@vandenberghinc/volt 1.1.26 → 1.1.28

package/backend/dist/esm/{server.js → backend/src/server.js}

@@ -1,19 +1,26 @@
-var __dirname = typeof __dirname !== 'undefined' ? __dirname : import.meta.dirname;
+/**
+ * @author Daan van den Bergh
+ * @copyright © 2022 - 2025 Daan van den Bergh.
+ */
+import { fileURLToPath } from 'url';
+import * as path from 'path';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
 // ---------------------------------------------------------
 // Libraries.
 import * as http from "http";
 import * as http2 from "http2";
 import * as crypto from "crypto";
-import * as nodemailer from 'nodemailer';
-// import * as libcluster from 'cluster';
 import libcluster from 'cluster';
 import * as os from 'os';
+import * as vlib from "@vandenberghinc/vlib";
+const { debug } = vlib;
 // ---------------------------------------------------------
 // Imports.
-import * as vlib from "@vandenberghinc/vlib";
 import { Utils } from "./utils.js";
 import { Meta } from './meta.js';
-import * as Mail from './plugins/mail/ui.js';
+import * as MailUI from './plugins/mail/ui.js';
+import { Mail } from "./plugins/mail/mail.js";
 import { Status } from "./status.js";
 import { Endpoint } from "./endpoint.js";
 import { ImageEndpoint } from "./image_endpoint.js";
@@ -22,475 +29,24 @@ import { Database } from "./database/database.js";
 import { Users } from "./users.js";
 import { Paddle } from "./payments/paddle.js";
 import { RateLimits, RateLimitServer, RateLimitClient } from "./rate_limit.js";
-import { logger } from "./logger.js";
-// import { BrowserPreview } from "./plugins/browser.js";
-const { log, error, warn } = logger;
-const { debug } = vlib;
-// import { ThreadMonitor } from "./plugins/thread_monitor.js";
-// const thread_monitor = new ThreadMonitor()
-// thread_monitor.start();
 import { Route } from "./route.js";
-// ---------------------------------------------------------
-// The server object.
-// @todo redirect to https on http also important for seo.
-// @todo convert throw new Error to frontend errors.
-// @todo figure out with what settings nodejs should be started for heavy servers, for example larger memory size `--max-old-space-size`
-// @todo implement usage of multiple cpu's using lib `cluster`.
-// @todo when rendering pages the user could use a special OptimizeText() function which will be optimized for copy writing and seo when adding loading static files. Quite hard but would be sublime (writesonic is a good platform).
-/*  @docs:
-    @nav: Backend
-    @chapter: Server
-    @title: Server
-    @description:
-        The backend server class.
-        When the https parameters `certificate` and `private_key` are defined, the server will run automatically on http and https.
-    @parameter:
-        @name: production
-        @description: Whether the server is in production more, or in development mode.
-        @type: boolean
-        @required: true
-    @parameter:
-        @name: localhost
-        @description: Wether to run on localhost. This overrides the given `ip` parameter, and makes the `ip` parameter optional.
-        @type: boolean
-    @parameter:
-        @name: ip
-        @description: The ip where the server will run on.
-        @type: string
-        @required: true
-    @parameter:
-        @name: port
-        @description: The port where the server will run on. Leave the port `null` to run on port `80` for http and on port `443` for https.
-        @type: number
-    @parameter:
-        @name: tls
-        @description: The tls settings for HTTPS.
-        @type: object
-        @attribute:
-            @name: cert
-            @description: The path to the certificate.
-            @type: string
-        @attribute:
-            @name: key
-            @description: The path to the private key file.
-            @type: string
-        @attribute:
-            @name: ca
-            @description: The path to the ca bundle file.
-            @type: null, string
-        @attribute:
-            @name: passphrase
-            @description: The passphrase of the private key.
-            @type: string
-    @parameter:
-        @name: domain
-        @description: The full domain url without `http://` or `https://`.
-        @type: string
-        @required: true
-    @parameter:
-        @name: source
-        @description: The path to the source directory of your website. This may either be the source directory of your code, or the source directory where files will be stored for your website.
-        @type: string
-        @required: true
-    @parameter:
-        @name: is_primary
-        @description: Used to indicate if the current server is the primary node.
-        @type: string
-        @required: true
-    @parameter:
-        @name: statics
-        @description: Array with paths to static directories or static directory objects.
-        @type: string[], vlib.Path[], StaticDirectory
-        @required: true
-        @attributes_type: StaticDirectory
-        @attr:
-            @name: path
-            @descr: The path to the static directory or file.
-            @required: true
-        @attr:
-            @name: endpoint
-            @descr: The base endpoint of the static directory, by default the path's name will be used.
-            @required: false
-        @attr:
-            @name: cache
-            @descr: Enable caching for the static endpoints, this value will be used for parameter `Endpoint.cache`.
-            @type: boolean | number
-            @default: true
-            @required: false
-        @attr:
-            @name: endpoints_cache
-            @descr: This attribute can be used to define a specific cache policy per endpoint from this static directory. Must be formatted as `{<endpoint>: <cache>}`, the cache value will be used for parameter `Endpoint.cache`.
-            @default: {}
-            @required: false
-        @attr:
-            @name: exclude
-            @descr: An array of paths to exlude. The array may contain regexes.
-            @default: {}
-            @required: false
-    @parameter:
-        @name: database
-        @description:
-            The database settings.
-        @type: string, object, boolean
-        @required: true
-    @parameter:
-        @name: default_headers
-        @description: Used to override the default headers generated by volt. Leave parameter `default_headers` as `null` to let volt automatically generate the default headers.
-        @type: object
-    @parameter:
-        @name: favicon
-        @description: The path to the favicon.
-        @type: string
-    @parameter:
-        @name: token_expiration
-        @description: The token a sign in token will be valid in seconds.
-        @type: number
-    @parameter:
-        @name: enable_2fa
-        @description: Enable 2fa for user authentication.
-        @type: boolean
-        @required: true
-    @parameter:
-        @name: enable_account_activation
-        @description: Enable account activation by email after a user signs up.
-        @type: boolean
-        @required: true
-    @parameter:
-        @name: meta
-        @description: The default meta object.
-        @type: object, volt.Meta
-    @parameter:
-        @name: company
-        @type: object
-        @description: Your company information.
-        @attribute:
-            @name: name
-            @type: string
-            @required: true
-            @description: The name of your company.
-        @attribute:
-            @name: legal_name
-            @type: string
-            @required: true
-            @description: The legal name of your company.
-        @attribute:
-            @name: street
-            @type: string
-            @required: true
-            @description: The street name of your company's address.
-        @attribute:
-            @name: house_number
-            @type: string
-            @required: true
-            @description: The house number or house name of your company's address.
-        @attribute:
-            @name: postal_code
-            @type: string
-            @required: true
-            @description: The postal code or zip code of your company's address.
-        @attribute:
-            @name: city
-            @type: string
-            @required: true
-            @description: The city of your company's address.
-        @attribute:
-            @name: province
-            @type: string
-            @required: true
-            @description: The province or state of your company's address.
-        @attribute:
-            @name: country
-            @type: string
-            @required: true
-            @description: The country name of your company's address.
-        @attribute:
-            @name: country_code
-            @type: string
-            @required: true
-            @description: The two-letter ISO country code of your company's location.
-        @attribute:
-            @name: tax_id
-            @type: string
-            @required: false
-            @description: The tax id of your company.
-        @attribute:
-            @name: type
-            @type: string
-            @description: The type of company.
-        @attribute:
-            @name: icon
-            @type: string
-            @required: true
-            @description: The endpoint url path of your company's icon, png format. This must be an endpoint url since access to the file path is also required for creating invoices.
-        @attribute:
-            @name: stroke_icon
-            @type: string
-            @required: true
-            @description: The endpoint url path of your company's stroke icon, png format. In payment invoices the stroke icon precedes the default icon. This must be an endpoint url since access to the file path is also required for creating invoices.
-    @parameter:
-        @name: smtp
-        @description:
-            The smpt arguments object.
-            More information about the arguments can be found at the nodemailer <Link https://nodemailer.com/smtp/>documentation</Link>.
-        @type: object
-        @attribute:
-            @name: sender
-            @description:
-                The smtp sender address may either be a string with the email address, e.g. `your@email.com`.
-                Or an array with the sender name and email address, e.g. `["Sender", "your@email.com"]`.
-            @type: string, array
-        @attribute:
-            @name: host
-            @description: The mail server's host address.
-            @type: string
-        @attribute:
-            @name: port
-            @description: The mail server's port.
-            @type: number
-        @attribute:
-            @name: secure
-            @description: Enable secure options.
-            @type: boolean
-        @attr:
-            @name: auth
-            @description: The authentication settings.
-            @type: object
-            @attribute:
-                @name: user
-                @description: The email used for authentication.
-                @type: string
-            @attribute:
-                @name: pass
-                @description: The password used for authentication.
-                @type: string
-    @parameter:
-        @name: payments
-        @type: object
-        @description: The arguments for the payment class. The `type` attribute is used to indicate the payment provider, the other attributes are arguments for the payment class <Link #Paddle>Paddle</Link>.
-        @attribute:
-            @name: type
-            @type: string
-            @description: The payment provider name.
-            @required: true
-            @enum:
-                @value: paddle
-                @desc: Payment provider Paddle.
-    @parameter:
-        @name: google_tag
-        @description: The google tag id.
-        @type: string
-    @parameter:
-        @name: mail_style
-        @description: The mail settings to customize automatically generated mails.
-        @type: object
-        @attribute:
-            @name: font
-            @description: The font family.
-            @type: string
-        @attribute:
-            @name: button_bg
-            @description: The background color of the button's in your mails.
-            @type: string
-    @parameter:
-        @name: offline
-        @description: Boolean indicating if the development server is being run offline.
-        @type: boolean
-    @parameter:
-        @name: multiprocessing
-        @description: Enable multiprocessing when in production mode.
-        @type: boolean
-        @def: true
-    @parameter:
-        @name: processes
-        @description: The number of processes when multiprocessing is enabled. By default the number of CPU's will be used for the amount of processes.
-        @type: null, number
-        @def: null
-    @parameter:
-        @name: rate_limit
-        @description:
-            The rate limit server and client settings. Rate limiting works with a centralizer websocket server and secondary clients.
-        @type: object
-        @required: false
-        @attribute:
-            @name: server
-            @type: object
-            @description:
-                The server configuration.
-
-                By default the primary server instance will start the rate limit service.
-
-                However, when parameter `rate_limit.server` is `false`. All rate limit instances will use a client to connect to an already running rate limit instance. If so, you must manually set up this rate limt server.
-            @attribute:
-                @name: ip
-                @description:
-                    The ip to which the rate limiting server will bind. By default the rate limit server will run on localhost only.
-                @type: null, string
-            @attribute:
-                @name: port
-                @description:
-                    The port to which the rate limiting server will bind. The default port is `51234`.
-                @type: number
-                @def: 51234
-            @attribute:
-                @name: https
-                @description:
-                    To enable https on the server you must define a `https.createServer` configuration. Otherwise, the rate limit server will run on http.
-                @type: null, object
-        @attribute:
-            @name: client
-            @description:
-                The client configuration.
-            @attribute:
-                @name: ip
-                @description:
-                    The ip address of the primary node with the rate limiting server. The primary node is indicated by the `Server.is_primary` parameter.
-
-                    When `Server.is_primary` is true, the rate limiting server will listen on the private ip address of your current machine.
-                @type: null, string
-            @attribute:
-                @name: port
-                @description:
-                    The port of the primary node with the rate limiting server. The default port is `51234`.
-                @type: number
-                @def: 51234
-            @attribute:
-                @name: url
-                @description:
-                    The full websocket url of the server. If defined this takes precedence over parameters `ip` and `port`.
-
-                    This can be useful when `rate_limit.server` is `false`.
-                @type: null, string
-    @parameter:
-        @name: keys
-        @description:
-            The array with names of crypto keys. The keys will be generated and stored in the database when they do not exist. The keys will be accessable as `Server.keys.$name`.
-
-            The array items may be a string representing the name of the key, or an object containing the name and the length of the key.
-        @type: array[string], array[object]
-        @required: false
-        @attribute:
-            @name: name
-            @description:
-                The name of the key.
-            @type: string
-        @attribute:
-            @name: length
-            @description:
-                The length of the key.
-            @type: number
-    @parameter:
-        @name: additional_sitemap_endpoints
-        @description:
-            An array with additional endpoints that will be added to the sitemap. By default all endpoints where attribute `view` is defined will be added the sitemap.
-        @type: array[string]
-    @parameter:
-        @name: daemon
-        @description:
-            The optional settings for the service daemons. The service daemons can be disabled by passing value `false` to parameter `daemon`.
-
-            By default this settings will also partially be used for the database service daemon.
-        @type: object
-        @attr:
-            @name: user
-            @desc: The executing user of the service daemon.
-            @type: string
-        @attr:
-            @name: group
-            @desc: The executing group of the service daemon.
-            @type: string
-        @attr:
-            @name: args
-            @desc: The arguments for the start command.
-            @type: array[string]
-        @attr:
-            @name: env
-            @desc: The environment variables for the service daemon.
-            @type: object
-        @attr:
-            @name: description
-            @desc: The description of the service daemon.
-            @type: string
-        @attr:
-            @name: logs
-            @desc: The path to the log file.
-            @type: string
-        @attr:
-            @name: errors
-            @desc: The path to the error log file.
-            @type: string
-    @parameter:
-        @name: admin
-        @description:
-            Administrator settings used for protected administrator endpoints.
-        @type: object
-        @attr:
-            @name: password
-            @desc: The password used for administrator endpoints.
-            @type: string
-        @attr:
-            @name: ips
-            @desc: IP addresses used by the website administrator. These ip's will be used to create a whitelist for administrator endpoints.
-            @type: string[]
-    @parameter:
-        @name: ts
-        @description:
-            Specify typescript options.
-        @type: object
-        @attr:
-            @name: output
-            @desc: The output directory for typescript endpoint source files.
-            @type: string
-        @attr:
-            @name: compiler_options
-            @desc: The compiler options for the typescript files.
-            @type: object
-            @required: false
-
-    @attribute:
-        @name: users
-        @type: object
-        @attribute:
-            @name: public
-            @type: UIDCollection
-            @desc:
-                The database collection for public data of users.
-                
-                More information about the collection's functions can be found at <Type>UIDCollection</Type>
-            @warning:
-                The authenticated user always has read and write access to all data inside the user's protected directory through the backend rest api. Any other users or unauthenticated users do not have access to this data.
-        @attribute:
-            @name: protected
-            @type: UIDCollection
-            @desc:
-                The database collection for public data of users.
-                
-                More information about the collection's functions can be found at <Type>UIDCollection</Type>
-            @warning:
-                The authenticated user always has read access to all data inside the user's protected directory through the backend rest api. Any other users or unauthenticated users do not have access to this data.
-        @attribute:
-            @name: private
-            @type: UIDCollection
-            @desc:
-                The database collection for public data of users.
-                
-                More information about the collection's functions can be found at <Type>UIDCollection</Type>
-            @note:
-                The user has no read or write access to the private directory.
-    @attribute:
-        @name: storage
-        @type: Collection
-        @desc:
-            The database storage collection for the website's system backend data.
-            
-            More information about the collection's functions can be found at <Type>Collection</Type>
-
+import { ExternalError } from '@vandenberghinc/volt';
+/**
+ * The backend server class.
+ *
+ * When the HTTPS parameters `certificate` and `private_key` are defined, the server will run automatically on HTTP and HTTPS.
+ *
+ * @property users The initialized {@link Users} instance.
  */
 // @tdo implement 3D secure "requires_action" status for a refund and payment intent.
 // https://stripe.com/docs/payments/3d-secure
 // @ts-ignore
 export class Server {
+    // ---------------------------------------------------------
     // Static attributes.
-    static content_type_mimes = [
+    // ---------------------------------------------------------
+    /** Content type per mime. */
+    static content_type_mimes = new Map([
         [".html", "text/html"],
         [".htm", "text/html"],
         [".shtml", "text/html"],
@@ -500,7 +56,7 @@ export class Server {
         [".jpeg", "image/jpeg"],
         [".jpg", "image/jpeg"],
         [".js", "application/javascript"],
-        [".ts", "application/javascript"],
+        [".ts", "application/typescript"],
         [".atom", "application/atom+xml"],
         [".rss", "application/rss+xml"],
         [".mml", "text/mathml"],
@@ -596,11 +152,9 @@ export class Server {
         [".asf", "video/x-ms-asf"],
         [".wmv", "video/x-ms-wmv"],
         [".avi", "video/x-msvideo"],
-    ];
-    log;
-    warn;
-    error;
-    static compressed_extensions = [
+    ]);
+    /** All file path extensions that are already compressed. */
+    static compressed_extensions = new Set([
         ".png",
         ".jpg",
         ".jpeg",
@@ -609,7 +163,7 @@ export class Server {
         ".bmp",
         ".tiff",
         ".ico",
-        ".svg",
+        // ".svg",
         ".svgz",
         ".mng",
         ".apng",
@@ -638,91 +192,95 @@ export class Server {
         ".mpg",
         ".mpeg",
         ".flv",
-    ];
-    // Instance properties
+    ]);
+    // ---------------------------------------------------------
+    // Attributes.
+    // ---------------------------------------------------------
+    /** The binded ip address. */
     ip;
+    /** The binded http port. */
     port;
+    /** The binded https port. */
     https_port;
+    /** The raw domain. */
     domain;
+    /** The full domain name with http/https depending if tls is enabled. */
     full_domain;
-    source; // vlib.Path type
+    /** The persistent storage source directory. */
+    source;
+    /** Is the primary thread. */
     is_primary;
-    statics;
-    statics_aspect_ratios;
-    favicon;
-    enable_2fa;
-    enable_account_activation;
-    token_expiration;
-    google_tag;
+    /** Is in production mode. */
     production;
-    // public localhost: boolean;
-    multiprocessing;
-    processes;
+    /** The company information. */
     company;
+    /** The default meta information. */
     meta;
-    mail_style;
-    online;
+    /** Is running in offline mode. */
     offline;
-    // private honey_pot_key: string | null;
-    _keys;
-    additional_sitemap_endpoints;
-    log_level;
-    tls;
-    // public admin: AdminConfig;
-    // public ts: TypeScriptConfig;
-    lightweight;
-    performance;
-    csp;
-    default_headers;
-    http;
-    https;
-    endpoints;
-    err_endpoints;
+    /** The database instance. */
     db;
-    _sys_db; // needs to be public for the RateLimit classes.
-    storage;
-    smtp;
-    smtp_sender;
+    /** The rate limit instance. */
     rate_limit;
-    blacklist;
-    _hash_key = null;
+    /** The added endpoints. */
+    endpoints = new Map();
+    /** The added error endpoints. */
+    err_endpoints = new Map();
+    /** A record of keys used for hashing. */
     keys = {};
-    _on_start = [];
-    _on_initialize = [];
-    _on_stop = [];
-    // public browser_preview?: BrowserPreview;
-    daemon;
-    _stop_tscompiler_watcher;
-    users;
-    payments;
+    /** Alias for the `Status` module. */
     status;
+    /** Alias for the `RateLimits` module. */
     rate_limits;
-    logger;
+    /** The file logger. */
+    log;
+    /** The users instance. */
+    users;
+    /** The payments instance. */
+    payments;
+    /** Daemon instance to manage a live daemon. */
+    daemon;
+    /** The mail instance. */
+    mail;
+    // Public for internal use:
+    csp;
+    statics_aspect_ratios;
+    google_tag;
+    rate_limit_api_key;
+    performance;
+    /** The events map @internal */
+    events = new vlib.Events();
+    // Private.
+    favicon;
+    statics;
+    _user_keys_opts;
+    additional_sitemap_endpoints;
+    tls;
+    default_headers;
+    http;
+    https;
+    threading;
+    // Private ollections.
+    _keys_db;
+    _sys_keys_db;
+    _website_status_db;
+    /** Construct a new server instance. */
     constructor({ ip = "127.0.0.1", port, // leave undefined for blank detection.
-    domain, is_primary = true, source, database, statics = [], favicon, company, meta = new Meta(), tls, smtp, mail_style = {
-        font: '"Helvetica", sans-serif',
-        title_fg: "#121B23",
-        subtitle_fg: "#121B23",
-        text_fg: "#1F2F3D",
-        button_fg: "#FFFFFF",
-        footer_fg: "#686B80",
-        bg: "#EEEEEE",
-        widget_bg: "#FFFFFF",
-        widget_border: "#E6E6E6",
-        button_bg: "#1F2F3D",
-        divider_bg: "#706780",
-    }, rate_limit = {
+    domain, is_primary = true, source, database, statics = [], favicon, company, meta = new Meta(), tls, mail, rate_limit = {
         server: {
-            ip: null,
+            ip: undefined,
             port: RateLimitServer.default_port,
-            https: null,
+            https: undefined,
         },
         client: {
-            ip: null,
+            ip: undefined,
             port: RateLimitServer.default_port,
-            url: null,
+            url: undefined,
         },
-    }, keys = [], payments, default_headers, google_tag = undefined, token_expiration = 86400, enable_2fa = false, enable_account_activation = true, production = false, multiprocessing = true, processes, offline = false, additional_sitemap_endpoints = [], log_level = 0, daemon = {}, 
+    }, keys = [], payments, default_headers, google_tag = undefined, users, production = false, threading = {
+        enabled: false,
+        threads: undefined,
+    }, offline = false, additional_sitemap_endpoints = [], log_level = 0, daemon = false,
     // admin = {
     //     password: null,
     //     ips: [],
@@ -732,151 +290,125 @@ export class Server {
     //     output: undefined,
     // },
     // browser_preview = undefined,
-    lightweight = false, }) {
-        // @debug
-        // Async hook for tracking active processes during stop().
-        // const async_resource_map = new Map();
-        // this.async_hook = require('async_hooks').createHook({
-        //     init(async_id, type, trigger_async_id, resource) {
-        //         const ignoredTypes = ['TickObject', 'PROMISE'];
-        //         if (ignoredTypes.includes(type)) {
-        //             return; // Skip logging for these async types
-        //         }
-        //         // Capture the stack trace of the function that initiated the async operation
-        //         const stack = new Error("SKIPAFTER").stack.split("SKIPAFTER")[1].trim();
-        //         // Log async_id and initiating function call stack
-        //         // console.log(`Init async_id: ${async_id}`)
-        //         // console.log(`Init async_id: ${async_id}, type: ${type}, trigger: ${trigger_async_id}\nStack: ${stack}`);
-        //         // Store the async resource and stack trace
-        //         async_resource_map.set(async_id, { type, stack });
+     }) {
+        // // Verify args.
+        // vlib.schema.validate(arguments[0], {
+        //     throw: true,
+        //     error_prefix: "Server: ", unknown: false,
+        //     schema: {
+        //         ip: { type: "string", required: false },
+        //         port: { type: "number", required: false },
+        //         domain: "string",
+        //         statics: { type: "array", default: [] },
+        //         is_primary: { type: "boolean", default: true },
+        //         source: "string",
+        //         database: {
+        //             type: ["string", "object"],
+        //             required: true,
+        //             scheme: { ...(Database.constructor_scheme as any), _server: undefined },
+        //         },
+        //         favicon: { type: "string", required: false },
+        //         company: {
+        //             type: "object",
+        //             default: {},
+        //             scheme: {
+        //                 name: "string",
+        //                 legal_name: "string",
+        //                 street: "string",
+        //                 house_number: "string",
+        //                 postal_code: "string",
+        //                 city: "string",
+        //                 province: "string",
+        //                 country: "string",
+        //                 country_code: "string",
+        //                 tax_id: { type: "string", default: null },
+        //                 icon: { type: "string", default: null },
+        //                 icon_path: { type: "string", default: null },
+        //                 stroke_icon: { type: "string", default: null },
+        //                 stroke_icon_path: { type: "string", default: null },
+        //             }
+        //         },
+        //         meta: { type: "object", required: false },
+        //         tls: {
+        //             type: ["object"],
+        //             required: false,
+        //             scheme: {
+        //                 cert: "string",
+        //                 key: "string",
+        //                 ca: { type: "string", default: null },
+        //                 passphrase: { type: "string", default: null },
+        //             }
+        //         },
+        //         rate_limit: {
+        //             type: ["boolean", "object"],
+        //             default: false,
+        //             scheme: {
+        //                 server: {
+        //                     type: "object", default: {}, scheme: {
+        //                         ip: { type: "string", default: null },
+        //                         port: { type: "number", default: RateLimitServer.default_port },
+        //                         https: { type: "object", default: null },
+        //                     }
+        //                 },
+        //                 client: {
+        //                     type: "object", default: {}, scheme: {
+        //                         ip: { type: "string", default: null },
+        //                         port: { type: "number", default: RateLimitServer.default_port },
+        //                         url: { type: "string", default: null },
+        //                     }
+        //                 },
+        //             },
+        //         },
+        //         keys: { type: "array", default: [] },
+        //         smtp: { type: ["null", "object"], required: false },
+        //         mail_style: {
+        //             type: "object",
+        //             required: false,
+        //             scheme: {
+        //                 font: { type: "string", default: '"Helvetica", sans-serif' },
+        //                 title_fg: { type: "string", default: "#121B23" },
+        //                 subtitle_fg: { type: "string", default: "#121B23" },
+        //                 text_fg: { type: "string", default: "#1F2F3D" },
+        //                 button_fg: { type: "string", default: "#FFFFFF" },
+        //                 footer_fg: { type: "string", default: "#686B80" },
+        //                 bg: { type: "string", default: "#EEEEEE" },
+        //                 widget_bg: { type: "string", default: "#FFFFFF" },
+        //                 button_bg: { type: "string", default: "#421959" },
+        //                 widget_border: { type: "string", default: "#E6E6E6" },
+        //                 divider_bg: { type: "string", default: "#E6E6E6" },
+        //             }
+        //         },
+        //         payments: { type: ["null", "object"], required: false },
+        //         default_headers: { type: ["null", "object"], required: false },
+        //         google_tag: { type: "string", required: false },
+        //         token_expiration: { type: "number", required: false },
+        //         enable_2fa: { type: "boolean", required: false },
+        //         enable_account_activation: { type: "boolean", required: false },
+        //         production: { type: "boolean", required: false },
+        //         multiprocessing: { type: "boolean", required: false, default: true },
+        //         processes: { type: "number", required: false, default: null },
+        //         offline: { type: "boolean", default: false },
+        //         additional_sitemap_endpoints: { type: "array", default: [] },
+        //         log_level: { type: "number", default: 0 },
+        //         daemon: { type: ["object", "boolean"], default: {} },
+        //         // admin: {type: "object", default: {}, attributes: {
+        //         //     ips: {type: "array", default: []},
+        //         //     password: {
+        //         //         type: "string",
+        //         //         verify: (param: string, attrs) => (param.length < 10 ? `Parameter "Server.admin.password" must have a length of at least 10 characters.` : undefined),
+        //         //     },
+        //         // }},
+        //         // ts: {
+        //         //     type: "object",
+        //         //     required: false,
+        //         //     scheme: {
+        //         //         compiler_opts: {type: "object", default: {}},
+        //         //         output: "string",
+        //         //     },
+        //         // },
+        //         // browser_preview: {type: ["string", "undefined"], required: false, default: undefined},
         //     },
-        //     destroy(async_id) {
-        //         // When an async resource is destroyed, remove it from the map
-        //         // console.log(`Destroy async_id: ${async_id}`);
-        //         async_resource_map.delete(async_id);
-        //     },
-        //     // before(async_id) {
-        //     //     console.log(`Before async_id: ${async_id}`);
-        //     // },
-        //     // after(async_id) {
-        //     //     console.log(`After async_id: ${async_id}`);
-        //     // },
-        // })
-        // this.async_hook.resource_map = async_resource_map;
-        // this.async_hook.enable();
-        // Verify args.
-        vlib.Scheme.validate(arguments[0], { err_prefix: "Server: ", strict: true, scheme: {
-                ip: { type: "string", required: false },
-                port: { type: "number", required: false },
-                domain: "string",
-                statics: { type: "array", default: [] },
-                is_primary: { type: "boolean", default: true },
-                source: "string",
-                database: {
-                    type: ["string", "object"],
-                    required: false,
-                    scheme: { ...Database.constructor_scheme, _server: undefined },
-                },
-                favicon: { type: "string", required: false },
-                // honey_pot_key: {type: "string", default: null},
-                company: {
-                    type: "object",
-                    default: {},
-                    scheme: {
-                        name: "string",
-                        legal_name: "string",
-                        street: "string",
-                        house_number: "string",
-                        postal_code: "string",
-                        city: "string",
-                        province: "string",
-                        country: "string",
-                        country_code: "string",
-                        tax_id: { type: "string", default: null },
-                        icon: { type: "string", default: null },
-                        icon_path: { type: "string", default: null },
-                        stroke_icon: { type: "string", default: null },
-                        stroke_icon_path: { type: "string", default: null },
-                    }
-                },
-                meta: { type: "object", required: false },
-                tls: {
-                    type: ["object"],
-                    required: false,
-                    scheme: {
-                        cert: "string",
-                        key: "string",
-                        ca: { type: "string", default: null },
-                        passphrase: { type: "string", default: null },
-                    }
-                },
-                rate_limit: {
-                    type: ["boolean", "object"],
-                    default: false,
-                    scheme: {
-                        server: { type: "object", default: {}, scheme: {
-                                ip: { type: "string", default: null },
-                                port: { type: "number", default: RateLimitServer.default_port },
-                                https: { type: "object", default: null },
-                            } },
-                        client: { type: "object", default: {}, scheme: {
-                                ip: { type: "string", default: null },
-                                port: { type: "number", default: RateLimitServer.default_port },
-                                url: { type: "string", default: null },
-                            } },
-                    },
-                },
-                keys: { type: "array", default: [] },
-                smtp: { type: ["null", "object"], required: false },
-                mail_style: {
-                    type: "object",
-                    required: false,
-                    scheme: {
-                        font: { type: "string", default: '"Helvetica", sans-serif' },
-                        title_fg: { type: "string", default: "#121B23" },
-                        subtitle_fg: { type: "string", default: "#121B23" },
-                        text_fg: { type: "string", default: "#1F2F3D" },
-                        button_fg: { type: "string", default: "#FFFFFF" },
-                        footer_fg: { type: "string", default: "#686B80" },
-                        bg: { type: "string", default: "#EEEEEE" },
-                        widget_bg: { type: "string", default: "#FFFFFF" },
-                        button_bg: { type: "string", default: "#421959" },
-                        widget_border: { type: "string", default: "#E6E6E6" },
-                        divider_bg: { type: "string", default: "#E6E6E6" },
-                    }
-                },
-                payments: { type: ["null", "object"], required: false },
-                default_headers: { type: ["null", "object"], required: false },
-                google_tag: { type: "string", required: false },
-                token_expiration: { type: "number", required: false },
-                enable_2fa: { type: "boolean", required: false },
-                enable_account_activation: { type: "boolean", required: false },
-                production: { type: "boolean", required: false },
-                // localhost: { type: "boolean", required: false },
-                multiprocessing: { type: "boolean", required: false, default: true },
-                processes: { type: "number", required: false, default: null },
-                offline: { type: "boolean", default: false },
-                additional_sitemap_endpoints: { type: "array", default: [] },
-                log_level: { type: "number", default: 0 },
-                daemon: { type: ["object", "boolean"], default: {} },
-                // admin: {type: "object", default: {}, attributes: {
-                //     ips: {type: "array", default: []},
-                //     password: {
-                //         type: "string",
-                //         verify: (param: string, attrs) => (param.length < 10 ? `Parameter "Server.admin.password" must have a length of at least 10 characters.` : undefined),
-                //     },
-                // }},
-                // ts: {
-                //     type: "object",
-                //     required: false,
-                //     scheme: {
-                //         compiler_opts: {type: "object", default: {}},
-                //         output: "string",
-                //     },
-                // },
-                // browser_preview: {type: ["string", "undefined"], required: false, default: undefined},
-                lightweight: { type: "boolean", required: false },
-            } });
+        // });
         // Assign attributes directly.
         if (production || port == null) {
             this.port = 80;
@@ -890,35 +422,41 @@ export class Server {
         this.is_primary = is_primary && libcluster.isPrimary;
         this.source = new vlib.Path(source);
         this.favicon = favicon;
-        this.enable_2fa = enable_2fa;
-        this.enable_account_activation = enable_account_activation;
-        this.token_expiration = token_expiration;
         this.google_tag = google_tag;
         this.production = production;
-        // this.localhost = localhost;
-        this.lightweight = lightweight;
-        this.multiprocessing = multiprocessing;
-        this.processes = processes == null ? os.cpus().length : processes;
         this.company = company;
-        this.mail_style = mail_style;
         this.offline = offline;
-        this.online = !offline;
-        // this.honey_pot_key = honey_pot_key;
-        this._keys = keys;
+        this._user_keys_opts = keys;
         this.additional_sitemap_endpoints = additional_sitemap_endpoints;
-        this.log_level = log_level;
         this.tls = tls;
         // this.admin = admin as AdminConfig;
-        // this.ts = ts as TypeScriptConfig;
-        this.endpoints = new Map();
-        this.err_endpoints = new Map();
-        /* @performance */ this.performance = new vlib.Performance("Server performance");
-        // Assign objects to server so it is easy to access.
+        // Set threading.
+        if (typeof threading === "boolean") {
+            this.threading = {
+                enabled: threading,
+                threads: os.cpus().length,
+            };
+        }
+        else {
+            this.threading = {
+                enabled: threading.enabled ?? true,
+                threads: threading.threads ?? os.cpus().length,
+            };
+        }
+        // Module aliases.
         this.status = Status;
-        this.logger = logger;
         this.rate_limits = RateLimits;
-        // Add global rate limit.
-        this.rate_limits.add({ group: "global", interval: 60, limit: 1000 });
+        /* @performance */ this.performance = new vlib.Performance("Server performance");
+        // Create logs directory.
+        const log_source = this.source.join("logs");
+        if (!log_source.exists()) {
+            log_source.mkdir_sync({ recursive: true });
+        }
+        this.log = new vlib.logging.FileLogger({
+            level: log_level,
+            log_path: log_source.join("logs").str(),
+            error_path: log_source.join("errors").str(),
+        });
         // Check source.
         if (!this.source.exists()) {
             throw Error(`Source directory "${this.source.str()}" does not exist.`);
@@ -930,9 +468,9 @@ export class Server {
             this.domain = this.domain.substr(0, this.domain.length - 1);
         }
         // Set full domain.
-        this.full_domain = `http${tls == null || tls.key == null ? "" : "s"}://${domain}`; // also required for Stripe.
-        while (this.full_domain.charAt(this.full_domain.length - 1) === "/") {
-            this.full_domain = this.full_domain.substr(0, this.full_domain.length - 1);
+        this.full_domain = `http${this.tls ? "s" : ""}://${this.domain}`;
+        while (this.full_domain.endsWith("/")) {
+            this.full_domain = this.full_domain.slice(0, -1);
         }
         // Set statics.
         this.statics = statics;
@@ -958,23 +496,43 @@ export class Server {
         this.meta = meta;
         // Default headers.
         const base_default_headers = {
-            "Vary": "Origin",
-            "Referrer-Policy": "same-origin",
+            // Cache correctness for CORS/preflight:
+            "Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
+            // Safer default than same-origin, still keeps useful referrers:
+            "Referrer-Policy": "strict-origin-when-cross-origin",
             "Access-Control-Allow-Methods": "GET, POST, PUT, PATCH, DELETE, OPTIONS",
-            "Access-Control-Allow-Origin": "*",
-            'Access-Control-Allow-Headers': 'Content-Type, Authorization',
-            'Access-Control-Allow-Credentials': 'true',
-            "X-XSS-Protection": "1; mode=block",
+            "Access-Control-Allow-Headers": "Content-Type, Authorization",
+            // Let browsers read our rate-limit hint:
+            "Access-Control-Expose-Headers": "X-RateLimit-Reset",
             "X-Content-Type-Options": "nosniff",
-            "frame-ancestors": 'none',
             "X-Frame-Options": "DENY",
-            "Strict-Transport-Security": "max-age=31536000",
+            // Helpful isolation defaults (safe for most apps):
+            "Cross-Origin-Opener-Policy": "same-origin",
+            "Cross-Origin-Resource-Policy": "same-site",
+            // If you need SharedArrayBuffer, add COEP below (can break some embeds):
+            // "Cross-Origin-Embedder-Policy": "require-corp",
+            "Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload",
+            // Lock down powerful APIs by default.
+            // If you need one on a third-party origin, add it beside (self).
+            "Permissions-Policy": "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=(), hid=(), serial=(), xr-spatial-tracking=(), display-capture=(), screen-wake-lock=(), sync-xhr=(), publickey-credentials-get=(self), encrypted-media=(self), autoplay=(self 'https://www.youtube-nocookie.com') fullscreen=(self 'https://www.youtube-nocookie.com'), browsing-topics=()",
+            // Do NOT set Allow-Origin / Credentials statically; set them per-request below.
+            // "X-XSS-Protection": "1; mode=block", // deprecated
         };
         const default_csp = {
-            "default-src": "'self' https://*.google-analytics.com",
-            "img-src": `'self' http://${this.domain} https://${this.domain} https://*.google-analytics.com https://raw.githubusercontent.com/vandenberghinc/ `,
-            "script-src": "'self' 'unsafe-inline' https://ajax.googleapis.com https://www.googletagmanager.com https://googletagmanager.com https://*.google-analytics.com https://code.jquery.com https://cdn.jsdelivr.net/npm/@vandenberghinc/",
-            "style-src": "'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/@vandenberghinc/",
+            "default-src": "'self'",
+            "base-uri": "'none'",
+            "object-src": "'none'",
+            "form-action": "'self'",
+            "frame-ancestors": "'none'",
+            // Keep GA images; drop explicit http:// to avoid mixed content.
+            "img-src": "'self' data: blob: https://*.google-analytics.com",
+            "script-src": "'self' https://ajax.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com",
+            // Needed for GA/GTAG beacons/fetch:
+            "connect-src": "'self' https://*.google-analytics.com",
+            "style-src": "'self'",
+            "font-src": "'self' data:",
+            // Auto-upgrade stray http URLs where possible:
+            "upgrade-insecure-requests": "",
         };
         if (default_headers == null) {
             this.csp = default_csp;
@@ -992,6 +550,10 @@ export class Server {
             });
             this.default_headers = default_headers;
         }
+        if (!this.tls) {
+            // Always drop HSTS if TLS is not active.
+            delete this.default_headers["Strict-Transport-Security"];
+        }
         // Initialize payments.
         if (payments) {
             if (payments.type === "paddle") {
@@ -1004,60 +566,56 @@ export class Server {
                 throw Error(`Invalid payment processor type "${payments.type}", valid types are ["paddle"].`);
             }
         }
-        // Define your list of endpoints
-        this.endpoints = new Map();
-        this.err_endpoints = new Map();
-        // Browser preview.
-        // if (browser_preview) {
-        //     this.browser_preview = new BrowserPreview(browser_preview);
-        // }
-        // Create logs directory.
-        const log_source = this.source.join("logs");
-        if (!log_source.exists()) {
-            log_source.mkdir_sync();
-        }
-        // Configure the logger.
-        logger.log_level.set(this.log_level);
-        if (daemon === false) {
-            logger.assign_paths(log_source.join("logs").str(), log_source.join("errors").str());
-        }
-        this.log = logger.log.bind(logger);
-        this.warn = logger.warn.bind(logger);
-        this.error = logger.error.bind(logger);
         // Initialize the service daemon.
         // Must be initialized before initializing the database.
         if (daemon !== false) {
             const log_source = this.source.join("daemon");
             if (!log_source.exists()) {
-                log_source.mkdir_sync();
+                log_source.mkdir_sync({ recursive: true });
             }
             this.daemon = new vlib.Daemon({
                 name: this.domain.replaceAll(".", ""),
-                user: daemon.user || os.userInfo().username,
-                group: daemon.group || null,
-                command: "volt --service --start",
-                cwd: this.source.str(),
-                args: daemon.args || [],
-                env: daemon.env || {},
-                description: daemon.description || `Service daemon for website ${this.domain}.`,
-                auto_restart: true,
                 logs: daemon.logs || log_source.join("logs").str(),
                 errors: daemon.errors || log_source.join("errors").str(),
+                ...daemon,
+                // user: (daemon as Record<string, any>).user || os.userInfo().username,
+                // group: (daemon as Record<string, any>).group || null,
+                // command: "volt --service --start",
+                // cwd: this.source.str(),
+                // args: (daemon as Record<string, any>).args || [],
+                // env: (daemon as Record<string, any>).env || {},
+                // description: (daemon as Record<string, any>).description || `Service daemon for website ${this.domain}.`,
+                // auto_restart: true,
             });
         }
         // Initialize the database class.
         if (typeof database === "string") {
             this.db = new Database({ uri: database, _server: this });
         }
-        else if (database != null) {
+        else {
             this.db = new Database({ ...database, _server: this });
         }
+        // Database collections.
+        this._keys_db = this.db.collection({
+            name: "Volt.Keys",
+            indexes: ["id"],
+        });
+        this._sys_keys_db = this.db.collection({
+            name: "Volt.SystemKeys",
+            indexes: ["id"],
+        });
+        this._website_status_db = this.db.collection({
+            name: "Volt.WebsiteStatus",
+            indexes: ["id"],
+        });
         // Initialize the users class.
-        this.users = new Users(this);
-        // The smtp instance.
-        if (smtp) {
-            this.smtp_sender = smtp.sender;
-            this.smtp = nodemailer.createTransport(smtp);
+        this.users = new Users({
+            ...users,
+            _server: this,
+        });
+        // The mail instance.
+        if (mail) {
+            this.mail = new Mail(mail);
         }
         // The rate limit server/client.
         if (rate_limit) {
@@ -1071,51 +629,39 @@ export class Server {
                 this.rate_limit = new RateLimitClient({ ...(rate_limit.client ?? {}), _server: this });
             }
         }
-        // Blacklist class.
-        // if (this.honey_pot_key) {
-        //     this.blacklist = new Blacklist({api_key: this.honey_pot_key});
-        // }
     }
     // ---------------------------------------------------------
     // Utils.
-    // Get a content type from an extension.
+    /** Get a content type (MIME) from a file extension. */
     get_content_type(extension) {
-        let content_type = Server.content_type_mimes.find((item) => {
-            if (item[0] == extension) {
-                return item[1];
-            }
-        })?.[1];
-        if (content_type == null) {
-            content_type = "application/octet-stream";
-        }
-        return content_type;
+        return Server.content_type_mimes.get(extension.toLowerCase()) ?? "application/octet-stream";
     }
-    // Set log level.
+    /** Set the logging verbosity level. */
     set_log_level(level) {
-        this.log_level = level;
-        logger.log_level.set(level);
+        this.log.level.set(level);
     }
     // ---------------------------------------------------------
     // Crypto (private).
-    // Generate a crypto key.
+    /** Generate a cryptographically secure random key as a hex string. */
     generate_crypto_key(length = 32) {
         return crypto.randomBytes(length).toString('hex');
     }
-    // Create a sha hmac with the master key.
+    /** Create an HMAC hash using the provided key and data. */
     hmac(key, data, algo = "sha256") {
         const hmac = crypto.createHmac(algo, key);
         hmac.update(data);
         return hmac.digest("hex");
     }
-    _hmac(data) {
-        if (!this._hash_key) {
-            throw new Error("Hash key not initialized");
-        }
-        const hmac = crypto.createHmac("sha256", this._hash_key);
-        hmac.update(data);
-        return hmac.digest("hex");
-    }
-    // Hash without a key.
+    // /** Create an HMAC hash using the server's master hash key. */
+    // hmac_with_master(data: string): string {
+    //     if (!this._master_hash_key) {
+    //         throw new Error("Hash key not initialized");
+    //     }
+    //     const hmac = crypto.createHmac("sha256", this._master_hash_key);
+    //     hmac.update(data);
+    //     return hmac.digest("hex");
+    // }
+    /** Create a hash (no key) of the given data using the specified algorithm. */
     hash(data, algo = "sha256") {
         if (typeof data !== "string") {
             data = JSON.stringify(data);
@@ -1140,6 +686,26 @@ export class Server {
     // Add header defaults.
     _set_header_defaults(stream) {
         stream.set_headers(this.default_headers);
+        const origin = stream.headers.origin;
+        if (origin) {
+            const same_http = `http://${this.domain}`;
+            const same_https = `https://${this.domain}`;
+            if (origin === same_http || origin === same_https) {
+                stream.set_header("Access-Control-Allow-Origin", origin);
+                stream.set_header("Access-Control-Allow-Credentials", "true");
+            }
+            else {
+                stream.set_header("Access-Control-Allow-Origin", "*");
+                // Do not send Access-Control-Allow-Credentials with a wildcard origin.
+            }
+            // Improve preflight reflection for caches and correctness.
+            const req_hdrs = stream.headers["access-control-request-headers"];
+            if (req_hdrs)
+                stream.set_header("Access-Control-Allow-Headers", String(req_hdrs));
+            const req_method = stream.headers["access-control-request-method"];
+            if (req_method)
+                stream.set_header("Access-Control-Allow-Methods", String(req_method));
+        }
     }
     _find_endpoint(endpoint, method) {
         let route;
@@ -1175,13 +741,13 @@ export class Server {
                 data: favicon.load_sync({ type: "buffer" }),
                 content_type: this.get_content_type(favicon.extension()),
                 _is_static: true,
-                _server: this,
+                server: this,
             });
         }
         // Create status endpoint.
         const status_dir = this.source.join(".status");
         if (!status_dir.exists()) {
-            status_dir.mkdir_sync();
+            status_dir.mkdir_sync({ recursive: true });
         }
         const status_key_path = status_dir.join("key");
         let status_key;
@@ -1218,9 +784,10 @@ export class Server {
                     status.https_port = this.https_port;
                 }
                 // Load data.
-                const data = await this._sys_db.load("status", {
+                const data = await this._website_status_db.load({ id: "status" }, {
                     default: {
-                        running_since: null,
+                        id: "status",
+                        running_since: undefined,
                         running_threads: 0,
                         total_threads: 0,
                     }
@@ -1261,16 +828,18 @@ export class Server {
     // Create the sitemap endpoint.
     async _create_sitemap() {
         // Logs.
-        if (this.lightweight) {
-            return;
-        }
-        log(2, "Creating sitemap.");
+        this.log(2, "Creating sitemap.");
         let sitemap = "";
         sitemap += "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
         sitemap += "<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\n";
         for (const endpoint of this.endpoints.values()) {
             if (endpoint.allow_sitemap) {
-                sitemap += `<url>\n   <loc>${this.full_domain}/${endpoint.route.endpoint_str}</loc>\n</url>\n`; // @todo not compatiable with regex endpoints
+                if (endpoint.route.is_regex)
+                    continue; // skip regex routes
+                const ep = encodeURI(endpoint.route.endpoint_str.startsWith("/")
+                    ? endpoint.route.endpoint_str
+                    : `/${endpoint.route.endpoint_str}`);
+                sitemap += `<url>\n   <loc>${this.full_domain}${ep}</loc>\n</url>\n`;
             }
         }
         this.additional_sitemap_endpoints.forEach((endpoint) => {
@@ -1291,10 +860,7 @@ export class Server {
     // Create the robots.txt endpoint.
     async _create_robots_txt() {
         // Logs.
-        if (this.lightweight) {
-            return;
-        }
-        log(2, "Creating robots.txt.");
+        this.log(2, "Creating robots.txt.");
         // Proceed.
         let robots = "User-agent: *\n";
         let disallowed = 0;
@@ -1321,8 +887,7 @@ export class Server {
     /* private _create_admin_endpoint(): void {
 
         // Logs.
-        if (this.lightweight) { return; }
-        log(2, "Creating admin endpoint.");
+        this.log(2, "Creating admin endpoint.");
 
         // Add admin tokens.
         this.admin.tokens = [];
@@ -1358,7 +923,7 @@ export class Server {
                 password: "string",
             },
             ip_whitelist: this.admin.ips,
-            callback: async (stream: any, params: {password: string}) => {
+            callback: async (stream: Stream, params: {password: string}) => {
                 // Check key.
                 if (params.password !== this.admin.password) {
                     return stream.send({
@@ -1394,7 +959,7 @@ export class Server {
                 token: "string",
             },
             ip_whitelist: this.admin.ips,
-            callback: async (stream: any, params: {token: string}) => {
+            callback: async (stream: Stream, params: {token: string}) => {
                 // Verify token.
                 if (!verify_token(params.token)) {
                     return stream.send({
@@ -1473,7 +1038,7 @@ export class Server {
     // Initialize statics.
     async _initialize_statics() {
         // Logs.
-        log(2, "Initializing static directories.");
+        this.log(2, "Initializing static directories.");
         // Static paths for the file watcher.
         const static_paths = [];
         // Add static file.
@@ -1507,13 +1072,12 @@ export class Server {
                     method: "GET",
                     endpoint,
                     content_type,
-                    compress: !Server.compressed_extensions.includes(path.extension()),
+                    compress: !Server.compressed_extensions.has(path.extension().toLowerCase()),
                     cache,
                     rate_limit: "global",
-                    _static_path: path.str(),
+                    file_path: path,
                     _is_static: true,
-                })
-                    ._load_data_by_path(this));
+                }));
             }
         };
         // Initialize statics.
@@ -1523,9 +1087,10 @@ export class Server {
             }
             if (typeof opts === "object") {
                 // Check object.
-                vlib.Scheme.validate(opts, {
-                    strict: true,
-                    scheme: {
+                vlib.schema.validate(opts, {
+                    unknown: false,
+                    throw: true,
+                    schema: {
                         path: "string",
                         endpoint: { type: "string", default: null },
                         cache: { type: ["boolean", "number"], default: true },
@@ -1534,31 +1099,19 @@ export class Server {
                     }
                 });
                 // Vars.
-                const exclude = [/.*\.DS_Store/, /.*\.cache/, /.*\.old/, /.*\.ignore/, ...opts.exclude || []];
-                const paths = []; // vlib.Path[]
+                const paths = [];
                 const source = new vlib.Path(opts.path).abs();
+                if (!source.exists()) {
+                    this.log(1, `Static path "${source.str()}" does not exist; skipping.`);
+                    return;
+                }
                 const source_len = source.str().length;
                 const is_dir = source.is_dir();
                 // Is excluded.
-                const is_excluded = (path) => {
-                    return exclude.some(pattern => {
-                        if (path instanceof RegExp) {
-                            if (pattern instanceof RegExp) {
-                                return pattern.source === path.source;
-                            }
-                            else {
-                                return path.test(String(pattern));
-                            }
-                        }
-                        else {
-                            if (pattern instanceof RegExp) {
-                                return pattern.test(String(path));
-                            }
-                            else {
-                                return path === pattern;
-                            }
-                        }
-                    });
+                const exclude = [/\.DS_Store$/, /\.cache(?:\/|$)/, /\.old(?:\/|$)/, /\.ignore$/, ...(opts.exclude || [])];
+                const is_excluded = (p) => {
+                    const s = typeof p === "string" ? p : p.str();
+                    return exclude.some(pattern => pattern instanceof RegExp ? pattern.test(s) : s === String(pattern));
                 };
                 // Initialize endpoint.
                 opts.endpoint = opts.endpoint || `/${source.full_name()}`;
@@ -1614,199 +1167,86 @@ export class Server {
         // Response.
         return static_paths;
     }
-    // ---------------------------------------------------------
-    // Server (private).
-    // Initialize.
-    // Initialize.
-    async initialize() {
-        // Logs.
-        log(1, "Initializing server.");
-        /* @performance */ this.performance.start();
-        // Create HTTPS server.
-        if (this.tls) {
-            this.https = http2.createSecureServer({
-                key: new vlib.Path(this.tls.key).load_sync({ encoding: 'utf8' }),
-                cert: new vlib.Path(this.tls.cert).load_sync({ encoding: 'utf8' }),
-                ca: this.tls.ca == null ? undefined : new vlib.Path(this.tls.ca).load_sync({ encoding: 'utf8' }),
-                passphrase: this.tls.passphrase,
-                allowHTTP1: true,
-            }, 
-            // Support for http1.
-            // Does not work, requests get triggered on the stream and on this callback.
-            (req, res) => {
-                if (req.httpVersion.charAt(0) !== "2") {
-                    this._serve(undefined, undefined, req, res);
-                }
-            });
-            this.https.on('stream', (stream, headers) => {
-                this._serve(stream, headers, undefined, undefined);
-            });
-        }
-        // Payments require HTTPS in production.
-        else if (this.production && this.payments) {
-            throw Error("Accepting payments in production mode requires HTTPS.");
-        }
-        // Redirect HTTP requests to HTTPS.
-        if (this.tls) {
-            this.http = http.createServer((request, response) => {
-                response.writeHead(301, { Location: `https://${request.headers.host}${request.url}` });
-                response.end();
-            });
+    /** Initialize the system and user defined keys. */
+    async _initialize_keys() {
+        // Await database initialization.
+        const start = Date.now();
+        await this._db_init_promise;
+        /* @performance */ this.performance.end("_initialize_keys():await-db-init", start);
+        // Load system keys.
+        const sys_keys = await this._sys_keys_db.load({ id: "sys_keys" }, {
+            default: {
+                id: "sys_keys",
+                rate_limit_api_key: undefined,
+            }
+        });
+        let perform_sys_keys_save = false;
+        // Check rate limit api key.
+        if (sys_keys.rate_limit_api_key == null) {
+            this.rate_limit_api_key = this.generate_crypto_key(32);
+            sys_keys.rate_limit_api_key = this.rate_limit_api_key;
+            perform_sys_keys_save = true;
         }
         else {
-            this.http = http.createServer((req, res) => {
-                this._serve(undefined, undefined, req, res);
-            });
+            this.rate_limit_api_key = sys_keys.rate_limit_api_key;
         }
-        /* @performance */ this.performance.end("create-http-server");
-        // Start the database.
-        if (this.db) {
-            await this.db.initialize();
-            /* @performance */ this.performance.end("init-db");
-            // Database collections.
-            this._sys_db = await this.db.collection({
-                name: "Volt.System",
-                indexes: ["_path"],
-            });
-            /* @performance */ this.performance.end("init-sys-collection");
-            // Load keys.
-            const keys_document = await this._sys_db.load("keys");
-            const gen_user_crypto_key = (doc, key) => {
+        // Save.
+        if (perform_sys_keys_save) {
+            await this._sys_keys_db.set({ id: "sys_keys" }, sys_keys);
+        }
+        // Check user defined crypto keys.
+        const user_keys = await this._keys_db.load({ id: "user_keys" }, {
+            default: {
+                id: "user_keys",
+                keys: {},
+            }
+        });
+        let perform_user_keys_save = false;
+        for (const key of this._user_keys_opts) {
+            const name = typeof key === "string" ? key : key.name;
+            if (user_keys[name]) {
+                this.keys[name] = user_keys[name];
+            }
+            else {
+                perform_user_keys_save = true;
                 if (typeof key === "string") {
-                    doc[key] = this.generate_crypto_key(32);
+                    if (!key) {
+                        throw Error(`Crypto key "${key}" is an invalid key name.`);
+                    }
+                    const generated_key = this.generate_crypto_key(32);
+                    user_keys.keys[key] = generated_key;
+                    this.keys[key] = generated_key;
                 }
                 else {
+                    if (!key.name) {
+                        throw Error(`Crypto key "${key.name}" is an invalid key name.`);
+                    }
                     if (key.length == null) {
-                        throw Error(`Crypto key object "${JSON.stringify(key)}" does not contain a "length" attribute.`);
+                        throw Error(`Crypto key "${key.name}" does not contain a "length" attribute.`);
                     }
                     if (typeof key.length !== "number") {
-                        throw Error(`Crypto key object "${JSON.stringify(key)}" has an invalid type fo attribute "length", the valid type is "number".`);
-                    }
-                    if (key.name == null) {
-                        throw Error(`Crypto key object "${JSON.stringify(key)}" does not contain a "name" attribute.`);
-                    }
-                    if (typeof key.name !== "string") {
-                        throw Error(`Crypto key object "${JSON.stringify(key)}" has an invalid type fo attribute "name", the valid type is "string".`);
-                    }
-                    doc[key.name] = this.generate_crypto_key(key.length);
-                    this.keys[key.name] = doc[key.name];
-                }
-            };
-            if (keys_document == null) {
-                this._hash_key = this.generate_crypto_key(32);
-                const doc = {
-                    _master_sha256: this._hash_key,
-                };
-                this._keys.forEach((key) => {
-                    gen_user_crypto_key(doc, key);
-                });
-                await this._sys_db.save("keys", doc);
-            }
-            else {
-                // Check hash key.
-                this._hash_key = keys_document._master_sha256;
-                let perform_save = false;
-                if (this._hash_key === undefined) {
-                    this._hash_key = this.generate_crypto_key(32);
-                    keys_document._master_sha256 = this._hash_key;
-                    perform_save = true;
-                }
-                // Check crypto keys.
-                this._keys.forEach((key) => {
-                    let name = typeof key === "string" ? key : key.name;
-                    if (keys_document[name] == null) {
-                        gen_user_crypto_key(keys_document, key);
-                        perform_save = true;
+                        throw Error(`Crypto key "${key.name}" has an invalid type for attribute "length", the valid type is "number".`);
                     }
-                    this.keys[name] = keys_document[name];
-                });
-                // Save.
-                if (perform_save) {
-                    await this._sys_db.save("keys", keys_document);
-                }
-            }
-            /* @performance */ this.performance.end("load-keys");
-        }
-        // Initialize default headers.
-        this._init_default_headers();
-        /* @performance */ this.performance.end("init-default-headers");
-        // Create default endpoints.
-        this._create_default_endpoints();
-        /* @performance */ this.performance.end("create-default-endpoints");
-        // Create admin endpoints.
-        // this._create_admin_endpoint();
-        // /* @performance */ this.performance.end("create-admin-endpoints");
-        // Create static endpoints.
-        const promises = [];
-        promises.push(this._initialize_statics());
-        // /* @performance */ this.performance.end("create-static-endpoints");
-        // Initialize users.
-        if (this.db) {
-            promises.push(this.users._initialize());
-            // /* @performance */ this.performance.end("init-users");
-        }
-        // Database preview endpoints (only when production mode is disabled).
-        // if (this.db) {
-        //     this.db._initialize_db_preview();
-        //     /* @performance */ this.performance.end("init-db-preview");
-        // }
-        // Payments.
-        if (this.payments !== undefined) {
-            promises.push(this.payments._initialize());
-        }
-        // /* @performance */ this.performance.end("init-payments");
-        // Create sitemap when it does not exist.
-        // Must be done at the end of initialization func since some funcs might still create endpoints.
-        if (this._find_endpoint("sitemap.xml") == null) {
-            promises.push(this._create_sitemap());
-        }
-        // /* @performance */ this.performance.end("create-sitemap");
-        // Create robots.txt when it does not exist.
-        // Must be done at the end of initialization func since some funcs might still create endpoints.
-        if (this._find_endpoint("robots.txt") == null) {
-            promises.push(this._create_robots_txt());
-        }
-        // /* @performance */ this.performance.end("create-robots.txt");
-        // Await all promises.
-        await Promise.all(promises);
-        // Get the icon and stroke icon file paths when defined.
-        if (this.company.stroke_icon || this.company.icon) {
-            for (const endpoint of this.endpoints.values()) {
-                if (this.company.stroke_icon_path == null && endpoint.route.endpoint === this.company.stroke_icon) {
-                    this.company.stroke_icon_path = endpoint._static_path ?? undefined;
+                    const generated_key = this.generate_crypto_key(key.length);
+                    user_keys.keys[key.name] = generated_key;
+                    this.keys[key.name] = generated_key;
                 }
-                if (this.company.icon_path == null && endpoint.route.endpoint === this.company.icon) {
-                    this.company.icon_path = endpoint._static_path ?? undefined;
-                }
-            }
-            if (this.company.stroke_icon != null && this.company.stroke_icon_path == null) {
-                throw Error(`Unable to find the company's stroke icon endpoint "${this.company.stroke_icon}".`);
-            }
-            if (this.company.icon != null && this.company.icon_path == null) {
-                throw Error(`Unable to find the company's icon endpoint "${this.company.icon}".`);
             }
         }
-        // Initialize all endpoints.
-        for (const endpoint of this.endpoints.values()) {
-            endpoint._initialize(this);
-        }
-        for (const endpoint of this.err_endpoints.values()) {
-            endpoint._initialize(this);
-        }
-        // On initialize callbacks.
-        for (const callback of this._on_initialize) {
-            const res = callback();
-            if (res instanceof Promise) {
-                await res;
-            }
+        if (perform_user_keys_save) {
+            await this._keys_db.set({ id: "user_keys" }, user_keys);
         }
     }
     /**
-     * Add callback to be called when the server is initialized.
-     * @param callback The callback to be called when the server is initialized.
+     * Checks if an endpoint route already exists.
+     * @param method    HTTP method
+     * @param endpoint  String path or RegExp
      */
-    on_initialize(callback) {
-        this._on_initialize.append(callback);
+    _check_duplicate_route(route) {
+        const e = this._find_endpoint(route);
+        if (e) {
+            throw new Error(`Duplicate "${route.method}:${route.endpoint_str}" endpoint route, it is already defined by endpoint "${e.id}".`);
+        }
     }
     // Serve a client.
     // @todo implement rate limiting.
@@ -1820,12 +1260,12 @@ export class Server {
             let method;
             let endpoint_url;
             // Log endpoint result.
-            const log_endpoint_result = (message = null, status = null) => {
+            const log_endpoint_result = (message, status) => {
                 let log_level = endpoint && endpoint.is_static ? 3 : 0;
                 if (status == null) {
                     status = stream.status_code;
                 }
-                log(log_level, `${method}:${endpoint_url}: ${message ? message : Status.get_description(status)} [${status}] (${stream.ip}).`);
+                this.log(log_level, `${method}:${endpoint_url}: ${message ? message : Status.get_description(status ?? "unknown")} [${status}] (${stream.ip}).`);
             };
             // Serve error endpoint.
             const serve_error_endpoint = async (status_code) => {
@@ -1874,7 +1314,7 @@ export class Server {
                             await err_endpoint._serve(stream, status_code);
                         }
                         catch (err) {
-                            error(`Error endpoint ${status_code}: `, err);
+                            this.log.error(`Error endpoint ${status_code}: `, err);
                             stream.send(default_response);
                         }
                     }
@@ -1882,30 +1322,31 @@ export class Server {
                 }
             };
             // Check ip against blacklist.
-            if (this.online && this.blacklist !== undefined && !this.blacklist.verify(stream.ip)) {
-                await serve_error_endpoint(403);
-                log_endpoint_result();
-                return;
-            }
+            // if (!this.offline && this.blacklist !== undefined && !this.blacklist.verify(stream.ip)) {
+            //     await serve_error_endpoint(403);
+            //     this.log_endpoint_result();
+            //     return;
+            // }
             // Check if the request matches any of the defined endpoints.
             method = stream.method;
             endpoint_url = stream.endpoint;
             // endpoint = this._find_endpoint(endpoint_url, method);
             // Find endpoint manually so the optional path params can be extracted.
-            log(3, "Searching for endpoint: ", `${method}:${endpoint_url}`);
+            this.log(3, "Searching for endpoint: ", `${method}:${endpoint_url}`);
             endpoint = this.endpoints.get(`${method}:${endpoint_url}`);
             if (!endpoint) {
                 // Check regex endpoints.
                 const route = new Route(method, endpoint_url);
                 for (const e of this.endpoints.values()) {
                     if (e.route.is_regex) {
-                        if (e.route.match(route)) {
-                            log(3, "Matched regex route: ", e.route.id);
+                        const matched_params = e.route.match(route);
+                        if (matched_params !== false) {
+                            this.log(3, "Matched regex route: ", e.route.id);
                             endpoint = e;
                             // insert path params into the stream when not already defined.
-                            Object.keys(route.matched_params).walk((k) => {
+                            Object.keys(matched_params).walk((k) => {
                                 if (stream.params[k] == null) {
-                                    stream.params[k] = route.matched_params[k];
+                                    stream.params[k] = matched_params[k];
                                 }
                             });
                             break;
@@ -1914,7 +1355,7 @@ export class Server {
                 }
             }
             else {
-                log(3, "Matched route: ", endpoint.route.id);
+                this.log(3, "Matched route: ", endpoint.route.id);
             }
             // No endpoint found.
             if (!endpoint) {
@@ -1926,11 +1367,6 @@ export class Server {
                         // Set headers.
                         this._set_header_defaults(stream);
                         original_endpoint._set_headers(stream);
-                        // When any cors origin is allowed and origin is present then respond with that origin.
-                        if (stream.headers.origin && this.default_headers["Access-Control-Allow-Origin"] === "*") {
-                            stream.remove_header("Access-Control-Allow-Origin", "access-control-allow-origin");
-                            stream.set_header("Access-Control-Allow-Origin", stream.headers.origin);
-                        }
                         // Send.
                         stream.send({ status: Status.no_content });
                         log_endpoint_result();
@@ -1947,19 +1383,14 @@ export class Server {
             // Set all headers so we can send options.
             // Set default headers.
             this._set_header_defaults(stream);
-            // When any cors origin is allowed and origin is present then respond with that origin.
-            if (stream.headers.origin && this.default_headers["Access-Control-Allow-Origin"] === "*") {
-                stream.remove_header("Access-Control-Allow-Origin", "access-control-allow-origin");
-                stream.set_header("Access-Control-Allow-Origin", stream.headers.origin);
-            }
             // Serve options request.
             if (method === "OPTIONS") {
                 try {
                     await endpoint._serve_options(stream);
                 }
                 catch (err) {
-                    error(`${method}:${endpoint_url}: `, err);
-                    if (!stream.destroyed && !stream.closed) {
+                    this.log.error(`${method}:${endpoint_url}: `, err);
+                    if (!stream.destroyed && !stream.finished) {
                         await serve_error_endpoint(500);
                         log_endpoint_result();
                     }
@@ -1969,7 +1400,7 @@ export class Server {
                 return;
             }
             // Check rate limit.
-            if (this.online && this.production && this.rate_limit !== undefined && endpoint.rate_limit_groups.length > 0) {
+            if (!this.offline && this.production && this.rate_limit !== undefined && endpoint.rate_limit_groups.length > 0) {
                 const result = await this.rate_limit.limit(stream.ip, endpoint.rate_limit_groups);
                 if (result != null) {
                     stream.send({
@@ -1989,7 +1420,7 @@ export class Server {
                 await stream.join();
             }
             catch (err) {
-                error(`${method}:${endpoint_url}: `, err);
+                this.log.error(`${method}:${endpoint_url}: `, err);
                 await serve_error_endpoint(500);
                 log_endpoint_result();
                 return;
@@ -1998,7 +1429,7 @@ export class Server {
                 stream._parse_params();
             }
             catch (err) {
-                error(`${method}:${endpoint_url}: `, err);
+                this.log.error(`${method}:${endpoint_url}: `, err);
                 await serve_error_endpoint(400);
                 log_endpoint_result();
                 return;
@@ -2011,6 +1442,10 @@ export class Server {
                 if (auth_result != null && !endpoint.is_static) {
                     this.users._reset_cookies(stream);
                 }
+                // When the endpoint has a view or is text/html then redirect to signin page.
+                if (auth_result != null && !endpoint.is_static && (endpoint.view != null || endpoint.content_type === "text/html")) {
+                    stream.set_header("Location", `/signin?next=${encodeURIComponent(stream.endpoint)}`);
+                }
                 // When the endpoint is authenticated and the authentication has failed then send the error response.
                 if (auth_result != null && endpoint.authenticated) {
                     stream.send(auth_result);
@@ -2023,8 +1458,8 @@ export class Server {
                 await endpoint._serve(stream);
             }
             catch (err) {
-                error(`${method}:${endpoint_url}: `, err);
-                if (!stream.destroyed && !stream.closed) {
+                this.log.error(`${method}:${endpoint_url}: `, err);
+                if (!stream.destroyed && !stream.finished) {
                     await serve_error_endpoint(500);
                     log_endpoint_result();
                 }
@@ -2032,7 +1467,7 @@ export class Server {
             }
             // Check if the response has been sent.
             if (!stream.finished) {
-                error(`${method}:${endpoint_url}: `, "Unfinished response.");
+                this.log.error(`${method}:${endpoint_url}: `, "Unfinished response.");
                 await serve_error_endpoint(500);
                 log_endpoint_result();
                 return;
@@ -2041,42 +1476,191 @@ export class Server {
             log_endpoint_result();
         }
         catch (err) {
-            error("Fatal error:", err);
+            this.log.error(err);
         }
     }
     // ---------------------------------------------------------
-    // Server.
-    // Start the server.
-    /*  @docs:
-     *  @title: Start
-     *  @description:
-     *      Start the server.
-     *  @usage:
-     *      ...
-     *      server.start();
-     */
-    async start() {
-        // Always initialize, even when forking.
-        await this.initialize();
-        // On production bundle all view endpoints.
-        if (this.production) {
-            for (const endpoint of this.endpoints.values()) {
-                if (endpoint.view) {
-                    await endpoint.view.ensure_bundle();
-                }
-            }
-        }
-        // Start the rate limiting client/server, also when forking.
-        if (this.db && this.rate_limit) {
-            /* @performance */ this.performance.start();
-            await this.rate_limit.start();
-            /* @performance */ this.performance.end("init-rate-limit");
-        }
-        // Production & Master.
-        let forked = false;
-        if (this.production && this.multiprocessing && libcluster.isPrimary && this.processes > 1) {
-            this.log(0, `Starting ${this.processes} threads.`);
-            // Vars.
+    // Server (private).
+    /** The promise of database initialization and connecting. */
+    _db_init_promise;
+    // Initialize.
+    // Initialize.
+    async initialize() {
+        // Logs.
+        this.log(1, "Initializing server.");
+        /* @performance */ const initialize_start = Date.now();
+        /* @performance */ this.performance.start();
+        // Initialize the database & connect first since this takes the longest.
+        this._db_init_promise = (async () => {
+            /* @performance */ let start = Date.now();
+            await this.db.initialize();
+            /* @performance */ this.performance.end("init-db", start);
+            /* @performance */ start = Date.now();
+            await this.db.connect();
+            /* @performance */ this.performance.end("connect-db", start);
+        })();
+        // Create HTTPS server.
+        if (this.tls) {
+            this.https = http2.createSecureServer({
+                key: new vlib.Path(this.tls.key).load_sync({ encoding: 'utf8' }),
+                cert: new vlib.Path(this.tls.cert).load_sync({ encoding: 'utf8' }),
+                ca: this.tls.ca == null ? undefined : new vlib.Path(this.tls.ca).load_sync({ encoding: 'utf8' }),
+                passphrase: this.tls.passphrase,
+                allowHTTP1: true,
+            });
+            this.https.on('stream', (stream, headers) => {
+                this._serve(stream, headers, undefined, undefined);
+            });
+            // HTTP/1.1 (compatibility 'request' is also emitted for HTTP/2; filter it out)
+            this.https.on("request", (req, res) => {
+                if (req.httpVersionMajor === 1) {
+                    this._serve(undefined, undefined, req, res);
+                }
+            });
+        }
+        // Payments require HTTPS in production.
+        else if (this.production && this.payments) {
+            throw Error("Accepting payments in production mode requires HTTPS.");
+        }
+        /* @performance */ this.performance.end("create-https-server");
+        // Create http server.
+        if (this.tls) {
+            // Redirect HTTP requests to HTTPS.
+            this.http = http.createServer((request, response) => {
+                const reqUrl = typeof request.url === "string" ? request.url : "/";
+                // Build redirect using the canonical configured domain, not the untrusted Host header.
+                const location = `https://${this.domain}${reqUrl}`;
+                // 308 preserves method and body; safe for non-GET as well.
+                response.writeHead(308, { Location: location });
+                response.end();
+            });
+        }
+        else {
+            // Serve http.
+            this.http = http.createServer((req, res) => {
+                this._serve(undefined, undefined, req, res);
+            });
+        }
+        /* @performance */ this.performance.end("create-http-server");
+        // Initialize default headers.
+        this._init_default_headers();
+        /* @performance */ this.performance.end("init-default-headers");
+        // Create default endpoints.
+        this._create_default_endpoints();
+        /* @performance */ this.performance.end("create-default-endpoints");
+        // Create admin endpoints.
+        // this._create_admin_endpoint();
+        // /* @performance */ this.performance.end("create-admin-endpoints");
+        // Create static endpoints.
+        await this._initialize_statics();
+        /* @performance */ this.performance.end("_initialize_statics()");
+        // Add promises using the database.
+        const promises = [];
+        /* @performance */ this.performance.start();
+        // Initialize keys,
+        // uses the database so dont await in non production,
+        // to speed up restarts.
+        if (this.production) {
+            promises.push(this._initialize_keys());
+        }
+        else {
+            this._initialize_keys().then(() => {
+                this.log(1, "Finished loading keys.");
+            }).catch((err) => {
+                this.log(0, `Error while loading keys.`);
+                this.log.error(err);
+            });
+        }
+        // /* @performance */ this.performance.end("load-keys");
+        // Initialize users.
+        promises.push(this.users._initialize());
+        // /* @performance */ this.performance.end("users._initialize()");
+        // Payments.
+        if (this.payments !== undefined) {
+            promises.push(this.payments._initialize());
+            // /* @performance */ this.performance.end("payments._initialize()");
+        }
+        // Create sitemap when it does not exist.
+        // Must be done at the end of initialization func since some funcs might still create endpoints.
+        if (this._find_endpoint("/sitemap.xml") == null) {
+            promises.push(this._create_sitemap());
+            // /* @performance */ this.performance.end("_create_sitemap()");
+        }
+        // Create robots.txt when it does not exist.
+        // Must be done at the end of initialization func since some funcs might still create endpoints.
+        if (this._find_endpoint("/robots.txt") == null) {
+            promises.push(this._create_robots_txt());
+            // /* @performance */ this.performance.end("_create_robots_txt()");
+        }
+        // Get the icon and stroke icon file paths when defined.
+        if (this.company.stroke_icon || this.company.icon) {
+            for (const endpoint of this.endpoints.values()) {
+                if (this.company.stroke_icon_path == null && endpoint.route.endpoint === this.company.stroke_icon) {
+                    this.company.stroke_icon_path = endpoint.file_path?.str() || undefined;
+                }
+                if (this.company.icon_path == null && endpoint.route.endpoint === this.company.icon) {
+                    this.company.icon_path = endpoint.file_path?.str() || undefined;
+                }
+            }
+            if (this.company.stroke_icon != null && this.company.stroke_icon_path == null) {
+                throw Error(`Unable to find the company's stroke icon endpoint "${this.company.stroke_icon}".`);
+            }
+            if (this.company.icon != null && this.company.icon_path == null) {
+                throw Error(`Unable to find the company's icon endpoint "${this.company.icon}".`);
+            }
+        }
+        // Await all promises.
+        await Promise.all(promises);
+        /* @performance */ this.performance.end("awaiting-promise-list");
+        // Initialize all endpoints.
+        this.performance.start();
+        for (const endpoint of this.endpoints.values()) {
+            endpoint._initialize(this);
+        }
+        for (const endpoint of this.err_endpoints.values()) {
+            endpoint._initialize(this);
+        }
+        /* @performance */ this.performance.end("initialize-endpoints");
+        // On initialize callbacks.
+        for (const callback of this.events.get("initialize")) {
+            const res = callback();
+            if (res instanceof Promise) {
+                await res;
+            }
+        }
+        /* @performance */ this.performance.end("on-initialize-callbacks");
+        /* @performance */ this.performance.end("initialize()", initialize_start);
+    }
+    // ---------------------------------------------------------
+    // Server.
+    /**
+     * Start the server.
+     * @example
+     * ...
+     * server.start();
+     */
+    async start() {
+        // Always initialize, even when forking.
+        await this.initialize();
+        // On production bundle all view endpoints.
+        if (this.production) {
+            for (const endpoint of this.endpoints.values()) {
+                if (endpoint.view) {
+                    await endpoint.view.ensure_bundle();
+                }
+            }
+        }
+        // Start the rate limiting client/server, also when forking.
+        if (this.rate_limit) {
+            /* @performance */ this.performance.start();
+            await this.rate_limit.start();
+            /* @performance */ this.performance.end("init-rate-limit");
+        }
+        // Production & Master.
+        let forked = false;
+        if (this.production && this.threading.enabled && libcluster.isPrimary && this.threading.threads > 1) {
+            this.log(0, `Starting ${this.threading.threads} threads.`);
+            // Vars.
             let active_threads = 0;
             const thread_ids = {};
             const restart_limiters = {};
@@ -2085,14 +1669,14 @@ export class Server {
                 // Fork.
                 const worker = libcluster.fork();
                 // Log.
-                log(restart ? 0 : 1, `Starting thread ${worker.process.pid}.`);
+                this.log(restart ? 0 : 1, `Starting thread ${worker.process.pid}.`);
                 // Cache thread id.
                 thread_ids[worker.process.pid] = thread_id;
                 // Increment active threads.
                 ++active_threads;
             };
             // Fork workers.
-            for (let i = 0; i < this.processes; i++) {
+            for (let i = 0; i < this.threading.threads; i++) {
                 // Generate thread id.
                 let thread_id;
                 while ((thread_id = vlib.String.random(8)) && Object.values(thread_ids).includes(thread_id)) { }
@@ -2102,7 +1686,7 @@ export class Server {
                 start_thread(thread_id);
             }
             // Save status.
-            await this._sys_db.save("status", {
+            await this._website_status_db.set({ id: "status" }, {
                 running_since: Date.now(),
                 total_threads: active_threads,
                 running_threads: active_threads,
@@ -2113,7 +1697,7 @@ export class Server {
                 const thread_id = thread_ids[worker.process.pid];
                 delete thread_ids[worker.process.pid];
                 // Logs.
-                error(`Thread ${worker.process.pid} crashed.`);
+                this.log.error(`Thread ${worker.process.pid} crashed.`);
                 // Restart with limit.
                 const limiter = restart_limiters[thread_id];
                 if (limiter != null && limiter.limit()) {
@@ -2122,18 +1706,18 @@ export class Server {
                 }
                 // Reached limit, shutdown thread.
                 else {
-                    error(`Thread ${worker.process.pid} is being shut down due too its periodic restart limit.`);
+                    this.log.error(`Thread ${worker.process.pid} is being shut down due to its periodic restart limit.`);
                     --active_threads;
-                    await this._sys_db.save("status", { running_threads: active_threads });
+                    await this._website_status_db.save({ id: "status" }, { $inc: { running_threads: -1 } });
                     if (active_threads === 0) {
-                        error(`All threads died, stopping server.`);
+                        this.log.error(`All threads died, stopping server.`);
                         process.exit(0);
                     }
                 }
             });
         }
         else {
-            forked = this.production && this.multiprocessing;
+            forked = this.production && this.threading.enabled;
             // Load worker class modules.
             // if (libcluster.isWorker) {
             //     const worker = new WorkerClass();
@@ -2145,10 +1729,10 @@ export class Server {
                 if (!is_running) {
                     is_running = true;
                     if (this.https !== undefined) {
-                        log(0, `Running on http://${this.ip}:${this.port} and https://${this.ip}:${this.https_port}.`);
+                        this.log(0, `Running on http://${this.ip}:${this.port} and https://${this.ip}:${this.https_port}.`);
                     }
                     else {
-                        log(0, `Running on http://${this.ip}:${this.port}.`);
+                        this.log(0, `Running on http://${this.ip}:${this.port}.`);
                     }
                 }
             };
@@ -2177,8 +1761,23 @@ export class Server {
                 this.https.on("error", on_error);
             }
             // Set signals.
-            process.on('SIGTERM', () => process.exit(0));
-            process.on('SIGINT', () => process.exit(0));
+            let graceful_shutdown_shutting_down = false;
+            const graceful_shutdown = async () => {
+                if (graceful_shutdown_shutting_down)
+                    return;
+                graceful_shutdown_shutting_down = true;
+                try {
+                    await this.stop();
+                }
+                catch (e) {
+                    this.log.error("Shutdown error:", e);
+                }
+                finally {
+                    process.exit(0);
+                }
+            };
+            process.on('SIGTERM', graceful_shutdown);
+            process.on('SIGINT', graceful_shutdown);
             // Send running message.
             if (process.env.VOLT_FILE_WATCHER === "1") {
                 new vlib.Path(process.env.VOLT_STARTED_FILE).save_sync("1");
@@ -2191,45 +1790,35 @@ export class Server {
             /* @performance */ this.performance.end("listen");
         }
         // On start callbacks.
-        for (const callback of this._on_start) {
+        this.performance.start();
+        for (const callback of this.events.get("start")) {
             const res = callback({ forked });
             if (res instanceof Promise) {
                 await res;
             }
         }
+        /* @performance */ this.performance.end("on-start-callbacks");
         // Start browser preview on primary node.
         // if (this.browser_preview && !forked) {
         //     await this.browser_preview.start();
         //     await this.browser_preview.navigate(this.full_domain);
         // }
         /* @performance */
-        debug(2, () => this.performance.dump(v => v >= 50));
-    }
-    /*  @docs:
-     *  @title: On start
-     *  @description:
-     *      Add an (async) callback which will be executed at the end of `server.start()`.
-     *      The callback may take arguments `({forked <boolean>})`.
-     *  @usage:
-     *      ...
-     *      server.on_start(({forked}) => console.log("Hello World!"));
-     */
-    on_start(callback) {
-        this._on_start.append(callback);
+        console.log(this.performance.dump());
+        // console.log(this.performance.dump(v => v >= 50));
+        // debug(2, () => this.performance.dump(v => v >= 50));
     }
     // Stop the server.
-    /*  @docs:
-     *  @title: Stop
-     *  @description:
-     *      Stop the server.
-     *  @usage:
-     *      ...
-     *      server.stop();
+    /**
+     * Stop the server.
+     * @example
+     * ...
+     * server.stop();
      */
     async stop() {
-        log(0, "Stopping the server...");
+        this.log(0, "Stopping the server...");
         // On stop callbacks.
-        for (const callback of this._on_stop) {
+        for (const callback of this.events.get("stop")) {
             const res = callback();
             if (res instanceof Promise) {
                 await res;
@@ -2239,23 +1828,14 @@ export class Server {
         if (this.rate_limit) {
             await this.rate_limit.stop();
         }
-        // Stop view source file watcher.
-        if (this._stop_tscompiler_watcher) {
-            log(0, "Stopping typescript watcher.");
-            this._stop_tscompiler_watcher();
-        }
         // Stop sockets.
-        if (this.https) {
-            await this.https.close();
-        }
-        if (this.http) {
-            await this.http.close();
-        }
-        if (this.db) {
-            await this.db.close();
-        }
+        if (this.https)
+            this.https.close();
+        if (this.http)
+            this.http.close();
+        await this.db.close();
         // Stop the logger.
-        logger.stop();
+        this.log.stop();
         // setTimeout(() => {
         //     thread_monitor.dump_active_resources({
         //         // min_age: 5000,
@@ -2264,76 +1844,74 @@ export class Server {
         //     });
         // }, 6000);
     }
-    /*  @docs:
-     *  @title: On stop
-     *  @description:
-     *      Set an (async) callback which will be executed at the start of `server.stop()`.
-     *  @usage:
-     *      ...
-     *      server.on_stop(() => console.log("Hello World!"));
+    // ---------------------------------------------------------
+    // Events.
+    /** Add an event callback. */
+    on(name, callback) {
+        this.events.add(name, callback);
+        return this;
+    }
+    /** Remove an event callback. */
+    off(name, callback) {
+        this.events.remove(name, callback);
+        return this;
+    }
+    // ---------------------------------------------------------
+    // Endpoints.
+    /**
+     * Add a single endpoint.
+     * Only supports a single endpoint due to parameter inference.
+     * @note An error is thrown when the endpoint route already exists.
+     * @template Response User inputted response type that will be returned as response, optionaly typing used for consistency.
+     * @template S system template for inferring the endpoint callback parameters.
+     * @param endpoint The endpoint or endpoint options to add.
+     * @returns A registered endpoint object that can for instance be used to infer the endpoint parameters.
      */
-    on_stop(callback) {
-        this._on_stop.append(callback);
+    endpoint(endpoint) {
+        const e = endpoint instanceof Endpoint ? endpoint : new Endpoint(endpoint);
+        this._check_duplicate_route(e.route);
+        this.endpoints.set(e.route.id, e);
+        return {
+            Params: undefined,
+            method: e.route.method,
+            Method: e.route.method,
+            endpoint: e.route.endpoint,
+            Endpoint: e.route.endpoint,
+            route: e.route,
+        };
     }
-    // Fetch status.
-    /*  @docs:
-        @title: Fetch status.
-        @desc: This function is meant to be used when the server is in production mode, it will make an API request to your server through the defined `Server.domain` parameter.
-        @note: This function can be called without initializing the server.
-        @param:
-            @name: type
-            @desc: The wanted output type. Either an `object` or a `string` type for CLI purposes.
+    // Add an error endpoint.
+    /**
+     *  Add an endpoint per error status code.
+     * @param status_code
+     *      The status code of the error.
+     *
+     *      The supported status codes are:
+     *      * `404`
+     *      * `400` (Will not be used when the endpoint uses an API callback).
+     *      * `403`
+     *      * `404`
+     *      * `500`
+     * @param endpoint The error endpoint or error endpoint options
     */
-    async fetch_status(type = "object") {
-        // Load key.
-        const key_path = this.source.join(".status/key");
-        if (!key_path.exists()) {
-            throw new Error("No status key has been generated yet. Start your server first.");
-        }
-        const key = key_path.load_sync();
-        // Make request.
-        const { body: status } = await vlib.request({
-            host: this.domain,
-            endpoint: "/.status",
-            method: "GET",
-            params: { key },
-            query: true,
-            json: true,
-        });
-        // String type.
-        if (type === "string") {
-            if (status.running_since != null) {
-                status.running_since = new vlib.Date(status.running_since).format("%d-%m-%y %H:%M:%S");
-            }
-            let str = `${this.domain}:\n`;
-            Object.keys(status).forEach((key) => {
-                str += ` * ${key}: ${status[key]}\n`;
-            });
-            str = str.substr(0, str.length - 1);
-            return str;
-        }
-        // Response.
-        return status;
+    error_endpoint(status_code, endpoint) {
+        const e = endpoint instanceof Endpoint ? endpoint : new Endpoint(endpoint);
+        this._check_duplicate_route(e.route);
+        this.err_endpoints.set(status_code, e);
+        return this;
     }
     // ---------------------------------------------------------
     // Content Security Policy.
     // Add a csp.
-    /*  @docs:
-     *  @title: Add CSP
-     *  @description: Add an url to the Content-Security-Policy. This function does not overwrite the existing key's value.
-     *  @warning: This function no longer has any effect when `Server.start()` has been called.
-     *  @parameter:
-     *      @name: key
-     *      @description: The Content-Security-Policy key, e.g. `script-src`.
-     *      @type: string
-     *  @parameter:
-     *      @name: value
-     *      @description: The value to add to the Content-Security-Policy key.
-     *      @type: null, string, string[]
-     *  @usage:
-     *      ...
-     *      server.add_csp("script-src", "somewebsite.com");
-     *      server.add_csp("upgrade-insecure-requests");
+    /**
+     * Add an url to the Content-Security-Policy. This function does not overwrite the existing key's value.
+     * @warning This function no longer has any effect when `Server.start()` has been called.
+     * @param key The Content-Security-Policy key, e.g. `script-src`.
+     * @param value The value to add to the Content-Security-Policy key.
+     * @example
+     * ...
+     * server.add_csp("script-src", "somewebsite.com");
+     * server.add_csp("upgrade-insecure-requests");
      */
     add_csp(key, value = null) {
         if (this.csp[key] === undefined) {
@@ -2351,22 +1929,15 @@ export class Server {
         }
     }
     // Remove a csp.
-    /*  @docs:
-     *  @title: Remove CSP
-     *  @description: Remove an url from the Content-Security-Policy. This function does not overwrite the existing key's value.
-     *  @warning: This function no longer has any effect when `Server.start()` has been called.
-     *  @parameter:
-     *      @name: key
-     *      @description: The Content-Security-Policy key, e.g. `script-src`.
-     *      @type: string
-     *  @parameter:
-     *      @name: value
-     *      @description: The value to remove from the Content-Security-Policy key.
-     *      @type: null, string
-     *  @usage:
-     *      ...
-     *      server.remove_csp("script-src", "somewebsite.com");
-     *      server.remove_csp("upgrade-insecure-requests");
+    /**
+     * Remove an url from the Content-Security-Policy. This function does not overwrite the existing key's value.
+     * @warning This function no longer has any effect when `Server.start()` has been called.
+     * @param key The Content-Security-Policy key, e.g. `script-src`.
+     * @param value The value to remove from the Content-Security-Policy key.
+     * @example
+     * ...
+     * server.remove_csp("script-src", "somewebsite.com");
+     * server.remove_csp("upgrade-insecure-requests");
      */
     remove_csp(key, value = null) {
         if (this.csp[key] === undefined) {
@@ -2380,25 +1951,60 @@ export class Server {
         }
     }
     // Delete a csp key.
-    /*  @docs:
-     *  @title: Delete CSP
-     *  @description: Delete an key from the Content-Security-Policy.
-     *  @warning: This function no longer has any effect when `Server.start()` has been called.
-     *  @parameter:
-     *      @name: key
-     *      @description: The Content-Security-Policy key, e.g. `script-src`.
-     *      @type: string
-     *  @usage:
-     *      ...
-     *      server.del_csp("script-src");
-     *      server.del_csp("upgrade-insecure-requests");
+    /**
+     * Delete an key from the Content-Security-Policy.
+     * @warning This function no longer has any effect when `Server.start()` has been called.
+     * @param key The Content-Security-Policy key, e.g. `script-src`.
+     * @example
+     * ...
+     * server.del_csp("script-src");
+     * server.del_csp("upgrade-insecure-requests");
      */
     del_csp(key) {
         delete this.csp[key];
     }
     // ---------------------------------------------------------
+    // Status.
+    // Fetch status.
+    /**
+     * This function is meant to be used when the server is in production mode, it will make an API request to your server through the defined `Server.domain` parameter.
+     * @note This function can be called without initializing the server.
+     * @param type The wanted output type. Either an `object` or a `string` type for CLI purposes.
+     */
+    async fetch_status(type = "object") {
+        // Load key.
+        const key_path = this.source.join(".status/key");
+        if (!key_path.exists()) {
+            throw new Error("No status key has been generated yet. Start your server first.");
+        }
+        const key = key_path.load_sync();
+        // Make request.
+        const { body: status } = await vlib.request({
+            host: this.domain,
+            endpoint: "/.status",
+            method: "GET",
+            params: { key },
+            query: true,
+            json: true,
+        });
+        // String type.
+        if (type === "string") {
+            if (status.running_since != null) {
+                status.running_since = new vlib.Date(status.running_since).format("%d-%m-%y %H:%M:%S");
+            }
+            let str = `${this.domain}:\n`;
+            Object.keys(status).forEach((key) => {
+                str += ` * ${key}: ${status[key]}\n`;
+            });
+            str = str.substr(0, str.length - 1);
+            return str;
+        }
+        // Response.
+        return status;
+    }
+    // ---------------------------------------------------------
     // TLS.
-    // Generate a key and csr for tls.
+    /** Generate a key and csr for tls. */
     async generate_ssl_key({ output_path, ec = true, }) {
         // Args.
         if (output_path == null) {
@@ -2422,7 +2028,7 @@ export class Server {
             throw Error(`Encountered an error while generating the private key [${proc.exit_status}]: ${proc.err}`);
         }
     }
-    // Generate a csr for tls.
+    /** Generate a csr for tls. */
     async generate_csr({ output_path, key_path, name, domain, organization_unit, country_code, province, city, }) {
         // Args.
         if (key_path == null) {
@@ -2434,7 +2040,7 @@ export class Server {
         // Paths.
         const key = new vlib.Path(key_path);
         if (!key.exists()) {
-            throw Error(`Key path "${key.str()}" already exists, remove the file manually to continue.`);
+            throw Error(`Key path "${key.str()}" does not exist.`);
         }
         const csr = new vlib.Path(output_path);
         if (csr.exists()) {
@@ -2447,237 +2053,52 @@ export class Server {
             args: [
                 "req", "-new", "-key", key.str(), "-out", csr.str(),
                 "-subj",
-                "\"" +
-                    "/C=" + country_code +
-                    "/ST=" + province +
-                    "/L=" + city +
-                    "/O=" + name +
-                    "/OU=" + organization_unit +
-                    "/CN=" + domain +
-                    "\""
+                `/C=${country_code}/ST=${province}/L=${city}/O=${name}/OU=${organization_unit}/CN=${domain}`
             ],
             opts: { stdio: "inherit" },
         });
         if (proc.exit_status != 0) {
             throw Error(`Encountered an error while generating the CSR [${proc.exit_status}]: ${proc.err}`);
         }
-        log(0, `Generated the tls key with CSR for domain "${this.domain}".`);
+        this.log(0, `Generated the tls key with CSR for domain "${this.domain}".`);
     }
     // ---------------------------------------------------------
-    // Endpoints.
-    // private registered_routes: Map<string, Array<string | RegExp>> = new Map();
-    /**
-     * Checks if an endpoint route already exists.
-     * @param method    HTTP method
-     * @param endpoint  String path or RegExp
-     */
-    _check_duplicate_route(route) {
-        const e = this._find_endpoint(route);
-        if (e) {
-            throw new Error(`Duplicate "${route.method}:${route.endpoint_str}" endpoint route, it is already defined by endpoint "${e.id}".`);
-        }
-    }
-    /**
-     * Add a single endpoint.
-     * Only supports a single endpoint due to parameter inference.
-     * @param endpoint The endpoint or endpoint options to add.
-     */
-    endpoint(endpoint) {
-        const e = endpoint instanceof Endpoint ? endpoint : new Endpoint(endpoint);
-        this._check_duplicate_route(e.route);
-        this.endpoints.set(e.route.id, e);
-        return this;
-    }
-    // Add an error endpoint.
-    /**
-     *  Add an endpoint per error status code.
-     * @param status_code
-     *      The status code of the error.
-     *
-     *      The supported status codes are:
-     *      * `404`
-     *      * `400` (Will not be used when the endpoint uses an API callback).
-     *      * `403`
-     *      * `404`
-     *      * `500`
-     * @param endpoint The error endpoint or error endpoint options
-    */
-    error_endpoint(status_code, endpoint) {
-        const e = endpoint instanceof Endpoint ? endpoint : new Endpoint(endpoint);
-        this._check_duplicate_route(e.route);
-        this.err_endpoints.set(status_code, e);
-        return this;
-    }
-    // ---------------------------------------------------------
-    // Functions.
-    // Send a mail.
-    /*  @docs:
-     *  @title: Send Mail
-     *  @description: Send one or multiple mails.
-     *  @note: Make sure the domain's DNS records SPF and DKIM are properly configured when sending attachments.
-     *  @return:
-     *      Returns a promise that will be resolved or rejected when the mail has been sent.
-     *  @parameter:
-     *      @name: sender
-     *      @description:
-     *          The sender address.
-     *          A sender address may either be a string with the email address, e.g. `your@email.com`.
-     *          Or an array with the sender name and email address, e.g. `["Sender", "your@email.com"]`.
-     *      @type: string, array
-     *  @parameter:
-     *      @name: recipients
-     *      @description:
-     *          The recipient addresses.
-     *          A reciepient address may either be a string with the email address, e.g. `your@email.com`.
-     *          Or an array with the sender name and email address, e.g. `["Sender", "your@email.com"]`.
-     *      @type: array[string, array]
-     *  @parameter:
-     *      @name: subject
-     *      @description: The subject text.
-     *      @type: string
-     *  @parameter:
-     *      @name: body
-     *      @description: The body text.
-     *      @type: string
-     *  @parameter:
-     *      @name: attachments
-     *      @description: An array with absolute file paths for attachments, or an array with nodemailer attachment objects.
-     *      @type: array[string], array[object]
-     *  @usage:
-     *      ...
-     *      await server.send_mail({
-     *          sender: ["Sender Name", "sender\@email.com"],
-     *          recipients: [
-     *              ["Recipient Name", "recipient1\@email.com"],
-     *              "recipient2\@email.com",
-     *          },
-     *          subject: "Example Mail",
-     *          body: "Hello World!",
-     *          attachments: ["/path/to/image.png"]
-     *      });
-     */
-    async send_mail({ sender = undefined, recipients = [], subject = undefined, body = "", attachments = [], }) {
-        // Not enabled.
-        if (this.smtp === undefined) {
-            throw new Error("SMTP is not enabled, define the required server argument on initialization to enable smtp.");
-        }
-        // Convert MailElement to html.
-        if (body instanceof Mail.MailElement) {
-            body = body.html();
-        }
-        // Check args.
-        if (sender == null && this.smtp_sender != null) {
-            sender = this.smtp_sender;
-        }
-        if (recipients.length === 0) {
-            throw new Error(`The mail has no recipients.`);
-        }
-        if (sender == null) {
-            throw new Error(`Parameter "sender" should be a defined value of type "string" or "array".`);
-        }
-        // Format address wrapper.
-        const format_address = (address) => {
-            if (Array.isArray(address)) {
-                return `${address[0]} <${address[1]}>`;
-            }
-            return address;
-        };
-        // Create to array.
-        const to = [];
-        recipients.forEach((address) => to.push(format_address(address)));
-        // Create attachments array.
-        let attached_files = [];
-        if (attachments != null) {
-            attachments.forEach((path) => {
-                if (path instanceof vlib.Path) {
-                    attached_files.push({
-                        filename: path.full_name(),
-                        path: path.str(),
-                        content: path.load_sync(),
-                    });
-                }
-                else if (typeof path === "string") {
-                    const p = new vlib.Path(path);
-                    attached_files.push({
-                        filename: p.full_name(),
-                        path: path,
-                        content: p.load_sync(),
-                    });
-                }
-                else {
-                    attached_files.push(path);
-                }
-            });
-        }
-        // Send mail.
-        try {
-            await this.smtp.sendMail({
-                from: format_address(sender),
-                to: to,
-                subject: subject,
-                html: body,
-                attachments: attached_files,
-            });
-        }
-        catch (error) {
-            throw new Error(error.message); // to keep readable stacktrace.
-        }
-    }
-    // ---------------------------------------------------------
-    // Default callbacks.
-    // These can all be overwritten by the user.
-    // @todo add scheme for payment params.
-    // On delete user.
-    /*  @docs:
-     *  @title: On delete user
-     *  @description: This function can be overridden with a callback for when a user is deleted.
-     *  @parameter:
-     *      @name: uid
-     *      @description: The uid of the deleted user.
-     *      @type: string, array
-     *  @usage:
-     *      ...
-     *      server.on_delete_user = ({uid}) => {}
-     */
-    async on_delete_user({ uid }) { }
-    // On successfull one-time payment.
-    // This gets called for every product in the payment.
+    // DEPRECATED 
+    // these will all be removed and replaced when using stripe instead of paddle.
+    /** Called for each product in a successful one-time payment. Override to implement your logic. */
     async on_payment({ product, payment }) { }
-    // On successfull subscription.
-    // This gets called for every product in the payment.
+    /** Called for each product in a successful subscription. Override to implement your logic. */
     async on_subscription({ product, payment }) { }
     // On failed one-time or recurring payment.
     // async on_failed_payment({ payment }: { payment: any }): Promise<void> {}
-    // On successfull cancellation.
+    /** Called when a cancellation succeeds. Override to implement your logic. */
     async on_cancellation({ payment, line_items }) { }
     // On failed cancellation.
     // async on_failed_cancellation({ payment, line_items }: { payment: any; line_items: any[] }): Promise<void> {}
-    // On successfull refund.
-    // The line items array are the items were refunded.
+    /** Called when a refund succeeds. The line items array are the items that were refunded. */
     async on_refund({ payment, line_items }) { }
-    // On failed refund.
-    // The line items array are the items were the refund failed.
+    /** Called when a refund fails. The line items array are the items where the refund failed. */
     async on_failed_refund({ payment, line_items }) { }
-    // On chargeback.
-    // The line items array are the items were charged back.
+    /** Called when a chargeback occurs. The line items array are the items that were charged back. */
     async on_chargeback({ payment, line_items }) { }
-    // On failed chargeback.
-    // The line items array are the items were the chargeback failed.
+    /** Called when a chargeback fails. The line items array are the items where the chargeback failed. */
     async on_failed_chargeback({ payment, line_items }) { }
     // Mail template.
+    /** Build the base email layout used by the various transactional email builders. */
     _mail_template({ max_width = 400, children = [], }) {
-        const style = this.mail_style;
-        const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+        this.assert_mail();
+        const style = this.mail.style;
+        const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
         // Create header.
         let header;
         if (this.company.stroke_icon != null) {
             header = [
-                Image(`${this.full_domain}/${this.company.stroke_icon}`).height(16),
+                Image(`${this.full_domain}${this.company.stroke_icon ?? ""}`).height(16),
             ];
         }
         else if (this.company.icon != null) {
             header = [
-                Image(`${this.full_domain}/${this.company.icon}`).frame(20, 40),
+                Image(`${this.full_domain}${this.company.icon ?? ""}`).frame(20, 40),
             ];
         }
         if (header) {
@@ -2687,7 +2108,7 @@ export class Server {
                 .center_vertical()).margin_bottom(15);
         }
         // Create mail.
-        return Mail.Mail(Table(TableData(Table(
+        return MailUI.Mail(Table(TableData(Table(
         // Header.
         header, 
         // Widget.
@@ -2708,10 +2129,14 @@ export class Server {
             .margin(0)).center().center_vertical()).margin(0, 0, 10, 0)).max_width(max_width)).center()).padding(25, 20, 25, 20)).font_family(style.font).background(style.bg);
     }
     // Render payment line items.
+    /** Helper that renders a list of payment line items for use in transactional emails. */
     _render_mail_payment_line_items({ payment, line_items, show_total_due = false }) {
+        if (!this.payments)
+            throw new Error("Payments not initialized");
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
         // Render payment line item for a mail.
         const _render_mail_payment_line_item = ({ name, desc, unit_cost, quantity, total_cost, font_weight = "normal", divider = true, color = style.text_fg, }) => {
             return [
@@ -2766,14 +2191,16 @@ export class Server {
         let subtotal = 0;
         let subtotal_tax = 0;
         let total = 0;
-        payment.line_items.iterate((item) => {
+        payment.line_items.walk((item) => {
+            if (!this.payments)
+                throw new Error("Payments not initialized");
             if (typeof item.product === "string") {
                 item.product = this.payments.get_product_sync(item.product);
             }
             if (currency == null) {
                 const c = Utils.get_currency_symbol(item.product.currency);
                 if (c == null) {
-                    error(`Failed to create a payment mail: `, new Error(`Unable to determine the currency of payment "${payment.id}".`));
+                    this.log.error(`Failed to create a payment mail: `, new Error(`Unable to determine the currency of payment "${payment.id}".`));
                 }
                 currency = c ?? "?";
             }
@@ -2824,10 +2251,18 @@ export class Server {
             })),
         ];
     }
+    /** Assert mail is configured. */
+    assert_mail() {
+        if (!this.mail) {
+            throw new ExternalError({ message: "Mail is not configured." });
+        }
+    }
     // On 2fa mail.
+    /** Build the 2FA verification email content. */
     on_2fa_mail({ code, username, email, date, ip, device }) {
-        const style = this.mail_style;
-        const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+        this.assert_mail();
+        const style = this.mail.style;
+        const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
         return this._mail_template({
             max_width: 400,
             children: [
@@ -2885,10 +2320,12 @@ export class Server {
         });
     }
     // On successfull payment mail.
+    /** Build the successful payment email content. */
     on_payment_mail({ payment }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 600,
@@ -2913,7 +2350,7 @@ export class Server {
                     .color(style.subtitle_fg)
                     .font_size(18)
                     .margin(0)),
-                TableRow(Text("A summary of your order can be found below or in the attachmed invoice pdf.")
+                TableRow(Text("A summary of your order can be found below or in the attached invoice PDF.")
                     .margin(5, 0, 20, 0)
                     .color(style.text_fg)
                     .font_size(16)),
@@ -2926,10 +2363,12 @@ export class Server {
         });
     }
     // On failed payment mail.
+    /** Build the failed payment email content. */
     on_failed_payment_mail({ payment }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 800,
@@ -2940,7 +2379,7 @@ export class Server {
                     .width("fit-content")
                     .font_size(26)).center(),
                 // Text.
-                TableRow(Text("We regret to inform you that your payment has encountered an issue and could not be processed successfully. We understand the inconvenience this may cause. Please try again, please contact customer support if the problem persists.")
+                TableRow(Text("We regret to inform you that your payment could not be processed successfully. We understand the inconvenience this may cause. Please try again, or contact customer support if the problem persists.")
                     .margin(10, 0, 20, 0)
                     .color(style.text_fg)
                     .font_size(16)
@@ -2968,16 +2407,18 @@ export class Server {
         });
     }
     // On cancellation mail.
+    /** Build the successful cancellation email content. */
     on_cancellation_mail({ payment, line_items }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 800,
             children: [
                 // Title.
-                TableRow(Title("Successfull Cancellation")
+                TableRow(Title("Successful Cancellation")
                     .color(style.title_fg)
                     .width("fit-content")
                     .font_size(26)).center(),
@@ -3009,10 +2450,12 @@ export class Server {
         });
     }
     // On refund mail.
+    /** Build the failed cancellation email content. */
     on_failed_cancellation_mail({ payment }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 800,
@@ -3051,16 +2494,18 @@ export class Server {
         });
     }
     // On refund mail.
+    /** Build the successful refund email content. */
     on_refund_mail({ payment, line_items }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 800,
             children: [
                 // Title.
-                TableRow(Title("Successful Refund")
+                TableRow(Title("Chargeback Successful")
                     .color(style.title_fg)
                     .width("fit-content")
                     .font_size(26)).center(),
@@ -3092,10 +2537,12 @@ export class Server {
         });
     }
     // On refund mail.
+    /** Build the failed refund email content. */
     on_failed_refund_mail({ payment, line_items }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 800,
@@ -3134,10 +2581,12 @@ export class Server {
         });
     }
     // On refund mail.
+    /** Build the successful chargeback email content. */
     on_chargeback_mail({ payment, line_items }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 800,
@@ -3162,7 +2611,7 @@ export class Server {
                     .color(style.subtitle_fg)
                     .font_size(18)
                     .margin(0)),
-                TableRow(Text("A summary of your refundend products.")
+                TableRow(Text("A summary of the items charged back.")
                     .margin(5, 0, 20, 0)
                     .color(style.text_fg)
                     .font_size(16)),
@@ -3175,10 +2624,12 @@ export class Server {
         });
     }
     // On refund mail.
+    /** Build the failed chargeback email content. */
     on_failed_chargeback_mail({ payment, line_items }) {
+        this.assert_mail();
         // Shortcuts.
-        const style = this.mail_style;
-        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = Mail;
+        const style = this.mail.style;
+        const { Title, Text, Image, ImageMask, Table, TableRow, TableData, VStack } = MailUI;
         // Create mail.
         return this._mail_template({
             max_width: 800,
@@ -3217,4 +2668,3 @@ export class Server {
         });
     }
 }
-export default Server;