From 4a07389ccab84273bc58b67b4c511bfe72ebc6ca Mon Sep 17 00:00:00 2001
From: Evert Prants <evert@lunasqu.ee>
Date: Fri, 17 May 2024 17:31:14 +0300
Subject: [PATCH] settings and avatar

---
 .vscode/settings.json                         |   3 +
 package-lock.json                             | 277 +++++++++++++++++-
 package.json                                  |   5 +
 src/app.css                                   |  25 +-
 src/lib/components/Alert.svelte               |  36 +++
 src/lib/components/Button.svelte              |  37 +--
 src/lib/components/ColumnView.svelte          |  11 +
 src/lib/components/MainContainer.svelte       |  23 ++
 src/lib/components/Modal.svelte               | 115 ++++++++
 src/lib/components/SideContainer.svelte       |  27 ++
 src/lib/components/SplitView.svelte           |  19 ++
 src/lib/components/avatar/AvatarCard.svelte   |  31 ++
 src/lib/components/avatar/AvatarModal.svelte  | 152 ++++++++++
 src/lib/components/form/FormControl.svelte    |  64 ++--
 src/lib/components/form/FormSection.svelte    |  21 +-
 src/lib/components/form/FormWrapper.svelte    |  13 +-
 src/lib/constants.ts                          |   1 +
 src/lib/i18n/en/account.json                  |  32 +-
 src/lib/i18n/en/common.json                   |   5 +-
 src/lib/server/challenge.ts                   |   2 +-
 src/lib/server/drizzle/schema.ts              |   4 +-
 src/lib/server/upload.ts                      |  67 +++++
 src/lib/server/users/index.ts                 |   9 +
 src/lib/server/users/totp.ts                  |   8 +
 src/routes/+page.server.ts                    |   3 +
 src/routes/account/+page.server.ts            |  52 +++-
 src/routes/account/+page.svelte               | 222 ++++++++++----
 src/routes/account/two-factor/+page.server.ts |  79 +++++
 src/routes/account/two-factor/+page.svelte    |  58 ++++
 src/routes/api/avatar/[slug]/+server.ts       |  24 ++
 src/routes/login/+page.server.ts              |  73 ++++-
 src/routes/login/+page.svelte                 |  79 +++--
 static/application.png                        | Bin 0 -> 14817 bytes
 static/avatar.png                             | Bin 0 -> 2995 bytes
 uploads/.gitignore                            |   2 +
 35 files changed, 1397 insertions(+), 182 deletions(-)
 create mode 100644 .vscode/settings.json
 create mode 100644 src/lib/components/Alert.svelte
 create mode 100644 src/lib/components/ColumnView.svelte
 create mode 100644 src/lib/components/MainContainer.svelte
 create mode 100644 src/lib/components/Modal.svelte
 create mode 100644 src/lib/components/SideContainer.svelte
 create mode 100644 src/lib/components/SplitView.svelte
 create mode 100644 src/lib/components/avatar/AvatarCard.svelte
 create mode 100644 src/lib/components/avatar/AvatarModal.svelte
 create mode 100644 src/lib/constants.ts
 create mode 100644 src/lib/server/upload.ts
 create mode 100644 src/routes/+page.server.ts
 create mode 100644 src/routes/account/two-factor/+page.server.ts
 create mode 100644 src/routes/account/two-factor/+page.svelte
 create mode 100644 src/routes/api/avatar/[slug]/+server.ts
 create mode 100644 static/application.png
 create mode 100644 static/avatar.png
 create mode 100644 uploads/.gitignore

diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..ad92582
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+  "editor.formatOnSave": true
+}
diff --git a/package-lock.json b/package-lock.json
index b2b04b8..007548a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,9 +10,12 @@
 			"dependencies": {
 				"@sveltejs/adapter-node": "^5.0.1",
 				"bcryptjs": "^2.4.3",
+				"cropperjs": "^1.6.2",
 				"drizzle-orm": "^0.30.10",
+				"mime-types": "^2.1.35",
 				"mysql2": "^3.9.7",
 				"otplib": "^12.0.1",
+				"qrcode": "^1.5.3",
 				"svelte-kit-cookie-session": "^4.0.0",
 				"sveltekit-i18n": "^2.4.2",
 				"uuid": "^9.0.1"
@@ -23,7 +26,9 @@
 				"@sveltejs/vite-plugin-svelte": "^3.0.0",
 				"@types/bcryptjs": "^2.4.6",
 				"@types/eslint": "^8.56.0",
+				"@types/mime-types": "^2.1.4",
 				"@types/node": "^20.12.12",
+				"@types/qrcode": "^1.5.5",
 				"@types/uuid": "^9.0.8",
 				"@typescript-eslint/eslint-plugin": "^7.0.0",
 				"@typescript-eslint/parser": "^7.0.0",
@@ -1538,6 +1543,12 @@
 			"integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==",
 			"dev": true
 		},
+		"node_modules/@types/mime-types": {
+			"version": "2.1.4",
+			"resolved": "https://registry.npmjs.org/@types/mime-types/-/mime-types-2.1.4.tgz",
+			"integrity": "sha512-lfU4b34HOri+kAY5UheuFMWPDOI+OPceBSHZKp69gEyTL/mmJ4cnU6Y/rlme3UL3GyOn6Y42hyIEw0/q8sWx5w==",
+			"dev": true
+		},
 		"node_modules/@types/node": {
 			"version": "20.12.12",
 			"resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.12.tgz",
@@ -1553,6 +1564,15 @@
 			"integrity": "sha512-Sk/uYFOBAB7mb74XcpizmH0KOR2Pv3D2Hmrh1Dmy5BmK3MpdSa5kqZcg6EKBdklU0bFXX9gCfzvpnyUehrPIuA==",
 			"dev": true
 		},
+		"node_modules/@types/qrcode": {
+			"version": "1.5.5",
+			"resolved": "https://registry.npmjs.org/@types/qrcode/-/qrcode-1.5.5.tgz",
+			"integrity": "sha512-CdfBi/e3Qk+3Z/fXYShipBT13OJ2fDO2Q2w5CIP5anLTLIndQG9z6P1cnm+8zCWSpm5dnxMFd/uREtb0EXuQzg==",
+			"dev": true,
+			"dependencies": {
+				"@types/node": "*"
+			}
+		},
 		"node_modules/@types/resolve": {
 			"version": "1.20.2",
 			"resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.20.2.tgz",
@@ -1795,7 +1815,6 @@
 			"version": "5.0.1",
 			"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
 			"integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
-			"dev": true,
 			"engines": {
 				"node": ">=8"
 			}
@@ -1804,7 +1823,6 @@
 			"version": "4.3.0",
 			"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
 			"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-			"dev": true,
 			"dependencies": {
 				"color-convert": "^2.0.1"
 			},
@@ -1936,6 +1954,14 @@
 				"node": ">=6"
 			}
 		},
+		"node_modules/camelcase": {
+			"version": "5.3.1",
+			"resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+			"integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+			"engines": {
+				"node": ">=6"
+			}
+		},
 		"node_modules/chalk": {
 			"version": "4.1.2",
 			"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
@@ -2004,6 +2030,16 @@
 				"node": ">=0.10"
 			}
 		},
+		"node_modules/cliui": {
+			"version": "6.0.0",
+			"resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
+			"integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==",
+			"dependencies": {
+				"string-width": "^4.2.0",
+				"strip-ansi": "^6.0.0",
+				"wrap-ansi": "^6.2.0"
+			}
+		},
 		"node_modules/code-red": {
 			"version": "1.0.4",
 			"resolved": "https://registry.npmjs.org/code-red/-/code-red-1.0.4.tgz",
@@ -2020,7 +2056,6 @@
 			"version": "2.0.1",
 			"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
 			"integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-			"dev": true,
 			"dependencies": {
 				"color-name": "~1.1.4"
 			},
@@ -2031,8 +2066,7 @@
 		"node_modules/color-name": {
 			"version": "1.1.4",
 			"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-			"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-			"dev": true
+			"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
 		},
 		"node_modules/commander": {
 			"version": "9.5.0",
@@ -2062,6 +2096,11 @@
 				"node": ">= 0.6"
 			}
 		},
+		"node_modules/cropperjs": {
+			"version": "1.6.2",
+			"resolved": "https://registry.npmjs.org/cropperjs/-/cropperjs-1.6.2.tgz",
+			"integrity": "sha512-nhymn9GdnV3CqiEHJVai54TULFAE3VshJTXSqSJKa8yXAKyBKDWdhHarnlIPrshJ0WMFTGuFvG02YjLXfPiuOA=="
+		},
 		"node_modules/cross-spawn": {
 			"version": "7.0.3",
 			"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
@@ -2129,6 +2168,14 @@
 				}
 			}
 		},
+		"node_modules/decamelize": {
+			"version": "1.2.0",
+			"resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
+			"integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==",
+			"engines": {
+				"node": ">=0.10.0"
+			}
+		},
 		"node_modules/deep-is": {
 			"version": "0.1.4",
 			"resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
@@ -2185,6 +2232,11 @@
 				"node": "*"
 			}
 		},
+		"node_modules/dijkstrajs": {
+			"version": "1.0.3",
+			"resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz",
+			"integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA=="
+		},
 		"node_modules/dir-glob": {
 			"version": "3.0.1",
 			"resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
@@ -2787,6 +2839,16 @@
 				}
 			}
 		},
+		"node_modules/emoji-regex": {
+			"version": "8.0.0",
+			"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+			"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
+		},
+		"node_modules/encode-utf8": {
+			"version": "1.0.3",
+			"resolved": "https://registry.npmjs.org/encode-utf8/-/encode-utf8-1.0.3.tgz",
+			"integrity": "sha512-ucAnuBEhUK4boH2HjVYG5Q2mQyPorvv0u/ocS+zhdw0S8AlHYY+GOFhP1Gio5z4icpP2ivFSvhtFjQi8+T9ppw=="
+		},
 		"node_modules/env-paths": {
 			"version": "3.0.0",
 			"resolved": "https://registry.npmjs.org/env-paths/-/env-paths-3.0.0.tgz",
@@ -3340,6 +3402,14 @@
 				"is-property": "^1.0.2"
 			}
 		},
+		"node_modules/get-caller-file": {
+			"version": "2.0.5",
+			"resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+			"integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+			"engines": {
+				"node": "6.* || 8.* || >= 10.*"
+			}
+		},
 		"node_modules/get-tsconfig": {
 			"version": "4.7.5",
 			"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.7.5.tgz",
@@ -3613,6 +3683,14 @@
 				"node": ">=0.10.0"
 			}
 		},
+		"node_modules/is-fullwidth-code-point": {
+			"version": "3.0.0",
+			"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+			"integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+			"engines": {
+				"node": ">=8"
+			}
+		},
 		"node_modules/is-glob": {
 			"version": "4.0.3",
 			"resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
@@ -3870,6 +3948,25 @@
 				"node": ">=8.6"
 			}
 		},
+		"node_modules/mime-db": {
+			"version": "1.52.0",
+			"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+			"integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+			"engines": {
+				"node": ">= 0.6"
+			}
+		},
+		"node_modules/mime-types": {
+			"version": "2.1.35",
+			"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+			"integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+			"dependencies": {
+				"mime-db": "1.52.0"
+			},
+			"engines": {
+				"node": ">= 0.6"
+			}
+		},
 		"node_modules/min-indent": {
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz",
@@ -4076,6 +4173,14 @@
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
+		"node_modules/p-try": {
+			"version": "2.2.0",
+			"resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+			"integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+			"engines": {
+				"node": ">=6"
+			}
+		},
 		"node_modules/parent-module": {
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
@@ -4092,7 +4197,6 @@
 			"version": "4.0.0",
 			"resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
 			"integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
-			"dev": true,
 			"engines": {
 				"node": ">=8"
 			}
@@ -4155,6 +4259,14 @@
 				"url": "https://github.com/sponsors/jonschlinkert"
 			}
 		},
+		"node_modules/pngjs": {
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz",
+			"integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==",
+			"engines": {
+				"node": ">=10.13.0"
+			}
+		},
 		"node_modules/postcss": {
 			"version": "8.4.38",
 			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz",
@@ -4309,6 +4421,23 @@
 				"node": ">=6"
 			}
 		},
+		"node_modules/qrcode": {
+			"version": "1.5.3",
+			"resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.3.tgz",
+			"integrity": "sha512-puyri6ApkEHYiVl4CFzo1tDkAZ+ATcnbJrJ6RiBM1Fhctdn/ix9MTE3hRph33omisEbC/2fcfemsseiKgBPKZg==",
+			"dependencies": {
+				"dijkstrajs": "^1.0.1",
+				"encode-utf8": "^1.0.3",
+				"pngjs": "^5.0.0",
+				"yargs": "^15.3.1"
+			},
+			"bin": {
+				"qrcode": "bin/qrcode"
+			},
+			"engines": {
+				"node": ">=10.13.0"
+			}
+		},
 		"node_modules/queue-microtask": {
 			"version": "1.2.3",
 			"resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -4341,6 +4470,19 @@
 				"node": ">=8.10.0"
 			}
 		},
+		"node_modules/require-directory": {
+			"version": "2.1.1",
+			"resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+			"integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+			"engines": {
+				"node": ">=0.10.0"
+			}
+		},
+		"node_modules/require-main-filename": {
+			"version": "2.0.0",
+			"resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
+			"integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg=="
+		},
 		"node_modules/resolve": {
 			"version": "1.22.8",
 			"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz",
@@ -4514,6 +4656,11 @@
 			"resolved": "https://registry.npmjs.org/seq-queue/-/seq-queue-0.0.5.tgz",
 			"integrity": "sha512-hr3Wtp/GZIc/6DAGPDcV4/9WoZhjrkXsi5B/07QgX8tsdc6ilr7BFM6PM6rbdAX1kFSDYeZGLipIZZKyQP0O5Q=="
 		},
+		"node_modules/set-blocking": {
+			"version": "2.0.0",
+			"resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
+			"integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw=="
+		},
 		"node_modules/set-cookie-parser": {
 			"version": "2.6.0",
 			"resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.6.0.tgz",
@@ -4618,11 +4765,23 @@
 				"node": ">= 0.6"
 			}
 		},
+		"node_modules/string-width": {
+			"version": "4.2.3",
+			"resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+			"integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+			"dependencies": {
+				"emoji-regex": "^8.0.0",
+				"is-fullwidth-code-point": "^3.0.0",
+				"strip-ansi": "^6.0.1"
+			},
+			"engines": {
+				"node": ">=8"
+			}
+		},
 		"node_modules/strip-ansi": {
 			"version": "6.0.1",
 			"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
 			"integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-			"dev": true,
 			"dependencies": {
 				"ansi-regex": "^5.0.1"
 			},
@@ -5072,6 +5231,11 @@
 				"node": ">= 8"
 			}
 		},
+		"node_modules/which-module": {
+			"version": "2.0.1",
+			"resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz",
+			"integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ=="
+		},
 		"node_modules/word-wrap": {
 			"version": "1.2.5",
 			"resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
@@ -5087,11 +5251,29 @@
 			"integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==",
 			"dev": true
 		},
+		"node_modules/wrap-ansi": {
+			"version": "6.2.0",
+			"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+			"integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+			"dependencies": {
+				"ansi-styles": "^4.0.0",
+				"string-width": "^4.1.0",
+				"strip-ansi": "^6.0.0"
+			},
+			"engines": {
+				"node": ">=8"
+			}
+		},
 		"node_modules/wrappy": {
 			"version": "1.0.2",
 			"resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
 			"integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
 		},
+		"node_modules/y18n": {
+			"version": "4.0.3",
+			"resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
+			"integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ=="
+		},
 		"node_modules/yaml": {
 			"version": "1.10.2",
 			"resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz",
@@ -5101,6 +5283,87 @@
 				"node": ">= 6"
 			}
 		},
+		"node_modules/yargs": {
+			"version": "15.4.1",
+			"resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
+			"integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==",
+			"dependencies": {
+				"cliui": "^6.0.0",
+				"decamelize": "^1.2.0",
+				"find-up": "^4.1.0",
+				"get-caller-file": "^2.0.1",
+				"require-directory": "^2.1.1",
+				"require-main-filename": "^2.0.0",
+				"set-blocking": "^2.0.0",
+				"string-width": "^4.2.0",
+				"which-module": "^2.0.0",
+				"y18n": "^4.0.0",
+				"yargs-parser": "^18.1.2"
+			},
+			"engines": {
+				"node": ">=8"
+			}
+		},
+		"node_modules/yargs-parser": {
+			"version": "18.1.3",
+			"resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz",
+			"integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==",
+			"dependencies": {
+				"camelcase": "^5.0.0",
+				"decamelize": "^1.2.0"
+			},
+			"engines": {
+				"node": ">=6"
+			}
+		},
+		"node_modules/yargs/node_modules/find-up": {
+			"version": "4.1.0",
+			"resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+			"integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+			"dependencies": {
+				"locate-path": "^5.0.0",
+				"path-exists": "^4.0.0"
+			},
+			"engines": {
+				"node": ">=8"
+			}
+		},
+		"node_modules/yargs/node_modules/locate-path": {
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+			"integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+			"dependencies": {
+				"p-locate": "^4.1.0"
+			},
+			"engines": {
+				"node": ">=8"
+			}
+		},
+		"node_modules/yargs/node_modules/p-limit": {
+			"version": "2.3.0",
+			"resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
+			"integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
+			"dependencies": {
+				"p-try": "^2.0.0"
+			},
+			"engines": {
+				"node": ">=6"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/sindresorhus"
+			}
+		},
+		"node_modules/yargs/node_modules/p-locate": {
+			"version": "4.1.0",
+			"resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+			"integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+			"dependencies": {
+				"p-limit": "^2.2.0"
+			},
+			"engines": {
+				"node": ">=8"
+			}
+		},
 		"node_modules/yocto-queue": {
 			"version": "0.1.0",
 			"resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
diff --git a/package.json b/package.json
index dfe5550..9571a49 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,9 @@
 		"@sveltejs/vite-plugin-svelte": "^3.0.0",
 		"@types/bcryptjs": "^2.4.6",
 		"@types/eslint": "^8.56.0",
+		"@types/mime-types": "^2.1.4",
 		"@types/node": "^20.12.12",
+		"@types/qrcode": "^1.5.5",
 		"@types/uuid": "^9.0.8",
 		"@typescript-eslint/eslint-plugin": "^7.0.0",
 		"@typescript-eslint/parser": "^7.0.0",
@@ -37,9 +39,12 @@
 	"dependencies": {
 		"@sveltejs/adapter-node": "^5.0.1",
 		"bcryptjs": "^2.4.3",
+		"cropperjs": "^1.6.2",
 		"drizzle-orm": "^0.30.10",
+		"mime-types": "^2.1.35",
 		"mysql2": "^3.9.7",
 		"otplib": "^12.0.1",
+		"qrcode": "^1.5.3",
 		"svelte-kit-cookie-session": "^4.0.0",
 		"sveltekit-i18n": "^2.4.2",
 		"uuid": "^9.0.1"
diff --git a/src/app.css b/src/app.css
index 2082fc5..7398b29 100644
--- a/src/app.css
+++ b/src/app.css
@@ -10,25 +10,26 @@
 	--in-outline-color: #00aaff;
 	--in-normalized-background: #000;
 	--in-input-background: #fff;
+	--in-input-background-disabled: #c2c2c2;
 	--in-input-color: #000;
+	--in-input-color-disabled: #414141;
 	--in-input-border-color: #ddd;
+	--in-input-border-color-disabled: #a0a0a0;
+
+	--in-alert-color: #006597;
+	--in-error-color: #b52e2e;
+	--in-success-color: #1e7f27;
+
+	--in-modal-background: #fff;
+	--in-modal-backdrop: rgba(0, 0, 0, 0.3);
+	--in-modal-divider-color: #ddd;
 
 	--in-focus-outline: 3px solid var(--in-outline-color);
 }
 
 :root {
-	font-family:
-		system-ui,
-		-apple-system,
-		BlinkMacSystemFont,
-		'Segoe UI',
-		Roboto,
-		Oxygen,
-		Ubuntu,
-		Cantarell,
-		'Open Sans',
-		'Helvetica Neue',
-		sans-serif;
+	font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell,
+		'Open Sans', 'Helvetica Neue', sans-serif;
 	color: var(--in-text-color);
 }
 
diff --git a/src/lib/components/Alert.svelte b/src/lib/components/Alert.svelte
new file mode 100644
index 0000000..a35f7ca
--- /dev/null
+++ b/src/lib/components/Alert.svelte
@@ -0,0 +1,36 @@
+<script lang="ts">
+	import { createEventDispatcher } from 'svelte';
+	import Button from './Button.svelte';
+
+	export let type: 'default' | 'error' | 'success' = 'default';
+	export let dismissable = false;
+
+	const dispatch = createEventDispatcher();
+</script>
+
+<div class="alert alert-{type}" role="alert">
+	<p><slot /></p>
+	{#if dismissable}<Button variant="link" on:click={() => dispatch('dismiss')}>x</Button>{/if}
+</div>
+
+<style>
+	.alert {
+		background-color: var(--in-alert-color);
+		width: 100%;
+		border-radius: 8px;
+		padding: 24px 28px;
+		font-size: 1.15rem;
+
+		& p {
+			margin: 0;
+		}
+
+		&.alert-error {
+			background-color: var(--in-error-color);
+		}
+
+		&.alert-success {
+			background-color: var(--in-success-color);
+		}
+	}
+</style>
diff --git a/src/lib/components/Button.svelte b/src/lib/components/Button.svelte
index 1447963..a2a04bc 100644
--- a/src/lib/components/Button.svelte
+++ b/src/lib/components/Button.svelte
@@ -1,9 +1,12 @@
 <script lang="ts">
+	import { createEventDispatcher } from 'svelte';
+
 	export let type: 'button' | 'submit' = 'button';
 	export let variant: 'default' | 'primary' | 'link' = 'default';
+	const dispath = createEventDispatcher();
 </script>
 
-<button {type} class="btn btn-{variant}"><slot /></button>
+<button {type} class="btn btn-{variant}" on:click={(e) => dispath('click', e)}><slot /></button>
 
 <style>
 	.btn {
@@ -13,24 +16,24 @@
 		background: transparent;
 		color: var(--in-text-color);
 		font-size: 1rem;
-    cursor: pointer;
+		cursor: pointer;
 
-    &:focus-visible {
-      outline: var(--in-focus-outline);
-    }
+		&:focus-visible {
+			outline: var(--in-focus-outline);
+		}
 	}
 
-  .btn-link {
-    text-decoration: underline;
-  }
+	.btn-link {
+		text-decoration: underline;
+	}
 
-  .btn-default,
-  .btn-primary {
-    background-color: #fff;
-    color: #000;
-    border: 2px solid #ddd;
-    padding: 6px 12px;
-    border-radius: 4px;
-    font-weight: 700;
-  }
+	.btn-default,
+	.btn-primary {
+		background-color: #fff;
+		color: #000;
+		border: 2px solid #ddd;
+		padding: 6px 12px;
+		border-radius: 4px;
+		font-weight: 700;
+	}
 </style>
diff --git a/src/lib/components/ColumnView.svelte b/src/lib/components/ColumnView.svelte
new file mode 100644
index 0000000..1b23c77
--- /dev/null
+++ b/src/lib/components/ColumnView.svelte
@@ -0,0 +1,11 @@
+<div class="column">
+	<slot />
+</div>
+
+<style>
+	.column {
+		display: flex;
+		flex-direction: column;
+		gap: 1rem;
+	}
+</style>
diff --git a/src/lib/components/MainContainer.svelte b/src/lib/components/MainContainer.svelte
new file mode 100644
index 0000000..3656d0b
--- /dev/null
+++ b/src/lib/components/MainContainer.svelte
@@ -0,0 +1,23 @@
+<section class="page-wrapper">
+	<div class="page-inner">
+		<slot />
+	</div>
+</section>
+
+<style>
+	.page-wrapper {
+		display: flex;
+		justify-content: center;
+		width: 100%;
+	}
+
+	.page-inner {
+		display: flex;
+		flex-direction: column;
+		backdrop-filter: blur(8px);
+		-webkit-backdrop-filter: blur(8px);
+		padding: 40px;
+		max-width: 1080px;
+		width: 100%;
+	}
+</style>
diff --git a/src/lib/components/Modal.svelte b/src/lib/components/Modal.svelte
new file mode 100644
index 0000000..147bc2d
--- /dev/null
+++ b/src/lib/components/Modal.svelte
@@ -0,0 +1,115 @@
+<script lang="ts">
+	import { createEventDispatcher } from 'svelte';
+
+	export let showModal: boolean;
+	let dialog: HTMLDialogElement;
+
+	const dispatch = createEventDispatcher();
+
+	$: if (dialog && showModal) dialog.showModal();
+	$: if (dialog?.open && !showModal) dialog.close();
+</script>
+
+<!-- svelte-ignore a11y-click-events-have-key-events a11y-no-noninteractive-element-interactions -->
+<dialog
+	bind:this={dialog}
+	on:close={() => {
+		showModal = false;
+		dispatch('close');
+	}}
+	on:click|self={() => dialog.close()}
+>
+	<!-- svelte-ignore a11y-no-static-element-interactions -->
+	<div on:click|stopPropagation>
+		{#if $$slots.header}
+			<div class="dialog-header">
+				<slot name="header" />
+			</div>
+		{/if}
+		<div class="dialog-body">
+			<slot />
+		</div>
+		{#if $$slots.footer}
+			<div class="dialog-footer">
+				<slot name="footer" />
+			</div>
+		{/if}
+	</div>
+</dialog>
+
+<style>
+	dialog {
+		max-width: 32em;
+		border-radius: 0.2em;
+		border: none;
+		padding: 0;
+		background-color: var(--in-modal-background);
+	}
+
+	dialog::backdrop {
+		background: var(--in-modal-backdrop);
+	}
+
+	dialog[open] {
+		animation: zoom 0.3s cubic-bezier(0.34, 1.56, 0.64, 1);
+	}
+
+	dialog[open]::backdrop {
+		animation: fade 0.2s ease-out;
+	}
+
+	.dialog-header {
+		padding: auto;
+	}
+
+	.dialog-header {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		padding: 2rem 2rem 1rem 2rem;
+		border-bottom: 1px solid var(--in-modal-divider-color);
+	}
+
+	.dialog-footer {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		padding: 1rem 2rem 2rem 2rem;
+		border-top: 1px solid var(--in-modal-divider-color);
+	}
+
+	.dialog-body {
+		padding: 1rem 2rem;
+	}
+
+	.dialog-header > :global(span) {
+		font-weight: 700;
+	}
+
+	.dialog-header > :global(.btn) {
+		font-weight: 700;
+		font-size: 1.5rem;
+	}
+
+	.dialog-footer :global(.btn-link) {
+		color: var(--in-input-color);
+	}
+
+	@keyframes zoom {
+		from {
+			transform: scale(0.9);
+		}
+		to {
+			transform: scale(1);
+		}
+	}
+
+	@keyframes fade {
+		from {
+			opacity: 0;
+		}
+		to {
+			opacity: 1;
+		}
+	}
+</style>
diff --git a/src/lib/components/SideContainer.svelte b/src/lib/components/SideContainer.svelte
new file mode 100644
index 0000000..6ac26a2
--- /dev/null
+++ b/src/lib/components/SideContainer.svelte
@@ -0,0 +1,27 @@
+<div class="aside-wrapper">
+	<div class="aside-inner">
+		<slot />
+	</div>
+</div>
+
+<style>
+	.aside-wrapper {
+		display: flex;
+		justify-content: flex-end;
+	}
+
+	.aside-wrapper,
+	.aside-inner {
+		height: 100%;
+	}
+
+	.aside-inner {
+		display: flex;
+		flex-direction: column;
+		backdrop-filter: blur(8px);
+		-webkit-backdrop-filter: blur(8px);
+		padding: 40px;
+		max-width: 600px;
+		width: 100%;
+	}
+</style>
diff --git a/src/lib/components/SplitView.svelte b/src/lib/components/SplitView.svelte
new file mode 100644
index 0000000..eeebc90
--- /dev/null
+++ b/src/lib/components/SplitView.svelte
@@ -0,0 +1,19 @@
+<div class="split">
+	<slot />
+	<slot name="side" />
+</div>
+
+<style>
+	.split {
+		display: flex;
+		gap: 24px;
+
+		@media screen and (max-width: 768px) {
+			flex-direction: column;
+		}
+	}
+
+	.split > :global(*) {
+		flex-basis: calc(50% - 24px);
+	}
+</style>
diff --git a/src/lib/components/avatar/AvatarCard.svelte b/src/lib/components/avatar/AvatarCard.svelte
new file mode 100644
index 0000000..c99d313
--- /dev/null
+++ b/src/lib/components/avatar/AvatarCard.svelte
@@ -0,0 +1,31 @@
+<script lang="ts">
+	export let user: { uuid: string; username: string };
+	export let cacheBust: number;
+
+	$: avatarSource = `/api/avatar/${user.uuid}?t=${cacheBust}`;
+</script>
+
+<div class="avatar-wrapper">
+	<div class="image-wrapper">
+		<img src={avatarSource} alt={user.username} />
+	</div>
+
+	<div class="actions-wrapper">
+		<slot />
+	</div>
+</div>
+
+<style>
+	.avatar-wrapper {
+		display: flex;
+		gap: 16px;
+	}
+
+	.image-wrapper {
+		display: flex;
+		height: 120px;
+		width: 120px;
+		flex: 0 0 120px;
+		background-color: var(--in-normalized-background);
+	}
+</style>
diff --git a/src/lib/components/avatar/AvatarModal.svelte b/src/lib/components/avatar/AvatarModal.svelte
new file mode 100644
index 0000000..6a87d52
--- /dev/null
+++ b/src/lib/components/avatar/AvatarModal.svelte
@@ -0,0 +1,152 @@
+<script lang="ts">
+	import type { Writable } from 'svelte/store';
+	import Modal from '../Modal.svelte';
+	import { t } from '$lib/i18n';
+	import Button from '../Button.svelte';
+	import Cropper from 'cropperjs';
+	import 'cropperjs/dist/cropper.css';
+	import { invalidateAll } from '$app/navigation';
+	import FormControl from '../form/FormControl.svelte';
+	import { allowedImages } from '$lib/constants';
+
+	export let show: Writable<boolean>;
+
+	let cropper: Cropper;
+	let image: HTMLImageElement;
+	let resultImage: HTMLImageElement;
+	let resultBlob: Blob | null = null;
+	let picker = true;
+	let ready = false;
+
+	const resetCropper = () => {
+		cropper?.destroy();
+		image.src = '';
+	};
+
+	const reset = () => {
+		resultImage.src = '';
+		picker = true;
+		ready = false;
+		resultBlob = null;
+		resetCropper();
+	};
+
+	const createCrop = () => {
+		cropper = new Cropper(image, {
+			aspectRatio: 1,
+			viewMode: 1,
+			modal: false
+		});
+	};
+
+	const createCropResult = (): void => {
+		const cropCanvas = cropper.getCroppedCanvas({
+			maxHeight: 1024,
+			maxWidth: 1024,
+			imageSmoothingEnabled: true,
+			imageSmoothingQuality: 'high'
+		});
+
+		resultImage.src = cropCanvas.toDataURL();
+
+		cropCanvas.toBlob((blob) => {
+			resultBlob = blob;
+			ready = true;
+			resetCropper();
+		});
+	};
+
+	const readFile = (target: EventTarget | null) => {
+		const input = target as HTMLInputElement;
+		const file = input?.files?.item(0);
+		if (!file) return;
+		const reader = new FileReader();
+		reader.onload = () => {
+			picker = false;
+			image.src = reader.result as string;
+			createCrop();
+		};
+		reader.readAsDataURL(file);
+		input.value = '';
+	};
+
+	const upload = async () => {
+		if (!resultBlob) return;
+		const data = new FormData();
+		data.append('file', resultBlob);
+
+		await fetch(`/account?/avatar`, {
+			method: 'POST',
+			body: data,
+			credentials: 'include',
+			headers: {
+				'x-sveltekit-action': 'true'
+			}
+		});
+
+		$show = false;
+		await invalidateAll();
+	};
+
+	$: if (!$show && image?.src) reset();
+</script>
+
+<Modal showModal={$show} on:close={() => ($show = false)}>
+	<span slot="header">{$t('account.avatar.change')}</span>
+
+	<div>
+		{#if picker}
+			<FormControl>
+				<label for="avatar-file">{$t('account.avatar.uploadLabel')}</label>
+				<input type="file" on:change={(e) => readFile(e.target)} accept={allowedImages.join(',')} />
+				<span>{$t('account.avatar.hint')}</span>
+			</FormControl>
+		{/if}
+
+		<div class="crop-wrapper">
+			<img bind:this={image} alt="" class="preview" />
+		</div>
+
+		<div class="crop-result">
+			<img bind:this={resultImage} alt="" class="result" />
+		</div>
+	</div>
+
+	<div class="actions" slot="footer">
+		<Button variant="link" on:click={() => ($show = false)}>{$t('common.cancel')}</Button>
+
+		{#if !picker}
+			<Button variant="primary" on:click={() => reset()}>{$t('account.avatar.restart')}</Button>
+
+			{#if !ready}
+				<Button variant="primary" on:click={() => createCropResult()}
+					>{$t('account.avatar.done')}</Button
+				>
+			{:else}
+				<Button variant="primary" on:click={() => upload()}>{$t('account.avatar.upload')}</Button>
+			{/if}
+		{/if}
+	</div>
+</Modal>
+
+<style>
+	.crop-wrapper,
+	.crop-result {
+		display: flex;
+		flex-direction: column;
+		max-height: 400px;
+
+		& > img {
+			overflow: auto;
+			object-fit: contain;
+		}
+	}
+
+	.actions {
+		width: 100%;
+		display: flex;
+		justify-content: flex-end;
+		align-items: center;
+		gap: 8px;
+	}
+</style>
diff --git a/src/lib/components/form/FormControl.svelte b/src/lib/components/form/FormControl.svelte
index 48e87f5..675efce 100644
--- a/src/lib/components/form/FormControl.svelte
+++ b/src/lib/components/form/FormControl.svelte
@@ -1,33 +1,47 @@
-
 <div class="form-control">
-  <slot></slot>
+	<slot></slot>
 </div>
 
 <style>
-  :global(input) {
-    &:not([type]),
-    &[type=text],
-    &[type=password],
-    &[type=email] {
-      padding: 8px;
-      font-size: 1rem;
-      background-color: var(--in-input-background);
-      color: var(--in-input-color);
-      border: 2px solid var(--in-input-border-color);
-      border-radius: 6px;
+	:global(input) {
+		background-color: var(--in-input-background);
+		color: var(--in-input-color);
+		border: 2px solid var(--in-input-border-color);
 
-      &:focus-visible {
-        outline: var(--in-focus-outline);
-      }
-    }
-  }
+		&:not([type]),
+		&[type='text'],
+		&[type='password'],
+		&[type='email'] {
+			padding: 8px;
+			font-size: 1rem;
+			border-radius: 6px;
 
-  :global(label) {
-    margin-bottom: 2px;
-  }
+			&:focus-visible {
+				outline: var(--in-focus-outline);
+			}
 
-  .form-control {
-    display: flex;
-    flex-direction: column;
-  }
+			&[disabled] {
+				background-color: var(--in-input-background-disabled);
+				border-color: var(--in-input-border-color-disabled);
+				color: var(--in-input-color-disabled);
+				cursor: not-allowed;
+			}
+		}
+	}
+
+	.form-control > :global(label) {
+		margin-bottom: 4px;
+		font-size: 1.1rem;
+	}
+
+	.form-control > :global(span) {
+		margin-top: 4px;
+		font-size: 0.9rem;
+	}
+
+	.form-control {
+		display: flex;
+		flex-direction: column;
+		width: 100%;
+	}
 </style>
diff --git a/src/lib/components/form/FormSection.svelte b/src/lib/components/form/FormSection.svelte
index 5c184a3..3b82774 100644
--- a/src/lib/components/form/FormSection.svelte
+++ b/src/lib/components/form/FormSection.svelte
@@ -1,4 +1,23 @@
+<script lang="ts">
+	export let title: string = '';
+</script>
 
 <div class="form-section">
-  <slot />
+	{#if title}<div class="form-subtitle">{title}</div>{/if}
+	<slot />
 </div>
+
+<style>
+	.form-section {
+		display: flex;
+		flex-direction: column;
+		gap: 16px;
+		width: 100%;
+		align-items: flex-start;
+	}
+
+	.form-subtitle {
+		font-size: 1.2rem;
+		font-weight: 700;
+	}
+</style>
diff --git a/src/lib/components/form/FormWrapper.svelte b/src/lib/components/form/FormWrapper.svelte
index 41d7244..07bf0e3 100644
--- a/src/lib/components/form/FormWrapper.svelte
+++ b/src/lib/components/form/FormWrapper.svelte
@@ -1,10 +1,13 @@
-
 <div class="form-wrapper">
-  <slot />
+	<slot />
 </div>
 
 <style>
-  :global(.form-control) {
-    margin-bottom: 16px;
-  }
+	.form-wrapper {
+		display: flex;
+		flex-direction: column;
+		gap: 16px;
+		width: 100%;
+		align-items: flex-start;
+	}
 </style>
diff --git a/src/lib/constants.ts b/src/lib/constants.ts
new file mode 100644
index 0000000..6846fac
--- /dev/null
+++ b/src/lib/constants.ts
@@ -0,0 +1 @@
+export const allowedImages = ['image/png', 'image/jpg', 'image/jpeg'];
diff --git a/src/lib/i18n/en/account.json b/src/lib/i18n/en/account.json
index 2fec6dd..0caace5 100644
--- a/src/lib/i18n/en/account.json
+++ b/src/lib/i18n/en/account.json
@@ -1,4 +1,5 @@
 {
+  "title": "Manage your account",
   "username": "Username",
   "displayName": "Display Name",
   "changeEmail": "Change email address",
@@ -8,12 +9,26 @@
   "currentPassword": "Current password",
   "newPassword": "New password",
   "repeatPassword": "Repeat new password",
+  "passwordHint": "At least 8 characters, a capital letter and a number required.",
   "submit": "Submit",
+  "changeSuccess": "Account settings changed successfully!",
+  "avatar": {
+    "title": "Profile avatar",
+    "change": "Change avatar",
+    "remove": "Remove avatar",
+    "done": "Done",
+    "restart": "Restart",
+    "upload": "Upload",
+    "uploadLabel": "Upload image file",
+    "hint": "Allowed image formats: .png, .jpg, .jpeg. Image must be less than 10 MB in size."
+  },
   "login": {
     "title": "Log in",
     "email": "Email",
     "password": "Password",
-    "submit": "Log in"
+    "submit": "Log in",
+    "otp": "Two-factor authentication is enabled",
+    "otpCode": "Enter the code displayed on the authenticator app"
   },
   "errors": {
     "invalidLogin": "Invalid email or password!",
@@ -23,6 +38,19 @@
     "passwordRequired": "The password is required.",
     "passwordMismatch": "The passwords do not match!",
     "invalidPassword": "The provided password is invalid.",
-    "invalidDisplayName": "The provided display name is invalid."
+    "invalidDisplayName": "The provided display name is invalid.",
+    "otpFailed": "The code you entered was invalid. Please note that you will be given a new QR code for subsequent retries."
+  },
+  "otp": {
+    "title": "Two-factor authentication",
+    "enabled": "Two-factor authentication is enabled",
+    "disabled": "Your account does not have two-factor authentication enabled.",
+    "activated": "Two-factor authentication has been activated successfully!",
+    "scan": "Scan this QR code with the authenticator app of your choice",
+    "code": "Enter the code displayed on the authenticator app",
+    "return": "Return to account management",
+    "retry": "Try again",
+    "activate": "Set up two factor authentication",
+    "deactivate": "Deactivate"
   }
 }
diff --git a/src/lib/i18n/en/common.json b/src/lib/i18n/en/common.json
index 76ae907..f25a630 100644
--- a/src/lib/i18n/en/common.json
+++ b/src/lib/i18n/en/common.json
@@ -1,5 +1,8 @@
 {
   "siteName": "Icy Network",
   "description": "Icy Network is a Single-Sign-On service used by other applications.",
-  "cookieDisclaimer": "The website may use temporary cookies for storing your login session and ensuring your security. This web service is&nbsp;<a href=\"https://git.icynet.eu/IcyNetwork/icynet-auth-server\" target=\"_blank\">completely open source</a> and can be audited by anyone."
+  "cookieDisclaimer": "The website may use temporary cookies for storing your login session and ensuring your security. This web service is&nbsp;<a href=\"https://git.icynet.eu/IcyNetwork/icynet-auth-server\" target=\"_blank\">completely open source</a> and can be audited by anyone.",
+  "submit": "Submit",
+  "cancel": "Cancel",
+  "manage": "Manage"
 }
diff --git a/src/lib/server/challenge.ts b/src/lib/server/challenge.ts
index f34b5da..3c8fb7f 100644
--- a/src/lib/server/challenge.ts
+++ b/src/lib/server/challenge.ts
@@ -66,7 +66,7 @@ export class Challenge {
 
 		const userOtp = await TimeOTP.getUserOtp(subject);
 		if (!userOtp) {
-			throw new Error('Invalid request');
+			throw new Error('User has no OTP');
 		}
 
 		const data = await Challenge.challengeFromBody<TRes>(body, subject.uuid, userOtp.token);
diff --git a/src/lib/server/drizzle/schema.ts b/src/lib/server/drizzle/schema.ts
index 9552f46..e78c937 100644
--- a/src/lib/server/drizzle/schema.ts
+++ b/src/lib/server/drizzle/schema.ts
@@ -9,7 +9,7 @@ import {
 	timestamp,
 	mysqlEnum,
 	index,
-	type AnyMySqlColumn,
+	type AnyMySqlColumn
 } from 'drizzle-orm/mysql-core';
 
 export const auditLog = mysqlTable('audit_log', {
@@ -131,6 +131,8 @@ export const upload = mysqlTable('upload', {
 		.notNull()
 });
 
+export type Upload = typeof upload.$inferSelect;
+
 export const user = mysqlTable(
 	'user',
 	{
diff --git a/src/lib/server/upload.ts b/src/lib/server/upload.ts
new file mode 100644
index 0000000..59fbe05
--- /dev/null
+++ b/src/lib/server/upload.ts
@@ -0,0 +1,67 @@
+import { eq } from 'drizzle-orm';
+import { db, upload, user, type Upload, type User } from './drizzle';
+import { Users } from './users';
+import { readFile, unlink, writeFile } from 'fs/promises';
+import { join } from 'path';
+import * as mime from 'mime-types';
+
+const fallbackImage = await readFile(join('static', 'avatar.png'));
+
+export class Uploads {
+	static fallbackImage = fallbackImage;
+	static uploads = join('uploads');
+
+	static async getAvatarByUuid(
+		uuid: string
+	): Promise<{ file: string; mimetype: string } | undefined> {
+		const user = await Users.getByUuid(uuid);
+		if (!user?.pictureId) {
+			return undefined;
+		}
+
+		const [picture] = await db
+			.select({ mimetype: upload.mimetype, file: upload.file })
+			.from(upload)
+			.where(eq(upload.id, user.pictureId));
+		return picture;
+	}
+
+	static async removeUpload(subject: Upload) {
+		try {
+			unlink(join(Uploads.uploads, subject.file));
+		} catch {
+			// ignore unlink error
+		}
+
+		await db.delete(upload).where(eq(upload.id, subject.id));
+	}
+
+	static async removeAvatar(subject: User) {
+		if (!subject.pictureId) return;
+
+		const [fileinfo] = await db.select().from(upload).where(eq(upload.id, subject.pictureId));
+		if (fileinfo) {
+			await Uploads.removeUpload(fileinfo);
+		}
+
+		await db.update(user).set({ pictureId: null }).where(eq(user.id, subject.id));
+	}
+
+	static async saveAvatar(subject: User, file: File) {
+		const ext = mime.extension(file.type);
+		const newName = `user-${subject.uuid.split('-')[0]}-${Math.floor(Date.now() / 1000)}.${ext}`;
+		const arrayBuffer = await file.arrayBuffer();
+		// Write to filesystem
+		await writeFile(join(Uploads.uploads, newName), Buffer.from(arrayBuffer));
+		// Remove old
+		await Uploads.removeAvatar(subject);
+		// Update DB
+		const [retval] = await db.insert(upload).values({
+			original_name: file.name,
+			mimetype: file.type,
+			file: newName,
+			uploaderId: subject.id
+		});
+		await db.update(user).set({ pictureId: retval.insertId });
+	}
+}
diff --git a/src/lib/server/users/index.ts b/src/lib/server/users/index.ts
index af42284..465818e 100644
--- a/src/lib/server/users/index.ts
+++ b/src/lib/server/users/index.ts
@@ -4,6 +4,15 @@ import { db, user, type User } from '../drizzle';
 import type { UserSession } from './types';
 
 export class Users {
+	static async getByUuid(uuid: string): Promise<User | undefined> {
+		const [result] = await db
+			.select()
+			.from(user)
+			.where(and(eq(user.uuid, uuid), eq(user.activated, 1)))
+			.limit(1);
+		return result;
+	}
+
 	static async getByLogin(login: string): Promise<User | undefined> {
 		const [result] = await db
 			.select()
diff --git a/src/lib/server/users/totp.ts b/src/lib/server/users/totp.ts
index 644b213..08d43b6 100644
--- a/src/lib/server/users/totp.ts
+++ b/src/lib/server/users/totp.ts
@@ -47,4 +47,12 @@ export class TimeOTP {
 			.limit(1);
 		return token;
 	}
+
+	public static async saveUserOtp(subject: User, secret: string) {
+		await db.insert(userToken).values({
+			type: 'totp',
+			token: secret,
+			userId: subject.id
+		});
+	}
 }
diff --git a/src/routes/+page.server.ts b/src/routes/+page.server.ts
new file mode 100644
index 0000000..336c438
--- /dev/null
+++ b/src/routes/+page.server.ts
@@ -0,0 +1,3 @@
+import { redirect } from '@sveltejs/kit';
+
+export const load = () => redirect(302, '/account');
diff --git a/src/routes/account/+page.server.ts b/src/routes/account/+page.server.ts
index 0e9a5cc..749e16c 100644
--- a/src/routes/account/+page.server.ts
+++ b/src/routes/account/+page.server.ts
@@ -1,7 +1,9 @@
 import { Challenge } from '$lib/server/challenge.js';
 import type { User } from '$lib/server/drizzle';
+import { Uploads } from '$lib/server/upload.js';
 import { Users, type UserSession } from '$lib/server/users/index.js';
 import { TimeOTP } from '$lib/server/users/totp.js';
+import { passwordRegex } from '$lib/validators.js';
 import { fail, redirect } from '@sveltejs/kit';
 
 interface AccountUpdate {
@@ -23,7 +25,7 @@ export const actions = {
 		const currentUser = await Users.getBySession(locals.session.data?.user);
 		if (!currentUser) {
 			await locals.session.destroy();
-			return redirect(301, '/login');
+			return redirect(303, '/login');
 		}
 
 		const body = await request.formData();
@@ -86,6 +88,14 @@ export const actions = {
 			});
 		}
 
+		if (data.newPassword && !passwordRegex.test(data.newPassword)) {
+			return fail(400, {
+				displayName: data.displayName,
+				errors: ['invalidPassword'],
+				fields: ['newPassword']
+			});
+		}
+
 		// Invalid display name
 		if (data.displayName && (data.displayName.length < 3 || data.displayName.length > 32)) {
 			return fail(400, {
@@ -97,7 +107,7 @@ export const actions = {
 
 		// When updating email or password, we check if OTP has been enabled.
 		// If it is, we need to ask for the OTP code.
-		if (data.newEmail || data.newPassword) {
+		if (!body.has('challenge') && (data.newEmail || data.newPassword)) {
 			const isOtp = await TimeOTP.isUserOtp(currentUser);
 			if (isOtp) {
 				const challenge = await Challenge.issueChallenge(data, currentUser.uuid);
@@ -136,6 +146,39 @@ export const actions = {
 			fields: <string[]>[],
 			displayName: data.displayName || currentUser.display_name
 		};
+	},
+	avatar: async ({ request, locals }) => {
+		const currentUser = await Users.getBySession(locals.session.data?.user);
+		if (!currentUser) {
+			await locals.session.destroy();
+			return redirect(303, '/login');
+		}
+
+		const formData = Object.fromEntries(await request.formData());
+
+		if (!(formData.file as File).name || (formData.file as File).name === 'undefined') {
+			return fail(400, {
+				error: true,
+				message: 'You must provide a file to upload'
+			});
+		}
+
+		const { file } = formData as { file: File };
+
+		await Uploads.saveAvatar(currentUser, file);
+
+		return { avatarChanged: true };
+	},
+	removeAvatar: async ({ locals }) => {
+		const currentUser = await Users.getBySession(locals.session.data?.user);
+		if (!currentUser) {
+			await locals.session.destroy();
+			return redirect(303, '/login');
+		}
+
+		await Uploads.removeAvatar(currentUser);
+
+		return { avatarChanged: true };
 	}
 };
 
@@ -148,9 +191,12 @@ export async function load({ locals, url }) {
 	}
 
 	const otpEnabled = await TimeOTP.isUserOtp(currentUser);
+	const updateRef = Date.now();
 
 	return {
 		user: userInfo,
-		otpEnabled
+		otpEnabled,
+		hasAvatar: !!currentUser.pictureId,
+		updateRef
 	};
 }
diff --git a/src/routes/account/+page.svelte b/src/routes/account/+page.svelte
index b63562c..9f9e33b 100644
--- a/src/routes/account/+page.svelte
+++ b/src/routes/account/+page.svelte
@@ -2,75 +2,185 @@
 	import { t } from '$lib/i18n';
 	import LogoutButton from '$lib/components/LogoutButton.svelte';
 	import type { ActionData, PageData } from './$types';
+	import FormControl from '$lib/components/form/FormControl.svelte';
+	import FormSection from '$lib/components/form/FormSection.svelte';
+	import FormWrapper from '$lib/components/form/FormWrapper.svelte';
+	import Button from '$lib/components/Button.svelte';
+	import Alert from '$lib/components/Alert.svelte';
+	import ViewColumn from '$lib/components/ColumnView.svelte';
+	import MainContainer from '$lib/components/MainContainer.svelte';
+	import SplitView from '$lib/components/SplitView.svelte';
+	import { enhance } from '$app/forms';
+	import type { SubmitFunction } from '@sveltejs/kit';
+	import AvatarCard from '$lib/components/avatar/AvatarCard.svelte';
+	import AvatarModal from '$lib/components/avatar/AvatarModal.svelte';
+	import { writable } from 'svelte/store';
 
 	export let data: PageData;
 	export let form: ActionData;
+
+	let internalErrors: string[] = [];
+	$: errors = [...internalErrors, ...(form?.errors?.length ? form.errors : [])];
+
+	let usernameRef: HTMLInputElement;
+	let displayRef: HTMLInputElement;
+	let showAvatarModal = writable(false);
+
+	const enhanceFn: SubmitFunction = ({ formData, cancel }) => {
+		internalErrors.length = 0;
+
+		const pwd = formData.get('newPassword') as string;
+		const repeat = formData.get('repeatPassword') as string;
+		if (pwd && pwd !== repeat) {
+			internalErrors.push('passwordMismatch');
+			return cancel();
+		}
+
+		return async ({ update }) => {
+			await update();
+
+			// Reset these values, as they are cleared but we don't want that.
+			if (usernameRef) {
+				usernameRef.value = data.user.username;
+			}
+
+			if (displayRef) {
+				displayRef.value = form?.displayName || data.user.name;
+			}
+		};
+	};
 </script>
 
-<span>{data.user.name}</span>
+<MainContainer>
+	<h1>{$t('common.siteName')}</h1>
+	<SplitView>
+		<div>
+			<h2>{$t('account.title')}</h2>
 
-<form action="?/update" method="POST">
-	<div class="form-control">
-		<label for="form-username">{$t('account.username')}</label>
-		<input
-			type="text"
-			disabled
-			value={data.user.username}
-			id="form-username"
-			autocomplete="username"
-		/>
-	</div>
+			<form action="?/update" method="POST" use:enhance={enhanceFn}>
+				<FormWrapper>
+					{#if form?.success}<Alert type="success">{$t('account.changeSuccess')}</Alert>{/if}
+					{#if errors.length}
+						{#each errors as error}
+							<Alert type="error">{$t(`account.errors.${error}`)}</Alert>
+						{/each}
+					{/if}
 
-	<div class="form-control">
-		<label for="form-displayName">{$t('account.displayName')}</label>
-		<input
-			type="text"
-			name="displayName"
-			value={form?.displayName || data.user.name}
-			id="form-displayName"
-		/>
-	</div>
+					{#if form?.otpRequired}
+						<!-- Two-factor code request -->
+						<FormSection title={$t('account.login.otp')}>
+							<input name="challenge" value={form.otpRequired} type="hidden" />
+							<FormControl>
+								<label for="form-otpCode">{$t('account.login.otpCode')}</label>
+								<!-- svelte-ignore a11y-autofocus -->
+								<input id="form-otpCode" name="otpCode" autocomplete="off" autofocus />
+							</FormControl>
+						</FormSection>
+					{:else}
+						<FormControl>
+							<label for="form-username">{$t('account.username')}</label>
+							<input
+								type="text"
+								disabled
+								value={data.user.username}
+								id="form-username"
+								autocomplete="username"
+								bind:this={usernameRef}
+							/>
+						</FormControl>
 
-	<div class="form-subtitle">{$t('account.changeEmail')}</div>
+						<FormControl>
+							<label for="form-displayName">{$t('account.displayName')}</label>
+							<input
+								type="text"
+								name="displayName"
+								value={form?.displayName || data.user.name}
+								id="form-displayName"
+								bind:this={displayRef}
+							/>
+						</FormControl>
 
-	<div class="form-control">
-		<label for="form-currentEmail">{$t('account.currentEmail')}</label>
-		<input type="email" name="currentEmail" id="form-currentEmail" />
-	</div>
+						<FormSection title={$t('account.changeEmail')}>
+							<FormControl>
+								<label for="form-currentEmail">{$t('account.currentEmail')}</label>
+								<input type="email" name="currentEmail" id="form-currentEmail" />
+							</FormControl>
 
-	<div class="form-control">
-		<label for="form-newEmail">{$t('account.newEmail')}</label>
-		<input type="email" name="newEmail" id="form-newEmail" />
-	</div>
+							<FormControl>
+								<label for="form-newEmail">{$t('account.newEmail')}</label>
+								<input type="email" name="newEmail" id="form-newEmail" />
+							</FormControl>
+						</FormSection>
 
-	<div class="form-subtitle">{$t('account.changePassword')}</div>
+						<FormSection title={$t('account.changePassword')}>
+							<FormControl>
+								<label for="form-currentPassword">{$t('account.currentPassword')}</label>
+								<input
+									type="password"
+									autocomplete="current-password"
+									name="currentPassword"
+									id="form-currentPassword"
+								/>
+							</FormControl>
 
-	<div class="form-control">
-		<label for="form-currentPassword">{$t('account.currentPassword')}</label>
-		<input
-			type="password"
-			autocomplete="current-password"
-			name="currentPassword"
-			id="form-currentPassword"
-		/>
-	</div>
+							<FormControl>
+								<label for="form-newPassword">{$t('account.newPassword')}</label>
+								<input
+									type="password"
+									autocomplete="new-password"
+									name="newPassword"
+									id="form-newPassword"
+									aria-describedby="new-password-hint"
+								/>
+								<span id="new-password-hint">{$t('account.passwordHint')}</span>
+							</FormControl>
 
-	<div class="form-control">
-		<label for="form-newPassword">{$t('account.newPassword')}</label>
-		<input type="password" autocomplete="new-password" name="newPassword" id="form-newPassword" />
-	</div>
+							<FormControl>
+								<label for="form-repeatPassword">{$t('account.repeatPassword')}</label>
+								<input
+									type="password"
+									autocomplete="new-password"
+									name="repeatPassword"
+									id="form-repeatPassword"
+								/>
+							</FormControl>
+						</FormSection>
+					{/if}
 
-	<div class="form-control">
-		<label for="form-repeatPassword">{$t('account.repeatPassword')}</label>
-		<input
-			type="password"
-			autocomplete="new-password"
-			name="repeatPassword"
-			id="form-repeatPassword"
-		/>
-	</div>
+					<Button variant="primary" type="submit">{$t('account.submit')}</Button>
+				</FormWrapper>
+			</form>
+		</div>
 
-	<button class="btn">{$t('account.submit')}</button>
-</form>
+		<ViewColumn slot="side">
+			<div>
+				<h3>{$t('account.avatar.title')}</h3>
+				<AvatarCard user={data.user} cacheBust={data.updateRef}>
+					<ViewColumn>
+						<Button variant="primary" on:click={() => ($showAvatarModal = true)}
+							>{$t('account.avatar.change')}</Button
+						>
+						{#if data.hasAvatar}
+							<form action="?/removeAvatar" method="POST" use:enhance>
+								<Button variant="link" type="submit">{$t('account.avatar.remove')}</Button>
+							</form>
+						{/if}
+					</ViewColumn>
+				</AvatarCard>
+			</div>
 
-<LogoutButton />
+			<div>
+				<h3>{$t('account.otp.title')}</h3>
+				{#if data.otpEnabled}
+					<p>{$t('account.otp.enabled')}</p>
+				{:else}
+					<p>{$t('account.otp.disabled')}</p>
+				{/if}
+				<a href="/account/two-factor">{$t('common.manage')}</a>
+			</div>
+		</ViewColumn>
+	</SplitView>
+	<LogoutButton />
+</MainContainer>
+
+<AvatarModal show={showAvatarModal} />
diff --git a/src/routes/account/two-factor/+page.server.ts b/src/routes/account/two-factor/+page.server.ts
new file mode 100644
index 0000000..1ea3816
--- /dev/null
+++ b/src/routes/account/two-factor/+page.server.ts
@@ -0,0 +1,79 @@
+import { Challenge, type ChallengeBody } from '$lib/server/challenge.js';
+import { Changesets } from '$lib/server/changesets.js';
+import { CryptoUtils } from '$lib/server/crypto-utils';
+import type { User } from '$lib/server/drizzle';
+import { Users } from '$lib/server/users';
+import { TimeOTP } from '$lib/server/users/totp.js';
+import { fail, redirect } from '@sveltejs/kit';
+import * as QRCode from 'qrcode';
+
+interface ActivateChallenge {
+	secret: string;
+}
+
+interface ActivateRequest {
+	challenge: string;
+	otpCode?: string;
+}
+
+const issueActivateChallenge = async (subject: User) => {
+	const secret = TimeOTP.createSecret();
+	const challenge = await Challenge.issueChallenge<ActivateChallenge>({ secret }, subject.uuid);
+	const uri = TimeOTP.getUri(secret, subject.username);
+	const qr = await QRCode.toDataURL(uri);
+	return { challenge, qr, uri };
+};
+
+export const actions = {
+	activate: async ({ locals, request }) => {
+		const currentUser = await Users.getBySession(locals.session.data?.user);
+		if (!currentUser) {
+			await locals.session.destroy();
+			return redirect(303, '/login');
+		}
+
+		const body = await request.formData();
+		const { challenge, otpCode } = Changesets.take<ActivateRequest>(['challenge', 'otpCode'], body);
+
+		if (!challenge) {
+			return issueActivateChallenge(currentUser);
+		}
+
+		const decoded = await CryptoUtils.decryptChallenge<ChallengeBody<ActivateChallenge>>(challenge);
+
+		if (
+			!otpCode ||
+			decoded?.aud !== currentUser.uuid ||
+			!decoded?.data?.secret ||
+			!TimeOTP.validate(decoded.data.secret, otpCode)
+		) {
+			return fail(400, { invalid: true });
+		}
+
+		await TimeOTP.saveUserOtp(currentUser, decoded.data.secret);
+
+		// TODO: audit log
+
+		return { success: true };
+	},
+	deactivate: async ({ locals }) => {
+		const currentUser = await Users.getBySession(locals.session.data?.user);
+		if (!currentUser) {
+			await locals.session.destroy();
+			return redirect(303, '/login');
+		}
+	}
+};
+
+export async function load({ locals }) {
+	const currentUser = await Users.getBySession(locals.session.data?.user);
+	if (!currentUser) {
+		await locals.session.destroy();
+		return redirect(301, '/login');
+	}
+
+	const otpEnabled = await TimeOTP.isUserOtp(currentUser);
+	return {
+		otpEnabled
+	};
+}
diff --git a/src/routes/account/two-factor/+page.svelte b/src/routes/account/two-factor/+page.svelte
new file mode 100644
index 0000000..a523695
--- /dev/null
+++ b/src/routes/account/two-factor/+page.svelte
@@ -0,0 +1,58 @@
+<script lang="ts">
+	import Alert from '$lib/components/Alert.svelte';
+	import Button from '$lib/components/Button.svelte';
+	import MainContainer from '$lib/components/MainContainer.svelte';
+	import FormControl from '$lib/components/form/FormControl.svelte';
+	import FormSection from '$lib/components/form/FormSection.svelte';
+	import FormWrapper from '$lib/components/form/FormWrapper.svelte';
+	import { t } from '$lib/i18n';
+	import type { ActionData, PageData } from './$types';
+
+	export let data: PageData;
+	export let form: ActionData;
+</script>
+
+<MainContainer>
+	<h1>{$t('common.siteName')}</h1>
+	<h2>{$t('account.otp.title')}</h2>
+
+	{#if form?.success}
+		<Alert type="success">{$t('account.otp.activated')}</Alert>
+		<br />
+		<a href="/account">{$t('account.otp.return')}</a>
+	{:else if form?.challenge}
+		<form action="?/activate" method="POST">
+			<FormWrapper>
+				<FormSection title={$t('account.otp.scan')}>
+					<div class="qr-wrapper">
+						<img src={form?.qr} alt={form?.uri} />
+					</div>
+					<input value={form.challenge} type="hidden" name="challenge" />
+				</FormSection>
+				<FormControl>
+					<label for="form-otpCode">{$t('account.otp.code')}</label>
+					<input type="text" name="otpCode" id="form-otpCode" autocomplete="off" />
+				</FormControl>
+				<Button type="submit" variant="primary">{$t('account.submit')}</Button>
+			</FormWrapper>
+		</form>
+	{:else if form?.invalid}
+		<Alert type="error">{$t('account.errors.otpFailed')}</Alert>
+		<br />
+		<form action="?/activate" method="POST">
+			<Button type="submit" variant="link">{$t('account.otp.retry')}</Button>
+		</form>
+	{:else if data?.otpEnabled}
+		<Alert type="success">{$t('account.otp.enabled')}</Alert>
+		<br />
+		<form action="?/deactivate" method="POST">
+			<Button type="submit" variant="link">{$t('account.otp.deactivate')}</Button>
+		</form>
+	{:else}
+		<Alert type="default">{$t('account.otp.disabled')}</Alert>
+		<br />
+		<form action="?/activate" method="POST">
+			<Button type="submit" variant="link">{$t('account.otp.activate')}</Button>
+		</form>
+	{/if}
+</MainContainer>
diff --git a/src/routes/api/avatar/[slug]/+server.ts b/src/routes/api/avatar/[slug]/+server.ts
new file mode 100644
index 0000000..23d2615
--- /dev/null
+++ b/src/routes/api/avatar/[slug]/+server.ts
@@ -0,0 +1,24 @@
+import { Uploads } from '$lib/server/upload.js';
+import { readFile } from 'fs/promises';
+import { join } from 'path';
+
+export async function GET({ params }) {
+	const uuid = params.slug;
+	const uploadFile = await Uploads.getAvatarByUuid(uuid);
+	if (!uploadFile) {
+		return new Response(Uploads.fallbackImage, {
+			status: 200,
+			headers: {
+				'Content-Type': 'image/png'
+			}
+		});
+	}
+
+	const readUpload = await readFile(join(Uploads.uploads, uploadFile.file));
+	return new Response(readUpload, {
+		status: 200,
+		headers: {
+			'Content-Type': uploadFile.mimetype
+		}
+	});
+}
diff --git a/src/routes/login/+page.server.ts b/src/routes/login/+page.server.ts
index 7c87e94..ff8c544 100644
--- a/src/routes/login/+page.server.ts
+++ b/src/routes/login/+page.server.ts
@@ -1,9 +1,23 @@
+import { Challenge } from '$lib/server/challenge.js';
+import { Changesets } from '$lib/server/changesets.js';
 import { Users } from '$lib/server/users/index.js';
+import { TimeOTP } from '$lib/server/users/totp.js';
 import { fail, redirect, type Actions } from '@sveltejs/kit';
 
+interface LoginParams {
+	email: string;
+	password: string;
+	challenge: string;
+	otpCode: string;
+}
+
+interface LoginChallenge {
+	email: string;
+}
+
 export const actions = {
 	default: async ({ request, locals, url }) => {
-    // Redirect
+		// Redirect
 		const redirectUrl = url.searchParams.has('redirectTo')
 			? (url.searchParams.get('redirectTo') as string)
 			: '/';
@@ -13,23 +27,64 @@ export const actions = {
 			return redirect(303, redirectUrl);
 		}
 
-		const data = await request.formData();
-		const email = data.get('email') as string;
-		const password = data.get('password') as string;
+		// TODO: Audit log failed attempts
 
-		if (!email?.trim() || !password?.trim()) {
+		const body = await request.formData();
+		const { email, password, challenge, otpCode } = Changesets.take<LoginParams>(
+			['email', 'password', 'challenge', 'otpCode'],
+			body
+		);
+
+		if (!email) {
+			return fail(400, { incorrect: true });
+		}
+
+		if (!password && (!challenge || !otpCode)) {
 			return fail(400, { incorrect: true });
 		}
 
 		// Find existing active user
 		const loginUser = await Users.getByLogin(email);
-
-		// Compare user password
-		if (!loginUser || !(await Users.validatePassword(loginUser, password))) {
+		if (!loginUser) {
 			return fail(400, { email, incorrect: true });
 		}
 
-		// TODO: check two-factor
+		// Check OTP challenge
+		if (challenge && otpCode) {
+			const userOtp = await TimeOTP.getUserOtp(loginUser);
+			if (!userOtp) {
+				return fail(400, { email, incorrect: true });
+			}
+
+			try {
+				const valid = await Challenge.verifyChallenge<LoginChallenge>(
+					challenge,
+					loginUser.uuid,
+					otpCode,
+					userOtp.token
+				);
+
+				if (email !== valid.email) {
+					return fail(400, { email, incorrect: true });
+				}
+			} catch {
+				return fail(400, { email, incorrect: true });
+			}
+		} else {
+			// Compare user password
+			if (!loginUser || !password || !(await Users.validatePassword(loginUser, password))) {
+				return fail(400, { email, incorrect: true });
+			}
+		}
+
+		// Issue two-factor challenge
+		if (!challenge) {
+			const isOtp = await TimeOTP.isUserOtp(loginUser);
+			if (isOtp) {
+				const issued = await Challenge.issueChallenge<LoginChallenge>({ email }, loginUser.uuid);
+				return { otpRequired: issued, email };
+			}
+		}
 
 		// Create session data for user
 		const sessionUser = await Users.toSession(loginUser);
diff --git a/src/routes/login/+page.svelte b/src/routes/login/+page.svelte
index 43b6aa1..0dcc1fa 100644
--- a/src/routes/login/+page.svelte
+++ b/src/routes/login/+page.svelte
@@ -1,6 +1,10 @@
 <script lang="ts">
+	import { enhance } from '$app/forms';
+	import Alert from '$lib/components/Alert.svelte';
 	import Button from '$lib/components/Button.svelte';
+	import SideContainer from '$lib/components/SideContainer.svelte';
 	import FormControl from '$lib/components/form/FormControl.svelte';
+	import FormSection from '$lib/components/form/FormSection.svelte';
 	import FormWrapper from '$lib/components/form/FormWrapper.svelte';
 	import { t } from '$lib/i18n';
 	import type { ActionData } from './$types';
@@ -8,15 +12,27 @@
 	export let form: ActionData;
 </script>
 
-<div class="login-wrapper">
-	<div class="login-inner">
-		<h1>{$t('common.siteName')}</h1>
+<SideContainer>
+	<h1>{$t('common.siteName')}</h1>
 
-    <h2>{$t('account.login.title')}</h2>
+	<h2>{$t('account.login.title')}</h2>
 
-		<form action="" method="POST">
-			<FormWrapper>
-				{#if form?.incorrect}<p class="error">{$t('account.errors.invalidLogin')}</p>{/if}
+	<form action="" method="POST" use:enhance>
+		<FormWrapper>
+			{#if form?.incorrect}<Alert type="error">{$t('account.errors.invalidLogin')}</Alert>{/if}
+			{#if form?.otpRequired}
+				<!-- Two-factor code request -->
+				<FormSection title={$t('account.login.otp')}>
+					<input name="email" value={form.email} type="hidden" />
+					<input name="challenge" value={form.otpRequired} type="hidden" />
+					<FormControl>
+						<label for="login-otpCode">{$t('account.login.otpCode')}</label>
+						<!-- svelte-ignore a11y-autofocus -->
+						<input id="login-otpCode" name="otpCode" autocomplete="off" autofocus />
+					</FormControl>
+				</FormSection>
+			{:else}
+				<!-- Normal login -->
 				<FormControl>
 					<label for="login-email">{$t('account.login.email')}</label>
 					<input id="login-email" name="email" value={form?.email ?? ''} autocomplete="username" />
@@ -31,44 +47,23 @@
 						autocomplete="current-password"
 					/>
 				</FormControl>
+			{/if}
+			<Button type="submit" variant="primary">{$t('account.login.submit')}</Button>
+		</FormWrapper>
+	</form>
 
-				<Button type="submit" variant="primary">{$t('account.login.submit')}</Button>
-			</FormWrapper>
-		</form>
-
-    <div class="welcome">
-      <p class="text-bold">{$t('common.description')}</p>
-      <p>{@html $t('common.cookieDisclaimer')}</p>
-    </div>
+	<div class="welcome">
+		<p class="text-bold">{$t('common.description')}</p>
+		<p>{@html $t('common.cookieDisclaimer')}</p>
 	</div>
-</div>
+</SideContainer>
 
 <style>
-	.login-wrapper {
-		display: flex;
-		justify-content: flex-end;
+	.welcome {
+		margin-top: auto;
+
+		& .text-bold {
+			font-weight: 700;
+		}
 	}
-
-	.login-wrapper,
-	.login-inner {
-		height: 100%;
-	}
-
-	.login-inner {
-    display: flex;
-    flex-direction: column;
-		backdrop-filter: blur(8px);
-		-webkit-backdrop-filter: blur(8px);
-		padding: 40px;
-		max-width: 600px;
-    width: 100%;
-	}
-
-  .welcome {
-    margin-top: auto;
-
-    & .text-bold {
-      font-weight: 700;
-    }
-  }
 </style>
diff --git a/static/application.png b/static/application.png
new file mode 100644
index 0000000000000000000000000000000000000000..6ad5ce633b6045241648eb142ded0a295a7fde5a
GIT binary patch
literal 14817
zcmeHuWmH_vvNrDS5^R9rFu-7gyGwu&EWj`f65K7gyMzEif)iYVI|PRi9D=(9Cuq=*
z<UQxy_pW>YoVC9D@61|zX7B2%r@Nl2?&+Fd6QQ9dkBvcr0S5<%t*9WQ`Sj`W`$9u`
zdKWU|pMZmVHsGbL>!Jy9r*&|$H@C8Z(Ykm#z-VC}R_0HN^IPe9v4%p4vX4!XMhH6)
zA%++vFVwa>v6LfC80$-BvuSlij)F}(+_<Z2o5rAoAKxDDu3R5`E4QWHnre;Y%Rd@>
zZsIc;yFC8lTUqJaxw^WY_I=BB_si$%j548tpz_Drs8L7O<EihpXTa$2X6er`%!~W`
zzMC@vxd)?;N2i=?PeuKN_WI+HzAGsf-*)_V($uW}pRVVZ{qnjyXE*o1)XA<l&R-q*
z8C@DbEQNn0K6+;=!oo1R!s0_3f6mkl`UN-@us`XFAM$28b5}g|=0^D0B6xqtr#n8a
zd1fzu{;BNlj`i-r=gPX?>CTtoo?!Fl?4segMZ@=(+>K|}b-(b=!#(T6uluntcV)XN
zyZfVUGsoWMA5FKFiuSK^d_{(CBS$&xatz%2Cra$^SPXO9R)SVCOO}%Ye;tx`xRcQ(
zR!}-s0lTqx+K#I9Ok?|d`$)NuQkT<3>jc-;hKy&99iYnedV8C$9kn||eie+Z3pgE1
zEe1Q^NUklh4B3k~ACBy=-2GOK>ZH)xAESx)BVTlxlMiJ)Y(vc$7VR~LF;C)FIvzBQ
z2+7$aKkJ*}eZOexVO^t9h&Re5q+xH}wy!_*hL`Fo$BaUcz>4Q<228CQL~|e^%qfnU
z{ovke9FSmUq=<?ZDp0cXnkxU5K(Z_kjc7gepaIeoGEPqoj3~S_+cGT5N*3k=DYG^u
zX)3d|Me|sfG$rd>mm>7eX%1Js*D<hei{ba)Yf3Tl-fxQ&lYfRj#-10;e?taUI}&R8
zx%r8SCe^w3y^c|DdGq|9by*WjR;K%$Ys1pj_sLvFMDa5H8oTao^e|2EuOuyX;rnP_
zt^&7rEx(ct>|5?*h5gJA(`P#F9w_xNSIT-*SbVDPzfv66Uv3acI%p>G5|F&cF>7T(
zCUVjK_7+!29;POAMn6H!_<0~VLr<e`z(kBLnbLRjTd%s@`=&=``-&~`Eslql56((U
zD_<9l&n{caKAhNfMEf*rNM1x7)rdf|9I1vI)E^(<F?@}eD(&xDDj!F=YKvHFG`M;}
zZ;^B*tb~a)0Sl}b!ZAncuFov3ZJki`4<YWy-WJ3oD?*jMeB0|;nfl>oLL>9V`!AU>
zmI`Odmui&;KY4`K`IgEKnbcNQDj80_ESmV<Uk2?-?Y1nRNRP43GBT}C&b^p4#B^P3
zw3#J{ET@Y7v{zH`PM@kKiI0_PVdJvo#@j$yhqOw+!q{zJcahh4N};vDUIR3uqxQMG
ztxvJ;Sc~6yB$>k=T)!h1)S3E2E43!;XPiQ_AMu+y*3$#$WbPZ!NM>BGk@*W9k8}fP
z$%dOFA%dNRR(+u4(z*C3mlM^3Mrro#&}`{2Wg6rn(Ocbj#hGS55x`mdo_Cmm**4He
zSg0+9jEsCgB)x$16ybfX&y|uVwJ;Kn=}-*QCQ9i`dE)P<R+-*k1p65Er$yDuoSoD=
z%4KlR4>AFPh;YwVDNGs5o#ciXFSX<yb?mXde+)HL(1kQgGx$tOeH6L+kdH-#q=>x>
zz>cDkO)~dsT=-C&z!)a8f^<xzw5m2xCDQX5o1Qa@L!DZ+;Eab+?-wsFed2u;N}bK@
z(!@+fn3P>maIEG}{q`iFsaW;{BbeQ#9R0fv1+2`g1iM^gS7dCv?qXG<Yi3&?22v<h
zrxi$<9@0D_QFr$N1Zg(=1lp!pY*i}@mKM~o(R|i6cf4aJ=P01`_hOBZ23}aFy9WNK
z*ZH*n#+dLtrpFrYChT&6Ih;aSg5FS^RKozkC%?#~n(#?L*iy_|2shONeV*l5VqvW8
zoDx2Wq#6Fap-?SHb)lw-SPccakmIKhq49LBcQ#MbyB71r1Fe+<OsK=)i+hR~CUl?9
zH}nVm3r@&XPSycTMP*KE3)4>4L2USE@m5<{;y*AOFL5iG-rWScFm5AF;u{}G*Ly`v
zJnuAD4Nt#Bvozf+iVoftg+BXP=h3Vw-TnpTP3sm$_6y5lY_#Si?7<#qt#%@x`H$Nw
zOGiIZbr8M3ROi-lpd0T|@aHPZW}u9dejKaA5L40bo`g^;PajcSajr&!dyTfy9&<qJ
zr$b`_xOzlXd`+I!a_JdW$;u?C=hWXqKL6U>{v|Oyh1lz<>xY4P87ISC{+=D}Mqw)(
ztSJd^;~n7AX&`Otmq*6W?nQWlSA@w|2|pWrnhZnAE0@yA#rDeF!e0t9|LE?P;$ML6
zwShHQ0U=&T;qFS0N?r{Z;P{2oY~NjeDQXo1MtvrEcb`K+$y(58(xl}!!GnKND8fxL
z#q33QE>~=dcFn|L))Ma&zgC3%qsL{eg=6t^`pbs0`l8)9#5ZH{?4g%ph|mf<RKD=3
zA5$22)dE@BMEnR5vPX^K3)x#~gr=b(xNW<_ViBAHIr?Jf0810<nSpnf$~N$Ln2e}?
zu3cPg@&3)0Oc(?SI=?)~ZpVb~1M?Bfolg^sa%z;N*E5A@STKbKl|x_&QD+$j7Hv*4
zzD-I7sM6NcZd#cZnIYc*hpRrwz`pI`V)+l?T9ZKrQKuRX;<{c^w2IW^VbHW-9R+-%
z4CXFx7q^rh+r3YJBsE|7AU(#&wMLcen-@{;${J>LJVzNm&ReLJ2wI)2RnKypB`H?>
z9MDbZiGP@zdXL8x1w>}cP4Ev<*1>(m-bJHsbIeAgD3IQ_LyxDQl`?R>L7aY@-G#P{
zV<Vs2t|&1(R6a$uCut=d=YM4T+)$8F>F9ZH!*GF#%p9ezKTV%%L~I8uRu8&$VUTCO
z(AqmC^_)9KH4LI?TGj5x+1MmOy65JdVz>>JnV1gLyiyr6!!|F<Z<`>;xhG(}RpxiX
zi#ZAMaoE#J3qc$2>zVpa1Q-L4LSl=dW7;ksB_)zjaIi5j7964Za-DO-D>-73#Xics
z>lu6dTe);NRIv(7Aq-?ay<MvqoH2-g(#1zL6LfWW(`G~?@9?vAi0xEl<U87Ir)HWR
zhD6^xbaj)3pe#VIgw^4yWN91UMiX|D=@Pqy>MrtW?v)kiOkRHoT@1(P{G@YUq{AkY
z>M6p`@v+_p3=y>@H>lig!(({lIdGs*HD=_J(9Uhcjtjse3&)Iy*P3werX=d5!OhnZ
zOz5pAU+r9njK+}N#2W5x+%z@(8h!P^RjE-qY}HMf#7x@`UssPL&5|9H3lI0IF|MfV
zP9vOIc@M=09~Cozt_dwi>RPb#U9<FNJzyz-6ZTq{Dc{uyk4;F|_i&LG$Dww@9LURN
zoRX~Mk5Z26BIMJl!nXP0hb@|TD*gjY!lyZGOSiiv_=~3EFa-_b37nH$C7rx$QDo1i
z1uN~f<VQ>m#GdNiGtUrV;^lZj|6!z~waeah{B8C?U#v{z?6a?np}sF(stZ@zu&2%{
z`*^qD18FS%=X`K}Bzg$Kvg_Hroa)p@5dv5g8w6LkG_Hqn3(5_%QL`oZkn#ye0t-5Y
z-Eb`(E|8-pb9=<e1#w;G@j^q_)PT6loob4}$)`O8*?m-zswE*EKw&(<jVyNa6!k4&
z4u8F)-k%TLo8X#{%Yi@`5>h4@9su{5QX&Qdk1&|<dSIV3chN-PBNLO3?A4Od4`6D~
zR;x(pY+Bkj4(t08lqqz+>wR1=CXP4h?g85|Q!-3l(<!)`s+K_^k;-%EiW?|*Z^-Xb
zQGI!*`CZpQxIl@@0G~Y>xOWV+4UCwoclwU=W^tx2O*r?YpW%$wKy&U4V8hQ{G|R|z
zzjg{vFC~lD0(25-@=D;k;|1bpsr*&yUSYE%w6_<yFtkieOVG->>@L&V=IsUu_OP%c
zu45}?_UlN~Rrn*yJLj6GxL)&{_!GR3>@@l{hJpJHPTl`3Y&ZS0q6mE`968SS;nq#c
zjIUJ0)LQXfW6abAvZd0~c(W4qhkQzS!d+Zbx+F8%KY8D_CM;7DV0#M_#HF5tR+OCL
z6s$Wj;Z!$%77<p+ywdME#i1^fSd@E73nvDR2<7d|mc7Ewnl0!qef~OJzmXIycN*~R
zy-Ln%UlV0HV_Q0XSD^qOhrFA_HkunXs(`{fSCRSWDJP__g^|$NPzK5+=7_MR5(a`p
z7?SMib=<R5F~{B7y8xY(;s!XHHiSwZxO!DDl3<Jh=t?vloQ;(=tD*{`c5ZQ`FT#T{
zU#Y~r!v5JKaPT>p#mYZKdT|Ez4$h-2C7rnIfc^|*)-f1^npT?^$W4ZbJx6DhTC?h#
zEf^$>sS;J&eE}zb4)~mt$b<)%mjFuv@~>z3$En+UQDwX?22RnvCmdZSEvRgooaH#r
zB0{$*&hNBPe!q^IMZt-oJ6>ek@{)2rBMNrMiO0{c9_ABzPg#Z3#QAnom%+{;<K>xy
zNC>_RI3RIWBr4Kj|9QrqpgbYhYKDB%tS)J(jB0>kgs{j*E1&2HCc(yrAWf+WV=KGn
z0-P|U5oN8)_Y`<06k!s&gb|@vk`2~lkTRYk3U~~w4@Pj26;-AN=IvW1HCUp!i|{y!
z)Kvtd$cPacgLLBjcmADVf;B)EYwmQ=l1yg$Bmg!TN5L)idb}K8*UUC85$-vUf-Z3<
zoYDI2_ub%EBbZsZdZA;jk+HWgu1cymP+k%7XG#Ovf?u6N0!-mQYbeS1R}@9Ksh^He
z-4b=b98^0X?G2D0C|<u^33n0M|5{_HYRj{Pg!nu+Y;jfi^#)_XZc@c3)jWKTMg;A2
z&DX2rM2XTi$ckNjmWby%o$3BkW+6`97^_jFL}MUcfBy0OlilTOouqcqm1CA3=5<8j
z8AuPGKJS^Nl2^syg|J0bvI%_Kq8!1Ryzt~mX0__gfC&7iOz))|fE?<RntK=^Fn?7D
zXIl3xT~2ynf@s0xi~>RVUU2m$Q8uZ*p41`B`~;L#zpNi*0xvH!%$4Zo&-~SbE)44b
z2uFB5Na2s~has4K%B%h*(U;a0zYx+7D_WC6zujtqv;?dvp`eopNI7-53ZBsCx~#c>
z1;p&0;x$T{{K6{2d5;vI`V$^Z-;YM*&ja7@E`A`NCl!^SRmOgkv(fKmz+6h}SBF}s
zSywIXsFS3{c%>WU={$Qhd8ApR4{p;{m!+lwQiK=jy@4xdilAa?w8JOXPnJ5j;lT|}
zN_aD_f!0*1J28v=5RMZ(W^&YxE<y}|%T*JWzOcm}6iZ@ck<d?i?MQNMKd0?v26~?S
zF>rY97gAELfAMaVA`?7<TMznm^a%hhAKn&h)CDarEljjbFA&E*`%<&vWhAMyP&(K*
zE&ozM1N)aF-uPxn!)1<R*7fI?J#g63#Rg4Md3*}+tF8o!L{iTr+zhlD3hzWxl;|~W
z)fH#S(7y+NL!Cff6Q&TPFFiyz?WAGoUzr%6PYw4zo`4^I>ySmYPn=MDVxGJkx1#*u
z77i}tjj;lJA(BW*L)6dLo~1&De@+_xmbVONNafZXRnZw}zI<RLLZFvi!ylG*ftS*U
z7Y|>HM^PPpKK3>bb;@A{RWy1Bsb-*7tU*^6gSv|_w~wG2vqmvzN&>N|2)f9muL`!9
zXeNe58CnHq7IsCIEq1odsFPYn`!A>UZz+4>b$13%2__ljUvr*L!V!AJh)6CABAe(6
zGe|7qtM<V@3Uka?d_Cmcnp@5MIvP(Bkf?&o56iutLPf>Ne}-3SSw*8&uTfW*p8rsa
zd_78cJWg{ipI!xT9`iE$;RH``N<b?9TAK#30qudCv7(637nrRtp+wuIF5pHulN_|N
zshq+472e<aafkwZ+et#9i6s4LM;+gg0tr2zoWlh3ovyRPn9vZ3zWaDNX5DPX`KOT?
z0Beb6XEppNIXa5do7e`Qr1IQWlDP=Dw7g5&@5`P05=8M}fu9=B^J>h4`M;4XG#1Yp
zzq?DtR0?~&?yv6_rhi?%567&}$*Jh&QV@AYI8p5Hg^k(YHJP-O-bYqT>OU4QWK;_8
zz`$ReCt2a(wFznq9jhfD3@iUJZEYss$Agr>S5@^r@{`jlvLSvu)$D3rR+vbk4R--v
zV(?{O)yuCu9tnJglNFHGI;WSrm*+Pp#B<ly-61h0*u2)eg*7CK3QIVb3&XRDn$AlZ
z%x^=cXR*xJGheK}0CSWuI~Hp+(bw$aJMK@jz!L;aJ}4c=han>en}CoY<1!O_MX%be
ze3c<Kn;UN893pqd+Dpp(MrX@ccNAeRaj(b8<h5M=IFog1?o{RJv-n2x7&L6s)+F$R
zA>>iDGp`58;JgX74NJ;w7`?rY>>81ELIAI{O5Qt`;C1y%X~?97PJmoe3Y83Y0N<LZ
zr7MPOldfLEI}C@!$d+1E^?ATw3^ba<?C`tuH<Q_`n@~pssexbD$z6CHJd1ucCiS%F
zkNYE7F?;8C1B;;A62P$KcUXw8StYVo4sbjpe1>Tt&mOt)pBucK*w|ZU*VvH7_&CgR
zk4E7Ee_YPd6gVz6{st~KR?Y52l2y!mBp=l<N@GgQ6lsdn6Xi07XmK-h=N)h<n~KjQ
zL}m;{H-fcEp3fh-Uqf|lxNtQ9V^Nm&WJ(O|nO8F|IkHH!Ph-o8AZU9L?U$X@Hr`K>
z3X6*$vc=G>VuJ*&7pYJvHZI_syoF}2;<*8t1dKn+kue?)Wh;Ffx}c9gBN`84ZPe2|
zs+_$mc+)DW_Z%CE+0#PzTRXqh4WI+TUp^7QarYsK7+qnWh^d<@@(^vvau@(dHfFXf
zjTqs$gkCb>45u+rn4)vyW#Yq*Xf6kOSqlb@fwd9ik(iOCMF-a}4T6|IJkEhA_3Sr9
zzG&{wTkM<!>_KUr8W=ZKUVO%(o<o{Y*Ff@o#y#ID{tb!5SxXqlgn%WdF#%($Q$h*B
zixzccGeI+$a(BhJ*pTH?QOJY>kJ{7f^H!#8*W~yqqiqE|S-$^FmL<JV?h>S(AMb0w
zugbppS8?ymsxd4Vao_Qx0nvLgIcY6YB&z!HZ!E5=>9i_fm7?;}uKAPp0ZusbBeb^>
z7=^@{H@N_&97zne)Usts;qeTxAKaI<3i+Sm$M5jw#i;fYv_;W@4qEefyxAnz-b0Be
zw3_rsc9T_^Qqmn-HUqdNg!>39qh<Y!z_MhAasWWm8oQ_Hb2$G`Vxh3KU8C+iRm2sb
z@=CmFj0Va!^HL#r??H4Oh!wdq7@v!Tk`od=iRHE$Rv5l{_?q+(PvUwHmz_+aG(az2
zXK=<(fYudUEE|F=g1Y!aGVj8!K0#eOw$*}cUc3DP+ffh6HI_|Q4*HpM3mycSO)wks
zdI<Mr(49{saei4txZA!Qj{(Gg5%!Uvm6?kqx-s7d!QNlx)=i$pyu$^cq>8o&8Q`+b
zALkpgIH(f-*}^c=w*3}*oSTL<VJyPgj5TXy*gf%HSs0>@z<+0{rI<&~d^_N6>=2EU
zPz-Oykk~Bel$j_^t8t(_Br0s%LQV~RK`)C!mcxG91PsqkWRK4{nA1)$_MnJFEG^HW
zj+LZ6t-d;1PpzE`rRrG<D-lBWRZ8Yt@*>nl1-;Nvc9xQ%9es9UyemUtj9wu-iIhr`
zDaTuuk3CP-9KB1K@GJj<-FCqWnuDRtYJ$i2T;|t$K0sGKnpEez)dr&Nw>(R@hUDkQ
z%JTFMTU#iHr2uzfxGzd_{S^prb$8r(5kz%a#u65D>(+!pr9E@${1y=6d{u4bA8Qx5
zn?CTM#0EU^MeAo~1kWNw8wLt8t)vZ=1ao_*T@`P2dCXJX49u_sxI^VGh_I=VkGk*8
z$+FUdL1|Ni3OLgdVv-rP-&N&#fMQNA#HFfQdCIQ!0QhUv!>Bkl1g-;y0_IV40ZGCU
zVHrV<lJctP>ur|RfT)uom;)mOd6BTr$K@G3xAeNTq=Tx)%JPiRVcB4XwDyPR87UZ&
zkQ20dBi_`6D%F#(%RexNG!a|Rpt|7eQ}M$jVO7;Olr@T!;-n}w9W&|{m2UbMS%TiX
zxzwqRL60#NMe}oNsY?2A1^$Rm^Asn$Sv9W9a;PdAvl9ADDYS@fh61Y(-NxT4TkgD+
zrH=+5>-V4c5<9ww^i19xXwB!^>TMw%BIzjdC9mN_{3oRhS0SDZ)bU>VED*CF^k%+|
zmBzqw!?GpmQ^?0InGS!iLlw?L6wBe(-E$-{#&-OL>+hUX&jWoPQgL-go^6sb9i<2E
zfl8K8&NQeoP&PF^oPx!CWbIf)d$_)<cbMLdmFxmZv_2sXTbX5Q>dl|+>|n@{GkjnR
zr7BUI51V_HN<R)yI0f0Y`_z<zpwQ=mdLC6&;=tg9sLN6w8_bZd)5Bumo%zFdb$^Vu
zL2iAGupqADfZsF{1py8Zc5Yu_s*tfl4>ME)<mc1j+GdWa^X{GGB#O$?S^94)@F00h
z*!=J)A%tKZc8=F>>OZI^gR%=phO<)?1*!3Q>r=`Q93r64zuWuXgq{<LAgl7D(b}}W
z8k-3f2*$qA<4L5R_uTLKM(|eM6L-LXmf{&z%I8Z3UOjPU%2s4|6wn0LHSQ)5Pqn>;
zOgbdzJ`asA=OrO)2+7oQwj%}9<`ZhCtcKhgOUFzjcrDHz$O)OOr|XwDU8?toncKQB
z={nMaxk4BIj20Jt%#ArHBRrzp1RYf-z0y2fE0`_FD7T`PG(F8s<2^b$HF?nG6pP9y
zUYxo9Fj^`f3>7&2l!97tWPPu$Vb!%+G!Du5#eF+nb{M(~nXGr52fnU+iv$>hhtF4H
zylSzGTbZZ03nfdYHASjE+5D0)LW)qO87n(+t!6`}YHD$&GmzgJ<(@gwkN|{c$?Vmh
z=C)ZPe__%kl0|m_KZdKH3tv3)3!XQf871!hqzUr8&NzGmByrl<Ti}I~>tjufzSrR`
za)C@ddh5=%u7n9~0b2K@6(*G=!zOAxC-_x>pw0Xv&O8$w+L*W<J5>f%nh<S5SbYwk
z_lp1C%!^eMwAV4-?{Heu{I#5Ld?oJqsR<Pkx>ZqAb{(ja+mIe(H$jKU=d;N~L#ID^
zw0@dt_P)AZ)4GKiFeSS9HVoH&K)i;`&D1H%?Y|j*4eiexA-G9HNkQ}*O>xavn3kc=
zhGEl=deZCLtqn;5mP-dmoc##%51eA!5QSdV$*%>Un3L8nX@nu7j`4Jub`xYf&?;oy
zY{=P)?`xk=J)&#4_DO`^C$CTyPnz?Qa#<GTNm~Hd9g#D$5izJGae7O;E>(lu&#*P~
zcn39&!Hi7rMOB=?&f(3~3O7x`xVv#S6g6GOply%VW_$VXvdAm*^7O+-NxXM{U@@cA
zIl5&xZ!2q=l2;)!xjAanEMnBsXs8cvI{_q@i{?x1m4)#c_f-fx%c}`tVZO@}#szrP
z(H3blk)2+9D)gEOHxsp43`UteljgQlhj~?Pr1@Cm(qpD0L9x5LHhZ!;eDc9AU>mFN
zwQ*I;3@~Q(H2i}Se*xs&L&o#i2aA+KR>ie-n<9oDj7EQ<LMwcJlNY7uh^*L*dDNmb
z&1`fJr@I5<ey)#uh<-k@b%h05Ntz?eZ{=)iw_LuyqVhh$dn=6Dp6G^mOHssctEjw}
zACX3EjL_u2r_*<8MIVlVsJ8IqE%Ah67L(0)$%#+W<f+~SXZ#S(OFdMjFWOobnS9@l
ziCB)JfJhJ_6*lho130Wp@pvX7BGYoclivkxh#32tXiHv5YBL-vJNv3(OP_XeK8rC$
zJV#k&t}eazdfQ!P7}E1{-p2ZsY9}Vuo062%3u)oc^Ly|lZytjyy6*kASFo;*jh6hp
z0v;(z-!O|zK7POGXp+hBeR;yh4hIJxWF;-Fp(ri=&oj-ZlgtdC1W|=<iD$jW;`soM
zKyy6D0gX)d@JPWo#E}|wQyAsoRKpu&RV>BGsJvBuhZAV^-s*Z;X;3LGny<egScs)r
zA>vUPgTqur@TkAVJFdlDqUr@KjhGq{w8YO_oS!;e8J_Sen3gsacw=TxUXz#<dVJk1
z?_cST{&CCiXcS)ylLQd~aEisNlJ1e|@n(`=@R$&@jJ>pHrzh|E>-g)0{m6d%3}sGK
z&q5P(UgsW!YTZ4Pf*`%Qsc@!<jgmqwU*JylkY`klPI>i==r7DXWFOCneNb5Z7X%VI
z$>2Z=)}k+RfjXH)nB?>7H`l1IJ7hRR42gkGU!jN;X0x~ts2weJk%SvYnjmzSHo<TG
zK)gBRG}r!LVs07R=y+Zz73cMSdGIQJiAMI;r}WwGl#Pvc)<e_|O^8?`<eynuG{eoS
zbdi=vchi4LJaUZH>|M;v_y0hQFQ}Lh=<K2cYUUpBWx2b%UtS)6(D4(8Q+D#ydeH%W
zI(nwCdOBj(RaF5)?QJ<BX7;8qP7hm$rz2=MI1zCV2ME*}=0a-<v#_!g1su0@0BEhu
zL;<h(RDr4v(lARa1urL<mY13~)XN$wWCjoy!w~TRKLOanTp+X_wl;RoU=LBiA6)R$
z{ckZBfcB4yi?t{~S5<>n+TIC93*rQE0y$(otlW42Vi>d{PG;s{O&Pg=Ks-H(0xVrz
z9Kc*$PhN1k^K#ldS#WU+2?=oldAN9ZIG!{(oIUMaARZic&h)<_{=$%fIYXVS99*pI
z?Pz~vLQL&lT|@zZr*_(Zj?dOXRrO!+cFzA`;fW6}4~PR7Hz$zG)|Tt<7S1lRZciZp
z7|{P};jI01QqQFcbGCPNg2H6oV0JF_e}^!G{>$FM)yd|MJ7!QWm<`PKN!9tOSMLAT
zrM#l5#=k6nQ($3b>+r|wiR}NT>0)L6Uu6BavHfoO<Idj)@?`!m-2bNiPv8G2KWV9|
zf@SQXuD^$;C?g8^-9OmO9%^L<{&Q=}%Ok{Z&JE!JnL$AuARq+BVafwC=ir9&@$r~K
zpfGcw+25cP?VMd8c2L-Fs3&kvt0x>YA#)(qoCnGQ;e!cqfCPd3973jozj3$)_(6gY
za~P2OZxHHER!><8vHAO`enXi(K?#`&^75OTfjEFb5R3yPU?#*NBm@!UFy(~;xy|^w
z`GMwqf1u2uU^#myTgX#5t!yC{FfIo>i$4v&2?tARD2f7jID!8q(XfHIm_Hea0#vN*
zTs{7)LEFj}rsV?p%_cWLNI*c48zjWT%P+vq_g6=M@N{5K&QF>68<QKz$@>@X@34TM
zoOvP^@;gtT0RF%}`2v=9f<avDowV)kZA1aTA!vVF{z-3Ik-vhXVCDRz;rTn`|B>@r
zFvq{1{+a?dR)3mkY5$}x7y|vP6K9AU?5~JC+5Oc7wS?GNz@Fy!KN9Mna;yI(SWpmD
zkQ>I&!(nO)65;^CK>Qr0PhsNV<}v36@tE-lm_z?^?_cQ7_U10`5GR<V#gnH`-aIAH
zA8%-x|4_;D$LW7*yIaD3^8|dF+dy6p9-uZi9~cM%^YO3&dB8v*fa@O)bN!yx|MXad
z>wj<}@<-us%fOS}U$Up=<!QCz`qy&x56+%O@PGOGM=bs?yP&20PbdEtzyG1@KXm<D
z4E$Tl|H-cZ(DiRI@NX&qC%gW?(S`9}1rN;bX&2=FRL*=aP0)KPg-}eD<z?Ws;cDQ{
z70L1ipCsrG3VP0PaF~R@FL=1L46-L7s*9qkEb2BQ5jGNNjzFpRslM7$l#$f-m_N+)
zbkUxs>KEr7Gz&qJqJ?0hM@f7E07}OYh?5GVURsxOm@cVLLuD7J>o~Lf3-k?2UY3e7
zyS`E*&f)BYtn{D-`zRxz(*;P-QktcIcsPZE70tcvm(vH`I(EJaeHiq<S`t`k>hM0k
zY7iN&jmuOc0<)Lxv1uT&F$WS8bzwxBAj?(-0(2$u%g}WGhZMgo`=8P;5egT?!6>58
zHB#xdJ(r@AFwgz${JwtXn$9~#V70&j7<>2(VvC=O&u;NT(tR7iPjK`MeGai}rbo<<
zBOpw`OPom<k-E9{mxVmrTEVf&l@%;^0V~ukOu*s`Ur_oxOdhcObMKFYun>dKBI4@m
z{vnePyF!XCTLePQwI6J>6Ql7gEpQgrbS!eQ!UmW)Ojvu{9fzZ_onNS^-r^ilV>|M5
z2fWZJs*|>**XA2|Hap+Qx+LCI;n`$ScI(q%X=`hNdticOzyTDd>iZ<6k8mCvwu`pX
zKMRs@tZRKRfLqDL^2=&?|K<E4$Lcmc5yvc-qw`D)V)({kM>wFvHf;3l%VXZ#eO872
zH+C&JOpEOV7_8s{fVG_d$!4=J?UfO0o>+#1Amr5OY~i)Hh=<bxL)WrSnir(z3#{$S
z%9WzeS9@m}++EXs2_z<&50h%9E*`g{ZQ_O>%zazh)>i|n-_R_UgjaRG&a0*IE7Z|0
z_iE|0Diz04-&<YCuaBN1k0;o9Ow|{D>!M*cFiFZ8`3xUefV&7rxN$r6dl>o9{vIe>
zHQ4A_wENYO{|fCg%-Qv%Q$K+wJ$D(WG|B|ZEh38CS8#0yHMQ4u%)DFL^<U)iFy);R
zPKw|s=4ZPz5B_?}U)ov*kLF9)|8CJ-MtJo-)n@`+7u)ogJs%_5>JItmvAULW*Fu#|
zwAG#GTX?X2<4JU1Pel2?7IiiEV=fOEVM3sJrHd@A_G5pzv&YROS8D_E%^{Vq(~yUU
zU`?HH_2c+Sm!z&2LzR$ojy#t3jC4@SM!HhW)2}yWm(Yf!&hJEr{a4YLyj@ROaUpGH
zH}6XzCWN$d6ORq0U#rJo_e2MUkxO2YT_0Lj<5X^cNdwRneg(8Ir1QeMv?t;04+2Ne
zL~qMcNh#`Ryg$nsFX-QxQgmI#1X!cCti&n5fAvk#LzMJqS`qh#=IYhPc^nG8LTpGs
zQ)Gb$9qN$v(qsAr=@HqSp?P$};KSq*k<aa8>6)C+>~vmH?;a7T_Pm!U&;r|1%}&ek
zBZB?c;P?F|<3^5lqk}|>)qGFW;LiFv`*+sk<7Zobah{Jb4Gr|$Zv(elr01`>_Hzkd
zF5zA4ws|jU?Q~0=WXq(IN?29v_hj<3wOxeUTGbn;6_#`Hmj+KR)+x#Pym<e0M4wbY
zLFamq*5lFtaf2Z5f(_zH0eT}noR*4~Dn8f2R>?At(A0I#C`3Y?&b$Kxn+!sHW}B_Z
z&aXCLkquphggK=+A1=rA^mdS1)#;DEctY3u5rs#ouP+R*cjIsS4++4Zd1YdLhIzGQ
z+{%h2eRL-jE~mMB<FVT0HA;@pZzv^S&_^4VjZU4#>bvkQ7zK5)PIG%RIr*U5<`5@#
z$cs)yuOD!RyYF+Xpdv8-0zY79DYnGa^Xy=19&##nc*r30gWmnNcy$0fZPgeDo4vwa
zJ6h$EI_>NS{v1JCOo^9=ox#b@{_{p}(4t_pT8yx~*KAfw2(5~xb%YEwG-lNrWjJH<
zLjnb^)~%Nv@{aijzjAV`zV%iYe4Cmt>ZmzzcV!_}&eL$V>m5cix-!w|B+bFG+-+ZI
zFgCtKP|V#@RT4ySPGGQ{0>R`rF6e%Katy-{9Y?0xp$QU_9Ky*}cp1+qm$|BEIM3!^
z$<wXGy>V82`p-e?BGX%+sHy?68QGJ*^-jleQi|RkN_*$y80*7;jj{UV;D}YxPX$3U
zKm|=>8bW(Dtxx{qFL%aO30gq*Ww)4EjFBa2SGKMRg3qa+?HeSdbs)F1y#I=25bRO5
zZhNw9bDTVm&Mt&xe}FUj%upA(@&N0ZrwLLFj)%=V8|>Qn1)|cZ)dxO;DH5fO(jbdA
zo7Xc`VGBB)4Fw+`7j#%R1Fs9LIl(k<C``twM>mwMWfnd7UbVk7!B0x$W5&0mVfjd2
zQ*DXcTC<`{Ngi?X)8$OwDM-37s@EIwG5oVvxV`7w5)YpvW43%xMtF}sjK<tJ-OwxC
z@T(EKFA_ZYvKG&~Z0ScZdBpWu=sU46x$C&tQ*Ah_kB?@zbFCx4E9eouX)5qY_clvM
zmOlF8vvslxCR@^44-AS~a$Q@w{mT1D8Oi9?Z7KEr^WAE=ZFAKGM$I6$((Xy<BF}Y6
zr!M7Ioo0QfjkEpv)z8t_UGEl1O!QL?Rx0}BGv=%tHl`i27j-G`o5w036kT$exZY}E
z+bA*H7!B^9BCU}6$qlPXbV9aKqDl>}+QC>|)hJYWIl3lr83Nz!yxq%E<s9<5&_UX+
zD1fqZZ)2*^Rm_;aZ^y*BO`LocuE(X_c!n=54(=ohf&*pcO!t>xh0$FHclD|;i%9B3
zISPCnzuf~Oy`nVy8vO$~NR_%b<&$Nl?3VNC?40VkKaz)2;^uSm0OZCUO=o+%Zw?!_
ztpWz7A6veI$-8{k*Ah;vEJ@yWWC`hErd%em!|?*^DrH`i$+oKcGSir&%Ad#E%@d5R
z+iJdGn%}hjU}vwHPkcm8++3^9bn;c8sswn=Pms4-Udo6tWitipT=2gCR4F5?5Iy56
z-Sb5#<7CWh1%3IHUol)cCZ*WUQ|xZ1s@ihs(VlS9?_u+umzpk6k6=)Wcp4%(Aym2-
zG?`H2)mft@-EbHgiAPh}iy%BK@+eM6`~X(XrF(tW(F=gcwwD|)C2mzz6BE-V@66Nv
zq&gO}Rmq#>3k-94r#<EXxp!pwQq1_7o=<H;vr-LLUExI#qVIWe%NvPc<RdD?+3N_f
zj~!(hmz|OAjCqK=->w1of-w$eedE~&DW#MA<&&>TC!7R(2kSN~8tnA*j8^&_iPZuk
ziZgH<n$iX=os@RENBnsWX2=zX2R+W^>xVVTf=)O`y5xp5u0nTbY-qx{^b8~m#Bn|k
z>-CJ!0V4F%q^$etqY3&Xnj|q<b-@YE>CHOhOry#aP-_6ErqPU!8o!<1{>E_N*z5h_
zJjmj6A16Fyv-b-`!ov*wV4~zN3d9CWNcPO3t<IV0i+r-n_p`<{ypQ?@O3}r^&FF4`
z>hVnC3%7{LpWnsw3N+*98hKRfbs_ZMVX-qru4;keg3Q(l$*J$GeCyn2FZbg%0$*VS
zC9{$q`PaB+MlE*ltWt4(xI=%T38#jM!D=>M3sV1lS!c$9r4no<8TyDqMf&;$s^4IO
z{Gba8NKi(~6-Ie}%v$Oh|5Jk-zJ0LO`Db>i564tfkEJ4WR_2;t(t}syg6rI_f9@OG
zi$ZMiq`VsKdA&v|u@+{&Z&^qy`=9O?@3&4`_#Uib%c4q3MAp3@^c#IbHWfp9WLi#s
z;@Bb!>>r+-(jA|@vNnNM*Rxj9#^RDTIVJ$>vf8ahA8l8qik>DnsmFKvK0hC;Ni;i$
z&W-f@S=)IHEa#5ES*HT5@k_08`Lb>na@;uE<fKW|*<Y1pDX-wUwi{PIG42|iJYx=n
zz7L2iweweHI$u)Omm)($Q9Sf8%iAFwh}9V)y}mYY&^3C2i(4Mlag63CVE`dsY$)`+
zT))(E=*OTtwZZ%(_kviYc|3Cyd!2bK2nt?ra~?jgD=*+Ge3`!FEysgcgR1njZPPME
zXk&aQl<-+PT`io@$6VjCpnnhLdeuKk;8F*1K0-U`^-Jd4Z(U0{jY>K#93zFQJMrOD
zj>bDKM@mm$;8R}XFw!3K3X4tg2JGb(F3f0ht8J9DlvyRW)kNv}sci6V??jic3#<+P
z=10VK?0~t?xC#7%jN;=L*5b9d_dNIJL!`+&QNqWEZGDIc=~DJdTiHFG>e`Ny_SM83
zK2}<|TSZo5#`RsKN^ian#$U};EYn0MuXaEbZ=}O;t-rSw_3!Nl6XLVmQEZcdn|m7{
zFGD{d_KY-(tlU2GzRPE?>F`Gmn|zIsJI(?lbWdgpln&&R9jUt}zc2V$tIlhcuqQl6
zzAhl<q2m$&kFFVDqO{T(^|h{lt+@Q=wgino;-pD0AQQVgag#WD+QY)w!N=Mew~xnq
zxi*ZOZ7hP>E2nvLg8qS~Y`OxCpN+Jril_Ddo6ryPEyxVcM&0YKtd(uFhg^wUEg_#Z
z%K{>5Oo7<YRr!J)mV(2;)pt9xOcf=#M|Z6l9v;#js-OW@@R&1YU{|oVty+j%-N3vK
z#w_PM!^~PFd<@NXhF*GpO@?N#7R$Mp*rqe;+RD0>ALR!>MC^wKKYxjmUt&_lc)xJK
z+B{Bo+nNch#k4#<Kw5H}#o-TJpih35_!Zahf*X@H|HxG{T9+>6id7@=X5FXjYS=+0
zEReEoL-yoEXJY&)*r4MQtD#PRb>zcxY45A4t}N$T)aSKPvO3;!ir9+{6w8Z;<Z#uX
zQE&FTZuH0RKYq=XNHw~Ka63(-;n11VGfq0_`_WzYW^4x_ayZ`ODGrNj;LuQmj5<~E
z7ZtNrYX6i-|Eh-mR8Idaoc<>LTRDZNbBEjZV5&z(q7(R31HviFs>xJHnFRhn{-r+X

literal 0
HcmV?d00001

diff --git a/static/avatar.png b/static/avatar.png
new file mode 100644
index 0000000000000000000000000000000000000000..25ce30ecfa6975685b9f51fd12339c2110135d8c
GIT binary patch
literal 2995
zcmb_edpOg58`o1$W_THkCCMp-Q09;{Sx&=<92axUsUn&~j-{a{DW`JWGmJ-$9jq3n
zLc*hsy(oLwBRQ-kVU0O#@2}^2ulK+Azvp{h_xHZ9`@XLGd-{Ao*XQ<G7kg>25?D-3
zOd922;|}=mKMnK?Fh4d+?*p8~6$js|Vq%i=KW&#-Sp^J8isMjdTk#ptemTQKcMe<~
z18VLl8*7iG$)!r)l*w_0)7Emq(2_ggu(pe3=}RJ!_O;7OpVdrvo!M<C7hHflw0JqC
z5^H&^vZlRit<PdhpF(;6P`I%Y0zM6v>N$Jsmv?)RyOFz9;bK3h|GIxFe#IRDy*6;D
zXO`6+Ayn%S9zAOC&?QtGN!93Jn!RF`<<;?ssN<#1Kvp65<0aGb;jrVS(xN1)-}{9%
zK`Nrs<rMwAzQP_^Qhug;L#S^_5UgBUI4%4k^P77^(+=M<2ChVHadLociY>m3W>F%`
zT33^9vP&-bmb7D<-_EWC8mWeB@T%U0J#EJfKWVDOW!HVATxRi;EWfR9J^gs+x(4sP
zIyo}WF2r8f>NOnAg!j*`?Ck7BwX1J{x-RGzJ9c3M^1Z)GGvPyXajg>vr1s)=A!Cjn
z3&3I(a{F#>$J@Fo<z+{fnVFeE#|;TEwGWoJR=BO*DueUgI#6);_No)rug+d}bIGG|
zOy&?GV$!X%*TeJjb5?kGI8PGUofY=fw{;?asUfO;QXn|db(7IL`{~mg%F=8qg~?<l
zbX2<3bF}d35G&!vZ2H^zX=kcm^m7&uinMZV96OF)+aNNH?&Ri5Zc38OViOW5SU<Hr
zB^OM}(aF*zQDtFaA*NYt+?Yj4OHOuVtMSg^{1ti9(^2hlROM5*7#W2w^@fIq`)p@s
zAeg;T?HB}6ab58A<5$SPN;P<|33*ZNy2*N%SPGkFw;8M^>$!)u5$%`{6*!V~kCD`w
zyA&w+S2a5ZB>DN6@vwCSN=G4AJV5cKKhWLDxlr%f9(JZ?Bwi?wX4X1~Wg)F6;_)uZ
zav4?!1@6}Px`{|7WQ>jH7?PxVk^AK1rGm!0nqYt3;s{kFlMM%6U2Y(oDF5L!J{@ym
zaO$-GgnUP?X)LmpuC`#G%iui=L@ANZ@!-QY5hF?!ccvUu5IXxvkg_m!_$jn8WK%+7
zKRx(^!4Vrb8)HaWRb43v?aFk<Pn!h6v`D45yH4uGBIyfP%WnT{rO6*`>XkUyzY<5S
z%>x~kv6g)|^@@WlbJRsaC)X^g2Nt&wNNo^j>-=VbKGG^p!^zV5K>xA*7O|EH#NZ@+
zB3}MvV}T#3J8etrBGazMP4~5?M+AMXw!$g5+Tqg!8Dz|-d@JF-)nWPmV@U1$uLD&B
zng!p#-*Yq_*k>ViW<ZxS5>fO)0*MzI6H$e=v*rLq8+r>PNDqd{a5<^HH+x&!&Mb;h
zqjE`Yeg-LBDyAAZ0HA4tRa>6cpHowZQ?KkMiQcZKktFkHu9%lPFWTdU<=9s3#myX5
z(90<U;JIC?G@3&6HzTPYF83lq8ZT7zYV@pULL#7s1oi${xsEX~i5PBLe&Vi%<C_i|
z&1LmH6rau!ua-4jDK9@T5zjHir&kSxelmYQGOiM<9N_Pt*B_D$CIt`{t`V&=5N|Xh
zt98EMETl%&c#RU7e=+M_0Wc-0L?VbH;np&08k@yf4u0&Dy2;}>l%VtNYC^Vd9Mr}f
zFK^~1BZw36{%%lDPvGo7lGz!OZ(~yv6Bn*w8^<jEeOSf~I>lzk_;8XF66zjB!Loy3
z1`mc*K?R+TD5s)c?Z1a0Rk*eLn-jTU)?9=!%kK}Fh(D0`mc!u)<*z<x?PM4u2-SXA
ztWx&M&ax3Gb0GA%N`9eM;^u6B{;1jL6MYti*wvPfASPN=N?-genT71avgv(2wB?MQ
z&G<8YO_7tXRy#%X1v8P=(~p;oU=E!}Hi)onH7cXz!dO)M12*~vrn#l1#njaY3eEyZ
z&fq~J?~fKPe`{y>PzKenWh%OR`x~V%cw~8<Jb?)##rt=^c#*_vo(SkpPfNI3)x!Oo
zy_(A{6?6L{;7WORbOniGNAkx@v>AnBRZw(H%wge^BCiM*h5KVOB|0<Cf1S_gA08@R
z6?6u{$nFh3`ZT_wo!jRv+VWNlmlmpW-g9hiZ4F=ov*#Cg1bSR7Mk33lp1H8FP;#M5
z)D7-wV=d9Xm{bnU0bkIxd@TM{;XqT)+3^y4H>j-}EW2?mN*I7G)<-ih!Ies#=XcO4
zsi~b*>iw9~s!PbmN0ZUd*<NAWR&`9y)YMdv>tDljal>I(I}X)Y%bMTS_!xQ8U7}fM
zkZvW~{^~7a!Sd{6WMsBl5%K=5UX8_$7ZgQ;<S%Y@PT`*+7L_g;8{dOEsDc!&LR2@K
zO|KqKMFcc^p_zYj0suU%Ezn0R<^o~an(}%vDvYFkb8%EZ1A5rgA6I$}T;fOI!%y^?
zaN<D|_Befhb#*jWIkMoH6w+I_*gyP<_P)zq*wzUyZP^Ne*rbVs6_xY_C$c-$Z<^jT
zT-fB*>_y(cE{k3KA<ncG;vW0>bt_cslmU0e!JSHY?4xh09fM{Hm86b9!7;F9mcftY
zsWr<J{BDpT4uI%}?GmB7$dR0(HDP{Nq*Q<2`*%Y1wh18-Z#G0E5=DGg3@9y7e`xXy
zXPc7m;R%eX!M2rjERJ$nCg;pZmO|30XVp4+b{fC3^eq3?Zlgdt*WfWoxr}DY#^y>?
zW17|BBM-z`6kFHPYOsHUhh~zMN>JIxOwJ+MO|e@l>me?q_U0fBDq}9rw`gSd%vsNP
z;!_XMPI%XiYj|%tk_nnM#n*NqyY~gJ%$0Y@Zgzookecs6d5k^2SfG0HJvDm3hxq0u
z<7Cd4YcZYSdIreuqGeZ!Uyyl>@0MhDRPTO;`*;H=*g0`I4`<OOS~4Dx!}M+ts%jz0
zIYu<=R}iIX&shm?J4p?kX*v1&bjJR!nwu%I7Ki;p=fp_2^^qEIq&&Y?0stE$x6Mf%
zXHglJI~cTm7W$Yno~y>Aw4{k~ZW?AYK1Kg_Pwa7KKI1wgB}cvhgaA~E{JGN+!2|}d
zUr=Qr$u~TQ5gOqTjD(zC?7{xNJ2?J^n2auu)AF;9Ry-RghAbrQBHh+9fdi}VS0Xi#
zAQ%@QLzYWU6P#rHS^zrOf6P(snI*E-ORva6KM1DIGtJUM9V+PyzQJIHQvHI*c5$U0
z?;bTSAC~2w-D9oFU=q}LI15|-Ov8KzZCOL%^#gl=<6(ISXbV>zH`=2s{e~<TgctIc
z4kSYouHmbkwf<=PTB<{MJ9`YdOn4o5J#;J7Tp4UeCg0i@aAQ93umc_V4R20S)V*#2
zoc?GjCnrZ7!psTel5%=TKJwm~Pki)koasj(iW?b%)vR{Mj(I-ci=mpUjg#Fo6|K0C
zVBgJFOpNk+chsk6<_cUXXxiYRvlcSr_ggRPzw`OyYnI!rP1f@KyxpP}s1wEi@&#P~
z{2k6>31?B=S_<)5)FCMMUrSBx?OUIH8C}o3ANVlfYlze*a~h5IEurI1O6Qs$BUbsu
zxbfhXdmDj9K=a`+rjgXw)P1yNHk&;Je`Yu^u(2liGqwU?_GYi4x#M-T+P5&Ny{ktD
zi@!V)XRo)mw0L-$NY(i0&#wubwQ3&e*3b6EDre8cQ7eYSXv?lz^1j}E4oQh9SoZ9S
u&x`o{SN3Xv3jLoj{eSU4AXs0W+>n_Z5Ao7$3lIT<TMT9EV$*^Q%={0JA&j#C

literal 0
HcmV?d00001

diff --git a/uploads/.gitignore b/uploads/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/uploads/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore