageDeleteDocument;
+import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageUpdateDocument;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageCanvasUpdate;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageDeleteDocument;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageUpdateDocument;
+import net.stzups.util.DebugString;
+
+public class RoomState extends ReadyState {
+    private final Client client;
+    private final Room room;
+
+    RoomState(Client client, Room room) {
+        super(client);
+        this.client = client;
+        this.room = room;
+    }
+
+    @Override
+    public void channelInactive(ChannelHandlerContext ctx) {
+        room.removeClient(client);
+        setState(ctx, new ReadyState(client));
+    }
+
+    @Override
+    public void message(ChannelHandlerContext ctx, ClientMessage clientMessage) throws ClientMessageException, InternalServerException {
+
+        switch (clientMessage.getMessageType()) {
+            case CANVAS_UPDATE: {
+                CanvasUpdates[] canvasUpdates = ((ClientMessageCanvasUpdate) clientMessage).getCanvasUpdatesArray();
+                try {
+                    room.getCanvas().update(canvasUpdates);
+                } catch (CanvasUpdateException e) {
+                    throw new ClientMessageException(clientMessage, e);
+                }
+                room.queueMessageExcept(new ServerMessageCanvasUpdate(canvasUpdates), client);
+                break;
+            }
+            case OPEN_DOCUMENT: {
+                room.removeClient(client);
+            }
+            case CREATE_DOCUMENT: {
+                room.removeClient(client);
+            }
+            case DELETE_DOCUMENT: {
+                ClientMessageDeleteDocument clientMessageDeleteDocument = (ClientMessageDeleteDocument) clientMessage;
+                if (clientMessageDeleteDocument.getId() == room.getDocument().getId()) {
+                    Scribbleshare.getLogger(ctx).info("Deleting live document " + room.getDocument());
+                    room.sendMessage(new ServerMessageDeleteDocument(room.getDocument()));
+                    room.end();
+                    try {
+                        RoomHttpServerInitializer.getDatabase(ctx).deleteDocument(room.getDocument());
+                    } catch (DatabaseException e) {
+                        throw new InternalServerException(e);
+                    }
+                    break;
+                } else {
+                    throw new ClientMessageException(clientMessage, "Tried to delete document which is not currently open");
+                }
+/*                        Document document = ScribbleshareRoom.getDatabase().getDocument(clientMessageDeleteDocument.getId());
+                if (document == null) {
+                    throw new MessageException(clientMessage, "Tried to delete document with id " + clientMessageDeleteDocument.getId() + " that does not exist");
+                }
+                if (document.getOwner() != client.getUser().getId()) {
+                    throw new MessageException(clientMessage, "Tried to delete document with id " + document.getId() +" which they do not own");
+                }
+                ServerInitializer.getLogger(ctx).info("Deleting dead document " + room.getDocument());
+                ScribbleshareRoom.getDatabase().deleteDocument(room.getDocument());*/
+                //Room.getRoom(document);
+                //break;//todo better update logic
+            }
+            case UPDATE_DOCUMENT: {
+                ClientMessageUpdateDocument clientMessageUpdateDocument = (ClientMessageUpdateDocument) clientMessage;
+                if (clientMessageUpdateDocument.getName().length() > 64) {
+                    throw new ClientMessageException(clientMessage, "Tried to change name to string that is too long (" + clientMessageUpdateDocument.getName().length() + ")");
+                }
+                room.getDocument().setName(clientMessageUpdateDocument.getName());
+                room.queueMessageExcept(new ServerMessageUpdateDocument(room.getDocument()), client);
+                try {
+                    RoomHttpServerInitializer.getDatabase(ctx).updateDocument(room.getDocument());
+                } catch (DatabaseException e) {
+                    throw new InternalServerException(e);
+                }
+                break;//todo better update logic
+            }
+            default:
+                super.message(ctx, clientMessage);
+        }
+    }
+
+    @Override
+    public String toString() {
+        return DebugString.get(RoomState.class)
+                .add("client", client)
+                .add("room", room)
+                .toString();
+    }
+}
diff --git a/room/src/test/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdateTest.java b/room/src/test/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdateTest.java
new file mode 100644
index 00000000..e78f565a
--- /dev/null
+++ b/room/src/test/java/net/stzups/scribbleshare/room/server/websocket/protocol/client/messages/ClientMessageCanvasUpdateTest.java
@@ -0,0 +1,17 @@
+package net.stzups.scribbleshare.room.server.websocket.protocol.client.messages;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+public class ClientMessageCanvasUpdateTest {
+    private ClientMessageCanvasUpdate clientMessageCanvasUpdate;
+
+    @BeforeEach
+    public void init() {
+
+    }
+    @Test
+    public void test() {
+
+    }
+}
diff --git a/room/src/test/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/message/ServerMessageCanvasUpdateTest.java b/room/src/test/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/message/ServerMessageCanvasUpdateTest.java
new file mode 100644
index 00000000..13674bea
--- /dev/null
+++ b/room/src/test/java/net/stzups/scribbleshare/room/server/websocket/protocol/server/message/ServerMessageCanvasUpdateTest.java
@@ -0,0 +1,13 @@
+package net.stzups.scribbleshare.room.server.websocket.protocol.server.message;
+
+import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdates;
+import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageCanvasUpdate;
+import org.junit.jupiter.api.Test;
+
+public class ServerMessageCanvasUpdateTest {
+
+    @Test
+    public void test() {
+        ServerMessageCanvasUpdate serverMessageCanvasUpdate = new ServerMessageCanvasUpdate(new CanvasUpdates[0]);
+    }
+}
diff --git a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/BackendHttpServerInitializer.java b/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/BackendHttpServerInitializer.java
deleted file mode 100644
index 903c8878..00000000
--- a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/BackendHttpServerInitializer.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package net.stzups.scribbleshare.backend.server;
-
-import io.netty.channel.ChannelHandler;
-import io.netty.channel.socket.SocketChannel;
-import io.netty.handler.codec.http.HttpContentCompressor;
-import io.netty.handler.stream.ChunkedWriteHandler;
-import net.stzups.scribbleshare.backend.ScribbleshareBackendConfig;
-import net.stzups.scribbleshare.backend.server.http.HttpServerHandler;
-import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
-import net.stzups.scribbleshare.server.http.HttpServerInitializer;
-
-import javax.net.ssl.SSLException;
-
-@ChannelHandler.Sharable
-public class BackendHttpServerInitializer extends HttpServerInitializer {
-    private final HttpServerHandler httpServerHandler;
-
-    public BackendHttpServerInitializer(ScribbleshareBackendConfig config, ScribbleshareDatabase database) throws SSLException {
-        super(config);
-        httpServerHandler = new HttpServerHandler(config, database);
-    }
-
-    @Override
-    protected void initChannel(SocketChannel channel) {
-        super.initChannel(channel);
-
-        channel.pipeline()
-                .addLast(new HttpContentCompressor())
-                .addLast(new ChunkedWriteHandler())
-                .addLast(httpServerHandler);
-    }
-}
diff --git a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/http/HttpServerHandler.java b/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/http/HttpServerHandler.java
deleted file mode 100644
index 0de0a647..00000000
--- a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/http/HttpServerHandler.java
+++ /dev/null
@@ -1,427 +0,0 @@
-package net.stzups.scribbleshare.backend.server.http;
-
-import io.netty.buffer.ByteBufInputStream;
-import io.netty.buffer.Unpooled;
-import io.netty.channel.ChannelHandler;
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.channel.SimpleChannelInboundHandler;
-import io.netty.handler.codec.http.DefaultHttpHeaders;
-import io.netty.handler.codec.http.FullHttpRequest;
-import io.netty.handler.codec.http.HttpHeaderNames;
-import io.netty.handler.codec.http.HttpHeaders;
-import io.netty.handler.codec.http.HttpMethod;
-import io.netty.handler.codec.http.HttpRequest;
-import io.netty.handler.codec.http.HttpResponseStatus;
-import io.netty.handler.stream.ChunkedStream;
-import net.stzups.scribbleshare.Scribbleshare;
-import net.stzups.scribbleshare.data.database.ScribbleshareDatabase;
-import net.stzups.scribbleshare.data.objects.Document;
-import net.stzups.scribbleshare.data.objects.Resource;
-import net.stzups.scribbleshare.data.objects.User;
-import net.stzups.scribbleshare.data.objects.authentication.http.HttpConfig;
-import net.stzups.scribbleshare.data.objects.authentication.http.HttpSession;
-import net.stzups.scribbleshare.data.objects.authentication.http.PersistentHttpSession;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.regex.Pattern;
-
-import static net.stzups.scribbleshare.server.http.HttpUtils.send;
-import static net.stzups.scribbleshare.server.http.HttpUtils.sendChunkedResource;
-import static net.stzups.scribbleshare.server.http.HttpUtils.sendFile;
-import static net.stzups.scribbleshare.server.http.HttpUtils.sendRedirect;
-
-@ChannelHandler.Sharable
-public class HttpServerHandler extends SimpleChannelInboundHandler<FullHttpRequest> {
-    public interface Config extends HttpConfig {
-        String getHttpRoot();
-        int getHttpCacheSeconds();
-        String getMimeTypesFilePath();
-    }
-
-    private static final long MAX_AGE_NO_EXPIRE = 31536000;//one year, max age of a cookie
-
-
-    private static final String DEFAULT_FILE = "index.html"; // / -> /index.html
-    private static final String DEFAULT_FILE_EXTENSION = ".html"; // /index -> index.html
-
-    // /index?key=value&otherKey=value
-    private static final String QUERY_DELIMITER = "?";
-    private static final String QUERY_SEPARATOR = "&";
-    private static final String QUERY_PAIR_SEPARATOR = "=";
-    private static final String QUERY_REGEX = QUERY_DELIMITER + QUERY_SEPARATOR + QUERY_PAIR_SEPARATOR;
-
-    // abc-ABC_123.file
-    private static final String FILE_NAME_REGEX = "a-zA-Z0-9-_";
-
-    private final HttpConfig config;
-    private final ScribbleshareDatabase database;
-
-    private final File httpRoot;
-    private final int httpCacheSeconds;
-    private final MimeTypes mimeTypes = new MimeTypes();
-
-    public HttpServerHandler(Config config, ScribbleshareDatabase database) {
-        this.config = config;
-        this.database = database;
-        
-        httpRoot = new File(config.getHttpRoot());
-        httpCacheSeconds = config.getHttpCacheSeconds();
-        String path = config.getMimeTypesFilePath();
-        // check for mime types in working directory
-        try (FileInputStream fileInputStream = new FileInputStream(path)) {
-            mimeTypes.load(fileInputStream);
-        } catch (IOException e) {
-            // check for mime types in root of classpath
-            InputStream inputStream = HttpServerHandler.class.getResourceAsStream(path.startsWith("/") ? "" : "/" + path);
-            if (inputStream != null) {
-                try {
-                    mimeTypes.load(inputStream);
-                } catch (IOException e1) {
-                    e.printStackTrace();
-                }
-            } else {
-                e.printStackTrace(); // non critical, server will just serve 404 responses
-            }
-        }
-    }
-
-    @Override
-    public void channelRead0(ChannelHandlerContext ctx, FullHttpRequest request) throws Exception {
-        Scribbleshare.getLogger(ctx).info(request.method() + " " + request.uri());
-
-        // sanitize uri
-        final String uri = getUri(request.uri());
-        if (uri == null) {
-            send(ctx, request, HttpResponseStatus.NOT_FOUND);
-            return;
-        }
-
-        // split query from path
-        final String[] splitQuery = splitQuery(uri);
-        if (splitQuery == null) {
-            send(ctx, request, HttpResponseStatus.NOT_FOUND);
-            return;
-        }
-        final String path = splitQuery[0];
-        final String rawQuery = splitQuery[1];
-
-        Map<String, String> queries = parseQuery(rawQuery);
-        if (queries == null) {
-            send(ctx, request, HttpResponseStatus.NOT_FOUND);
-            return;
-        }
-
-        String[] route = getRoute(path);
-        if (route == null) {
-            send(ctx, request, HttpResponseStatus.NOT_FOUND);
-            return;
-        }
-
-        // check if this is a special request
-
-        switch (route[0]) {
-            case "api": {
-                if (route.length < 2) {
-                    send(ctx, request, HttpResponseStatus.NOT_FOUND);
-                    return;
-                }
-
-                switch (route[1]) {
-                    case "document": {
-                        if (route.length != 3 && route.length != 4) {
-                            break;
-                        }
-
-                        Long userId = authenticate(ctx, request);
-                        if (userId == null) {
-                            send(ctx, request, HttpResponseStatus.UNAUTHORIZED);
-                            return;
-                        }
-
-                        User user = database.getUser(userId);
-                        if (user == null) {
-                            Scribbleshare.getLogger(ctx).warning("User with " + userId + " authenticated but does not exist");
-                            break;
-                        }
-
-                        long documentId;
-                        try {
-                            documentId = Long.parseLong(route[2]);
-                        } catch (NumberFormatException e) {
-                            break;
-                        }
-
-                        if (!user.getOwnedDocuments().contains(documentId) && !user.getSharedDocuments().contains(documentId)) {
-                            break; //user cant do this to documents they don't have access to todo public documents
-                        }
-
-                        // user has access to the document
-
-                        if (route.length == 3) { // get document or submit new resource to document
-                            if (request.method().equals(HttpMethod.GET)) {
-                                //todo
-                                send(ctx, request, HttpResponseStatus.NOT_FOUND);
-                                return;
-                                /*Resource resource = BackendServerInitializer.getDatabase(ctx).getResource(documentId, documentId);
-                                if (resource == null) { //indicates an empty unsaved canvas, so serve that
-                                    send(ctx, request, Canvas.getEmptyCanvas());
-                                    return;
-                                }
-                                HttpHeaders headers = new DefaultHttpHeaders();
-                                headers.set(HttpHeaderNames.CACHE_CONTROL, "private,max-age=0");//cache but always revalidate
-                                sendChunkedResource(ctx, request, headers, new ChunkedStream(new ByteBufInputStream(resource.getData())), resource.getLastModified());//todo don't fetch entire document from db if not modified*/
-                            } else if (request.method().equals(HttpMethod.POST)) { //todo validation/security for submitted resources
-                                Document document = database.getDocument(documentId);
-                                if (document == null) {
-                                    Scribbleshare.getLogger(ctx).warning("Document with id " + documentId + " for user " + user + " somehow does not exist");
-                                    break;
-                                }
-                                send(ctx, request, Unpooled.copyLong(database.addResource(document.getId(), new Resource(request.content()))));
-                            } else {
-                                send(ctx, request, HttpResponseStatus.METHOD_NOT_ALLOWED);
-                            }
-                        } else { // route.length == 4, get resource from document
-                            // does the document have this resource?
-                            long resourceId;
-                            try {
-                                resourceId = Long.parseLong(route[3]);
-                            } catch (NumberFormatException e) {
-                                break;
-                            }
-
-                            Document document = database.getDocument(documentId);
-                            if (document == null) {
-                                Scribbleshare.getLogger(ctx).warning("Document with id " + documentId + " for user " + user + " somehow does not exist");
-                                break;
-                            }
-
-                            if (request.method().equals(HttpMethod.GET)) {
-                                // get resource, resource must exist on the document
-                                Resource resource = database.getResource(resourceId, documentId);
-                                if (resource == null) {
-                                    break;
-                                }
-
-                                HttpHeaders headers = new DefaultHttpHeaders();
-                                headers.add(HttpHeaderNames.CACHE_CONTROL, "private,max-age=" + MAX_AGE_NO_EXPIRE + ",immutable");//cache and never revalidate - permanent
-                                sendChunkedResource(ctx, request, headers, new ChunkedStream(new ByteBufInputStream(resource.getData())));
-                            } else {
-                                send(ctx, request, HttpResponseStatus.METHOD_NOT_ALLOWED);
-                            }
-                        }
-                        return;
-                    }
-                }
-                send(ctx, request, HttpResponseStatus.NOT_FOUND);
-                return;
-            }
-
-        }
-
-        // otherwise try to serve a regular HTTP file resource
-
-        if (!HttpMethod.GET.equals(request.method())) {
-            send(ctx, request, HttpResponseStatus.METHOD_NOT_ALLOWED);
-            return;
-        }
-
-        // redirects
-        if (path.endsWith(DEFAULT_FILE)) { // /index.html -> /
-            sendRedirect(ctx, request, path.substring(0, path.length() - DEFAULT_FILE.length()) + rawQuery);
-            return;
-        } else if ((path + DEFAULT_FILE_EXTENSION).endsWith(DEFAULT_FILE)) { // /index -> /
-            sendRedirect(ctx, request, path.substring(0, path.length() - (DEFAULT_FILE.length() - DEFAULT_FILE_EXTENSION.length())) + rawQuery);
-            return;
-        } else if (path.endsWith(DEFAULT_FILE_EXTENSION)) { // /page.html -> /page
-            sendRedirect(ctx, request, path.substring(0, path.length() - DEFAULT_FILE_EXTENSION.length()) + rawQuery);
-            return;
-        }
-
-        // get filesystem filePath from provided filePath
-        final String filePath = getFilePath(path);
-        if (filePath == null) {
-            send(ctx, request, HttpResponseStatus.NOT_FOUND);
-            return;
-        }
-
-        File file = new File(httpRoot, filePath);
-        if (file.isHidden() || !file.exists() || file.isDirectory() || !file.isFile()) {
-            if (new File(httpRoot, filePath.substring(0, filePath.length() - DEFAULT_FILE_EXTENSION.length())).isDirectory()) { // /test -> /test/ if test is a valid directory and /test.html does not exist
-                sendRedirect(ctx, request, path + "/" + rawQuery);
-            } else {
-                send(ctx, request, HttpResponseStatus.NOT_FOUND);
-            }
-            return;
-        }
-        HttpHeaders headers = new DefaultHttpHeaders();
-        if (path.equals(PersistentHttpSession.LOGIN_PATH)) {
-            logIn(ctx, config, request, headers);
-        }
-        headers.set(HttpHeaderNames.CACHE_CONTROL, "public,max-age=" + httpCacheSeconds);//cache but revalidate if stale todo set to private cache for resources behind authentication
-        sendFile(ctx, request, headers, file, mimeTypes.getMimeType(file));
-    }
-
-    private Long authenticate(ChannelHandlerContext ctx, FullHttpRequest request) {
-        HttpSession.ClientCookie cookie = HttpSession.ClientCookie.getClientCookie(request, HttpSession.COOKIE_NAME);
-        if (cookie != null) {
-            HttpSession httpSession = database.getHttpSession(cookie.getId());
-            if (httpSession != null && httpSession.validate(cookie.getToken())) {
-                Scribbleshare.getLogger(ctx).info("Authenticated with id " + httpSession.getUser());
-                return httpSession.getUser();
-            } else {
-                Scribbleshare.getLogger(ctx).warning("Bad authentication");
-                //bad authentication attempt
-                //todo rate limit timeout server a proper response???
-            }
-        } else {
-            Scribbleshare.getLogger(ctx).info("No authentication");
-        }
-
-        return null;
-    }
-
-    private void logIn(ChannelHandlerContext ctx, HttpConfig config, FullHttpRequest request, HttpHeaders headers) {
-        if (!logIn(config, request, headers)) {
-            Scribbleshare.getLogger(ctx).warning("Bad authentication");
-            send(ctx, request, HttpResponseStatus.UNAUTHORIZED);
-            //todo rate limiting strategies
-        } else {
-            Scribbleshare.getLogger(ctx).info("Good authentication");
-        }
-    }
-
-    private boolean logIn(HttpConfig config, HttpRequest request, HttpHeaders headers) {
-        HttpSession.ClientCookie cookie = HttpSession.ClientCookie.getClientCookie(request, HttpSession.COOKIE_NAME);
-        if (cookie == null) {
-            User user;
-            HttpSession.ClientCookie cookiePersistent = HttpSession.ClientCookie.getClientCookie(request, PersistentHttpSession.COOKIE_NAME);
-            if (cookiePersistent != null) {
-                PersistentHttpSession persistentHttpSession = database.getAndRemovePersistentHttpSession(cookiePersistent.getId());
-                if (persistentHttpSession != null && persistentHttpSession.validate(cookiePersistent.getToken())) {
-                    user = database.getUser(persistentHttpSession.getUser());
-                } else {
-                    //return false; todo
-                    user = database.createUser();
-                }
-            } else {
-                user = database.createUser();
-            }
-
-            HttpSession httpSession = new HttpSession(config, user, headers);
-            database.addHttpSession(httpSession);
-
-            //this is single use and always refreshed
-            PersistentHttpSession persistentHttpSession = new PersistentHttpSession(config, httpSession, headers);
-            database.addPersistentHttpSession(persistentHttpSession);
-            return true;
-        } else {
-            HttpSession httpSession = database.getHttpSession(cookie.getId());
-            if (httpSession != null && httpSession.validate(cookie.getToken())) {
-                return true;
-            } else {
-                //todo copied and bad
-                User user = database.createUser();
-                httpSession = new HttpSession(config, user, headers);
-                database.addHttpSession(httpSession);
-
-                //this is single use and always refreshed
-                PersistentHttpSession persistentHttpSession = new PersistentHttpSession(config, httpSession, headers);
-                database.addPersistentHttpSession(persistentHttpSession);
-                return true;
-            }
-        }
-    }
-
-
-
-    private static final Pattern ALLOWED_CHARACTERS = Pattern.compile("^[/." + QUERY_REGEX + FILE_NAME_REGEX + "]+$");
-
-    /** Sanitizes uri */
-    public static String getUri(String uri) {
-        return (ALLOWED_CHARACTERS.matcher(uri).matches()) ? uri : null;
-    }
-
-    private static final Pattern ALLOWED_PATH = Pattern.compile("^[\\\\" + File.separator + "." + FILE_NAME_REGEX + "]+$");
-
-    private static String[] getRoute(String path) {
-        if (!path.startsWith("/")) return null;
-        String[] route = path.substring(1).split("/");
-        if (route.length == 0) {
-            return new String[] {""};
-        } else {
-            return route;
-        }
-    }
-
-    /** Converts uri to filesystem path */
-    private static String getFilePath(String path) {
-        path = path.replace("/", File.separator);
-
-        if (path.contains(File.separator + '.') // /.
-                || path.contains('.' + File.separator) // ./
-                || path.contains(File.separator + File.separator) // //
-                || path.charAt(0) == '.' // .
-                || path.charAt(path.length() - 1) == '.' // /page.
-                || !ALLOWED_PATH.matcher(path).matches()) {
-            return null;
-        }
-
-        if (path.endsWith(File.separator)) { // / -> index.html
-            path = path + DEFAULT_FILE;
-        } else if (path.lastIndexOf(File.separator) > path.lastIndexOf(".")) { // /page -> /page.html
-            path = path + DEFAULT_FILE_EXTENSION;
-        }
-        return path;
-    }
-
-
-    /**
-     * Returns String array with length of 2, with the first element as the path and the second element as the raw query
-     * Example:
-     * /index.html?key=value&otherKey=otherValue -> [ /index.html, ?key=value&otherKey=otherValue ]
-     */
-    public static String[] splitQuery(String uri) {
-        int index = uri.lastIndexOf(QUERY_DELIMITER);
-        if (index <= 0) { // check for a query
-            if (uri.contains(QUERY_SEPARATOR) || uri.contains(QUERY_PAIR_SEPARATOR)) { // there is no query, so there should also be no other reserved keywords
-                return null;
-            } else {
-                return new String[] {uri, ""};
-            }
-        } else if (uri.indexOf(QUERY_DELIMITER) != index) { // make sure there is only one ? in the uri
-            return null;
-        } else {
-            return new String[] {uri.substring(0, index), uri.substring(index)};
-        }
-    }
-
-    /**
-     * Parses ?key=value&otherKey=otherValue&keyWithEmptyValue to a Map of key-value pairs
-     */
-    public static Map<String, String> parseQuery(String query) {
-        if (query.isEmpty()) return Collections.emptyMap(); // no query to parse
-        if (!query.startsWith("?")) return null; // malformed, should start with ?
-
-        Map<String, String> queries = new HashMap<>();
-        String[] keyValuePairs = query.substring(1) // query starts with ?
-                .split(QUERY_SEPARATOR);
-        for (String keyValuePair : keyValuePairs) {
-            String[] split = keyValuePair.split(QUERY_PAIR_SEPARATOR, 3); // a limit of 2 (expected) would not detect malformed queries such as ?key==, so we need to go one more
-            if (split.length == 1) { // key with no value, such as ?key
-                queries.put(split[0], "");
-            } else if (split.length != 2) { // malformed, each key should have one value
-                return null;
-            } else {
-                queries.put(split[0], split[1]);
-            }
-        }
-
-        return queries;
-    }
-}
\ No newline at end of file
diff --git a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/http/MimeTypes.java b/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/http/MimeTypes.java
deleted file mode 100644
index ce641225..00000000
--- a/scribbleshare-app/scribbleshare-backend/src/main/java/net/stzups/scribbleshare/backend/server/http/MimeTypes.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package net.stzups.scribbleshare.backend.server.http;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * Simple utility class parses a mime.types file from resources and provides MIME type mappings.
- * mime.types should be formatted as follows:
- * text/html htm html
- * image/jpeg jpg jpeg
- * application/javascript js
- */
-public class MimeTypes {
-    private final Map<String, String> extensionMimeTypeMap = new HashMap<>();
-
-    public void load(InputStream inputStream) throws IOException {
-        try {
-            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
-            for (String line; (line = bufferedReader.readLine()) != null;) {
-                String[] split = line.split("\\s");
-                if (split.length > 1) {
-                    for (int i = 1; i < split.length; i++) {
-                        extensionMimeTypeMap.put(split[i], split[0]);
-                    }
-                }
-            }
-        } catch (IOException e) {
-            throw new IOException("Exception while loading MIME types from InputStream", e);
-        }
-    }
-
-    /**
-     * Gets a MIME type for the extension from the path of a {@link java.io.File}, or the default mime type if the extension is unknown.
-     *
-     * @return the MIME type for the given file, or a default type
-     */
-    public String getMimeType(File file) {
-        return getMimeType(file.getPath());
-    }
-
-    /**
-     * Gets a MIME type for an extension.
-     *
-     * @param extension can include or exclude the file separator ("html" or ".html" both work)
-     * @return the MIME type for the given extension, or null
-     */
-    public String getMimeType(String extension) {
-        int i = extension.lastIndexOf(".");
-        if (i != -1) {
-            extension = extension.substring(i + 1);
-        }
-        return extensionMimeTypeMap.get(extension);
-    }
-}
\ No newline at end of file
diff --git a/scribbleshare-app/scribbleshare-frontend/rollup.config.js b/scribbleshare-app/scribbleshare-frontend/rollup.config.js
deleted file mode 100644
index aa2d9857..00000000
--- a/scribbleshare-app/scribbleshare-frontend/rollup.config.js
+++ /dev/null
@@ -1,20 +0,0 @@
-import {nodeResolve} from '@rollup/plugin-node-resolve';
-import typescript from '@rollup/plugin-typescript';
-import {terser} from "rollup-plugin-terser";
-
-export default {
-  input: 'src/scripts/main.ts',
-  output: {
-    file: 'build/scripts/main.js',
-    format: 'iife',
-  },
-  plugins: [
-    nodeResolve(),
-    terser({
-      mangle: {
-        properties:true,
-      },
-    }),
-    typescript(),
-  ]
-};
diff --git a/scribbleshare-app/scribbleshare-frontend/src/scripts/main.ts b/scribbleshare-app/scribbleshare-frontend/src/scripts/main.ts
deleted file mode 100644
index f3f18412..00000000
--- a/scribbleshare-app/scribbleshare-frontend/src/scripts/main.ts
+++ /dev/null
@@ -1,2 +0,0 @@
-import './Document.js';
-import './FileUpload.js'
\ No newline at end of file
diff --git a/scribbleshare-commons/build.gradle b/scribbleshare-commons/build.gradle
deleted file mode 100644
index dd846643..00000000
--- a/scribbleshare-commons/build.gradle
+++ /dev/null
@@ -1,13 +0,0 @@
-plugins {
-    id 'java-library'
-}
-
-repositories {
-    mavenCentral()
-}
-
-dependencies {
-    api 'io.netty:netty-all:4.1.55.Final'
-    implementation 'org.postgresql:postgresql:42.2.13'
-    implementation 'redis.clients:jedis:3.5.2'
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/Config.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/Config.java
deleted file mode 100644
index 14d5d752..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/Config.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package net.stzups.scribbleshare.config;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * Searches through provided {@link List<ConfigProvider>} to find a value for a key
- */
-public class Config {
-    private final List<ConfigProvider> configProviders;
-
-    protected Config() {
-        configProviders = new ArrayList<>();
-    }
-
-    public Config addConfigProvider(ConfigProvider configProvider) {
-        configProviders.add(configProvider);
-        return this;
-    }
-
-    public Config removeConfigProvider(ConfigProvider configProvider) {
-        configProviders.remove(configProvider);
-        return this;
-    }
-
-    /**
-     * Gets a String value for a String key from any config provider
-     */
-    private String find(ConfigKey<?> key) {
-        for (ConfigProvider configProvider : configProviders) {
-            String value = configProvider.get(key.getKey());
-            if (value != null) {
-                return value;
-            }
-        }
-
-        return null;
-    }
-
-    protected String getString(ConfigKey<String> key) {
-        String value = find(key);
-        if (value != null) {
-            return value;
-        }
-        return key.getDefaultValue(null);
-    }
-
-    protected Integer getInteger(ConfigKey<Integer> key) {
-        String value = find(key);
-        if (value != null) {
-            try {
-                return Integer.parseInt(value);
-            } catch (NumberFormatException e) {
-                return key.getDefaultValue(e);
-            }
-        }
-        return key.getDefaultValue(null);
-    }
-
-    protected Boolean getBoolean(ConfigKey<Boolean> key) {
-        String value = find(key);
-        if (value != null) {
-            if (value.equalsIgnoreCase("true")) {
-                return true;
-            } else if (value.equalsIgnoreCase("false")) {
-                return false;
-            } else {
-                return key.getDefaultValue(new IllegalArgumentException(value + " is not true or false"));
-            }
-        }
-        return key.getDefaultValue(null);
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/ConfigKey.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/ConfigKey.java
deleted file mode 100644
index 1be2d590..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/ConfigKey.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package net.stzups.scribbleshare.config;
-
-/**
- * A {@link String} key that returns a value of type T
- */
-public abstract class ConfigKey<T> {
-    private final String key;
-
-    protected ConfigKey(String key) {
-        this.key = key;
-    }
-
-    final String getKey() {
-        return key;
-    }
-
-    abstract T getDefaultValue(Exception e);
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/ConfigProvider.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/ConfigProvider.java
deleted file mode 100644
index 7cb7b46e..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/ConfigProvider.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package net.stzups.scribbleshare.config;
-
-/**
- * Provides values for keys to a {@link Config}
- */
-public interface ConfigProvider {
-    /**
-     * Returns a value if this {@link ConfigProvider} has the key, otherwise null
-     */
-    String get(String key);
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/OptionalConfigKey.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/OptionalConfigKey.java
deleted file mode 100644
index ea48540e..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/OptionalConfigKey.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package net.stzups.scribbleshare.config;
-
-/**
- * A {@link ConfigKey} that can use a default value if no other value is found
- */
-public class OptionalConfigKey<T> extends ConfigKey<T> {
-    private final T defaultValue;
-
-    public OptionalConfigKey(String key, T defaultValue) {
-        super(key);
-        this.defaultValue = defaultValue;
-    }
-
-    T getDefaultValue(Exception e) {
-        if (e != null) {
-            new Exception("Non fatal exception while parsing value for key \"" + getKey() + "\", default value will be used", e).printStackTrace();
-        }
-        return defaultValue;
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/RequiredConfigKey.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/RequiredConfigKey.java
deleted file mode 100644
index 44fb32e0..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/RequiredConfigKey.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package net.stzups.scribbleshare.config;
-
-/**
- * A {@link ConfigKey} that must have a value, otherwise an exception is thrown
- */
-public class RequiredConfigKey<T> extends ConfigKey<T> {
-    public RequiredConfigKey(String key) {
-        super(key);
-    }
-
-    @Override
-    T getDefaultValue(Exception e) {
-        if (e != null) {
-            throw new IllegalArgumentException("Parsing value for required config key \"" + getKey() + "\" caused exception", e);
-        } else {
-            throw new IllegalArgumentException("Missing value for required config key \"" + getKey() + "\"");
-        }
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/ArgumentConfig.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/ArgumentConfig.java
deleted file mode 100644
index 3ba3fbf8..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/ArgumentConfig.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package net.stzups.scribbleshare.config.configs;
-
-import net.stzups.scribbleshare.Scribbleshare;
-import net.stzups.scribbleshare.config.ConfigProvider;
-
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-/**
- * Takes arguments from the console and parses them as key value pairs.
- */
-public class ArgumentConfig implements ConfigProvider {
-    private final Map<String, String> flags = new HashMap<>();
-
-    /**
-     * Format:
-     * --flag value
-     * --flag "value with space"
-     * Flags that are not properly formatted will be ignored.
-     * @param args should be take from program entry point, in the proper format
-     */
-    public ArgumentConfig(String[] args) {
-        Iterator<String> iterator = Arrays.asList(args).iterator();
-        while (iterator.hasNext()) {
-            String raw = iterator.next();
-            String[] split = raw.split("=");
-            if (split.length == 2) {
-                String value = split[1];
-                if (value.startsWith("\"")) {
-                    value = value.substring(1);
-                    while (iterator.hasNext() && !value.endsWith("\"")) {
-                        value += iterator.next();
-                    }
-                    if (value.endsWith("\"")) {
-                        value = value.substring(0, value.length() - 1);
-                    } else {
-                        Scribbleshare.getLogger().warning("Malformed argument " + raw + " and " + value + ", should be formatted --key=value or --key=\"value with spaces\"");
-                        continue;
-                    }
-                }
-                flags.put(split[0].substring(2), value);
-            } else {
-                Scribbleshare.getLogger().warning("Malformed argument " + raw + ", should be formatted --key=value or --key=\"value with spaces\"");
-            }
-        }
-    }
-
-    @Override
-    public String get(String key) {
-        return flags.get(key);
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/EnvironmentVariableConfig.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/EnvironmentVariableConfig.java
deleted file mode 100644
index 5abed991..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/EnvironmentVariableConfig.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package net.stzups.scribbleshare.config.configs;
-
-import net.stzups.scribbleshare.config.ConfigProvider;
-
-import java.util.Objects;
-
-public class EnvironmentVariableConfig implements ConfigProvider {
-    private final String prefix;
-
-    public EnvironmentVariableConfig(String prefix) {
-        this.prefix = Objects.requireNonNullElse(prefix, "");
-    }
-
-    @Override
-    public String get(String key) {
-        return System.getenv(prefix + key);
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/ManualConfig.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/ManualConfig.java
deleted file mode 100644
index e87a05d5..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/ManualConfig.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package net.stzups.scribbleshare.config.configs;
-
-import net.stzups.scribbleshare.config.ConfigProvider;
-
-import java.util.Collections;
-import java.util.Map;
-
-public class ManualConfig implements ConfigProvider {
-    private final Map<String, String> keyValues;
-
-    public ManualConfig(String key, String value) {
-        keyValues = Collections.singletonMap(key, value);
-    }
-
-    @Override
-    public String get(String key) {
-        return keyValues.get(key);
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/PropertiesConfig.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/PropertiesConfig.java
deleted file mode 100644
index a7f711bc..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/config/configs/PropertiesConfig.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package net.stzups.scribbleshare.config.configs;
-
-import net.stzups.scribbleshare.Scribbleshare;
-import net.stzups.scribbleshare.config.ConfigProvider;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.util.Properties;
-import java.util.logging.Level;
-
-/**
- * Loads a file that should be formatted as a Java {@link Properties} file, and adds any values defined in that value.
- * This still works if the file does not exist or no values are present in the file.
- */
-public class PropertiesConfig implements ConfigProvider {
-    private final Properties properties;
-
-    /**
-     * Loads .properties formatted file from given path, only if it exists.
-     * @param path path to the .properties file
-     */
-    public PropertiesConfig(String path) {
-        properties = new Properties();
-        File file = new File(path);
-        if (file.exists()) {//load user defined config if created
-            Scribbleshare.getLogger().info("Loading config properties from " + file.getName() + "...");
-            try (FileInputStream fileInputStream = new FileInputStream(file)) {
-                properties.load(fileInputStream);
-            } catch (IOException e) {
-                Scribbleshare.getLogger().log(Level.WARNING, "Failed to load " + file.getName(), e);
-                return;
-            }
-            Scribbleshare.getLogger().info("Loaded " + properties.size() + " config properties from " + file.getName());
-        }
-    }
-
-    @Override
-    public String get(String key) {
-        return properties.getProperty(key);
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/ScribbleshareDatabase.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/ScribbleshareDatabase.java
deleted file mode 100644
index e4832bd0..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/ScribbleshareDatabase.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package net.stzups.scribbleshare.data.database;
-
-import net.stzups.scribbleshare.data.database.databases.MiscDatabase;
-import net.stzups.scribbleshare.data.database.databases.PersistentSessionDatabase;
-import net.stzups.scribbleshare.data.database.databases.ResourceDatabase;
-import net.stzups.scribbleshare.data.database.databases.SessionDatabase;
-
-public interface ScribbleshareDatabase extends MiscDatabase, PersistentSessionDatabase, ResourceDatabase, SessionDatabase {
-
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/MiscDatabase.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/MiscDatabase.java
deleted file mode 100644
index 257714f2..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/MiscDatabase.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package net.stzups.scribbleshare.data.database.databases;
-
-import net.stzups.scribbleshare.data.objects.Document;
-import net.stzups.scribbleshare.data.objects.InviteCode;
-import net.stzups.scribbleshare.data.objects.User;
-
-public interface MiscDatabase {
-    User createUser();
-    User getUser(long id);
-    void updateUser(User user);
-
-    Document createDocument(User owner);
-    Document getDocument(long id);
-    void updateDocument(Document document);
-    void deleteDocument(Document document);
-
-    InviteCode getInviteCode(String code);
-    InviteCode getInviteCode(Document document);
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/PersistentSessionDatabase.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/PersistentSessionDatabase.java
deleted file mode 100644
index 84e9b978..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/PersistentSessionDatabase.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package net.stzups.scribbleshare.data.database.databases;
-
-import net.stzups.scribbleshare.data.objects.authentication.http.PersistentHttpSession;
-
-public interface PersistentSessionDatabase {
-    PersistentHttpSession getAndRemovePersistentHttpSession(long id);
-    void addPersistentHttpSession(PersistentHttpSession persistentHttpSession);
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/ResourceDatabase.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/ResourceDatabase.java
deleted file mode 100644
index aad37835..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/ResourceDatabase.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package net.stzups.scribbleshare.data.database.databases;
-
-import net.stzups.scribbleshare.data.objects.Resource;
-
-public interface ResourceDatabase {
-    /**
-     * Add resource to database and return the corresponding id for the new resource
-     */
-    long addResource(long owner, Resource resource);
-
-    /** update resource */
-    void updateResource(long id, long owner, Resource resource);
-
-    /**
-     * Gets resource, or null if the resource does not exist
-     */
-    Resource getResource(long id, long owner);
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/SessionDatabase.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/SessionDatabase.java
deleted file mode 100644
index bceecd4a..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/database/databases/SessionDatabase.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package net.stzups.scribbleshare.data.database.databases;
-
-import net.stzups.scribbleshare.data.objects.authentication.http.HttpSession;
-
-public interface SessionDatabase {
-
-
-    HttpSession getHttpSession(long id);
-    void addHttpSession(HttpSession httpSession);
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpSession.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpSession.java
deleted file mode 100644
index 510f242d..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/HttpSession.java
+++ /dev/null
@@ -1,94 +0,0 @@
-package net.stzups.scribbleshare.data.objects.authentication.http;
-
-import io.netty.buffer.ByteBuf;
-import io.netty.buffer.Unpooled;
-import io.netty.handler.codec.base64.Base64;
-import io.netty.handler.codec.http.HttpHeaderNames;
-import io.netty.handler.codec.http.HttpHeaders;
-import io.netty.handler.codec.http.HttpRequest;
-import io.netty.handler.codec.http.cookie.Cookie;
-import io.netty.handler.codec.http.cookie.CookieHeaderNames;
-import io.netty.handler.codec.http.cookie.DefaultCookie;
-import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
-import io.netty.handler.codec.http.cookie.ServerCookieEncoder;
-import net.stzups.scribbleshare.data.objects.User;
-
-import java.nio.charset.StandardCharsets;
-import java.sql.Timestamp;
-import java.util.Set;
-
-public class HttpSession extends Session {
-    public static class ClientCookie {
-        private final long id;
-        private final byte[] token;
-
-        ClientCookie(ByteBuf byteBuf) {
-            id = byteBuf.readLong();
-            token = new byte[16];//todo
-            byteBuf.readBytes(token);
-        }
-
-        public long getId() {
-            return id;
-        }
-
-        public byte[] getToken() {
-            return token;
-        }
-
-        public static ClientCookie getClientCookie(HttpRequest request, String name) {
-            String cookiesHeader = request.headers().get(HttpHeaderNames.COOKIE);
-            if (cookiesHeader != null) {
-                Set<Cookie> cookies = ServerCookieDecoder.STRICT.decode(cookiesHeader);
-                for (Cookie cookie : cookies) {
-                    if (cookie.name().equals(name)) {
-                        ByteBuf b = Unpooled.wrappedBuffer(cookie.value().getBytes(StandardCharsets.UTF_8));
-                        ByteBuf byteBuf = Base64.decode(b);
-                        b.release();
-                        ClientCookie c = new ClientCookie(byteBuf);
-                        byteBuf.release();
-                        return c;
-                    }
-                }
-            }
-            return null;
-        }
-    }
-
-    public static final String COOKIE_NAME = "session";
-
-    public HttpSession(long user) {
-        super(user);
-    }
-
-    public HttpSession(long id, long user, Timestamp creation, byte[] hashedToken) {
-        super(id, user, creation, hashedToken);
-    }
-
-    public HttpSession(HttpConfig config, User user, HttpHeaders headers) {
-        super(user.getId());
-        setCookie(config, headers);
-    }
-
-    public HttpSession(long id, ByteBuf byteBuf) {
-        super(id, byteBuf);
-    }
-
-    protected DefaultCookie getCookie(String name) {
-        ByteBuf byteBuf = Unpooled.buffer();
-        byteBuf.writeLong(getId());
-        byteBuf.writeBytes(super.generateToken());
-        return new DefaultCookie(name, Base64.encode(byteBuf).toString(StandardCharsets.UTF_8));
-    }
-
-    private void setCookie(HttpConfig config, HttpHeaders headers) {
-        DefaultCookie cookie = getCookie(COOKIE_NAME);
-        cookie.setDomain(config.getDomain());
-        //not used cookie.setPath("");
-        if (config.getSSL()) cookie.setSecure(true);
-        cookie.setHttpOnly(true);
-        cookie.setSameSite(CookieHeaderNames.SameSite.Strict);
-        //session cookie, so no max age
-        headers.add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.STRICT.encode(cookie));
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/PersistentHttpSession.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/PersistentHttpSession.java
deleted file mode 100644
index 6721a753..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/PersistentHttpSession.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package net.stzups.scribbleshare.data.objects.authentication.http;
-
-import io.netty.handler.codec.http.HttpHeaderNames;
-import io.netty.handler.codec.http.HttpHeaders;
-import io.netty.handler.codec.http.cookie.CookieHeaderNames;
-import io.netty.handler.codec.http.cookie.DefaultCookie;
-import io.netty.handler.codec.http.cookie.ServerCookieEncoder;
-
-import java.sql.Timestamp;
-import java.time.Duration;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
-import java.time.temporal.TemporalAmount;
-
-public class PersistentHttpSession extends HttpSession {
-    private static final TemporalAmount MAX_SESSION_AGE = Duration.ofDays(90);//todo
-
-    public static final String COOKIE_NAME = "persistent_session";
-    public static final String LOGIN_PATH = "/";
-
-    public PersistentHttpSession(long id, long user, Timestamp creation, byte[] hashedToken) {
-        super(id, user, creation, hashedToken);
-    }
-
-    public PersistentHttpSession(HttpConfig config, HttpSession httpSession, HttpHeaders headers) {
-        super(httpSession.getUser());
-        setCookie(config, headers);
-    }
-
-    private void setCookie(HttpConfig config, HttpHeaders headers) {
-        DefaultCookie cookie = getCookie(COOKIE_NAME);
-        cookie.setDomain(config.getDomain());
-        cookie.setPath(LOGIN_PATH);
-        if (config.getSSL()) cookie.setSecure(true);
-        cookie.setHttpOnly(true);
-        cookie.setSameSite(CookieHeaderNames.SameSite.Strict);
-        cookie.setMaxAge(MAX_SESSION_AGE.get(ChronoUnit.SECONDS)); //persistent cookie
-
-        headers.add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.STRICT.encode(cookie));
-    }
-
-    @Override
-    public boolean validate(byte[] token) {
-        if (Instant.now().isAfter(getCreation().toInstant().plus(MAX_SESSION_AGE))) {
-            return false;
-        }
-        return super.validate(token);
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/Session.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/Session.java
deleted file mode 100644
index 91211bdc..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/data/objects/authentication/http/Session.java
+++ /dev/null
@@ -1,102 +0,0 @@
-package net.stzups.scribbleshare.data.objects.authentication.http;
-
-import io.netty.buffer.ByteBuf;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.sql.Timestamp;
-import java.time.Instant;
-import java.util.Arrays;
-
-public class Session {
-    private static final SecureRandom secureRandom = new SecureRandom();
-    private static final MessageDigest messageDigest;
-
-    static {
-        try {
-            messageDigest = MessageDigest.getInstance("SHA-256");
-        } catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
-    private final long id;
-    private final long user;
-    private final Timestamp creation;
-    private byte[] hashedToken;
-
-    protected Session(long user) {
-        this.id = secureRandom.nextLong();
-        this.user = user;
-        this.creation = new Timestamp(Instant.now().toEpochMilli());
-    }
-
-    protected Session(long id, long user, Timestamp creation, byte[] hashedToken) {
-        this.id = id;
-        this.user = user;
-        this.creation = creation;
-        this.hashedToken = hashedToken;
-    }
-
-    public Session(long id, ByteBuf byteBuf) {
-        this.id = id;
-        this.user = byteBuf.readLong();
-        this.creation = Timestamp.from(Instant.ofEpochMilli(byteBuf.readLong()));
-        hashedToken = new byte[32];//todo
-        byteBuf.readBytes(hashedToken);
-    }
-
-    protected int getTokenLength() {
-        return 16;//todo
-    }
-
-    /** should be called once after instance creation */
-    byte[] generateToken() {
-        byte[] token = new byte[getTokenLength()];
-        secureRandom.nextBytes(token);
-        hashedToken = messageDigest.digest(token);
-        return token;
-    }
-
-    public long getId() {
-        return id;
-    }
-
-    public long getUser() {
-        return user;
-    }
-
-    public Timestamp getCreation() {
-        return creation;
-    }
-
-    public byte[] getHashedToken() {
-        return hashedToken;
-    }
-
-    public boolean validate(byte[] token) {
-        return Arrays.equals(messageDigest.digest(token), this.hashedToken);
-    }
-
-    public void serialize(ByteBuf byteBuf) {
-        byteBuf.writeLong(user);
-        byteBuf.writeLong(creation.getTime());
-        byteBuf.writeBytes(hashedToken);
-    }
-
-    @Override
-    public String toString() {
-        return "Session{id=" + id + ",user" + user + ",creationTime=" + creation + "}";
-    }
-
-    @Override
-    public int hashCode() {
-        return Long.hashCode(id);
-    }
-
-    @Override
-    public boolean equals(Object object) {
-        return object instanceof Session && id == ((Session) object).id;
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/Server.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/Server.java
deleted file mode 100644
index 3651af32..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/Server.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package net.stzups.scribbleshare.server;
-
-import io.netty.bootstrap.ServerBootstrap;
-import io.netty.channel.ChannelFuture;
-import io.netty.channel.ChannelHandler;
-import io.netty.channel.EventLoopGroup;
-import io.netty.channel.nio.NioEventLoopGroup;
-import io.netty.channel.socket.nio.NioServerSocketChannel;
-import io.netty.handler.logging.LogLevel;
-import io.netty.handler.logging.LoggingHandler;
-import net.stzups.scribbleshare.Scribbleshare;
-import net.stzups.scribbleshare.util.LogFactory;
-
-public class Server implements AutoCloseable {
-    private final int port;
-
-    private final EventLoopGroup bossGroup;
-    private final EventLoopGroup workerGroup;
-
-    public Server(int port) {
-        this.port = port;
-
-        bossGroup = new NioEventLoopGroup();
-        workerGroup = new NioEventLoopGroup();
-    }
-
-    /**
-     * Initializes the server and binds to the specified port
-     * @return close future
-     */
-    public ChannelFuture start(ChannelHandler handler) throws Exception {
-        ServerBootstrap serverBootstrap = new ServerBootstrap();
-        serverBootstrap.group(bossGroup, workerGroup)
-                .channel(NioServerSocketChannel.class)
-                .handler(new LoggingHandler(LogFactory.getLogger("netty").getName(), LogLevel.DEBUG))
-                .childHandler(handler);
-
-        ChannelFuture bindFuture = serverBootstrap.bind(port).await();
-        if (!bindFuture.isSuccess()) {
-            throw new Exception("Failed to bind to port " + port, bindFuture.cause());
-        }
-
-        Scribbleshare.getLogger().info("Bound to port " + port);
-
-        return bindFuture.channel().closeFuture();
-    }
-
-    @Override
-    public void close() {
-        workerGroup.shutdownGracefully().syncUninterruptibly();
-        bossGroup.shutdownGracefully().syncUninterruptibly();
-    }
-}
\ No newline at end of file
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpHandler.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpHandler.java
deleted file mode 100644
index 06151435..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpHandler.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package net.stzups.scribbleshare.server.http;
-
-import io.netty.channel.ChannelHandler;
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.handler.codec.MessageToMessageDecoder;
-import io.netty.handler.codec.http.FullHttpRequest;
-import io.netty.handler.codec.http.HttpResponseStatus;
-import net.stzups.scribbleshare.Scribbleshare;
-
-import java.net.InetSocketAddress;
-import java.util.List;
-
-import static net.stzups.scribbleshare.server.http.HttpUtils.send;
-
-@ChannelHandler.Sharable
-public class HttpHandler extends MessageToMessageDecoder<FullHttpRequest> {
-    @Override
-    protected void decode(ChannelHandlerContext ctx, FullHttpRequest request, List<Object> out) {
-        Scribbleshare.getLogger(ctx).info(request.method() + " " + request.uri());
-
-        if (request.decoderResult().isFailure()) {
-            send(ctx, request, HttpResponseStatus.BAD_REQUEST);
-            Scribbleshare.getLogger(ctx).info("Bad request");
-            return;
-        }
-
-        if (request.uri().equals("/healthcheck")) {
-            if (!((InetSocketAddress) ctx.channel().remoteAddress()).getAddress().isLoopbackAddress()) {
-                send(ctx, request, HttpResponseStatus.NOT_FOUND);
-                Scribbleshare.getLogger(ctx).warning("Healthcheck request from address which is not a loopback address");
-            } else {
-                send(ctx, request, HttpResponseStatus.OK);
-                Scribbleshare.getLogger(ctx).info("Good healthcheck response");
-            }
-
-            return;
-        }
-
-        out.add(request.retain());
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpServerInitializer.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpServerInitializer.java
deleted file mode 100644
index 4a1001df..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpServerInitializer.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package net.stzups.scribbleshare.server.http;
-
-import io.netty.channel.ChannelDuplexHandler;
-import io.netty.channel.ChannelHandler;
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.channel.ChannelInitializer;
-import io.netty.channel.socket.SocketChannel;
-import io.netty.handler.codec.http.HttpObjectAggregator;
-import io.netty.handler.codec.http.HttpServerCodec;
-import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
-import io.netty.handler.traffic.GlobalTrafficShapingHandler;
-import io.netty.handler.traffic.TrafficCounter;
-import net.stzups.scribbleshare.Scribbleshare;
-
-import javax.net.ssl.SSLException;
-import java.io.File;
-import java.util.logging.Level;
-
-@ChannelHandler.Sharable
-public class HttpServerInitializer extends ChannelInitializer<SocketChannel> {
-    public interface Config {
-        boolean getSSL();
-        String getSSLRootPath();
-        String getSSLPath();
-        boolean getDebugLogTraffic();
-    }
-
-    private final Config config;
-    private final SslContext sslContext;
-
-    private final HttpHandler httpHandler = new HttpHandler();
-
-    protected HttpServerInitializer(Config config) throws SSLException {
-        this.config = config;
-
-        if (config.getSSL()) {
-            sslContext = SslContextBuilder.forServer(
-                    new File(config.getSSLRootPath()),
-                    new File(config.getSSLPath()))
-                    .build();
-        } else {
-            sslContext = null;
-        }
-    }
-
-    @Override
-    protected void initChannel(SocketChannel channel) {
-        Scribbleshare.setLogger(channel);
-
-        channel.pipeline()
-                .addLast(new ChannelDuplexHandler() {
-                    @Override
-                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable throwable) {
-                        Scribbleshare.getLogger(ctx).log(Level.WARNING, "Uncaught exception", throwable);
-                        //todo ctx.close();
-                    }
-
-                    @Override
-                    public void channelActive(ChannelHandlerContext ctx) {
-                        Scribbleshare.getLogger(ctx).info("Connection opened");
-                        ctx.fireChannelActive();
-                    }
-
-                    @Override
-                    public void channelInactive(ChannelHandlerContext ctx) {
-                        Scribbleshare.getLogger(ctx).info("Connection closed");
-                        ctx.fireChannelInactive();
-                    }
-                }).addLast(new GlobalTrafficShapingHandler(channel.eventLoop(), 0, 0, 1000) {
-                    @Override
-                    protected void doAccounting(TrafficCounter counter) {
-                        if (config.getDebugLogTraffic()) System.out.print("\rread " + (double) counter.lastReadThroughput() / 1000 * 8 + "kb/s, write "  + (double) counter.lastWriteThroughput() / 1000 * 8 + "kb/s");
-                    }
-                });
-        if (sslContext != null) {
-            channel.pipeline().addLast(sslContext.newHandler(channel.alloc()));
-        }
-        channel.pipeline()
-                .addLast(new HttpServerCodec())
-                .addLast(new HttpObjectAggregator(Integer.MAX_VALUE)) //2gb todo decrease
-                .addLast(httpHandler);
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpUtils.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpUtils.java
deleted file mode 100644
index 2749360f..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/server/http/HttpUtils.java
+++ /dev/null
@@ -1,168 +0,0 @@
-package net.stzups.scribbleshare.server.http;
-
-import io.netty.buffer.ByteBuf;
-import io.netty.buffer.Unpooled;
-import io.netty.channel.ChannelFuture;
-import io.netty.channel.ChannelFutureListener;
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.handler.codec.http.DefaultFullHttpResponse;
-import io.netty.handler.codec.http.DefaultHttpResponse;
-import io.netty.handler.codec.http.FullHttpRequest;
-import io.netty.handler.codec.http.FullHttpResponse;
-import io.netty.handler.codec.http.HttpChunkedInput;
-import io.netty.handler.codec.http.HttpHeaderNames;
-import io.netty.handler.codec.http.HttpHeaderValues;
-import io.netty.handler.codec.http.HttpHeaders;
-import io.netty.handler.codec.http.HttpResponse;
-import io.netty.handler.codec.http.HttpResponseStatus;
-import io.netty.handler.codec.http.HttpUtil;
-import io.netty.handler.codec.http.HttpVersion;
-import io.netty.handler.stream.ChunkedFile;
-import io.netty.handler.stream.ChunkedInput;
-import net.stzups.scribbleshare.Scribbleshare;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.RandomAccessFile;
-import java.sql.Timestamp;
-import java.text.SimpleDateFormat;
-import java.time.Instant;
-import java.util.Calendar;
-import java.util.GregorianCalendar;
-import java.util.Locale;
-import java.util.TimeZone;
-
-public class HttpUtils {
-    private static final String HTTP_DATE_FORMAT = "EEE, dd MMM yyyy HH:mm:ss zzz";
-    private static final String HTTP_DATE_GMT_TIMEZONE = "GMT";
-
-    public static void send(ChannelHandlerContext ctx, FullHttpRequest request, ByteBuf responseContent) {
-        FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK);
-        response.headers().set(HttpHeaderNames.CONTENT_TYPE, "application/octet-stream");
-        response.content().writeBytes(responseContent);
-
-        send(ctx, request, response);
-    }
-
-    public static boolean isModifiedSince(FullHttpRequest request, Timestamp lastModified) throws Exception {
-        String ifModifiedSince = request.headers().get(HttpHeaderNames.IF_MODIFIED_SINCE);
-        if (ifModifiedSince != null && !ifModifiedSince.isEmpty()) {
-            SimpleDateFormat dateFormatter = new SimpleDateFormat(HTTP_DATE_FORMAT, Locale.US);//todo
-
-            //round lastModified to nearest second and compare
-            return Instant.ofEpochSecond(lastModified.getTime() / 1000).isAfter(dateFormatter.parse(ifModifiedSince).toInstant());
-        }
-
-        return true;
-    }
-
-    public static void setDateAndLastModified(HttpHeaders headers, Timestamp lastModified) {//todo
-        SimpleDateFormat dateFormatter = new SimpleDateFormat(HTTP_DATE_FORMAT, Locale.US);
-        dateFormatter.setTimeZone(TimeZone.getTimeZone(HTTP_DATE_GMT_TIMEZONE));
-
-        Calendar time = new GregorianCalendar();
-        headers.set(HttpHeaderNames.DATE, dateFormatter.format(time.getTime()));
-
-        headers.set(HttpHeaderNames.LAST_MODIFIED, dateFormatter.format(lastModified));
-    }
-
-    /** sets keep alive headers and returns whether the connection is keep alive */
-    public static boolean setKeepAlive(FullHttpRequest request, HttpResponse response) {
-        boolean keepAlive = HttpUtil.isKeepAlive(request);
-        if (!keepAlive) {
-            response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE);
-        } else if (request.protocolVersion().equals(HttpVersion.HTTP_1_0)) {
-            response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE);
-        }
-        return keepAlive;
-    }
-
-
-
-    public static void send(ChannelHandlerContext ctx, FullHttpRequest request, FullHttpResponse response) {
-        response.headers().set(HttpHeaderNames.CONTENT_LENGTH, response.content().readableBytes());
-        if (request == null) { // assume no keep alive
-            ctx.writeAndFlush(response);
-            return;
-        }
-
-        boolean keepAlive = setKeepAlive(request, response);
-
-        ChannelFuture flushPromise = ctx.writeAndFlush(response);
-
-        if (!keepAlive) {
-            // Close the connection as soon as the response is sent.
-            flushPromise.addListener(ChannelFutureListener.CLOSE);
-        }
-    }
-
-    public static void send(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponse response, HttpChunkedInput httpChunkedInput) {
-        response.headers().set(HttpHeaderNames.CONTENT_LENGTH, httpChunkedInput.length());
-
-        boolean keepAlive = setKeepAlive(request, response);
-
-        // Write the initial line and the header.
-        ctx.write(response);
-
-        // HttpChunkedInput will write the end marker (LastHttpContent) for us.
-        ChannelFuture lastContentFuture = ctx.writeAndFlush(httpChunkedInput, ctx.newProgressivePromise());
-
-        if (!keepAlive) {
-            // Close the connection when the whole content is written out.
-            lastContentFuture.addListener(ChannelFutureListener.CLOSE);
-        }
-    }
-
-    public static void sendRedirect(ChannelHandlerContext ctx, FullHttpRequest request, String newUri) {
-        FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.MOVED_PERMANENTLY, Unpooled.EMPTY_BUFFER);
-        response.headers().set(HttpHeaderNames.LOCATION, newUri);
-
-        send(ctx, request, response);
-    }
-
-    public static void send(ChannelHandlerContext ctx, FullHttpRequest request, HttpResponseStatus status) {
-        FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, status, Unpooled.EMPTY_BUFFER);
-
-        send(ctx, request, response);
-    }
-
-    /** sends if stale, otherwise sends not modified */
-    public static void sendChunkedResource(ChannelHandlerContext ctx, FullHttpRequest request, HttpHeaders headers, ChunkedInput<ByteBuf> chunkedInput, Timestamp lastModified) throws Exception {
-        setDateAndLastModified(headers, lastModified);
-        if (isModifiedSince(request, lastModified)) {
-            Scribbleshare.getLogger(ctx).info("Uncached");
-            sendChunkedResource(ctx, request, headers, chunkedInput);
-        } else {
-            Scribbleshare.getLogger(ctx).info("Cached");
-            FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.NOT_MODIFIED, Unpooled.EMPTY_BUFFER);
-            response.headers().set(headers);
-
-            send(ctx, request, response);
-        }
-    }
-
-    /** sends resource with headers */
-    public static void sendChunkedResource(ChannelHandlerContext ctx, FullHttpRequest request, HttpHeaders headers, ChunkedInput<ByteBuf> chunkedInput) {
-        HttpResponse response = new DefaultHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK);
-        response.headers().set(headers);
-
-        send(ctx, request, response, new HttpChunkedInput(chunkedInput));
-    }
-
-    /** make sure the file being sent is valid */
-    public static void sendFile(ChannelHandlerContext ctx, FullHttpRequest request, HttpHeaders headers, File file, String mimeType) throws Exception {
-        try (RandomAccessFile randomAccessFile = new RandomAccessFile(file, "r")) {
-            long fileLength = randomAccessFile.length();
-            if (mimeType == null) {
-                Scribbleshare.getLogger(ctx).warning("Unknown MIME type for file " + file.getName());
-                send(ctx, request, HttpResponseStatus.NOT_FOUND);
-                return;
-            }
-            headers.set(HttpHeaderNames.CONTENT_TYPE, mimeType);
-
-            sendChunkedResource(ctx, request, headers, new ChunkedFile(randomAccessFile, 0, fileLength, 8192), Timestamp.from(Instant.ofEpochMilli(file.lastModified())));
-        } catch (FileNotFoundException ignore) {
-            send(ctx, request, HttpResponseStatus.NOT_FOUND);
-        }
-    }
-}
diff --git a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/util/LogFactory.java b/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/util/LogFactory.java
deleted file mode 100644
index 333e4b3b..00000000
--- a/scribbleshare-commons/src/main/java/net/stzups/scribbleshare/util/LogFactory.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package net.stzups.scribbleshare.util;
-
-import java.io.ByteArrayOutputStream;
-import java.io.PrintStream;
-import java.nio.charset.StandardCharsets;
-import java.text.SimpleDateFormat;
-import java.time.Instant;
-import java.util.Date;
-import java.util.logging.ConsoleHandler;
-import java.util.logging.Formatter;
-import java.util.logging.Handler;
-import java.util.logging.Level;
-import java.util.logging.LogRecord;
-import java.util.logging.Logger;
-
-/**
- * Helper class used to format log messages
- */
-public class LogFactory {
-    /**
-     * Creates or finds a Java logger and sets formatting to the following:
-     * [yyyy-MM-dd] [hh:mm:ss] [name] [level (if not INFO)] message
-     *
-     * @param name the name of the logger to create or find
-     * @return the created logger
-     */
-    public static Logger getLogger(String name) {
-        Logger logger = Logger.getLogger(name);
-
-        setLogger(logger, name);
-
-        return logger;
-    }
-
-    /**
-     * Formats an existing logger with a name
-     */
-    public static void setLogger(Logger logger, String name) {
-        for (Handler handler : logger.getHandlers()) {
-            logger.removeHandler(handler);
-        }
-        logger.setUseParentHandlers(false);
-        Handler handler = new ConsoleHandler();
-        logger.addHandler(handler);
-        handler.setFormatter(new Formatter() {
-            private final SimpleDateFormat dateFormat = new SimpleDateFormat("[yyyy-MM-dd] [HH:mm:ss] ");
-
-            @Override
-            public String format(LogRecord record) {
-                String level = (record.getLevel() == Level.INFO) ? "" : "[" + record.getLevel() + "] "; // include Logger Level if it is not Level.INFO
-                return  dateFormat.format(Date.from(Instant.now()))
-                        + "[" + name + "] "
-                        + level
-                        + record.getMessage()
-                        + System.lineSeparator()
-                        + ((record.getThrown() == null) ? "" : getStackTrace(record.getThrown()));
-            }
-        });
-    }
-
-    private static String getStackTrace(Throwable throwable) {
-        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
-        try (PrintStream printStream = new PrintStream(byteArrayOutputStream, true, StandardCharsets.UTF_8)) {
-            throwable.printStackTrace(printStream);
-        }
-        return byteArrayOutputStream.toString(StandardCharsets.UTF_8);
-    }
-}
diff --git a/scribbleshare-keydb/Dockerfile b/scribbleshare-keydb/Dockerfile
deleted file mode 100644
index f91eb7d1..00000000
--- a/scribbleshare-keydb/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM eqalpha/keydb
-
-COPY redis.conf /usr/local/etc/redis/
-
-CMD [ "keydb-server", "/usr/local/etc/redis/redis.conf" ]
\ No newline at end of file
diff --git a/scribbleshare-nginx/Dockerfile b/scribbleshare-nginx/Dockerfile
deleted file mode 100644
index f358fb9f..00000000
--- a/scribbleshare-nginx/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM nginx
-
-COPY nginx.conf /etc/nginx/
\ No newline at end of file
diff --git a/scribbleshare-postgres/Dockerfile b/scribbleshare-postgres/Dockerfile
deleted file mode 100644
index f3c10a48..00000000
--- a/scribbleshare-postgres/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM postgres
-
-COPY sql /docker-entrypoint-initdb.d/
\ No newline at end of file
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/HttpAuthenticator.java b/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/HttpAuthenticator.java
deleted file mode 100644
index e705a4a8..00000000
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/HttpAuthenticator.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package net.stzups.scribbleshare.room.server;
-
-import io.netty.channel.ChannelHandler;
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.handler.codec.MessageToMessageDecoder;
-import io.netty.handler.codec.http.FullHttpRequest;
-import io.netty.handler.codec.http.HttpMethod;
-import io.netty.handler.codec.http.HttpResponseStatus;
-import io.netty.util.AttributeKey;
-import net.stzups.scribbleshare.Scribbleshare;
-import net.stzups.scribbleshare.data.database.databases.SessionDatabase;
-import net.stzups.scribbleshare.data.objects.authentication.http.HttpSession;
-
-import java.util.List;
-import java.util.logging.Level;
-
-import static net.stzups.scribbleshare.server.http.HttpUtils.send;
-
-@ChannelHandler.Sharable
-public class HttpAuthenticator extends MessageToMessageDecoder<FullHttpRequest> {
-
-    private static final AttributeKey<Long> USER = AttributeKey.valueOf(HttpAuthenticator.class, "USER");
-    public static long getUser(ChannelHandlerContext ctx) {
-        return ctx.channel().attr(USER).get();
-    }
-
-    private final RoomHttpServerInitializer.Config config;
-    private final SessionDatabase sessionDatabase;
-
-    public HttpAuthenticator(RoomHttpServerInitializer.Config config, SessionDatabase sessionDatabase) {
-        this.config = config;
-        this.sessionDatabase = sessionDatabase;
-    }
-
-    @Override
-    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
-        Scribbleshare.getLogger(ctx).log(Level.WARNING, "Unhandled exception, serving HTTP 500", cause);
-        if (ctx.channel().isActive()) {
-            send(ctx, null, HttpResponseStatus.INTERNAL_SERVER_ERROR);
-        }
-    }
-
-    @Override
-    protected void decode(ChannelHandlerContext ctx, FullHttpRequest request, List<Object> out) {
-        if (ctx.channel().attr(USER).get() != null) {
-            out.add(request.retain());
-            return;
-        }
-
-        if (!request.uri().equals(config.getWebsocketPath())) {
-            send(ctx, request, HttpResponseStatus.NOT_FOUND);
-            Scribbleshare.getLogger(ctx).warning("Bad uri");
-            return;
-        }
-
-        if (!request.method().equals(HttpMethod.GET)) {
-            send(ctx, request, HttpResponseStatus.METHOD_NOT_ALLOWED);
-            Scribbleshare.getLogger(ctx).warning("Bad method");
-            return;
-        }
-
-        HttpSession.ClientCookie cookie = HttpSession.ClientCookie.getClientCookie(request, HttpSession.COOKIE_NAME);
-        if (cookie != null) {
-            HttpSession httpSession = sessionDatabase.getHttpSession(cookie.getId());
-            if (httpSession != null && httpSession.validate(cookie.getToken())) {
-                Scribbleshare.getLogger(ctx).info("Authenticated with id " + httpSession.getUser());
-                ctx.channel().attr(USER).set(httpSession.getUser());
-                out.add(request.retain());
-            } else {
-                Scribbleshare.getLogger(ctx).warning("Bad authentication");
-                //bad authentication attempt
-                //todo rate limit timeout server a proper response???
-                send(ctx, request, HttpResponseStatus.UNAUTHORIZED);
-            }
-        } else {
-            Scribbleshare.getLogger(ctx).info("No authentication");
-            send(ctx, request, HttpResponseStatus.UNAUTHORIZED);
-        }
-    }
-}
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/MouseMove.java b/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/MouseMove.java
deleted file mode 100644
index 6c1b1860..00000000
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/MouseMove.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package net.stzups.scribbleshare.room.server.websocket;
-
-import io.netty.buffer.ByteBuf;
-
-public class MouseMove {
-    private final byte dt;
-    private final short x;
-    private final short y;
-
-    public MouseMove(ByteBuf byteBuf) {
-        this.dt = byteBuf.readByte();
-        this.x = byteBuf.readShort();
-        this.y = byteBuf.readShort();
-    }
-
-    public void serialize(ByteBuf byteBuf) {
-        byteBuf.writeByte(dt);
-        byteBuf.writeShort(x);
-        byteBuf.writeShort(y);
-    }
-}
diff --git a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/State.java b/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/State.java
deleted file mode 100644
index 9770802e..00000000
--- a/scribbleshare-room/src/main/java/net/stzups/scribbleshare/room/server/websocket/State.java
+++ /dev/null
@@ -1,231 +0,0 @@
-package net.stzups.scribbleshare.room.server.websocket;
-
-import io.netty.channel.ChannelHandlerContext;
-import io.netty.handler.codec.http.websocketx.WebSocketServerProtocolHandler;
-import io.netty.util.Attribute;
-import net.stzups.scribbleshare.Scribbleshare;
-import net.stzups.scribbleshare.data.objects.Document;
-import net.stzups.scribbleshare.data.objects.InviteCode;
-import net.stzups.scribbleshare.data.objects.User;
-import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdateException;
-import net.stzups.scribbleshare.data.objects.canvas.canvasUpdate.CanvasUpdates;
-import net.stzups.scribbleshare.data.objects.exceptions.DeserializationException;
-import net.stzups.scribbleshare.room.server.HttpAuthenticator;
-import net.stzups.scribbleshare.room.server.RoomHttpServerInitializer;
-import net.stzups.scribbleshare.room.server.websocket.protocol.client.ClientMessage;
-import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageCanvasUpdate;
-import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageDeleteDocument;
-import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageHandshake;
-import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageOpenDocument;
-import net.stzups.scribbleshare.room.server.websocket.protocol.client.messages.ClientMessageUpdateDocument;
-import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageAddUser;
-import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageCanvasUpdate;
-import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageDeleteDocument;
-import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageGetInvite;
-import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageHandshake;
-import net.stzups.scribbleshare.room.server.websocket.protocol.server.messages.ServerMessageUpdateDocument;
-
-public enum State {//todo use class instead of enums for state??
-    INITIAL {
-        @Override
-        public void userEventTriggered(ChannelHandlerContext ctx, Object event) {
-            if (event instanceof WebSocketServerProtocolHandler.HandshakeComplete) {
-                Scribbleshare.getLogger(ctx).info("WebSocket connection initialized");
-                State.HANDSHAKE.setState(ctx);
-                return;
-            }
-
-            if (event instanceof WebSocketServerProtocolHandler.ServerHandshakeStateEvent) return; //deprecated but still fired
-
-            super.userEventTriggered(ctx, event);
-        }
-    },
-    HANDSHAKE {
-        @Override
-        public void message(ChannelHandlerContext ctx, ClientMessage clientMessage) throws ClientMessageException {
-            switch (clientMessage.getMessageType()) {
-                case HANDSHAKE: {
-                    ClientMessageHandshake clientPacketHandshake = (ClientMessageHandshake) clientMessage;
-
-                    User user = RoomHttpServerInitializer.getDatabase(ctx).getUser(HttpAuthenticator.getUser(ctx));
-                    if (user == null) {
-                        throw new ClientMessageException(clientMessage, "User does not exist");
-                    }
-                    Scribbleshare.getLogger(ctx).info("Handshake with invite " + clientPacketHandshake.getCode() + ", " + user);
-
-                    Client client = new Client(user, ctx.channel());
-                    ClientMessageHandler.getClient(ctx).set(client);
-
-                    client.queueMessage(new ServerMessageHandshake(client));
-                    InviteCode inviteCode = RoomHttpServerInitializer.getDatabase(ctx).getInviteCode(clientPacketHandshake.getCode());
-                    client.queueMessage(new ServerMessageAddUser(client.getUser()));
-                    //figure out which document to open first
-                    if (inviteCode != null) {
-                        Document document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(inviteCode.getDocument());
-                        if (document != null) {
-                            //if this isn't the user's own document and this isn't part of the user's shared documents then add and update
-                            if (document.getOwner() != client.getUser().getId()) {
-                                if (client.getUser().getSharedDocuments().add(document.getId())) {
-                                    RoomHttpServerInitializer.getDatabase(ctx).updateUser(client.getUser());
-                                }
-                            }
-                            try {
-                                ClientMessageHandler.getRoom(ctx).set(Room.getRoom(RoomHttpServerInitializer.getDatabase(ctx), document));
-                            } catch (DeserializationException e) {
-                                throw new ClientMessageException(clientMessage, e);
-                            }
-                        } else {
-                            throw new ClientMessageException(clientMessage, "Somehow used invite code for non existent document");
-                        }
-                    } else {
-                        if (client.getUser().getOwnedDocuments().size() == 0) {
-                            RoomHttpServerInitializer.getDatabase(ctx).createDocument(client.getUser());
-                        }
-                    }
-                    client.getUser().getOwnedDocuments().removeIf((id) -> {
-                        Document document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(id);
-                        if (document == null) {
-                            return true;
-                        } else {
-                            client.queueMessage(new ServerMessageUpdateDocument(RoomHttpServerInitializer.getDatabase(ctx).getDocument(id)));
-                            return false;
-                        }
-                    });//todo this is bad
-                    client.getUser().getSharedDocuments().removeIf((id) -> {
-                        Document document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(id);
-                        if (document == null) {
-                            return true;
-                        } else {
-                            client.queueMessage(new ServerMessageUpdateDocument(RoomHttpServerInitializer.getDatabase(ctx).getDocument(id)));
-                            return false;
-                        }
-                    });
-                    client.flushMessages();
-
-                    State.READY.setState(ctx);
-                    break;
-                }
-                default:
-                    super.message(ctx, clientMessage);
-            }
-        }
-    },
-    READY {
-        @Override
-        public void channelInactive(ChannelHandlerContext ctx) {
-            final Attribute<Room> room = ClientMessageHandler.getRoom(ctx);
-            if (room.get() != null) {
-                room.get().removeClient(ClientMessageHandler.getClient(ctx).get());
-                return;
-            }
-            //super.channelInactive(ctx);
-        }
-
-        @Override
-        public void message(ChannelHandlerContext ctx, ClientMessage clientMessage) throws ClientMessageException {
-            final Client client = ClientMessageHandler.getClient(ctx).get();
-            final Attribute<Room> room = ClientMessageHandler.getRoom(ctx);
-
-            switch (clientMessage.getMessageType()) {
-                case CANVAS_UPDATE: {
-                    CanvasUpdates[] canvasUpdates = ((ClientMessageCanvasUpdate) clientMessage).getCanvasUpdatesArray();
-                    try {
-                        room.get().getCanvas().update(canvasUpdates);
-                    } catch (CanvasUpdateException e) {
-                        throw new ClientMessageException(clientMessage, e);
-                    }
-                    room.get().queueMessageExcept(new ServerMessageCanvasUpdate(canvasUpdates), client);
-                    break;
-                }
-                case OPEN_DOCUMENT: {
-                    ClientMessageOpenDocument clientPacketOpenDocument = (ClientMessageOpenDocument) clientMessage;
-                    Document document = RoomHttpServerInitializer.getDatabase(ctx).getDocument(clientPacketOpenDocument.getId());
-                    if (document != null) {
-                        if (room.get() != null) {
-                            room.get().removeClient(client);
-                        }
-                        try {
-                            room.set(Room.getRoom(RoomHttpServerInitializer.getDatabase(ctx), document));
-                        } catch (DeserializationException e) {
-                            throw new ClientMessageException(clientMessage, e);
-                        }
-                        room.get().addClient(client);
-                    } else {
-                        Scribbleshare.getLogger(ctx).warning(client + " tried to open document not that does not exist");
-                    }
-                    break;
-                }
-                case CREATE_DOCUMENT: {
-                    if (room.get() != null) {
-                        room.get().removeClient(client);
-                    }
-                    try {
-                        room.set(Room.getRoom(RoomHttpServerInitializer.getDatabase(ctx), RoomHttpServerInitializer.getDatabase(ctx).createDocument(client.getUser())));
-                        ClientMessageHandler.getRoom(ctx).set(room.get());
-                    } catch (Exception e) {
-                        e.printStackTrace();
-                    }
-                    client.sendMessage(new ServerMessageUpdateDocument(room.get().getDocument()));
-                    room.get().addClient(client);
-                    break;
-                }
-                case DELETE_DOCUMENT: {
-                    ClientMessageDeleteDocument clientMessageDeleteDocument = (ClientMessageDeleteDocument) clientMessage;
-                    if (clientMessageDeleteDocument.getId() == room.get().getDocument().getId()) {
-                        Scribbleshare.getLogger(ctx).info("Deleting live document " + room.get().getDocument());
-                        room.get().sendMessage(new ServerMessageDeleteDocument(room.get().getDocument()));
-                        room.get().end();
-                        RoomHttpServerInitializer.getDatabase(ctx).deleteDocument(room.get().getDocument());
-                        break;
-                    } else {
-                        throw new ClientMessageException(clientMessage, "Tried to delete document which is not currently open");
-                    }
-/*                        Document document = ScribbleshareRoom.getDatabase().getDocument(clientMessageDeleteDocument.getId());
-                if (document == null) {
-                    throw new MessageException(clientMessage, "Tried to delete document with id " + clientMessageDeleteDocument.getId() + " that does not exist");
-                }
-                if (document.getOwner() != client.getUser().getId()) {
-                    throw new MessageException(clientMessage, "Tried to delete document with id " + document.getId() +" which they do not own");
-                }
-                ServerInitializer.getLogger(ctx).info("Deleting dead document " + room.getDocument());
-                ScribbleshareRoom.getDatabase().deleteDocument(room.getDocument());*/
-                    //Room.getRoom(document);
-                    //break;//todo better update logic
-                }
-                case UPDATE_DOCUMENT: {
-                    ClientMessageUpdateDocument clientMessageUpdateDocument = (ClientMessageUpdateDocument) clientMessage;
-                    if (clientMessageUpdateDocument.getName().length() > 64) {
-                        throw new ClientMessageException(clientMessage, "Tried to change name to string that is too long (" + clientMessageUpdateDocument.getName().length() + ")");
-                    }
-                    room.get().getDocument().setName(clientMessageUpdateDocument.getName());
-                    room.get().queueMessageExcept(new ServerMessageUpdateDocument(room.get().getDocument()), client);
-                    RoomHttpServerInitializer.getDatabase(ctx).updateDocument(room.get().getDocument());
-                    break;//todo better update logic
-                }
-                case GET_INVITE: {
-                    client.sendMessage(new ServerMessageGetInvite(RoomHttpServerInitializer.getDatabase(ctx).getInviteCode(room.get().getDocument())));
-                    break;
-                }
-                default:
-                    super.message(ctx, clientMessage);
-            }
-        }
-    };
-
-    void setState(ChannelHandlerContext ctx) {
-        Scribbleshare.getLogger(ctx).info(this.toString());
-        ClientMessageHandler.getState(ctx).set(this);
-    }
-
-    public void channelInactive(ChannelHandlerContext ctx) {
-        //todo throw new UnsupportedOperationException("Unhandled channel close");
-    }
-
-    public void userEventTriggered(ChannelHandlerContext ctx, Object event) {
-        throw new UnsupportedOperationException("Unhandled Netty userEventTriggered " + event);
-    }
-
-    public void message(ChannelHandlerContext ctx, ClientMessage clientMessage) throws ClientMessageException {
-        throw new UnsupportedOperationException("Unhandled ClientMessage " + clientMessage.getClass().getSimpleName());
-    }
-}
diff --git a/settings.gradle b/settings.gradle
index 1cd6ec49..80014623 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -1,3 +1,3 @@
 rootProject.name = 'scribbleshare'
-include('scribbleshare-room', 'scribbleshare-backend', ':scribbleshare-commons')
-project(':scribbleshare-backend').projectDir = new File('scribbleshare-app/scribbleshare-backend')
\ No newline at end of file
+include('room', 'backend', ':commons')
+project(':backend').projectDir = new File('app/backend')
\ No newline at end of file