@vandenberghinc/volt 1.1.26 → 1.1.28

package/backend/dist/cjs/{server.js → backend/src/server.js}

@@ -27,20 +27,21 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var stdin_exports = {};
 __export(stdin_exports, {
-  Server: () => Server,
-  default: () => stdin_default
+  Server: () => Server
 });
 module.exports = __toCommonJS(stdin_exports);
+var import_url = require("url");
+var path = __toESM(require("path"));
 var http = __toESM(require("http"));
 var http2 = __toESM(require("http2"));
 var crypto = __toESM(require("crypto"));
-var nodemailer = __toESM(require("nodemailer"));
 var import_cluster = __toESM(require("cluster"));
 var os = __toESM(require("os"));
 var vlib = __toESM(require("@vandenberghinc/vlib"));
 var import_utils = require("./utils.js");
 var import_meta2 = require("./meta.js");
-var Mail = __toESM(require("./plugins/mail/ui.js"));
+var MailUI = __toESM(require("./plugins/mail/ui.js"));
+var import_mail = require("./plugins/mail/mail.js");
 var import_status = require("./status.js");
 var import_endpoint = require("./endpoint.js");
 var import_image_endpoint = require("./image_endpoint.js");
@@ -49,15 +50,18 @@ var import_database = require("./database/database.js");
 var import_users = require("./users.js");
 var import_paddle = require("./payments/paddle.js");
 var import_rate_limit = require("./rate_limit.js");
-var import_logger = require("./logger.js");
 var import_route = require("./route.js");
+var import_volt = require("@vandenberghinc/volt");
 const import_meta = {};
-var __dirname = typeof __dirname !== "undefined" ? __dirname : import_meta.dirname;
-const { log, error, warn } = import_logger.logger;
+const __filename = (0, import_url.fileURLToPath)(import_meta.url);
+const __dirname = path.dirname(__filename);
 const { debug } = vlib;
 class Server {
+  // ---------------------------------------------------------
   // Static attributes.
-  static content_type_mimes = [
+  // ---------------------------------------------------------
+  /** Content type per mime. */
+  static content_type_mimes = /* @__PURE__ */ new Map([
     [".html", "text/html"],
     [".htm", "text/html"],
     [".shtml", "text/html"],
@@ -67,7 +71,7 @@ class Server {
     [".jpeg", "image/jpeg"],
     [".jpg", "image/jpeg"],
     [".js", "application/javascript"],
-    [".ts", "application/javascript"],
+    [".ts", "application/typescript"],
     [".atom", "application/atom+xml"],
     [".rss", "application/rss+xml"],
     [".mml", "text/mathml"],
@@ -163,11 +167,9 @@ class Server {
     [".asf", "video/x-ms-asf"],
     [".wmv", "video/x-ms-wmv"],
     [".avi", "video/x-msvideo"]
-  ];
-  log;
-  warn;
-  error;
-  static compressed_extensions = [
+  ]);
+  /** All file path extensions that are already compressed. */
+  static compressed_extensions = /* @__PURE__ */ new Set([
     ".png",
     ".jpg",
     ".jpeg",
@@ -176,7 +178,7 @@ class Server {
     ".bmp",
     ".tiff",
     ".ico",
-    ".svg",
+    // ".svg",
     ".svgz",
     ".mng",
     ".apng",
@@ -205,68 +207,79 @@ class Server {
     ".mpg",
     ".mpeg",
     ".flv"
-  ];
-  // Instance properties
+  ]);
+  // ---------------------------------------------------------
+  // Attributes.
+  // ---------------------------------------------------------
+  /** The binded ip address. */
   ip;
+  /** The binded http port. */
   port;
+  /** The binded https port. */
   https_port;
+  /** The raw domain. */
   domain;
+  /** The full domain name with http/https depending if tls is enabled. */
   full_domain;
+  /** The persistent storage source directory. */
   source;
-  // vlib.Path type
+  /** Is the primary thread. */
   is_primary;
-  statics;
-  statics_aspect_ratios;
-  favicon;
-  enable_2fa;
-  enable_account_activation;
-  token_expiration;
-  google_tag;
+  /** Is in production mode. */
   production;
-  // public localhost: boolean;
-  multiprocessing;
-  processes;
+  /** The company information. */
   company;
+  /** The default meta information. */
   meta;
-  mail_style;
-  online;
+  /** Is running in offline mode. */
   offline;
-  // private honey_pot_key: string | null;
-  _keys;
-  additional_sitemap_endpoints;
-  log_level;
-  tls;
-  // public admin: AdminConfig;
-  // public ts: TypeScriptConfig;
-  lightweight;
-  performance;
-  csp;
-  default_headers;
-  http;
-  https;
-  endpoints;
-  err_endpoints;
+  /** The database instance. */
   db;
-  _sys_db;
-  // needs to be public for the RateLimit classes.
-  storage;
-  smtp;
-  smtp_sender;
+  /** The rate limit instance. */
   rate_limit;
-  blacklist;
-  _hash_key = null;
+  /** The added endpoints. */
+  endpoints = /* @__PURE__ */ new Map();
+  /** The added error endpoints. */
+  err_endpoints = /* @__PURE__ */ new Map();
+  /** A record of keys used for hashing. */
   keys = {};
-  _on_start = [];
-  _on_initialize = [];
-  _on_stop = [];
-  // public browser_preview?: BrowserPreview;
-  daemon;
-  _stop_tscompiler_watcher;
-  users;
-  payments;
+  /** Alias for the `Status` module. */
   status;
+  /** Alias for the `RateLimits` module. */
   rate_limits;
-  logger;
+  /** The file logger. */
+  log;
+  /** The users instance. */
+  users;
+  /** The payments instance. */
+  payments;
+  /** Daemon instance to manage a live daemon. */
+  daemon;
+  /** The mail instance. */
+  mail;
+  // Public for internal use:
+  csp;
+  statics_aspect_ratios;
+  google_tag;
+  rate_limit_api_key;
+  performance;
+  /** The events map @internal */
+  events = new vlib.Events();
+  // Private.
+  favicon;
+  statics;
+  _user_keys_opts;
+  additional_sitemap_endpoints;
+  tls;
+  default_headers;
+  http;
+  https;
+  threading;
+  // Private ollections.
+  _keys_db;
+  _sys_keys_db;
+  _website_status_db;
+  /** Construct a new server instance. */
   constructor({
     ip = "127.0.0.1",
     port,
@@ -280,46 +293,33 @@ class Server {
     company,
     meta = new import_meta2.Meta(),
     tls,
-    smtp,
-    mail_style = {
-      font: '"Helvetica", sans-serif',
-      title_fg: "#121B23",
-      subtitle_fg: "#121B23",
-      text_fg: "#1F2F3D",
-      button_fg: "#FFFFFF",
-      footer_fg: "#686B80",
-      bg: "#EEEEEE",
-      widget_bg: "#FFFFFF",
-      widget_border: "#E6E6E6",
-      button_bg: "#1F2F3D",
-      divider_bg: "#706780"
-    },
+    mail,
     rate_limit = {
       server: {
-        ip: null,
+        ip: void 0,
         port: import_rate_limit.RateLimitServer.default_port,
-        https: null
+        https: void 0
       },
       client: {
-        ip: null,
+        ip: void 0,
         port: import_rate_limit.RateLimitServer.default_port,
-        url: null
+        url: void 0
       }
     },
     keys = [],
     payments,
     default_headers,
     google_tag = void 0,
-    token_expiration = 86400,
-    enable_2fa = false,
-    enable_account_activation = true,
+    users,
     production = false,
-    multiprocessing = true,
-    processes,
+    threading = {
+      enabled: false,
+      threads: void 0
+    },
     offline = false,
     additional_sitemap_endpoints = [],
     log_level = 0,
-    daemon = {},
+    daemon = false
     // admin = {
     //     password: null,
     //     ips: [],
@@ -329,120 +329,7 @@ class Server {
     //     output: undefined,
     // },
     // browser_preview = undefined,
-    lightweight = false
   }) {
-    vlib.Scheme.validate(arguments[0], { err_prefix: "Server: ", strict: true, scheme: {
-      ip: { type: "string", required: false },
-      port: { type: "number", required: false },
-      domain: "string",
-      statics: { type: "array", default: [] },
-      is_primary: { type: "boolean", default: true },
-      source: "string",
-      database: {
-        type: ["string", "object"],
-        required: false,
-        scheme: { ...import_database.Database.constructor_scheme, _server: void 0 }
-      },
-      favicon: { type: "string", required: false },
-      // honey_pot_key: {type: "string", default: null},
-      company: {
-        type: "object",
-        default: {},
-        scheme: {
-          name: "string",
-          legal_name: "string",
-          street: "string",
-          house_number: "string",
-          postal_code: "string",
-          city: "string",
-          province: "string",
-          country: "string",
-          country_code: "string",
-          tax_id: { type: "string", default: null },
-          icon: { type: "string", default: null },
-          icon_path: { type: "string", default: null },
-          stroke_icon: { type: "string", default: null },
-          stroke_icon_path: { type: "string", default: null }
-        }
-      },
-      meta: { type: "object", required: false },
-      tls: {
-        type: ["object"],
-        required: false,
-        scheme: {
-          cert: "string",
-          key: "string",
-          ca: { type: "string", default: null },
-          passphrase: { type: "string", default: null }
-        }
-      },
-      rate_limit: {
-        type: ["boolean", "object"],
-        default: false,
-        scheme: {
-          server: { type: "object", default: {}, scheme: {
-            ip: { type: "string", default: null },
-            port: { type: "number", default: import_rate_limit.RateLimitServer.default_port },
-            https: { type: "object", default: null }
-          } },
-          client: { type: "object", default: {}, scheme: {
-            ip: { type: "string", default: null },
-            port: { type: "number", default: import_rate_limit.RateLimitServer.default_port },
-            url: { type: "string", default: null }
-          } }
-        }
-      },
-      keys: { type: "array", default: [] },
-      smtp: { type: ["null", "object"], required: false },
-      mail_style: {
-        type: "object",
-        required: false,
-        scheme: {
-          font: { type: "string", default: '"Helvetica", sans-serif' },
-          title_fg: { type: "string", default: "#121B23" },
-          subtitle_fg: { type: "string", default: "#121B23" },
-          text_fg: { type: "string", default: "#1F2F3D" },
-          button_fg: { type: "string", default: "#FFFFFF" },
-          footer_fg: { type: "string", default: "#686B80" },
-          bg: { type: "string", default: "#EEEEEE" },
-          widget_bg: { type: "string", default: "#FFFFFF" },
-          button_bg: { type: "string", default: "#421959" },
-          widget_border: { type: "string", default: "#E6E6E6" },
-          divider_bg: { type: "string", default: "#E6E6E6" }
-        }
-      },
-      payments: { type: ["null", "object"], required: false },
-      default_headers: { type: ["null", "object"], required: false },
-      google_tag: { type: "string", required: false },
-      token_expiration: { type: "number", required: false },
-      enable_2fa: { type: "boolean", required: false },
-      enable_account_activation: { type: "boolean", required: false },
-      production: { type: "boolean", required: false },
-      // localhost: { type: "boolean", required: false },
-      multiprocessing: { type: "boolean", required: false, default: true },
-      processes: { type: "number", required: false, default: null },
-      offline: { type: "boolean", default: false },
-      additional_sitemap_endpoints: { type: "array", default: [] },
-      log_level: { type: "number", default: 0 },
-      daemon: { type: ["object", "boolean"], default: {} },
-      // admin: {type: "object", default: {}, attributes: {
-      //     ips: {type: "array", default: []},
-      //     password: {
-      //         type: "string",
-      //         verify: (param: string, attrs) => (param.length < 10 ? `Parameter "Server.admin.password" must have a length of at least 10 characters.` : undefined),
-      //     },
-      // }},
-      // ts: {
-      //     type: "object",
-      //     required: false,
-      //     scheme: {
-      //         compiler_opts: {type: "object", default: {}},
-      //         output: "string",
-      //     },
-      // },
-      // browser_preview: {type: ["string", "undefined"], required: false, default: undefined},
-      lightweight: { type: "boolean", required: false }
-    } });
     if (production || port == null) {
       this.port = 80;
       this.https_port = 443;
@@ -454,29 +341,36 @@ class Server {
     this.is_primary = is_primary && import_cluster.default.isPrimary;
     this.source = new vlib.Path(source);
     this.favicon = favicon;
-    this.enable_2fa = enable_2fa;
-    this.enable_account_activation = enable_account_activation;
-    this.token_expiration = token_expiration;
     this.google_tag = google_tag;
     this.production = production;
-    this.lightweight = lightweight;
-    this.multiprocessing = multiprocessing;
-    this.processes = processes == null ? os.cpus().length : processes;
     this.company = company;
-    this.mail_style = mail_style;
     this.offline = offline;
-    this.online = !offline;
-    this._keys = keys;
+    this._user_keys_opts = keys;
     this.additional_sitemap_endpoints = additional_sitemap_endpoints;
-    this.log_level = log_level;
     this.tls = tls;
-    this.endpoints = /* @__PURE__ */ new Map();
-    this.err_endpoints = /* @__PURE__ */ new Map();
-    this.performance = new vlib.Performance("Server performance");
+    if (typeof threading === "boolean") {
+      this.threading = {
+        enabled: threading,
+        threads: os.cpus().length
+      };
+    } else {
+      this.threading = {
+        enabled: threading.enabled ?? true,
+        threads: threading.threads ?? os.cpus().length
+      };
+    }
     this.status = import_status.Status;
-    this.logger = import_logger.logger;
     this.rate_limits = import_rate_limit.RateLimits;
-    this.rate_limits.add({ group: "global", interval: 60, limit: 1e3 });
+    this.performance = new vlib.Performance("Server performance");
+    const log_source = this.source.join("logs");
+    if (!log_source.exists()) {
+      log_source.mkdir_sync({ recursive: true });
+    }
+    this.log = new vlib.logging.FileLogger({
+      level: log_level,
+      log_path: log_source.join("logs").str(),
+      error_path: log_source.join("errors").str()
+    });
     if (!this.source.exists()) {
       throw Error(`Source directory "${this.source.str()}" does not exist.`);
     }
@@ -485,9 +379,9 @@ class Server {
     while (this.domain.length > 0 && this.domain.charAt(this.domain.length - 1) === "/") {
       this.domain = this.domain.substr(0, this.domain.length - 1);
     }
-    this.full_domain = `http${tls == null || tls.key == null ? "" : "s"}://${domain}`;
-    while (this.full_domain.charAt(this.full_domain.length - 1) === "/") {
-      this.full_domain = this.full_domain.substr(0, this.full_domain.length - 1);
+    this.full_domain = `http${this.tls ? "s" : ""}://${this.domain}`;
+    while (this.full_domain.endsWith("/")) {
+      this.full_domain = this.full_domain.slice(0, -1);
     }
     this.statics = statics;
     this.statics_aspect_ratios = /* @__PURE__ */ new Map();
@@ -508,23 +402,43 @@ class Server {
     }
     this.meta = meta;
     const base_default_headers = {
-      "Vary": "Origin",
-      "Referrer-Policy": "same-origin",
+      // Cache correctness for CORS/preflight:
+      "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
+      // Safer default than same-origin, still keeps useful referrers:
+      "Referrer-Policy": "strict-origin-when-cross-origin",
       "Access-Control-Allow-Methods": "GET, POST, PUT, PATCH, DELETE, OPTIONS",
-      "Access-Control-Allow-Origin": "*",
       "Access-Control-Allow-Headers": "Content-Type, Authorization",
-      "Access-Control-Allow-Credentials": "true",
-      "X-XSS-Protection": "1; mode=block",
+      // Let browsers read our rate-limit hint:
+      "Access-Control-Expose-Headers": "X-RateLimit-Reset",
       "X-Content-Type-Options": "nosniff",
-      "frame-ancestors": "none",
       "X-Frame-Options": "DENY",
-      "Strict-Transport-Security": "max-age=31536000"
+      // Helpful isolation defaults (safe for most apps):
+      "Cross-Origin-Opener-Policy": "same-origin",
+      "Cross-Origin-Resource-Policy": "same-site",
+      // If you need SharedArrayBuffer, add COEP below (can break some embeds):
+      // "Cross-Origin-Embedder-Policy": "require-corp",
+      "Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload",
+      // Lock down powerful APIs by default.
+      // If you need one on a third-party origin, add it beside (self).
+      "Permissions-Policy": "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=(), hid=(), serial=(), xr-spatial-tracking=(), display-capture=(), screen-wake-lock=(), sync-xhr=(), publickey-credentials-get=(self), encrypted-media=(self), autoplay=(self 'https://www.youtube-nocookie.com') fullscreen=(self 'https://www.youtube-nocookie.com'), browsing-topics=()"
+      // Do NOT set Allow-Origin / Credentials statically; set them per-request below.
+      // "X-XSS-Protection": "1; mode=block", // deprecated
     };
     const default_csp = {
-      "default-src": "'self' https://*.google-analytics.com",
-      "img-src": `'self' http://${this.domain} https://${this.domain} https://*.google-analytics.com https://raw.githubusercontent.com/vandenberghinc/ `,
-      "script-src": "'self' 'unsafe-inline' https://ajax.googleapis.com https://www.googletagmanager.com https://googletagmanager.com https://*.google-analytics.com https://code.jquery.com https://cdn.jsdelivr.net/npm/@vandenberghinc/",
-      "style-src": "'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@vandenberghinc/"
+      "default-src": "'self'",
+      "base-uri": "'none'",
+      "object-src": "'none'",
+      "form-action": "'self'",
+      "frame-ancestors": "'none'",
+      // Keep GA images; drop explicit http:// to avoid mixed content.
+      "img-src": "'self' data: blob: https://*.google-analytics.com",
+      "script-src": "'self' https://ajax.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com",
+      // Needed for GA/GTAG beacons/fetch:
+      "connect-src": "'self' https://*.google-analytics.com",
+      "style-src": "'self'",
+      "font-src": "'self' data:",
+      // Auto-upgrade stray http URLs where possible:
+      "upgrade-insecure-requests": ""
     };
     if (default_headers == null) {
       this.csp = default_csp;
@@ -541,6 +455,9 @@ class Server {
       });
       this.default_headers = default_headers;
     }
+    if (!this.tls) {
+      delete this.default_headers["Strict-Transport-Security"];
+    }
     if (payments) {
       if (payments.type === "paddle") {
         this.payments = new import_paddle.Paddle({
@@ -551,47 +468,49 @@ class Server {
         throw Error(`Invalid payment processor type "${payments.type}", valid types are ["paddle"].`);
       }
     }
-    this.endpoints = /* @__PURE__ */ new Map();
-    this.err_endpoints = /* @__PURE__ */ new Map();
-    const log_source = this.source.join("logs");
-    if (!log_source.exists()) {
-      log_source.mkdir_sync();
-    }
-    import_logger.logger.log_level.set(this.log_level);
-    if (daemon === false) {
-      import_logger.logger.assign_paths(log_source.join("logs").str(), log_source.join("errors").str());
-    }
-    this.log = import_logger.logger.log.bind(import_logger.logger);
-    this.warn = import_logger.logger.warn.bind(import_logger.logger);
-    this.error = import_logger.logger.error.bind(import_logger.logger);
     if (daemon !== false) {
       const log_source2 = this.source.join("daemon");
       if (!log_source2.exists()) {
-        log_source2.mkdir_sync();
+        log_source2.mkdir_sync({ recursive: true });
       }
       this.daemon = new vlib.Daemon({
         name: this.domain.replaceAll(".", ""),
-        user: daemon.user || os.userInfo().username,
-        group: daemon.group || null,
-        command: "volt --service --start",
-        cwd: this.source.str(),
-        args: daemon.args || [],
-        env: daemon.env || {},
-        description: daemon.description || `Service daemon for website ${this.domain}.`,
-        auto_restart: true,
         logs: daemon.logs || log_source2.join("logs").str(),
-        errors: daemon.errors || log_source2.join("errors").str()
+        errors: daemon.errors || log_source2.join("errors").str(),
+        ...daemon
+        // user: (daemon as Record<string, any>).user || os.userInfo().username,
+        // group: (daemon as Record<string, any>).group || null,
+        // command: "volt --service --start",
+        // cwd: this.source.str(),
+        // args: (daemon as Record<string, any>).args || [],
+        // env: (daemon as Record<string, any>).env || {},
+        // description: (daemon as Record<string, any>).description || `Service daemon for website ${this.domain}.`,
+        // auto_restart: true,
       });
     }
     if (typeof database === "string") {
       this.db = new import_database.Database({ uri: database, _server: this });
-    } else if (database != null) {
+    } else {
       this.db = new import_database.Database({ ...database, _server: this });
     }
-    this.users = new import_users.Users(this);
-    if (smtp) {
-      this.smtp_sender = smtp.sender;
-      this.smtp = nodemailer.createTransport(smtp);
+    this._keys_db = this.db.collection({
+      name: "Volt.Keys",
+      indexes: ["id"]
+    });
+    this._sys_keys_db = this.db.collection({
+      name: "Volt.SystemKeys",
+      indexes: ["id"]
+    });
+    this._website_status_db = this.db.collection({
+      name: "Volt.WebsiteStatus",
+      indexes: ["id"]
+    });
+    this.users = new import_users.Users({
+      ...users,
+      _server: this
+    });
+    if (mail) {
+      this.mail = new import_mail.Mail(mail);
     }
     if (rate_limit) {
       if (this.is_primary) {
@@ -606,44 +525,36 @@ class Server {
   }
   // ---------------------------------------------------------
   // Utils.
-  // Get a content type from an extension.
+  /** Get a content type (MIME) from a file extension. */
   get_content_type(extension) {
-    let content_type = Server.content_type_mimes.find((item) => {
-      if (item[0] == extension) {
-        return item[1];
-      }
-    })?.[1];
-    if (content_type == null) {
-      content_type = "application/octet-stream";
-    }
-    return content_type;
+    return Server.content_type_mimes.get(extension.toLowerCase()) ?? "application/octet-stream";
   }
-  // Set log level.
+  /** Set the logging verbosity level. */
   set_log_level(level) {
-    this.log_level = level;
-    import_logger.logger.log_level.set(level);
+    this.log.level.set(level);
   }
   // ---------------------------------------------------------
   // Crypto (private).
-  // Generate a crypto key.
+  /** Generate a cryptographically secure random key as a hex string. */
   generate_crypto_key(length = 32) {
     return crypto.randomBytes(length).toString("hex");
   }
-  // Create a sha hmac with the master key.
+  /** Create an HMAC hash using the provided key and data. */
   hmac(key, data, algo = "sha256") {
     const hmac = crypto.createHmac(algo, key);
     hmac.update(data);
     return hmac.digest("hex");
   }
-  _hmac(data) {
-    if (!this._hash_key) {
-      throw new Error("Hash key not initialized");
-    }
-    const hmac = crypto.createHmac("sha256", this._hash_key);
-    hmac.update(data);
-    return hmac.digest("hex");
-  }
-  // Hash without a key.
+  // /** Create an HMAC hash using the server's master hash key. */
+  // hmac_with_master(data: string): string {
+  //     if (!this._master_hash_key) {
+  //         throw new Error("Hash key not initialized");
+  //     }
+  //     const hmac = crypto.createHmac("sha256", this._master_hash_key);
+  //     hmac.update(data);
+  //     return hmac.digest("hex");
+  // }
+  /** Create a hash (no key) of the given data using the specified algorithm. */
   hash(data, algo = "sha256") {
     if (typeof data !== "string") {
       data = JSON.stringify(data);
@@ -668,6 +579,23 @@ class Server {
   // Add header defaults.
   _set_header_defaults(stream) {
     stream.set_headers(this.default_headers);
+    const origin = stream.headers.origin;
+    if (origin) {
+      const same_http = `http://${this.domain}`;
+      const same_https = `https://${this.domain}`;
+      if (origin === same_http || origin === same_https) {
+        stream.set_header("Access-Control-Allow-Origin", origin);
+        stream.set_header("Access-Control-Allow-Credentials", "true");
+      } else {
+        stream.set_header("Access-Control-Allow-Origin", "*");
+      }
+      const req_hdrs = stream.headers["access-control-request-headers"];
+      if (req_hdrs)
+        stream.set_header("Access-Control-Allow-Headers", String(req_hdrs));
+      const req_method = stream.headers["access-control-request-method"];
+      if (req_method)
+        stream.set_header("Access-Control-Allow-Methods", String(req_method));
+    }
   }
   _find_endpoint(endpoint, method) {
     let route;
@@ -702,12 +630,12 @@ class Server {
         data: favicon.load_sync({ type: "buffer" }),
         content_type: this.get_content_type(favicon.extension()),
         _is_static: true,
-        _server: this
+        server: this
       });
     }
     const status_dir = this.source.join(".status");
     if (!status_dir.exists()) {
-      status_dir.mkdir_sync();
+      status_dir.mkdir_sync({ recursive: true });
     }
     const status_key_path = status_dir.join("key");
     let status_key;
@@ -740,9 +668,10 @@ class Server {
         if (this.https) {
           status.https_port = this.https_port;
         }
-        const data = await this._sys_db.load("status", {
+        const data = await this._website_status_db.load({ id: "status" }, {
           default: {
-            running_since: null,
+            id: "status",
+            running_since: void 0,
             running_threads: 0,
             total_threads: 0
           }
@@ -758,17 +687,17 @@ class Server {
   }
   // Create the sitemap endpoint.
   async _create_sitemap() {
-    if (this.lightweight) {
-      return;
-    }
-    log(2, "Creating sitemap.");
+    this.log(2, "Creating sitemap.");
     let sitemap = "";
     sitemap += '<?xml version="1.0" encoding="UTF-8"?>\n';
     sitemap += '<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">\n';
     for (const endpoint of this.endpoints.values()) {
       if (endpoint.allow_sitemap) {
+        if (endpoint.route.is_regex)
+          continue;
+        const ep = encodeURI(endpoint.route.endpoint_str.startsWith("/") ? endpoint.route.endpoint_str : `/${endpoint.route.endpoint_str}`);
         sitemap += `<url>
-   <loc>${this.full_domain}/${endpoint.route.endpoint_str}</loc>
+   <loc>${this.full_domain}${ep}</loc>
 </url>
 `;
       }
@@ -793,10 +722,7 @@ class Server {
   }
   // Create the robots.txt endpoint.
   async _create_robots_txt() {
-    if (this.lightweight) {
-      return;
-    }
-    log(2, "Creating robots.txt.");
+    this.log(2, "Creating robots.txt.");
     let robots = "User-agent: *\n";
     let disallowed = 0;
     for (const endpoint of this.endpoints.values()) {
@@ -825,8 +751,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
   /* private _create_admin_endpoint(): void {
   
           // Logs.
-          if (this.lightweight) { return; }
-          log(2, "Creating admin endpoint.");
+          this.log(2, "Creating admin endpoint.");
   
           // Add admin tokens.
           this.admin.tokens = [];
@@ -862,7 +787,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
                   password: "string",
               },
               ip_whitelist: this.admin.ips,
-              callback: async (stream: any, params: {password: string}) => {
+              callback: async (stream: Stream, params: {password: string}) => {
                   // Check key.
                   if (params.password !== this.admin.password) {
                       return stream.send({
@@ -898,7 +823,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
                   token: "string",
               },
               ip_whitelist: this.admin.ips,
-              callback: async (stream: any, params: {token: string}) => {
+              callback: async (stream: Stream, params: {token: string}) => {
                   // Verify token.
                   if (!verify_token(params.token)) {
                       return stream.send({
@@ -976,16 +901,16 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
       } */
   // Initialize statics.
   async _initialize_statics() {
-    log(2, "Initializing static directories.");
+    this.log(2, "Initializing static directories.");
     const static_paths = [];
-    const add_static_file = async (path, endpoint, cache = true) => {
-      static_paths.push(path.str());
-      const content_type = this.get_content_type(path.extension());
-      if (import_image_endpoint.ImageEndpoint.supported_images.includes(path.extension())) {
+    const add_static_file = async (path2, endpoint, cache = true) => {
+      static_paths.push(path2.str());
+      const content_type = this.get_content_type(path2.extension());
+      if (import_image_endpoint.ImageEndpoint.supported_images.includes(path2.extension())) {
         const e = new import_image_endpoint.ImageEndpoint({
           endpoint,
           content_type,
-          path,
+          path: path2,
           cache,
           rate_limit: "global",
           _is_static: true
@@ -1000,12 +925,12 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
           method: "GET",
           endpoint,
           content_type,
-          compress: !Server.compressed_extensions.includes(path.extension()),
+          compress: !Server.compressed_extensions.has(path2.extension().toLowerCase()),
           cache,
           rate_limit: "global",
-          _static_path: path.str(),
+          file_path: path2,
           _is_static: true
-        })._load_data_by_path(this));
+        }));
       }
     };
     const add_static = async (opts) => {
@@ -1013,9 +938,10 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         return;
       }
       if (typeof opts === "object") {
-        vlib.Scheme.validate(opts, {
-          strict: true,
-          scheme: {
+        vlib.schema.validate(opts, {
+          unknown: false,
+          throw: true,
+          schema: {
             path: "string",
             endpoint: { type: "string", default: null },
             cache: { type: ["boolean", "number"], default: true },
@@ -1023,27 +949,18 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
             exclude: { type: "array", default: [] }
           }
         });
-        const exclude = [/.*\.DS_Store/, /.*\.cache/, /.*\.old/, /.*\.ignore/, ...opts.exclude || []];
         const paths = [];
         const source = new vlib.Path(opts.path).abs();
+        if (!source.exists()) {
+          this.log(1, `Static path "${source.str()}" does not exist; skipping.`);
+          return;
+        }
         const source_len = source.str().length;
         const is_dir = source.is_dir();
-        const is_excluded = (path) => {
-          return exclude.some((pattern) => {
-            if (path instanceof RegExp) {
-              if (pattern instanceof RegExp) {
-                return pattern.source === path.source;
-              } else {
-                return path.test(String(pattern));
-              }
-            } else {
-              if (pattern instanceof RegExp) {
-                return pattern.test(String(path));
-              } else {
-                return path === pattern;
-              }
-            }
-          });
+        const exclude = [/\.DS_Store$/, /\.cache(?:\/|$)/, /\.old(?:\/|$)/, /\.ignore$/, ...opts.exclude || []];
+        const is_excluded = (p) => {
+          const s = typeof p === "string" ? p : p.str();
+          return exclude.some((pattern) => pattern instanceof RegExp ? pattern.test(s) : s === String(pattern));
         };
         opts.endpoint = opts.endpoint || `/${source.full_name()}`;
         if (opts.endpoint.charAt(0) != "/") {
@@ -1055,8 +972,8 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         if (!is_dir) {
           return await add_static_file(source, opts.endpoint, opts.cache);
         }
-        const read_dir = async (path) => {
-          const dir_paths = await path.paths();
+        const read_dir = async (path2) => {
+          const dir_paths = await path2.paths();
           const promises = [];
           for (let i = 0; i < dir_paths.length; i++) {
             if (!is_excluded(dir_paths[i])) {
@@ -1073,9 +990,9 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         if (is_dir) {
           await read_dir(source);
         }
-        for (const path of paths) {
-          const endpoint = `${opts.endpoint}${path.str().substr(source_len)}`;
-          await add_static_file(path, endpoint, opts.endpoints_cache === void 0 ? opts.cache : opts.endpoints_cache[endpoint] ?? opts.cache);
+        for (const path2 of paths) {
+          const endpoint = `${opts.endpoint}${path2.str().substr(source_len)}`;
+          await add_static_file(path2, endpoint, opts.endpoints_cache === void 0 ? opts.cache : opts.endpoints_cache[endpoint] ?? opts.cache);
         }
       } else if (typeof opts === "string") {
         await add_static({ path: opts });
@@ -1089,161 +1006,78 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
     }
     return static_paths;
   }
-  // ---------------------------------------------------------
-  // Server (private).
-  // Initialize.
-  // Initialize.
-  async initialize() {
-    log(1, "Initializing server.");
-    this.performance.start();
-    if (this.tls) {
-      this.https = http2.createSecureServer(
-        {
-          key: new vlib.Path(this.tls.key).load_sync({ encoding: "utf8" }),
-          cert: new vlib.Path(this.tls.cert).load_sync({ encoding: "utf8" }),
-          ca: this.tls.ca == null ? void 0 : new vlib.Path(this.tls.ca).load_sync({ encoding: "utf8" }),
-          passphrase: this.tls.passphrase,
-          allowHTTP1: true
-        },
-        // Support for http1.
-        // Does not work, requests get triggered on the stream and on this callback.
-        (req, res) => {
-          if (req.httpVersion.charAt(0) !== "2") {
-            this._serve(void 0, void 0, req, res);
-          }
-        }
-      );
-      this.https.on("stream", (stream, headers) => {
-        this._serve(stream, headers, void 0, void 0);
-      });
-    } else if (this.production && this.payments) {
-      throw Error("Accepting payments in production mode requires HTTPS.");
-    }
-    if (this.tls) {
-      this.http = http.createServer((request, response) => {
-        response.writeHead(301, { Location: `https://${request.headers.host}${request.url}` });
-        response.end();
-      });
+  /** Initialize the system and user defined keys. */
+  async _initialize_keys() {
+    const start = Date.now();
+    await this._db_init_promise;
+    this.performance.end("_initialize_keys():await-db-init", start);
+    const sys_keys = await this._sys_keys_db.load({ id: "sys_keys" }, {
+      default: {
+        id: "sys_keys",
+        rate_limit_api_key: void 0
+      }
+    });
+    let perform_sys_keys_save = false;
+    if (sys_keys.rate_limit_api_key == null) {
+      this.rate_limit_api_key = this.generate_crypto_key(32);
+      sys_keys.rate_limit_api_key = this.rate_limit_api_key;
+      perform_sys_keys_save = true;
     } else {
-      this.http = http.createServer((req, res) => {
-        this._serve(void 0, void 0, req, res);
-      });
+      this.rate_limit_api_key = sys_keys.rate_limit_api_key;
     }
-    this.performance.end("create-http-server");
-    if (this.db) {
-      await this.db.initialize();
-      this.performance.end("init-db");
-      this._sys_db = await this.db.collection({
-        name: "Volt.System",
-        indexes: ["_path"]
-      });
-      this.performance.end("init-sys-collection");
-      const keys_document = await this._sys_db.load("keys");
-      const gen_user_crypto_key = (doc, key) => {
+    if (perform_sys_keys_save) {
+      await this._sys_keys_db.set({ id: "sys_keys" }, sys_keys);
+    }
+    const user_keys = await this._keys_db.load({ id: "user_keys" }, {
+      default: {
+        id: "user_keys",
+        keys: {}
+      }
+    });
+    let perform_user_keys_save = false;
+    for (const key of this._user_keys_opts) {
+      const name = typeof key === "string" ? key : key.name;
+      if (user_keys[name]) {
+        this.keys[name] = user_keys[name];
+      } else {
+        perform_user_keys_save = true;
         if (typeof key === "string") {
-          doc[key] = this.generate_crypto_key(32);
+          if (!key) {
+            throw Error(`Crypto key "${key}" is an invalid key name.`);
+          }
+          const generated_key = this.generate_crypto_key(32);
+          user_keys.keys[key] = generated_key;
+          this.keys[key] = generated_key;
         } else {
+          if (!key.name) {
+            throw Error(`Crypto key "${key.name}" is an invalid key name.`);
+          }
           if (key.length == null) {
-            throw Error(`Crypto key object "${JSON.stringify(key)}" does not contain a "length" attribute.`);
+            throw Error(`Crypto key "${key.name}" does not contain a "length" attribute.`);
           }
           if (typeof key.length !== "number") {
-            throw Error(`Crypto key object "${JSON.stringify(key)}" has an invalid type fo attribute "length", the valid type is "number".`);
-          }
-          if (key.name == null) {
-            throw Error(`Crypto key object "${JSON.stringify(key)}" does not contain a "name" attribute.`);
-          }
-          if (typeof key.name !== "string") {
-            throw Error(`Crypto key object "${JSON.stringify(key)}" has an invalid type fo attribute "name", the valid type is "string".`);
-          }
-          doc[key.name] = this.generate_crypto_key(key.length);
-          this.keys[key.name] = doc[key.name];
-        }
-      };
-      if (keys_document == null) {
-        this._hash_key = this.generate_crypto_key(32);
-        const doc = {
-          _master_sha256: this._hash_key
-        };
-        this._keys.forEach((key) => {
-          gen_user_crypto_key(doc, key);
-        });
-        await this._sys_db.save("keys", doc);
-      } else {
-        this._hash_key = keys_document._master_sha256;
-        let perform_save = false;
-        if (this._hash_key === void 0) {
-          this._hash_key = this.generate_crypto_key(32);
-          keys_document._master_sha256 = this._hash_key;
-          perform_save = true;
-        }
-        this._keys.forEach((key) => {
-          let name = typeof key === "string" ? key : key.name;
-          if (keys_document[name] == null) {
-            gen_user_crypto_key(keys_document, key);
-            perform_save = true;
+            throw Error(`Crypto key "${key.name}" has an invalid type for attribute "length", the valid type is "number".`);
           }
-          this.keys[name] = keys_document[name];
-        });
-        if (perform_save) {
-          await this._sys_db.save("keys", keys_document);
+          const generated_key = this.generate_crypto_key(key.length);
+          user_keys.keys[key.name] = generated_key;
+          this.keys[key.name] = generated_key;
         }
       }
-      this.performance.end("load-keys");
-    }
-    this._init_default_headers();
-    this.performance.end("init-default-headers");
-    this._create_default_endpoints();
-    this.performance.end("create-default-endpoints");
-    const promises = [];
-    promises.push(this._initialize_statics());
-    if (this.db) {
-      promises.push(this.users._initialize());
     }
-    if (this.payments !== void 0) {
-      promises.push(this.payments._initialize());
-    }
-    if (this._find_endpoint("sitemap.xml") == null) {
-      promises.push(this._create_sitemap());
-    }
-    if (this._find_endpoint("robots.txt") == null) {
-      promises.push(this._create_robots_txt());
-    }
-    await Promise.all(promises);
-    if (this.company.stroke_icon || this.company.icon) {
-      for (const endpoint of this.endpoints.values()) {
-        if (this.company.stroke_icon_path == null && endpoint.route.endpoint === this.company.stroke_icon) {
-          this.company.stroke_icon_path = endpoint._static_path ?? void 0;
-        }
-        if (this.company.icon_path == null && endpoint.route.endpoint === this.company.icon) {
-          this.company.icon_path = endpoint._static_path ?? void 0;
-        }
-      }
-      if (this.company.stroke_icon != null && this.company.stroke_icon_path == null) {
-        throw Error(`Unable to find the company's stroke icon endpoint "${this.company.stroke_icon}".`);
-      }
-      if (this.company.icon != null && this.company.icon_path == null) {
-        throw Error(`Unable to find the company's icon endpoint "${this.company.icon}".`);
-      }
-    }
-    for (const endpoint of this.endpoints.values()) {
-      endpoint._initialize(this);
-    }
-    for (const endpoint of this.err_endpoints.values()) {
-      endpoint._initialize(this);
-    }
-    for (const callback of this._on_initialize) {
-      const res = callback();
-      if (res instanceof Promise) {
-        await res;
-      }
+    if (perform_user_keys_save) {
+      await this._keys_db.set({ id: "user_keys" }, user_keys);
     }
   }
   /**
-   * Add callback to be called when the server is initialized.
-   * @param callback The callback to be called when the server is initialized.
+   * Checks if an endpoint route already exists.
+   * @param method    HTTP method
+   * @param endpoint  String path or RegExp
    */
-  on_initialize(callback) {
-    this._on_initialize.append(callback);
+  _check_duplicate_route(route) {
+    const e = this._find_endpoint(route);
+    if (e) {
+      throw new Error(`Duplicate "${route.method}:${route.endpoint_str}" endpoint route, it is already defined by endpoint "${e.id}".`);
+    }
   }
   // Serve a client.
   // @todo implement rate limiting.
@@ -1254,12 +1088,12 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
       let endpoint;
       let method;
       let endpoint_url;
-      const log_endpoint_result = (message = null, status = null) => {
+      const log_endpoint_result = (message, status) => {
         let log_level = endpoint && endpoint.is_static ? 3 : 0;
         if (status == null) {
           status = stream.status_code;
         }
-        log(log_level, `${method}:${endpoint_url}: ${message ? message : import_status.Status.get_description(status)} [${status}] (${stream.ip}).`);
+        this.log(log_level, `${method}:${endpoint_url}: ${message ? message : import_status.Status.get_description(status ?? "unknown")} [${status}] (${stream.ip}).`);
       };
       const serve_error_endpoint = async (status_code) => {
         const is_api_endpoint = endpoint && endpoint.callback != null;
@@ -1303,31 +1137,27 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
             try {
               await err_endpoint._serve(stream, status_code);
             } catch (err) {
-              error(`Error endpoint ${status_code}: `, err);
+              this.log.error(`Error endpoint ${status_code}: `, err);
               stream.send(default_response);
             }
           }
         }
       };
-      if (this.online && this.blacklist !== void 0 && !this.blacklist.verify(stream.ip)) {
-        await serve_error_endpoint(403);
-        log_endpoint_result();
-        return;
-      }
       method = stream.method;
       endpoint_url = stream.endpoint;
-      log(3, "Searching for endpoint: ", `${method}:${endpoint_url}`);
+      this.log(3, "Searching for endpoint: ", `${method}:${endpoint_url}`);
       endpoint = this.endpoints.get(`${method}:${endpoint_url}`);
       if (!endpoint) {
         const route = new import_route.Route(method, endpoint_url);
         for (const e of this.endpoints.values()) {
           if (e.route.is_regex) {
-            if (e.route.match(route)) {
-              log(3, "Matched regex route: ", e.route.id);
+            const matched_params = e.route.match(route);
+            if (matched_params !== false) {
+              this.log(3, "Matched regex route: ", e.route.id);
               endpoint = e;
-              Object.keys(route.matched_params).walk((k) => {
+              Object.keys(matched_params).walk((k) => {
                 if (stream.params[k] == null) {
-                  stream.params[k] = route.matched_params[k];
+                  stream.params[k] = matched_params[k];
                 }
               });
               break;
@@ -1335,7 +1165,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
           }
         }
       } else {
-        log(3, "Matched route: ", endpoint.route.id);
+        this.log(3, "Matched route: ", endpoint.route.id);
       }
       if (!endpoint) {
         if (method === "OPTIONS") {
@@ -1344,10 +1174,6 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
           if (original_endpoint) {
             this._set_header_defaults(stream);
             original_endpoint._set_headers(stream);
-            if (stream.headers.origin && this.default_headers["Access-Control-Allow-Origin"] === "*") {
-              stream.remove_header("Access-Control-Allow-Origin", "access-control-allow-origin");
-              stream.set_header("Access-Control-Allow-Origin", stream.headers.origin);
-            }
             stream.send({ status: import_status.Status.no_content });
             log_endpoint_result();
             return;
@@ -1358,16 +1184,12 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         return;
       }
       this._set_header_defaults(stream);
-      if (stream.headers.origin && this.default_headers["Access-Control-Allow-Origin"] === "*") {
-        stream.remove_header("Access-Control-Allow-Origin", "access-control-allow-origin");
-        stream.set_header("Access-Control-Allow-Origin", stream.headers.origin);
-      }
       if (method === "OPTIONS") {
         try {
           await endpoint._serve_options(stream);
         } catch (err) {
-          error(`${method}:${endpoint_url}: `, err);
-          if (!stream.destroyed && !stream.closed) {
+          this.log.error(`${method}:${endpoint_url}: `, err);
+          if (!stream.destroyed && !stream.finished) {
             await serve_error_endpoint(500);
             log_endpoint_result();
           }
@@ -1376,7 +1198,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         log_endpoint_result();
         return;
       }
-      if (this.online && this.production && this.rate_limit !== void 0 && endpoint.rate_limit_groups.length > 0) {
+      if (!this.offline && this.production && this.rate_limit !== void 0 && endpoint.rate_limit_groups.length > 0) {
         const result = await this.rate_limit.limit(stream.ip, endpoint.rate_limit_groups);
         if (result != null) {
           stream.send({
@@ -1394,7 +1216,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
       try {
         await stream.join();
       } catch (err) {
-        error(`${method}:${endpoint_url}: `, err);
+        this.log.error(`${method}:${endpoint_url}: `, err);
         await serve_error_endpoint(500);
         log_endpoint_result();
         return;
@@ -1402,7 +1224,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
       try {
         stream._parse_params();
       } catch (err) {
-        error(`${method}:${endpoint_url}: `, err);
+        this.log.error(`${method}:${endpoint_url}: `, err);
         await serve_error_endpoint(400);
         log_endpoint_result();
         return;
@@ -1412,6 +1234,9 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         if (auth_result != null && !endpoint.is_static) {
           this.users._reset_cookies(stream);
         }
+        if (auth_result != null && !endpoint.is_static && (endpoint.view != null || endpoint.content_type === "text/html")) {
+          stream.set_header("Location", `/signin?next=${encodeURIComponent(stream.endpoint)}`);
+        }
         if (auth_result != null && endpoint.authenticated) {
           stream.send(auth_result);
           log_endpoint_result();
@@ -1421,34 +1246,145 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
       try {
         await endpoint._serve(stream);
       } catch (err) {
-        error(`${method}:${endpoint_url}: `, err);
-        if (!stream.destroyed && !stream.closed) {
+        this.log.error(`${method}:${endpoint_url}: `, err);
+        if (!stream.destroyed && !stream.finished) {
           await serve_error_endpoint(500);
           log_endpoint_result();
         }
         return;
       }
       if (!stream.finished) {
-        error(`${method}:${endpoint_url}: `, "Unfinished response.");
+        this.log.error(`${method}:${endpoint_url}: `, "Unfinished response.");
         await serve_error_endpoint(500);
         log_endpoint_result();
         return;
       }
       log_endpoint_result();
     } catch (err) {
-      error("Fatal error:", err);
+      this.log.error(err);
     }
   }
   // ---------------------------------------------------------
+  // Server (private).
+  /** The promise of database initialization and connecting. */
+  _db_init_promise;
+  // Initialize.
+  // Initialize.
+  async initialize() {
+    this.log(1, "Initializing server.");
+    const initialize_start = Date.now();
+    this.performance.start();
+    this._db_init_promise = (async () => {
+      let start = Date.now();
+      await this.db.initialize();
+      this.performance.end("init-db", start);
+      start = Date.now();
+      await this.db.connect();
+      this.performance.end("connect-db", start);
+    })();
+    if (this.tls) {
+      this.https = http2.createSecureServer({
+        key: new vlib.Path(this.tls.key).load_sync({ encoding: "utf8" }),
+        cert: new vlib.Path(this.tls.cert).load_sync({ encoding: "utf8" }),
+        ca: this.tls.ca == null ? void 0 : new vlib.Path(this.tls.ca).load_sync({ encoding: "utf8" }),
+        passphrase: this.tls.passphrase,
+        allowHTTP1: true
+      });
+      this.https.on("stream", (stream, headers) => {
+        this._serve(stream, headers, void 0, void 0);
+      });
+      this.https.on("request", (req, res) => {
+        if (req.httpVersionMajor === 1) {
+          this._serve(void 0, void 0, req, res);
+        }
+      });
+    } else if (this.production && this.payments) {
+      throw Error("Accepting payments in production mode requires HTTPS.");
+    }
+    this.performance.end("create-https-server");
+    if (this.tls) {
+      this.http = http.createServer((request, response) => {
+        const reqUrl = typeof request.url === "string" ? request.url : "/";
+        const location = `https://${this.domain}${reqUrl}`;
+        response.writeHead(308, { Location: location });
+        response.end();
+      });
+    } else {
+      this.http = http.createServer((req, res) => {
+        this._serve(void 0, void 0, req, res);
+      });
+    }
+    this.performance.end("create-http-server");
+    this._init_default_headers();
+    this.performance.end("init-default-headers");
+    this._create_default_endpoints();
+    this.performance.end("create-default-endpoints");
+    await this._initialize_statics();
+    this.performance.end("_initialize_statics()");
+    const promises = [];
+    this.performance.start();
+    if (this.production) {
+      promises.push(this._initialize_keys());
+    } else {
+      this._initialize_keys().then(() => {
+        this.log(1, "Finished loading keys.");
+      }).catch((err) => {
+        this.log(0, `Error while loading keys.`);
+        this.log.error(err);
+      });
+    }
+    promises.push(this.users._initialize());
+    if (this.payments !== void 0) {
+      promises.push(this.payments._initialize());
+    }
+    if (this._find_endpoint("/sitemap.xml") == null) {
+      promises.push(this._create_sitemap());
+    }
+    if (this._find_endpoint("/robots.txt") == null) {
+      promises.push(this._create_robots_txt());
+    }
+    if (this.company.stroke_icon || this.company.icon) {
+      for (const endpoint of this.endpoints.values()) {
+        if (this.company.stroke_icon_path == null && endpoint.route.endpoint === this.company.stroke_icon) {
+          this.company.stroke_icon_path = endpoint.file_path?.str() || void 0;
+        }
+        if (this.company.icon_path == null && endpoint.route.endpoint === this.company.icon) {
+          this.company.icon_path = endpoint.file_path?.str() || void 0;
+        }
+      }
+      if (this.company.stroke_icon != null && this.company.stroke_icon_path == null) {
+        throw Error(`Unable to find the company's stroke icon endpoint "${this.company.stroke_icon}".`);
+      }
+      if (this.company.icon != null && this.company.icon_path == null) {
+        throw Error(`Unable to find the company's icon endpoint "${this.company.icon}".`);
+      }
+    }
+    await Promise.all(promises);
+    this.performance.end("awaiting-promise-list");
+    this.performance.start();
+    for (const endpoint of this.endpoints.values()) {
+      endpoint._initialize(this);
+    }
+    for (const endpoint of this.err_endpoints.values()) {
+      endpoint._initialize(this);
+    }
+    this.performance.end("initialize-endpoints");
+    for (const callback of this.events.get("initialize")) {
+      const res = callback();
+      if (res instanceof Promise) {
+        await res;
+      }
+    }
+    this.performance.end("on-initialize-callbacks");
+    this.performance.end("initialize()", initialize_start);
+  }
+  // ---------------------------------------------------------
   // Server.
-  // Start the server.
-  /*  @docs:
-   *  @title: Start
-   *  @description:
-   *      Start the server.
-   *  @usage:
-   *      ...
-   *      server.start();
+  /**
+   * Start the server.
+   * @example
+   * ...
+   * server.start();
    */
   async start() {
     await this.initialize();
@@ -1459,31 +1395,31 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         }
       }
     }
-    if (this.db && this.rate_limit) {
+    if (this.rate_limit) {
       this.performance.start();
       await this.rate_limit.start();
       this.performance.end("init-rate-limit");
     }
     let forked = false;
-    if (this.production && this.multiprocessing && import_cluster.default.isPrimary && this.processes > 1) {
-      this.log(0, `Starting ${this.processes} threads.`);
+    if (this.production && this.threading.enabled && import_cluster.default.isPrimary && this.threading.threads > 1) {
+      this.log(0, `Starting ${this.threading.threads} threads.`);
       let active_threads = 0;
       const thread_ids = {};
       const restart_limiters = {};
       const start_thread = (thread_id, restart = false) => {
         const worker = import_cluster.default.fork();
-        log(restart ? 0 : 1, `Starting thread ${worker.process.pid}.`);
+        this.log(restart ? 0 : 1, `Starting thread ${worker.process.pid}.`);
         thread_ids[worker.process.pid] = thread_id;
         ++active_threads;
       };
-      for (let i = 0; i < this.processes; i++) {
+      for (let i = 0; i < this.threading.threads; i++) {
         let thread_id;
         while ((thread_id = vlib.String.random(8)) && Object.values(thread_ids).includes(thread_id)) {
         }
         restart_limiters[thread_id] = new vlib.TimeLimiter({ limit: 3, duration: 60 * 1e3 });
         start_thread(thread_id);
       }
-      await this._sys_db.save("status", {
+      await this._website_status_db.set({ id: "status" }, {
         running_since: Date.now(),
         total_threads: active_threads,
         running_threads: active_threads
@@ -1491,39 +1427,39 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
       import_cluster.default.addListener("exit", async (worker, code, signal) => {
         const thread_id = thread_ids[worker.process.pid];
         delete thread_ids[worker.process.pid];
-        error(`Thread ${worker.process.pid} crashed.`);
+        this.log.error(`Thread ${worker.process.pid} crashed.`);
         const limiter = restart_limiters[thread_id];
         if (limiter != null && limiter.limit()) {
           --active_threads;
           start_thread(thread_id, true);
         } else {
-          error(`Thread ${worker.process.pid} is being shut down due too its periodic restart limit.`);
+          this.log.error(`Thread ${worker.process.pid} is being shut down due to its periodic restart limit.`);
           --active_threads;
-          await this._sys_db.save("status", { running_threads: active_threads });
+          await this._website_status_db.save({ id: "status" }, { $inc: { running_threads: -1 } });
           if (active_threads === 0) {
-            error(`All threads died, stopping server.`);
+            this.log.error(`All threads died, stopping server.`);
             process.exit(0);
           }
         }
       });
     } else {
-      forked = this.production && this.multiprocessing;
+      forked = this.production && this.threading.enabled;
       let is_running = false;
       const on_running = () => {
         if (!is_running) {
           is_running = true;
           if (this.https !== void 0) {
-            log(0, `Running on http://${this.ip}:${this.port} and https://${this.ip}:${this.https_port}.`);
+            this.log(0, `Running on http://${this.ip}:${this.port} and https://${this.ip}:${this.https_port}.`);
           } else {
-            log(0, `Running on http://${this.ip}:${this.port}.`);
+            this.log(0, `Running on http://${this.ip}:${this.port}.`);
           }
         }
       };
-      const on_error = (error2) => {
-        if (error2.syscall !== "listen") {
-          throw error2;
+      const on_error = (error) => {
+        if (error.syscall !== "listen") {
+          throw error;
         }
-        switch (error2.code) {
+        switch (error.code) {
           case "EACCES":
             console.error(`Error: Address ${this.ip}:${this.port} requires elevated privileges.`);
             process.exit(1);
@@ -1533,7 +1469,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
             process.exit(1);
             break;
           default:
-            throw error2;
+            throw error;
         }
       };
       this.http.listen(this.port, this.ip === "*" ? void 0 : this.ip, on_running);
@@ -1542,45 +1478,46 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         this.https.listen(this.https_port, this.ip === "*" ? void 0 : this.ip, on_running);
         this.https.on("error", on_error);
       }
-      process.on("SIGTERM", () => process.exit(0));
-      process.on("SIGINT", () => process.exit(0));
+      let graceful_shutdown_shutting_down = false;
+      const graceful_shutdown = async () => {
+        if (graceful_shutdown_shutting_down)
+          return;
+        graceful_shutdown_shutting_down = true;
+        try {
+          await this.stop();
+        } catch (e) {
+          this.log.error("Shutdown error:", e);
+        } finally {
+          process.exit(0);
+        }
+      };
+      process.on("SIGTERM", graceful_shutdown);
+      process.on("SIGINT", graceful_shutdown);
       if (process.env.VOLT_FILE_WATCHER === "1") {
         new vlib.Path(process.env.VOLT_STARTED_FILE).save_sync("1");
       }
       this.performance.end("listen");
     }
-    for (const callback of this._on_start) {
+    this.performance.start();
+    for (const callback of this.events.get("start")) {
       const res = callback({ forked });
       if (res instanceof Promise) {
         await res;
       }
     }
-    debug(2, () => this.performance.dump((v) => v >= 50));
-  }
-  /*  @docs:
-   *  @title: On start
-   *  @description:
-   *      Add an (async) callback which will be executed at the end of `server.start()`.
-   *      The callback may take arguments `({forked <boolean>})`.
-   *  @usage:
-   *      ...
-   *      server.on_start(({forked}) => console.log("Hello World!"));
-   */
-  on_start(callback) {
-    this._on_start.append(callback);
+    this.performance.end("on-start-callbacks");
+    console.log(this.performance.dump());
   }
   // Stop the server.
-  /*  @docs:
-   *  @title: Stop
-   *  @description:
-   *      Stop the server.
-   *  @usage:
-   *      ...
-   *      server.stop();
+  /**
+   * Stop the server.
+   * @example
+   * ...
+   * server.stop();
    */
   async stop() {
-    log(0, "Stopping the server...");
-    for (const callback of this._on_stop) {
+    this.log(0, "Stopping the server...");
+    for (const callback of this.events.get("stop")) {
       const res = callback();
       if (res instanceof Promise) {
         await res;
@@ -1589,89 +1526,81 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
     if (this.rate_limit) {
       await this.rate_limit.stop();
     }
-    if (this._stop_tscompiler_watcher) {
-      log(0, "Stopping typescript watcher.");
-      this._stop_tscompiler_watcher();
-    }
-    if (this.https) {
-      await this.https.close();
-    }
-    if (this.http) {
-      await this.http.close();
-    }
-    if (this.db) {
-      await this.db.close();
-    }
-    import_logger.logger.stop();
+    if (this.https)
+      this.https.close();
+    if (this.http)
+      this.http.close();
+    await this.db.close();
+    this.log.stop();
   }
-  /*  @docs:
-   *  @title: On stop
-   *  @description:
-   *      Set an (async) callback which will be executed at the start of `server.stop()`.
-   *  @usage:
-   *      ...
-   *      server.on_stop(() => console.log("Hello World!"));
+  // ---------------------------------------------------------
+  // Events.
+  /** Add an event callback. */
+  on(name, callback) {
+    this.events.add(name, callback);
+    return this;
+  }
+  /** Remove an event callback. */
+  off(name, callback) {
+    this.events.remove(name, callback);
+    return this;
+  }
+  // ---------------------------------------------------------
+  // Endpoints.
+  /**
+   * Add a single endpoint.
+   * Only supports a single endpoint due to parameter inference.
+   * @note An error is thrown when the endpoint route already exists.
+   * @template Response User inputted response type that will be returned as response, optionaly typing used for consistency.
+   * @template S system template for inferring the endpoint callback parameters.
+   * @param endpoint The endpoint or endpoint options to add.
+   * @returns A registered endpoint object that can for instance be used to infer the endpoint parameters.
    */
-  on_stop(callback) {
-    this._on_stop.append(callback);
+  endpoint(endpoint) {
+    const e = endpoint instanceof import_endpoint.Endpoint ? endpoint : new import_endpoint.Endpoint(endpoint);
+    this._check_duplicate_route(e.route);
+    this.endpoints.set(e.route.id, e);
+    return {
+      Params: void 0,
+      method: e.route.method,
+      Method: e.route.method,
+      endpoint: e.route.endpoint,
+      Endpoint: e.route.endpoint,
+      route: e.route
+    };
   }
-  // Fetch status.
-  /*  @docs:
-      @title: Fetch status.
-      @desc: This function is meant to be used when the server is in production mode, it will make an API request to your server through the defined `Server.domain` parameter.
-      @note: This function can be called without initializing the server.
-      @param:
-          @name: type
-          @desc: The wanted output type. Either an `object` or a `string` type for CLI purposes.
+  // Add an error endpoint.
+  /**
+   *  Add an endpoint per error status code.
+   * @param status_code
+   *      The status code of the error.
+   *
+   *      The supported status codes are:
+   *      * `404`
+   *      * `400` (Will not be used when the endpoint uses an API callback).
+   *      * `403`
+   *      * `404`
+   *      * `500`
+   * @param endpoint The error endpoint or error endpoint options
   */
-  async fetch_status(type = "object") {
-    const key_path = this.source.join(".status/key");
-    if (!key_path.exists()) {
-      throw new Error("No status key has been generated yet. Start your server first.");
-    }
-    const key = key_path.load_sync();
-    const { body: status } = await vlib.request({
-      host: this.domain,
-      endpoint: "/.status",
-      method: "GET",
-      params: { key },
-      query: true,
-      json: true
-    });
-    if (type === "string") {
-      if (status.running_since != null) {
-        status.running_since = new vlib.Date(status.running_since).format("%d-%m-%y %H:%M:%S");
-      }
-      let str = `${this.domain}:
-`;
-      Object.keys(status).forEach((key2) => {
-        str += ` * ${key2}: ${status[key2]}
-`;
-      });
-      str = str.substr(0, str.length - 1);
-      return str;
-    }
-    return status;
+  error_endpoint(status_code, endpoint) {
+    const e = endpoint instanceof import_endpoint.Endpoint ? endpoint : new import_endpoint.Endpoint(endpoint);
+    this._check_duplicate_route(e.route);
+    this.err_endpoints.set(status_code, e);
+    return this;
   }
   // ---------------------------------------------------------
   // Content Security Policy.
   // Add a csp.
-  /*  @docs:
-   *  @title: Add CSP
-   *  @description: Add an url to the Content-Security-Policy. This function does not overwrite the existing key's value.
-   *  @warning: This function no longer has any effect when `Server.start()` has been called.
-   *  @parameter:
-   *      @name: key
-   *      @description: The Content-Security-Policy key, e.g. `script-src`.
-   *      @type: string
-   *  @parameter:
-   *      @name: value
-   *      @description: The value to add to the Content-Security-Policy key.
-   *      @type: null, string, string[]
-   *  @usage:
-   *      ...
-   *      server.add_csp("script-src", "somewebsite.com");
-   *      server.add_csp("upgrade-insecure-requests");
+  /**
+   * Add an url to the Content-Security-Policy. This function does not overwrite the existing key's value.
+   * @warning This function no longer has any effect when `Server.start()` has been called.
+   * @param key The Content-Security-Policy key, e.g. `script-src`.
+   * @param value The value to add to the Content-Security-Policy key.
+   * @example
+   * ...
+   * server.add_csp("script-src", "somewebsite.com");
+   * server.add_csp("upgrade-insecure-requests");
    */
   add_csp(key, value = null) {
     if (this.csp[key] === void 0) {
@@ -1688,22 +1617,15 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
     }
   }
   // Remove a csp.
-  /*  @docs:
-   *  @title: Remove CSP
-   *  @description: Remove an url from the Content-Security-Policy. This function does not overwrite the existing key's value.
-   *  @warning: This function no longer has any effect when `Server.start()` has been called.
-   *  @parameter:
-   *      @name: key
-   *      @description: The Content-Security-Policy key, e.g. `script-src`.
-   *      @type: string
-   *  @parameter:
-   *      @name: value
-   *      @description: The value to remove from the Content-Security-Policy key.
-   *      @type: null, string
-   *  @usage:
-   *      ...
-   *      server.remove_csp("script-src", "somewebsite.com");
-   *      server.remove_csp("upgrade-insecure-requests");
+  /**
+   * Remove an url from the Content-Security-Policy. This function does not overwrite the existing key's value.
+   * @warning This function no longer has any effect when `Server.start()` has been called.
+   * @param key The Content-Security-Policy key, e.g. `script-src`.
+   * @param value The value to remove from the Content-Security-Policy key.
+   * @example
+   * ...
+   * server.remove_csp("script-src", "somewebsite.com");
+   * server.remove_csp("upgrade-insecure-requests");
    */
   remove_csp(key, value = null) {
     if (this.csp[key] === void 0) {
@@ -1716,25 +1638,58 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
     }
   }
   // Delete a csp key.
-  /*  @docs:
-   *  @title: Delete CSP
-   *  @description: Delete an key from the Content-Security-Policy.
-   *  @warning: This function no longer has any effect when `Server.start()` has been called.
-   *  @parameter:
-   *      @name: key
-   *      @description: The Content-Security-Policy key, e.g. `script-src`.
-   *      @type: string
-   *  @usage:
-   *      ...
-   *      server.del_csp("script-src");
-   *      server.del_csp("upgrade-insecure-requests");
+  /**
+   * Delete an key from the Content-Security-Policy.
+   * @warning This function no longer has any effect when `Server.start()` has been called.
+   * @param key The Content-Security-Policy key, e.g. `script-src`.
+   * @example
+   * ...
+   * server.del_csp("script-src");
+   * server.del_csp("upgrade-insecure-requests");
    */
   del_csp(key) {
     delete this.csp[key];
   }
   // ---------------------------------------------------------
+  // Status.
+  // Fetch status.
+  /**
+   * This function is meant to be used when the server is in production mode, it will make an API request to your server through the defined `Server.domain` parameter.
+   * @note This function can be called without initializing the server.
+   * @param type The wanted output type. Either an `object` or a `string` type for CLI purposes.
+   */
+  async fetch_status(type = "object") {
+    const key_path = this.source.join(".status/key");
+    if (!key_path.exists()) {
+      throw new Error("No status key has been generated yet. Start your server first.");
+    }
+    const key = key_path.load_sync();
+    const { body: status } = await vlib.request({
+      host: this.domain,
+      endpoint: "/.status",
+      method: "GET",
+      params: { key },
+      query: true,
+      json: true
+    });
+    if (type === "string") {
+      if (status.running_since != null) {
+        status.running_since = new vlib.Date(status.running_since).format("%d-%m-%y %H:%M:%S");
+      }
+      let str = `${this.domain}:
+`;
+      Object.keys(status).forEach((key2) => {
+        str += ` * ${key2}: ${status[key2]}
+`;
+      });
+      str = str.substr(0, str.length - 1);
+      return str;
+    }
+    return status;
+  }
+  // ---------------------------------------------------------
   // TLS.
-  // Generate a key and csr for tls.
+  /** Generate a key and csr for tls. */
   async generate_ssl_key({ output_path, ec = true }) {
     if (output_path == null) {
       throw Error('Define parameter "path".');
@@ -1753,7 +1708,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
       throw Error(`Encountered an error while generating the private key [${proc.exit_status}]: ${proc.err}`);
     }
   }
-  // Generate a csr for tls.
+  /** Generate a csr for tls. */
   async generate_csr({ output_path, key_path, name, domain, organization_unit, country_code, province, city }) {
     if (key_path == null) {
       throw Error('Define parameter "key_path".');
@@ -1763,7 +1718,7 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
     }
     const key = new vlib.Path(key_path);
     if (!key.exists()) {
-      throw Error(`Key path "${key.str()}" already exists, remove the file manually to continue.`);
+      throw Error(`Key path "${key.str()}" does not exist.`);
     }
     const csr = new vlib.Path(output_path);
     if (csr.exists()) {
@@ -1780,232 +1735,63 @@ Sitemap: ${this.full_domain}/sitemap.xml`;
         "-out",
         csr.str(),
         "-subj",
-        '"/C=' + country_code + "/ST=" + province + "/L=" + city + "/O=" + name + "/OU=" + organization_unit + "/CN=" + domain + '"'
+        `/C=${country_code}/ST=${province}/L=${city}/O=${name}/OU=${organization_unit}/CN=${domain}`
       ],
       opts: { stdio: "inherit" }
     });
     if (proc.exit_status != 0) {
       throw Error(`Encountered an error while generating the CSR [${proc.exit_status}]: ${proc.err}`);
     }
-    log(0, `Generated the tls key with CSR for domain "${this.domain}".`);
-  }
-  // ---------------------------------------------------------
-  // Endpoints.
-  // private registered_routes: Map<string, Array<string | RegExp>> = new Map();
-  /**
-   * Checks if an endpoint route already exists.
-   * @param method    HTTP method
-   * @param endpoint  String path or RegExp
-   */
-  _check_duplicate_route(route) {
-    const e = this._find_endpoint(route);
-    if (e) {
-      throw new Error(`Duplicate "${route.method}:${route.endpoint_str}" endpoint route, it is already defined by endpoint "${e.id}".`);
-    }
-  }
-  /**
-   * Add a single endpoint.
-   * Only supports a single endpoint due to parameter inference.
-   * @param endpoint The endpoint or endpoint options to add.
-   */
-  endpoint(endpoint) {
-    const e = endpoint instanceof import_endpoint.Endpoint ? endpoint : new import_endpoint.Endpoint(endpoint);
-    this._check_duplicate_route(e.route);
-    this.endpoints.set(e.route.id, e);
-    return this;
-  }
-  // Add an error endpoint.
-  /**
-   *  Add an endpoint per error status code.
-   * @param status_code
-   *      The status code of the error.
-   *
-   *      The supported status codes are:
-   *      * `404`
-   *      * `400` (Will not be used when the endpoint uses an API callback).
-   *      * `403`
-   *      * `404`
-   *      * `500`
-   * @param endpoint The error endpoint or error endpoint options
-  */
-  error_endpoint(status_code, endpoint) {
-    const e = endpoint instanceof import_endpoint.Endpoint ? endpoint : new import_endpoint.Endpoint(endpoint);
-    this._check_duplicate_route(e.route);
-    this.err_endpoints.set(status_code, e);
-    return this;
-  }
-  // ---------------------------------------------------------
-  // Functions.
-  // Send a mail.
-  /*  @docs:
-   *  @title: Send Mail
-   *  @description: Send one or multiple mails.
-   *  @note: Make sure the domain's DNS records SPF and DKIM are properly configured when sending attachments.
-   *  @return:
-   *      Returns a promise that will be resolved or rejected when the mail has been sent.
-   *  @parameter:
-   *      @name: sender
-   *      @description:
-   *          The sender address.
-   *          A sender address may either be a string with the email address, e.g. `your@email.com`.
-   *          Or an array with the sender name and email address, e.g. `["Sender", "your@email.com"]`.
-   *      @type: string, array
-   *  @parameter:
-   *      @name: recipients
-   *      @description:
-   *          The recipient addresses.
-   *          A reciepient address may either be a string with the email address, e.g. `your@email.com`.
-   *          Or an array with the sender name and email address, e.g. `["Sender", "your@email.com"]`.
-   *      @type: array[string, array]
-   *  @parameter:
-   *      @name: subject
-   *      @description: The subject text.
-   *      @type: string
-   *  @parameter:
-   *      @name: body
-   *      @description: The body text.
-   *      @type: string
-   *  @parameter:
-   *      @name: attachments
-   *      @description: An array with absolute file paths for attachments, or an array with nodemailer attachment objects.
-   *      @type: array[string], array[object]
-   *  @usage:
-   *      ...
-   *      await server.send_mail({
-   *          sender: ["Sender Name", "sender\@email.com"],
-   *          recipients: [
-   *              ["Recipient Name", "recipient1\@email.com"],
-   *              "recipient2\@email.com",
-   *          },
-   *          subject: "Example Mail",
-   *          body: "Hello World!",
-   *          attachments: ["/path/to/image.png"]
-   *      });
-   */
-  async send_mail({ sender = void 0, recipients = [], subject = void 0, body = "", attachments = [] }) {
-    if (this.smtp === void 0) {
-      throw new Error("SMTP is not enabled, define the required server argument on initialization to enable smtp.");
-    }
-    if (body instanceof Mail.MailElement) {
-      body = body.html();
-    }
-    if (sender == null && this.smtp_sender != null) {
-      sender = this.smtp_sender;
-    }
-    if (recipients.length === 0) {
-      throw new Error(`The mail has no recipients.`);
-    }
-    if (sender == null) {
-      throw new Error(`Parameter "sender" should be a defined value of type "string" or "array".`);
-    }
-    const format_address = (address) => {
-      if (Array.isArray(address)) {
-        return `${address[0]} <${address[1]}>`;
-      }
-      return address;
-    };
-    const to = [];
-    recipients.forEach((address) => to.push(format_address(address)));
-    let attached_files = [];
-    if (attachments != null) {
-      attachments.forEach((path) => {
-        if (path instanceof vlib.Path) {
-          attached_files.push({
-            filename: path.full_name(),
-            path: path.str(),
-            content: path.load_sync()
-          });
-        } else if (typeof path === "string") {
-          const p = new vlib.Path(path);
-          attached_files.push({
-            filename: p.full_name(),
-            path,
-            content: p.load_sync()
-          });
-        } else {
-          attached_files.push(path);
-        }
-      });
-    }
-    try {
-      await this.smtp.sendMail({
-        from: format_address(sender),
-        to,
-        subject,
-        html: body,
-        attachments: attached_files
-      });
-    } catch (error2) {
-      throw new Error(error2.message);
-    }
+    this.log(0, `Generated the tls key with CSR for domain "${this.domain}".`);
   }
   // ---------------------------------------------------------
-  // Default callbacks.
-  // These can all be overwritten by the user.
-  // @todo add scheme for payment params.
-  // On delete user.
-  /*  @docs:
-   *  @title: On delete user
-   *  @description: This function can be overridden with a callback for when a user is deleted.
-   *  @parameter:
-   *      @name: uid
-   *      @description: The uid of the deleted user.
-   *      @type: string, array
-   *  @usage:
-   *      ...
-   *      server.on_delete_user = ({uid}) => {}
-   */
-  async on_delete_user({ uid }) {
-  }
-  // On successfull one-time payment.
-  // This gets called for every product in the payment.
+  // DEPRECATED 
+  // these will all be removed and replaced when using stripe instead of paddle.
+  /** Called for each product in a successful one-time payment. Override to implement your logic. */
   async on_payment({ product, payment }) {
   }
-  // On successfull subscription.
-  // This gets called for every product in the payment.
+  /** Called for each product in a successful subscription. Override to implement your logic. */
   async on_subscription({ product, payment }) {
   }
   // On failed one-time or recurring payment.
   // async on_failed_payment({ payment }: { payment: any }): Promise<void> {}
-  // On successfull cancellation.
+  /** Called when a cancellation succeeds. Override to implement your logic. */
   async on_cancellation({ payment, line_items }) {
   }
   // On failed cancellation.
   // async on_failed_cancellation({ payment, line_items }: { payment: any; line_items: any[] }): Promise<void> {}
-  // On successfull refund.
-  // The line items array are the items were refunded.
+  /** Called when a refund succeeds. The line items array are the items that were refunded. */
   async on_refund({ payment, line_items }) {
   }
-  // On failed refund.
-  // The line items array are the items were the refund failed.
+  /** Called when a refund fails. The line items array are the items where the refund failed. */
   async on_failed_refund({ payment, line_items }) {
   }
-  // On chargeback.
-  // The line items array are the items were charged back.
+  /** Called when a chargeback occurs. The line items array are the items that were charged back. */
   async on_chargeback({ payment, line_items }) {
   }
-  // On failed chargeback.
-  // The line items array are the items were the chargeback failed.
+  /** Called when a chargeback fails. The line items array are the items where the chargeback failed. */
   async on_failed_chargeback({ payment, line_items }) {
   }
   // Mail template.
+  /** Build the base email layout used by the various transactional email builders. */
   _mail_template({ max_width = 400, children = [] }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
     let header;
     if (this.company.stroke_icon != null) {
       header = [
-        Image(`${this.full_domain}/${this.company.stroke_icon}`).height(16)
+        Image(`${this.full_domain}${this.company.stroke_icon ?? ""}`).height(16)
       ];
     } else if (this.company.icon != null) {
       header = [
-        Image(`${this.full_domain}/${this.company.icon}`).frame(20, 40)
+        Image(`${this.full_domain}${this.company.icon ?? ""}`).frame(20, 40)
       ];
     }
     if (header) {
       header = Table(TableRow(...header).wrap(true).center().center_vertical()).margin_bottom(15);
     }
-    return Mail.Mail(Table(TableData(Table(
+    return MailUI.Mail(Table(TableData(Table(
       // Header.
       header,
       // Widget.
@@ -2017,9 +1803,13 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     ).max_width(max_width)).center()).padding(25, 20, 25, 20)).font_family(style.font).background(style.bg);
   }
   // Render payment line items.
+  /** Helper that renders a list of payment line items for use in transactional emails. */
   _render_mail_payment_line_items({ payment, line_items, show_total_due = false }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+    if (!this.payments)
+      throw new Error("Payments not initialized");
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
     const _render_mail_payment_line_item = ({ name, desc, unit_cost, quantity, total_cost, font_weight = "normal", divider = true, color = style.text_fg }) => {
       return [
         Table(TableRow(TableData(Text(name).color(color).font_size(14).text_wrap("wrap").overflow_wrap("break-word").word_wrap("break-word").font_weight(font_weight)).width("25%").margin_right(10), TableData(Text(desc).color(color).font_size(14).text_wrap("wrap").overflow_wrap("break-word").word_wrap("break-word").font_weight(font_weight)).width("35%").margin_right(10), TableData(Text(unit_cost).color(color).font_size(14).text_wrap("wrap").overflow_wrap("break-word").word_wrap("break-word").font_weight(font_weight)).fixed_width("13.32%").margin_right(10), TableData(Text(quantity).color(color).font_size(14).text_wrap("wrap").overflow_wrap("break-word").word_wrap("break-word").font_weight(font_weight)).fixed_width("13.32%").margin_right(10), TableData(Text(total_cost).color(color).font_size(14).text_wrap("wrap").overflow_wrap("break-word").word_wrap("break-word").font_weight(font_weight)).fixed_width("13.32%")).width("100%").styles({ "vertical-align": "baseline" })).width("100%"),
@@ -2033,14 +1823,16 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     let subtotal = 0;
     let subtotal_tax = 0;
     let total = 0;
-    payment.line_items.iterate((item) => {
+    payment.line_items.walk((item) => {
+      if (!this.payments)
+        throw new Error("Payments not initialized");
       if (typeof item.product === "string") {
         item.product = this.payments.get_product_sync(item.product);
       }
       if (currency == null) {
         const c = import_utils.Utils.get_currency_symbol(item.product.currency);
         if (c == null) {
-          error(`Failed to create a payment mail: `, new Error(`Unable to determine the currency of payment "${payment.id}".`));
+          this.log.error(`Failed to create a payment mail: `, new Error(`Unable to determine the currency of payment "${payment.id}".`));
         }
         currency = c ?? "?";
       }
@@ -2069,10 +1861,18 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
       }))
     ];
   }
+  /** Assert mail is configured. */
+  assert_mail() {
+    if (!this.mail) {
+      throw new import_volt.ExternalError({ message: "Mail is not configured." });
+    }
+  }
   // On 2fa mail.
+  /** Build the 2FA verification email content. */
   on_2fa_mail({ code, username, email, date, ip, device }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 400,
       children: [
@@ -2101,9 +1901,11 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On successfull payment mail.
+  /** Build the successful payment email content. */
   on_payment_mail({ payment }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 600,
       children: [
@@ -2115,7 +1917,7 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
         TableRow(Image(`${this.full_domain}/volt_static/payments/party.png`).frame(60, 60).margin(0, 0, 30, 0)).center(),
         // Title.
         TableRow(Title("Order Summary").color(style.subtitle_fg).font_size(18).margin(0)),
-        TableRow(Text("A summary of your order can be found below or in the attachmed invoice pdf.").margin(5, 0, 20, 0).color(style.text_fg).font_size(16)),
+        TableRow(Text("A summary of your order can be found below or in the attached invoice PDF.").margin(5, 0, 20, 0).color(style.text_fg).font_size(16)),
         // Line items.
         this._render_mail_payment_line_items({ payment, line_items: payment.line_items, show_total_due: true }),
         // Bottom spacing.
@@ -2124,16 +1926,18 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On failed payment mail.
+  /** Build the failed payment email content. */
   on_failed_payment_mail({ payment }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 800,
       children: [
         // Title.
         TableRow(Title("Payment Failed").color(style.title_fg).width("fit-content").font_size(26)).center(),
         // Text.
-        TableRow(Text("We regret to inform you that your payment has encountered an issue and could not be processed successfully. We understand the inconvenience this may cause. Please try again, please contact customer support if the problem persists.").margin(10, 0, 20, 0).color(style.text_fg).font_size(16).center()),
+        TableRow(Text("We regret to inform you that your payment could not be processed successfully. We understand the inconvenience this may cause. Please try again, or contact customer support if the problem persists.").margin(10, 0, 20, 0).color(style.text_fg).font_size(16).center()),
         // Image.
         TableRow(ImageMask(`${this.full_domain}/volt_static/payments/error.png`).frame(40, 40).mask_color("#E8454E").margin(0, 0, 30, 0)).center(),
         // Title.
@@ -2147,14 +1951,16 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On cancellation mail.
+  /** Build the successful cancellation email content. */
   on_cancellation_mail({ payment, line_items }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 800,
       children: [
         // Title.
-        TableRow(Title("Successfull Cancellation").color(style.title_fg).width("fit-content").font_size(26)).center(),
+        TableRow(Title("Successful Cancellation").color(style.title_fg).width("fit-content").font_size(26)).center(),
         // Text.
         TableRow(Text("Your recent cancellation request has been successfully processed.").margin(10, 0, 20, 0).color(style.text_fg).font_size(16).center()),
         // Image.
@@ -2170,9 +1976,11 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On refund mail.
+  /** Build the failed cancellation email content. */
   on_failed_cancellation_mail({ payment }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 800,
       children: [
@@ -2193,14 +2001,16 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On refund mail.
+  /** Build the successful refund email content. */
   on_refund_mail({ payment, line_items }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 800,
       children: [
         // Title.
-        TableRow(Title("Successful Refund").color(style.title_fg).width("fit-content").font_size(26)).center(),
+        TableRow(Title("Chargeback Successful").color(style.title_fg).width("fit-content").font_size(26)).center(),
         // Text.
         TableRow(Text("We're delighted to inform you that your recent refund request has been successfully processed. The charged amount will soon be credited back to your account.").margin(10, 0, 20, 0).color(style.text_fg).font_size(16).center()),
         // Image.
@@ -2216,9 +2026,11 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On refund mail.
+  /** Build the failed refund email content. */
   on_failed_refund_mail({ payment, line_items }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 800,
       children: [
@@ -2239,9 +2051,11 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On refund mail.
+  /** Build the successful chargeback email content. */
   on_chargeback_mail({ payment, line_items }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 800,
       children: [
@@ -2253,7 +2067,7 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
         TableRow(Image(`${this.full_domain}/volt_static/payments/party.png`).frame(60, 60).margin(0, 0, 30, 0)).center(),
         // Title.
         TableRow(Title("Chargeback Summary").color(style.subtitle_fg).font_size(18).margin(0)),
-        TableRow(Text("A summary of your refundend products.").margin(5, 0, 20, 0).color(style.text_fg).font_size(16)),
+        TableRow(Text("A summary of the items charged back.").margin(5, 0, 20, 0).color(style.text_fg).font_size(16)),
         // Line items.
         this._render_mail_payment_line_items({ payment, line_items }),
         // Bottom spacing.
@@ -2262,9 +2076,11 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
   // On refund mail.
+  /** Build the failed chargeback email content. */
   on_failed_chargeback_mail({ payment, line_items }) {
-    const style = this.mail_style;
-    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+    this.assert_mail();
+    const style = this.mail.style;
+    const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
     return this._mail_template({
       max_width: 800,
       children: [
@@ -2285,7 +2101,6 @@ ${this.company.street} ${this.company.house_number}, ${this.company.postal_code}
     });
   }
 }
-var stdin_default = Server;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   Server