From 01ed66d6dfd64acffe52cb389095f44619752562 Mon Sep 17 00:00:00 2001
From: Henry <cryptix@riseup.net>
Date: Mon, 8 Feb 2021 12:57:14 +0100
Subject: [PATCH] basic auth middleware setup

---
 admindb/interface.go                     |  29 ++++++
 admindb/mockdb/alias.go                  |  37 +++++++
 admindb/mockdb/auth.go                   |  37 +++++++
 admindb/mockdb/auth_fallback.go          | 118 +++++++++++++++++++++++
 admindb/mockdb/room.go                   |  37 +++++++
 cmd/server/main.go                       |  36 +++++--
 go.mod                                   |   5 +-
 go.sum                                   |  16 +--
 web/embedded_dev.go                      |   2 +
 web/handlers/admin/handler.go            |  30 ++++++
 web/handlers/auth/handler.go             |  23 +++++
 web/handlers/auth/handlers.go            |   1 -
 web/handlers/http.go                     |  98 +++++++++++++++++--
 web/handlers/http_test.go                |  80 +++++++++++++++
 web/handlers/news/app_test.go            |   4 +-
 web/handlers/setup_test.go               |  57 +++++++++++
 web/i18n/helper.go                       |   6 +-
 web/production.go                        |   6 ++
 web/router/admin.go                      |  21 ++++
 web/router/auth.go                       |  17 +++-
 web/router/complete.go                   |   6 +-
 web/templates/admin/dashboard.tmpl       |  11 +++
 web/templates/auth/fallback_sign_in.tmpl |  13 +++
 web/templates/landing/index.tmpl         |   4 +-
 web/templates_vfsdata.go                 |  30 +++++-
 25 files changed, 679 insertions(+), 45 deletions(-)
 create mode 100644 admindb/interface.go
 create mode 100644 admindb/mockdb/alias.go
 create mode 100644 admindb/mockdb/auth.go
 create mode 100644 admindb/mockdb/auth_fallback.go
 create mode 100644 admindb/mockdb/room.go
 create mode 100644 web/handlers/admin/handler.go
 create mode 100644 web/handlers/auth/handler.go
 delete mode 100644 web/handlers/auth/handlers.go
 create mode 100644 web/handlers/http_test.go
 create mode 100644 web/handlers/setup_test.go
 create mode 100644 web/production.go
 create mode 100644 web/router/admin.go
 create mode 100644 web/templates/admin/dashboard.tmpl
 create mode 100644 web/templates/auth/fallback_sign_in.tmpl

diff --git a/admindb/interface.go b/admindb/interface.go
new file mode 100644
index 0000000..a000ce8
--- /dev/null
+++ b/admindb/interface.go
@@ -0,0 +1,29 @@
+package admindb
+
+import (
+	"go.mindeco.de/http/auth"
+)
+
+// FallbackAuth might be helpful for scenarios where one lost access to his ssb device or key
+type FallbackAuth interface {
+	auth.Auther
+}
+
+// AuthService defines functions needed for the challange/response system of sign-in with ssb
+type AuthService interface{}
+
+// RoomService deals with changing the privacy modes and managing the allow/deny lists of the room
+type RoomService interface{}
+
+// AliasService manages alias handle registration and lookup
+type AliasService interface{}
+
+// for tests we use generated mocks from these interfaces created with https://github.com/maxbrunsfeld/counterfeiter
+
+//go:generate counterfeiter -o mockdb/auth.go . AuthService
+
+//go:generate counterfeiter -o mockdb/auth_fallback.go . FallbackAuth
+
+//go:generate counterfeiter -o mockdb/room.go . RoomService
+
+//go:generate counterfeiter -o mockdb/alias.go . AliasService
diff --git a/admindb/mockdb/alias.go b/admindb/mockdb/alias.go
new file mode 100644
index 0000000..34c2f1b
--- /dev/null
+++ b/admindb/mockdb/alias.go
@@ -0,0 +1,37 @@
+// Code generated by counterfeiter. DO NOT EDIT.
+package mockdb
+
+import (
+	"sync"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/admindb"
+)
+
+type FakeAliasService struct {
+	invocations      map[string][][]interface{}
+	invocationsMutex sync.RWMutex
+}
+
+func (fake *FakeAliasService) Invocations() map[string][][]interface{} {
+	fake.invocationsMutex.RLock()
+	defer fake.invocationsMutex.RUnlock()
+	copiedInvocations := map[string][][]interface{}{}
+	for key, value := range fake.invocations {
+		copiedInvocations[key] = value
+	}
+	return copiedInvocations
+}
+
+func (fake *FakeAliasService) recordInvocation(key string, args []interface{}) {
+	fake.invocationsMutex.Lock()
+	defer fake.invocationsMutex.Unlock()
+	if fake.invocations == nil {
+		fake.invocations = map[string][][]interface{}{}
+	}
+	if fake.invocations[key] == nil {
+		fake.invocations[key] = [][]interface{}{}
+	}
+	fake.invocations[key] = append(fake.invocations[key], args)
+}
+
+var _ admindb.AliasService = new(FakeAliasService)
diff --git a/admindb/mockdb/auth.go b/admindb/mockdb/auth.go
new file mode 100644
index 0000000..60ec6c0
--- /dev/null
+++ b/admindb/mockdb/auth.go
@@ -0,0 +1,37 @@
+// Code generated by counterfeiter. DO NOT EDIT.
+package mockdb
+
+import (
+	"sync"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/admindb"
+)
+
+type FakeAuthService struct {
+	invocations      map[string][][]interface{}
+	invocationsMutex sync.RWMutex
+}
+
+func (fake *FakeAuthService) Invocations() map[string][][]interface{} {
+	fake.invocationsMutex.RLock()
+	defer fake.invocationsMutex.RUnlock()
+	copiedInvocations := map[string][][]interface{}{}
+	for key, value := range fake.invocations {
+		copiedInvocations[key] = value
+	}
+	return copiedInvocations
+}
+
+func (fake *FakeAuthService) recordInvocation(key string, args []interface{}) {
+	fake.invocationsMutex.Lock()
+	defer fake.invocationsMutex.Unlock()
+	if fake.invocations == nil {
+		fake.invocations = map[string][][]interface{}{}
+	}
+	if fake.invocations[key] == nil {
+		fake.invocations[key] = [][]interface{}{}
+	}
+	fake.invocations[key] = append(fake.invocations[key], args)
+}
+
+var _ admindb.AuthService = new(FakeAuthService)
diff --git a/admindb/mockdb/auth_fallback.go b/admindb/mockdb/auth_fallback.go
new file mode 100644
index 0000000..43fbb7c
--- /dev/null
+++ b/admindb/mockdb/auth_fallback.go
@@ -0,0 +1,118 @@
+// Code generated by counterfeiter. DO NOT EDIT.
+package mockdb
+
+import (
+	"sync"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/admindb"
+)
+
+type FakeFallbackAuth struct {
+	CheckStub        func(string, string) (interface{}, error)
+	checkMutex       sync.RWMutex
+	checkArgsForCall []struct {
+		arg1 string
+		arg2 string
+	}
+	checkReturns struct {
+		result1 interface{}
+		result2 error
+	}
+	checkReturnsOnCall map[int]struct {
+		result1 interface{}
+		result2 error
+	}
+	invocations      map[string][][]interface{}
+	invocationsMutex sync.RWMutex
+}
+
+func (fake *FakeFallbackAuth) Check(arg1 string, arg2 string) (interface{}, error) {
+	fake.checkMutex.Lock()
+	ret, specificReturn := fake.checkReturnsOnCall[len(fake.checkArgsForCall)]
+	fake.checkArgsForCall = append(fake.checkArgsForCall, struct {
+		arg1 string
+		arg2 string
+	}{arg1, arg2})
+	stub := fake.CheckStub
+	fakeReturns := fake.checkReturns
+	fake.recordInvocation("Check", []interface{}{arg1, arg2})
+	fake.checkMutex.Unlock()
+	if stub != nil {
+		return stub(arg1, arg2)
+	}
+	if specificReturn {
+		return ret.result1, ret.result2
+	}
+	return fakeReturns.result1, fakeReturns.result2
+}
+
+func (fake *FakeFallbackAuth) CheckCallCount() int {
+	fake.checkMutex.RLock()
+	defer fake.checkMutex.RUnlock()
+	return len(fake.checkArgsForCall)
+}
+
+func (fake *FakeFallbackAuth) CheckCalls(stub func(string, string) (interface{}, error)) {
+	fake.checkMutex.Lock()
+	defer fake.checkMutex.Unlock()
+	fake.CheckStub = stub
+}
+
+func (fake *FakeFallbackAuth) CheckArgsForCall(i int) (string, string) {
+	fake.checkMutex.RLock()
+	defer fake.checkMutex.RUnlock()
+	argsForCall := fake.checkArgsForCall[i]
+	return argsForCall.arg1, argsForCall.arg2
+}
+
+func (fake *FakeFallbackAuth) CheckReturns(result1 interface{}, result2 error) {
+	fake.checkMutex.Lock()
+	defer fake.checkMutex.Unlock()
+	fake.CheckStub = nil
+	fake.checkReturns = struct {
+		result1 interface{}
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *FakeFallbackAuth) CheckReturnsOnCall(i int, result1 interface{}, result2 error) {
+	fake.checkMutex.Lock()
+	defer fake.checkMutex.Unlock()
+	fake.CheckStub = nil
+	if fake.checkReturnsOnCall == nil {
+		fake.checkReturnsOnCall = make(map[int]struct {
+			result1 interface{}
+			result2 error
+		})
+	}
+	fake.checkReturnsOnCall[i] = struct {
+		result1 interface{}
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *FakeFallbackAuth) Invocations() map[string][][]interface{} {
+	fake.invocationsMutex.RLock()
+	defer fake.invocationsMutex.RUnlock()
+	fake.checkMutex.RLock()
+	defer fake.checkMutex.RUnlock()
+	copiedInvocations := map[string][][]interface{}{}
+	for key, value := range fake.invocations {
+		copiedInvocations[key] = value
+	}
+	return copiedInvocations
+}
+
+func (fake *FakeFallbackAuth) recordInvocation(key string, args []interface{}) {
+	fake.invocationsMutex.Lock()
+	defer fake.invocationsMutex.Unlock()
+	if fake.invocations == nil {
+		fake.invocations = map[string][][]interface{}{}
+	}
+	if fake.invocations[key] == nil {
+		fake.invocations[key] = [][]interface{}{}
+	}
+	fake.invocations[key] = append(fake.invocations[key], args)
+}
+
+var _ admindb.FallbackAuth = new(FakeFallbackAuth)
diff --git a/admindb/mockdb/room.go b/admindb/mockdb/room.go
new file mode 100644
index 0000000..103067a
--- /dev/null
+++ b/admindb/mockdb/room.go
@@ -0,0 +1,37 @@
+// Code generated by counterfeiter. DO NOT EDIT.
+package mockdb
+
+import (
+	"sync"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/admindb"
+)
+
+type FakeRoomService struct {
+	invocations      map[string][][]interface{}
+	invocationsMutex sync.RWMutex
+}
+
+func (fake *FakeRoomService) Invocations() map[string][][]interface{} {
+	fake.invocationsMutex.RLock()
+	defer fake.invocationsMutex.RUnlock()
+	copiedInvocations := map[string][][]interface{}{}
+	for key, value := range fake.invocations {
+		copiedInvocations[key] = value
+	}
+	return copiedInvocations
+}
+
+func (fake *FakeRoomService) recordInvocation(key string, args []interface{}) {
+	fake.invocationsMutex.Lock()
+	defer fake.invocationsMutex.Unlock()
+	if fake.invocations == nil {
+		fake.invocations = map[string][][]interface{}{}
+	}
+	if fake.invocations[key] == nil {
+		fake.invocations[key] = [][]interface{}{}
+	}
+	fake.invocations[key] = append(fake.invocations[key], args)
+}
+
+var _ admindb.RoomService = new(FakeRoomService)
diff --git a/cmd/server/main.go b/cmd/server/main.go
index d46e435..7e1ae8b 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -166,6 +166,16 @@ func runroomsrv() error {
 		return fmt.Errorf("failed to instantiate ssb server: %w", err)
 	}
 
+	// open the HTTP listener
+	httpLis, err := net.Listen("tcp", listenAddrHTTP)
+	if err != nil {
+		return fmt.Errorf("failed to open listener for HTTPdashboard: %w", err)
+	}
+
+	r := repo.New(repoDir)
+
+	db, err := sqlite.OpenOrCreate(r.GetPath("roomdb"))
+
 	c := make(chan os.Signal)
 	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
 	go func() {
@@ -173,6 +183,8 @@ func runroomsrv() error {
 		level.Warn(log).Log("event", "killed", "msg", "received signal, shutting down", "signal", sig.String())
 		cancel()
 		roomsrv.Shutdown()
+
+		httpLis.Close()
 		time.Sleep(2 * time.Second)
 
 		err := roomsrv.Close()
@@ -183,17 +195,14 @@ func runroomsrv() error {
 	}()
 
 	// setup web dashboard handlers
-	dashboardH, err := handlers.New(nil, repo.New(repoDir))
+	dashboardH, err := handlers.New(
+		nil,
+		repo.New(repoDir),
+	)
 	if err != nil {
 		return fmt.Errorf("failed to create HTTPdashboard handler: %w", err)
 	}
 
-	// open the HTTP listener
-	httpLis, err := net.Listen("tcp", listenAddrHTTP)
-	if err != nil {
-		return fmt.Errorf("failed to open listener for HTTPdashboard: %w", err)
-	}
-
 	// TODO: setup other http goodies (such as CSRF and CSP)
 
 	level.Info(log).Log(
@@ -207,7 +216,18 @@ func runroomsrv() error {
 
 	// start serving http connections
 	go func() {
-		err = http.Serve(httpLis, dashboardH)
+		srv := http.Server{
+			Addr: httpLis.Addr().String(),
+
+			// Good practice to set timeouts to avoid Slowloris attacks.
+			WriteTimeout: time.Second * 15,
+			ReadTimeout:  time.Second * 15,
+			IdleTimeout:  time.Second * 60,
+
+			Handler: dashboardH,
+		}
+
+		err = srv.Serve(httpLis)
 		if err != nil {
 			level.Error(log).Log("event", "http serve failed", "err", err)
 		}
diff --git a/go.mod b/go.mod
index d1c28f2..d5138cc 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,9 @@ go 1.15
 require (
 	github.com/BurntSushi/toml v0.3.1
 	github.com/go-kit/kit v0.10.0
-	github.com/gorilla/mux v1.7.3
+	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/securecookie v1.1.1
+	github.com/gorilla/sessions v1.2.1
 	github.com/gorilla/websocket v1.4.2
 	github.com/keks/nocomment v0.0.0-20181007001506-30c6dcb4a472
 	github.com/nicksnyder/go-i18n/v2 v2.1.2
@@ -22,6 +24,7 @@ require (
 	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
 	golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f // indirect
 	golang.org/x/text v0.3.3
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
 
 exclude go.cryptoscope.co/ssb v0.0.0-20201207161753-31d0f24b7a79
diff --git a/go.sum b/go.sum
index 65fa39a..b6549b3 100644
--- a/go.sum
+++ b/go.sum
@@ -116,8 +116,13 @@ github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@@ -206,7 +211,6 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE
 github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
-github.com/nicksnyder/go-i18n v1.10.1 h1:isfg77E/aCD7+0lD/D00ebR2MV5vgeQ276WYyDaCRQc=
 github.com/nicksnyder/go-i18n/v2 v2.1.2 h1:QHYxcUJnGHBaq7XbvgunmZ2Pn0focXFqTD61CkH146c=
 github.com/nicksnyder/go-i18n/v2 v2.1.2/go.mod h1:d++QJC9ZVf7pa48qrsRWhMJ5pSHIPmS3OLqK1niyLxs=
 github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
@@ -267,7 +271,6 @@ github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxr
 github.com/shurcooL/go v0.0.0-20190121191506-3fef8c783dec/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
 github.com/shurcooL/go v0.0.0-20190330031554-6713ea532688/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
-github.com/shurcooL/httpfs v0.0.0-20190527155220-6a4d4a70508b h1:4kg1wyftSKxLtnPAvcRWakIPpokB9w780/KwrNLnfPA=
 github.com/shurcooL/httpfs v0.0.0-20190527155220-6a4d4a70508b/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
 github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 h1:bUGsEnyNbVPw06Bs80sCeARAlK8lhwqGyi6UT8ymuGk=
 github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
@@ -286,7 +289,6 @@ github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3
 github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -325,10 +327,6 @@ go.cryptoscope.co/secretstream v1.2.2 h1:kPxsgWrTDFyS9ZklcD0si1KGljPLz6mmPKnFQjG
 go.cryptoscope.co/secretstream v1.2.2/go.mod h1:7nRGZ7fTqSgQAnv2Y4m8xQsS3MFxvB7I0C19reUNlXg=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.mindeco.de v0.0.0-20191122233605-f02621a5bca7 h1:si0O0lnNT3SHzEBwuFfqWBaZlME/FnXWlxyZGdri3D8=
-go.mindeco.de v0.0.0-20191122233605-f02621a5bca7/go.mod h1:ePOcyktbpqzhMPRBDv2gUaDd3h8QtT+DUU1DK+VbQZE=
-go.mindeco.de v1.6.0 h1:mrO5+eaJou/5a7ob+lMfH+DudT1TJ7oSjYqMTGaoYUA=
-go.mindeco.de v1.6.0/go.mod h1:ePOcyktbpqzhMPRBDv2gUaDd3h8QtT+DUU1DK+VbQZE=
 go.mindeco.de/ssb-refs v0.1.1-0.20210108133850-cf1f44fea870 h1:TCI3AefMAaOYECvppn30+CfEB0Fn8IES1SKvvacc3/c=
 go.mindeco.de/ssb-refs v0.1.1-0.20210108133850-cf1f44fea870/go.mod h1:OnBnV02ux4lLsZ39LID6yYLqSDp+dqTHb/3miYPkQFs=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
@@ -456,9 +454,11 @@ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/web/embedded_dev.go b/web/embedded_dev.go
index 993a9e3..aa6518a 100644
--- a/web/embedded_dev.go
+++ b/web/embedded_dev.go
@@ -15,6 +15,8 @@ import (
 	"go.mindeco.de/goutils"
 )
 
+const Production = false
+
 // absolute path of where this package is located
 var pkgDir = goutils.MustLocatePackage("github.com/ssb-ngi-pointer/gossb-rooms/web")
 
diff --git a/web/handlers/admin/handler.go b/web/handlers/admin/handler.go
new file mode 100644
index 0000000..e4b4c09
--- /dev/null
+++ b/web/handlers/admin/handler.go
@@ -0,0 +1,30 @@
+package admin
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"go.mindeco.de/http/render"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/web/router"
+)
+
+var HTMLTemplates = []string{
+	"/admin/dashboard.tmpl",
+}
+
+func Handler(m *mux.Router, r *render.Renderer) http.Handler {
+	if m == nil {
+		m = router.Admin(nil)
+	}
+
+	m.Get(router.AdminDashboard).HandlerFunc(r.HTML("/admin/dashboard.tmpl", dashboard))
+
+	return m
+}
+
+func dashboard(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
+	return struct {
+		Name string
+	}{"test"}, nil
+}
diff --git a/web/handlers/auth/handler.go b/web/handlers/auth/handler.go
new file mode 100644
index 0000000..63f6b4d
--- /dev/null
+++ b/web/handlers/auth/handler.go
@@ -0,0 +1,23 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"go.mindeco.de/http/auth"
+	"go.mindeco.de/http/render"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/web/router"
+)
+
+func Handler(m *mux.Router, r *render.Renderer, a *auth.Handler) http.Handler {
+	if m == nil {
+		m = router.Auth(nil)
+	}
+
+	m.Get(router.AuthFallbackSignInForm).Handler(r.StaticHTML("/auth/fallback_sign_in.tmpl"))
+	m.Get(router.AuthFallbackSignIn).HandlerFunc(a.Authorize)
+	m.Get(router.AuthFallbackSignOut).HandlerFunc(a.Logout)
+
+	return m
+}
diff --git a/web/handlers/auth/handlers.go b/web/handlers/auth/handlers.go
deleted file mode 100644
index 8832b06..0000000
--- a/web/handlers/auth/handlers.go
+++ /dev/null
@@ -1 +0,0 @@
-package auth
diff --git a/web/handlers/http.go b/web/handlers/http.go
index 66cd330..f6723bd 100644
--- a/web/handlers/http.go
+++ b/web/handlers/http.go
@@ -1,21 +1,33 @@
 package handlers
 
 import (
+	"bytes"
 	"fmt"
 	"net/http"
 
 	"github.com/gorilla/mux"
+	"github.com/gorilla/securecookie"
+	"github.com/gorilla/sessions"
+	"go.mindeco.de/http/auth"
 	"go.mindeco.de/http/render"
 
+	"github.com/ssb-ngi-pointer/gossb-rooms/admindb"
 	"github.com/ssb-ngi-pointer/gossb-rooms/internal/repo"
 	"github.com/ssb-ngi-pointer/gossb-rooms/web"
+	"github.com/ssb-ngi-pointer/gossb-rooms/web/handlers/admin"
+	roomsAuth "github.com/ssb-ngi-pointer/gossb-rooms/web/handlers/auth"
 	"github.com/ssb-ngi-pointer/gossb-rooms/web/handlers/news"
 	"github.com/ssb-ngi-pointer/gossb-rooms/web/i18n"
 	"github.com/ssb-ngi-pointer/gossb-rooms/web/router"
 )
 
 // New initializes the whole web stack for rooms, with all the sub-modules and routing.
-func New(m *mux.Router, repo repo.Interface) (http.Handler, error) {
+func New(
+	m *mux.Router,
+	repo repo.Interface,
+	as admindb.AuthService,
+	fs admindb.FallbackAuth,
+) (http.Handler, error) {
 	if m == nil {
 		m = router.CompleteApp()
 	}
@@ -27,10 +39,15 @@ func New(m *mux.Router, repo repo.Interface) (http.Handler, error) {
 
 	r, err := render.New(web.Templates,
 		render.BaseTemplates("/base.tmpl"),
-		render.AddTemplates(append(news.HTMLTemplates,
-			"/landing/index.tmpl",
-			"/landing/about.tmpl",
-			"/error.tmpl")...),
+		render.AddTemplates(concatTemplates(
+			[]string{
+				"/landing/index.tmpl",
+				"/landing/about.tmpl",
+				"/error.tmpl",
+			},
+			news.HTMLTemplates,
+			admin.HTMLTemplates,
+		)...),
 		render.FuncMap(web.TemplateFuncs(m)),
 		// TODO: add plural and template data variants
 		// TODO: move these to the i18n helper pkg
@@ -45,7 +62,48 @@ func New(m *mux.Router, repo repo.Interface) (http.Handler, error) {
 		return nil, fmt.Errorf("web Handler: failed to create renderer: %w", err)
 	}
 
+	// TODO: generate & persist me
+	// repo.GetPath("web-cookie")
+	store := &sessions.CookieStore{
+		Codecs: securecookie.CodecsFromPairs(
+			bytes.Repeat([]byte("acab"), 8),
+			bytes.Repeat([]byte("beef"), 8),
+			// securecookie.GenerateRandomKey(32), // new key every time we startup
+			// securecookie.GenerateRandomKey(32),
+		),
+		Options: &sessions.Options{
+			Path:   "/",
+			MaxAge: 30,
+		},
+	}
+
+	notAuthorizedH := r.HTML("/error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
+		statusCode := http.StatusUnauthorized
+		rw.WriteHeader(statusCode)
+		return errorTemplateData{
+			statusCode,
+			"Unauthorized",
+			"you are not authorized to access the requested site",
+		}, nil
+	})
+
+	a, err := auth.NewHandler(fs,
+		auth.SetStore(store),
+		auth.SetNotAuthorizedHandler(notAuthorizedH),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("web Handler: failed to init fallback auth system: %w", err)
+	}
+
 	// hookup handlers to the router
+	roomsAuth.Handler(m, r, a)
+
+	adminRouter := m.PathPrefix("/admin").Subrouter()
+	adminRouter.Use(a.Authenticate)
+
+	// we dont strip path here because it somehow fucks with the middleware setup
+	adminRouter.PathPrefix("/").Handler(admin.Handler(adminRouter, r))
+
 	m.PathPrefix("/news").Handler(http.StripPrefix("/news", news.Handler(m, r)))
 
 	m.Get(router.CompleteIndex).Handler(r.StaticHTML("/landing/index.tmpl"))
@@ -53,10 +111,34 @@ func New(m *mux.Router, repo repo.Interface) (http.Handler, error) {
 
 	m.PathPrefix("/assets/").Handler(http.StripPrefix("/assets/", http.FileServer(web.Assets)))
 
-	m.NotFoundHandler = http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		fmt.Fprintf(rw, "404: url not found")
+	m.NotFoundHandler = r.HTML("/error.tmpl", func(rw http.ResponseWriter, req *http.Request) (interface{}, error) {
+		rw.WriteHeader(http.StatusNotFound)
+		return errorTemplateData{http.StatusNotFound, "Not Found", "the requested page wasnt found.."}, nil
 	})
 
-	// TODO: disable in non-dev
+	if web.Production {
+		return m, nil
+	}
+
 	return r.GetReloader()(m), nil
 }
+
+// utils
+
+type errorTemplateData struct {
+	StatusCode int
+	Status     string
+	Err        string
+}
+
+func concatTemplates(lst ...[]string) []string {
+	var catted []string
+
+	for _, tpls := range lst {
+		for _, t := range tpls {
+			catted = append(catted, t)
+		}
+
+	}
+	return catted
+}
diff --git a/web/handlers/http_test.go b/web/handlers/http_test.go
new file mode 100644
index 0000000..5993f5b
--- /dev/null
+++ b/web/handlers/http_test.go
@@ -0,0 +1,80 @@
+package handlers
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/web/router"
+)
+
+func TestIndex(t *testing.T) {
+	setup(t)
+	t.Cleanup(teardown)
+
+	a := assert.New(t)
+	r := require.New(t)
+
+	url, err := testRouter.Get(router.CompleteIndex).URL()
+	r.Nil(err)
+	html, resp := testClient.GetHTML(url.String(), nil)
+	a.Equal(http.StatusOK, resp.Code, "wrong HTTP status code")
+	a.Equal("Index landing page", html.Find("#welcome").Text())
+	val, has := html.Find("#logo").Attr("src")
+	a.True(has, "logo src attribute not found")
+	a.Equal("/assets/img/test-hermie.png", val)
+}
+
+func TestAbout(t *testing.T) {
+	setup(t)
+	t.Cleanup(teardown)
+
+	a := assert.New(t)
+	r := require.New(t)
+
+	url, err := testRouter.Get(router.CompleteAbout).URL()
+	r.Nil(err)
+	html, resp := testClient.GetHTML(url.String(), nil)
+	a.Equal(http.StatusOK, resp.Code, "wrong HTTP status code")
+	found := html.Find("h1").Text()
+	a.Equal("The about page", found)
+}
+
+func TestNotFound(t *testing.T) {
+	setup(t)
+	t.Cleanup(teardown)
+
+	a := assert.New(t)
+
+	html, resp := testClient.GetHTML("/some/random/ASDKLANZXC", nil)
+	a.Equal(http.StatusNotFound, resp.Code, "wrong HTTP status code")
+	found := html.Find("h1").Text()
+	a.Equal("Error #404 - Not Found", found)
+}
+
+func TestNewsRegisterd(t *testing.T) {
+	setup(t)
+	t.Cleanup(teardown)
+
+	a := assert.New(t)
+
+	html, resp := testClient.GetHTML("/news/", nil)
+	a.Equal(http.StatusOK, resp.Code, "wrong HTTP status code")
+	found := html.Find("h1").Text()
+	t.Log(found)
+	// a.Equal("fooo", found)
+}
+
+func TestRestricted(t *testing.T) {
+	setup(t)
+	t.Cleanup(teardown)
+
+	a := assert.New(t)
+
+	html, resp := testClient.GetHTML("/admin/", nil)
+	a.Equal(http.StatusUnauthorized, resp.Code, "wrong HTTP status code")
+	found := html.Find("h1").Text()
+	a.Equal("Error #401 - Unauthorized", found)
+}
diff --git a/web/handlers/news/app_test.go b/web/handlers/news/app_test.go
index ddbabf5..9783f4b 100644
--- a/web/handlers/news/app_test.go
+++ b/web/handlers/news/app_test.go
@@ -17,8 +17,6 @@ var (
 	testMux    *http.ServeMux
 	testClient *tester.Tester
 	testRouter = router.News(nil)
-
-	testAssets = http.Dir("../../templates")
 )
 
 func setup(t *testing.T) {
@@ -27,7 +25,7 @@ func setup(t *testing.T) {
 	testFuncs["i18n"] = func(msgID string) string { return msgID }
 
 	log, _ := logtest.KitLogger("feed", t)
-	r, err := render.New(testAssets, //TODO: embedd web.Assets,
+	r, err := render.New(web.Templates,
 		render.SetLogger(log),
 		render.BaseTemplates("/testing/base.tmpl"),
 		render.AddTemplates(append(HTMLTemplates, "/error.tmpl")...),
diff --git a/web/handlers/setup_test.go b/web/handlers/setup_test.go
new file mode 100644
index 0000000..f694412
--- /dev/null
+++ b/web/handlers/setup_test.go
@@ -0,0 +1,57 @@
+package handlers
+
+import (
+	"net/http"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/pkg/errors"
+	"go.mindeco.de/http/tester"
+
+	"github.com/ssb-ngi-pointer/gossb-rooms/admindb/mockdb"
+	"github.com/ssb-ngi-pointer/gossb-rooms/internal/repo"
+	"github.com/ssb-ngi-pointer/gossb-rooms/web/router"
+)
+
+var (
+	testMux    *http.ServeMux
+	testClient *tester.Tester
+	testRouter = router.CompleteApp()
+
+	// mocked dbs
+	testAuthDB         *mockdb.FakeAuthService
+	testAuthFallbackDB *mockdb.FakeFallbackAuth
+)
+
+func setup(t *testing.T) {
+
+	testRepoPath := filepath.Join("testrun", t.Name())
+	os.RemoveAll(testRepoPath)
+	testRepo := repo.New(testRepoPath)
+
+	testAuthDB = new(mockdb.FakeAuthService)
+	testAuthFallbackDB = new(mockdb.FakeFallbackAuth)
+	h, err := New(
+		testRouter,
+		testRepo,
+		testAuthDB,
+		testAuthFallbackDB,
+	)
+	if err != nil {
+		t.Fatal(errors.Wrap(err, "setup: handler init failed"))
+	}
+
+	// log, _ := logtest.KitLogger("complete", t)
+
+	testMux = http.NewServeMux()
+	testMux.Handle("/", h)
+	testClient = tester.New(testMux, t)
+}
+
+func teardown() {
+	testMux = nil
+	testClient = nil
+	testAuthFallbackDB = nil
+	testAuthFallbackDB = nil
+}
diff --git a/web/i18n/helper.go b/web/i18n/helper.go
index 3c273d9..2602235 100644
--- a/web/i18n/helper.go
+++ b/web/i18n/helper.go
@@ -22,7 +22,7 @@ func New(r repo.Interface) (*Helper, error) {
 	bundle := i18n.NewBundle(language.English)
 	bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
 
-	// TODO: could additionally embedd the defaults together with the html assets and templates
+	// TODO: could additionally embedd the defaults like we do with the html assets and templates
 
 	err := filepath.Walk(r.GetPath("i18n"), func(path string, info os.FileInfo, err error) error {
 		if err != nil {
@@ -44,8 +44,8 @@ func New(r repo.Interface) (*Helper, error) {
 
 		return nil
 	})
-	if err != nil {
-		return nil, err
+	if err != nil && !os.IsNotExist(err) {
+		return nil, fmt.Errorf("i18n: failed to iterate localizations: %w", err)
 	}
 
 	return &Helper{bundle: bundle}, nil
diff --git a/web/production.go b/web/production.go
new file mode 100644
index 0000000..60a5fc5
--- /dev/null
+++ b/web/production.go
@@ -0,0 +1,6 @@
+// +build !dev
+
+package web
+
+// Production can be used to determain different aspects at compile time (like hot template reloading)
+const Production = true
diff --git a/web/router/admin.go b/web/router/admin.go
new file mode 100644
index 0000000..863c83e
--- /dev/null
+++ b/web/router/admin.go
@@ -0,0 +1,21 @@
+package router
+
+import "github.com/gorilla/mux"
+
+// constant names for the named routes
+const (
+	AdminDashboard = "admin:dashboard"
+)
+
+// Admin constructs a mux.Router containing the routes for the admin dashboard and settings pages
+func Admin(m *mux.Router) *mux.Router {
+	if m == nil {
+		m = mux.NewRouter()
+	}
+
+	// we dont strip path here because it somehow fucks with the middleware setup
+	m.Path("/admin").Methods("GET").Name(AdminDashboard)
+	// m.Path("/admin/settings").Methods("GET").Name(AdminSettings)
+
+	return m
+}
diff --git a/web/router/auth.go b/web/router/auth.go
index 1e279a0..3f16bf9 100644
--- a/web/router/auth.go
+++ b/web/router/auth.go
@@ -4,8 +4,12 @@ import "github.com/gorilla/mux"
 
 // constant names for the named routes
 const (
-	AuthSignIn  = "Auth:SignIn"
-	AuthSignOut = "Auth:SignOut"
+	AuthFallbackSignInForm = "Auth:Fallback:Form:SignIn"
+	AuthFallbackSignIn     = "Auth:Fallback:SignIn"
+	AuthFallbackSignOut    = "Auth:Fallback:SignOut"
+
+	AuthWithSSBSignIn  = "Auth:WithSSB:SignIn"
+	AuthWithSSBSignOut = "Auth:WithSSB:SignOut"
 )
 
 // NewSignin constructs a mux.Router containing the routes for sign-in and -out
@@ -14,8 +18,13 @@ func Auth(m *mux.Router) *mux.Router {
 		m = mux.NewRouter()
 	}
 
-	m.Path("/signIn").Methods("GET").Name(AuthSignIn)
-	m.Path("/signOut").Methods("GET").Name(AuthSignOut)
+	// register fallback
+	m.Path("/fallback/signin").Methods("GET").Name(AuthFallbackSignInForm)
+	m.Path("/fallback/signin").Methods("POST").Name(AuthFallbackSignIn)
+	m.Path("/fallback/signOut").Methods("GET").Name(AuthFallbackSignOut)
+
+	m.Path("/withssb/signIn").Methods("GET").Name(AuthWithSSBSignIn)
+	m.Path("/withssb/signOut").Methods("GET").Name(AuthWithSSBSignOut)
 
 	return m
 }
diff --git a/web/router/complete.go b/web/router/complete.go
index f047b65..0627c52 100644
--- a/web/router/complete.go
+++ b/web/router/complete.go
@@ -1,6 +1,8 @@
 package router
 
-import "github.com/gorilla/mux"
+import (
+	"github.com/gorilla/mux"
+)
 
 // constant names for the named routes
 const (
@@ -13,7 +15,7 @@ func CompleteApp() *mux.Router {
 	m := mux.NewRouter()
 
 	Auth(m.PathPrefix("/auth").Subrouter())
-	// Admin(m.PathPrefix("/profile").Subrouter())
+	Admin(m.PathPrefix("/admin").Subrouter())
 	News(m.PathPrefix("/news").Subrouter())
 
 	m.Path("/").Methods("GET").Name(CompleteIndex)
diff --git a/web/templates/admin/dashboard.tmpl b/web/templates/admin/dashboard.tmpl
new file mode 100644
index 0000000..9012eca
--- /dev/null
+++ b/web/templates/admin/dashboard.tmpl
@@ -0,0 +1,11 @@
+{{ define "title" }}{{i18n "AdminOverview"}}{{ end }}
+{{ define "content" }}
+<div class="page-header">
+  <h1 id="welcome">{{i18n "AdminWelcome"}}</h1>
+</div>
+<div class="row">
+    <div class="col-md-12">
+    <p>super cool dashboard!</p>
+    </div>
+</div> <!-- /row -->
+{{end}}
\ No newline at end of file
diff --git a/web/templates/auth/fallback_sign_in.tmpl b/web/templates/auth/fallback_sign_in.tmpl
new file mode 100644
index 0000000..0a486f8
--- /dev/null
+++ b/web/templates/auth/fallback_sign_in.tmpl
@@ -0,0 +1,13 @@
+{{ define "title" }}fallback sign-in{{ end }}
+{{ define "content" }}
+<div class="page-header">
+  <h1 id="welcome">Fallback sign-in</h1>
+</div>
+<div class="row">
+    <div class="col-md-12">
+    <form action="POST">
+        <input type="submit">
+    </form>
+    </div>
+</div> <!-- /row -->
+{{end}}
\ No newline at end of file
diff --git a/web/templates/landing/index.tmpl b/web/templates/landing/index.tmpl
index 42872fc..3971b31 100644
--- a/web/templates/landing/index.tmpl
+++ b/web/templates/landing/index.tmpl
@@ -1,9 +1,9 @@
 {{ define "title" }}Landing - Index{{ end }}
 {{ define "content" }}
 <div class="page-header">
-  <h1>Index landing page</h1>
+  <h1 id="welcome">Index landing page</h1>
 
-<img src="/assets/img/test-hermie.png">
+<img id="logo" src="/assets/img/test-hermie.png">
 
 <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Sed faucibus turpis in eu mi bibendum. A arcu cursus vitae congue mauris rhoncus aenean vel elit. Aliquet bibendum enim facilisis gravida neque convallis. Tempor orci eu lobortis elementum nibh tellus molestie. Sit amet est placerat in egestas erat imperdiet. Amet consectetur adipiscing elit duis tristique sollicitudin nibh sit amet. Ultrices in iaculis nunc sed. Odio facilisis mauris sit amet massa. Sed vulputate mi sit amet mauris commodo quis imperdiet. Hendrerit dolor magna eget est lorem ipsum dolor sit amet. Neque vitae tempus quam pellentesque nec nam. Quis risus sed vulputate odio ut. Tincidunt lobortis feugiat vivamus at augue.</p>
 <p>Sem nulla pharetra diam sit amet nisl. Sed odio morbi quis commodo odio aenean sed adipiscing. In ornare quam viverra orci sagittis. Elit eget gravida cum sociis natoque. Auctor neque vitae tempus quam. Porttitor massa id neque aliquam vestibulum morbi blandit cursus risus. Ornare lectus sit amet est placerat in egestas erat. Ut enim blandit volutpat maecenas. Fermentum odio eu feugiat pretium nibh. At risus viverra adipiscing at. Et egestas quis ipsum suspendisse. Mollis nunc sed id semper risus in hendrerit. Semper feugiat nibh sed pulvinar.</p>
diff --git a/web/templates_vfsdata.go b/web/templates_vfsdata.go
index 46f6180..cc4ad77 100644
--- a/web/templates_vfsdata.go
+++ b/web/templates_vfsdata.go
@@ -25,11 +25,25 @@ var Templates = func() http.FileSystem {
 		},
 		"/admin": &vfsgen۰DirInfo{
 			name:    "admin",
-			modTime: time.Date(2021, 2, 4, 10, 13, 43, 85528679, time.UTC),
+			modTime: time.Date(2021, 2, 8, 8, 57, 59, 963650924, time.UTC),
+		},
+		"/admin/dashboard.tmpl": &vfsgen۰CompressedFileInfo{
+			name:             "dashboard.tmpl",
+			modTime:          time.Date(2021, 2, 8, 8, 59, 1, 776365136, time.UTC),
+			uncompressedSize: 276,
+
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\x54\x8d\xb1\x6a\xc4\x30\x0c\x86\x77\x3f\xc5\x7f\xde\x4d\x48\xa7\x0e\x3e\x43\x9f\xa0\x63\x67\xd7\x52\x1b\x83\x63\x05\x27\x4d\x06\xa3\x77\x2f\x77\xe4\xe0\x6e\x12\x7c\xd2\xf7\xa9\x77\x10\xff\xe4\xca\xb0\x5b\xde\x0a\x5b\xa8\xf6\x9e\xc7\xf7\x0a\xfb\x41\x73\xae\x9f\x3b\xb7\x3d\xf3\x61\x6f\x1c\x5c\x09\xaa\xe6\xc9\x4a\x52\x37\xae\xdb\xcd\x33\x9e\xf2\x8e\x54\xe2\xba\x5e\xed\x12\x7f\xd9\x4d\x1c\x89\x9b\x0d\x06\xf0\xd3\x88\x4c\x57\x7b\x70\x49\x32\xb3\x0d\x2f\x5f\xbe\x4e\xaa\xea\x87\x69\x0c\xc6\x0f\x94\xf7\xf0\x12\x6c\x72\xdc\x43\xc0\x33\x4d\x52\xdc\x4c\x6e\x7c\x7b\xec\x96\xb0\xfe\x2d\xdc\x90\x44\x0a\x28\xae\xd3\xb7\xc4\x46\x17\x3f\x2c\xe7\xc1\x59\xbe\x0f\xf8\x8b\x73\x18\x9a\x1c\x70\x2e\x98\xde\xb9\x92\xea\x7f\x00\x00\x00\xff\xff\x68\x8e\xc6\xc9\x14\x01\x00\x00"),
 		},
 		"/auth": &vfsgen۰DirInfo{
 			name:    "auth",
-			modTime: time.Date(2021, 2, 4, 10, 13, 35, 952659459, time.UTC),
+			modTime: time.Date(2021, 2, 8, 10, 43, 54, 721078995, time.UTC),
+		},
+		"/auth/fallback_sign_in.tmpl": &vfsgen۰CompressedFileInfo{
+			name:             "fallback_sign_in.tmpl",
+			modTime:          time.Date(2021, 2, 8, 10, 43, 54, 721000000, time.UTC),
+			uncompressedSize: 295,
+
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\x5c\x8d\x41\x4e\xc3\x30\x10\x45\xf7\x3e\xc5\xc7\x7b\x2b\x2a\x6b\xc7\x4b\xb6\x20\xc1\x05\x5c\x7b\xd2\x8c\x70\xc6\x51\xe2\x36\x42\x96\xef\x8e\x1a\x88\x54\x58\xcd\x68\xde\xff\x6f\x6a\x45\xa4\x81\x85\xa0\x0b\x97\x44\x1a\xad\x0d\x3e\xa5\xb3\x0f\x9f\x58\xf9\x22\x86\xa5\x56\x90\x44\xb4\xa6\x1e\xd2\x21\x4b\x21\x29\xf7\xbc\xb2\x91\x6f\x08\xc9\xaf\x6b\xaf\x67\x7f\x21\x33\x92\x8f\xb4\x68\xa7\x00\x3b\x9e\xc0\xb1\xd7\x1b\xa5\x90\x27\xd2\xee\xe5\x9f\xdd\x76\xe3\xc9\x29\xdb\x45\xbe\xb9\x3f\xa6\x25\x6f\xbb\x01\x78\xbc\x86\x9c\xcc\x14\xcd\xe9\xf9\x60\x43\x5e\x26\xf8\x50\x38\x4b\xaf\xdf\x5e\xdf\x3f\x7e\xc1\x0e\x59\xe6\x6b\x41\xf9\x9a\xa9\xd7\xeb\xf5\x3c\x71\x39\x6a\xdd\xbd\x77\xec\x3f\xbf\xf7\x01\xfb\x64\x0c\xba\x25\x6f\x30\xc6\xa9\x5a\x49\x62\x6b\xdf\x01\x00\x00\xff\xff\xfe\x5d\xbf\xe3\x27\x01\x00\x00"),
 		},
 		"/base.tmpl": &vfsgen۰CompressedFileInfo{
 			name:             "base.tmpl",
@@ -58,10 +72,10 @@ var Templates = func() http.FileSystem {
 		},
 		"/landing/index.tmpl": &vfsgen۰CompressedFileInfo{
 			name:             "index.tmpl",
-			modTime:          time.Date(2021, 2, 4, 16, 33, 54, 923639610, time.UTC),
-			uncompressedSize: 3955,
+			modTime:          time.Date(2021, 2, 8, 8, 43, 20, 982174425, time.UTC),
+			uncompressedSize: 3978,
 
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\x9c\x57\x5b\x6f\x5c\x37\x0e\x7e\xf7\xaf\xe0\xfa\xb9\x96\xd1\x77\xd7\x80\xb1\x9d\xa2\x01\x52\x77\xb7\x4e\xf2\xae\x91\x38\x67\xb8\xd0\xe5\x58\xa2\xce\x2e\x60\xf8\xbf\x2f\xa8\xdb\x1c\x23\x89\x51\xe4\xa9\xcd\x8c\x46\x22\xbf\x1b\xe9\x97\x17\xb0\x78\xa2\x80\x70\xcd\xc4\x0e\xaf\xe1\xf5\xf5\xa3\x0e\x96\xc2\x02\x37\xf0\x21\x58\xfc\xdf\xcb\x0b\x60\xb0\xf0\xfa\x7a\xb5\x3b\x6c\x62\x60\x0c\x2c\xc7\xaf\xee\x2c\x6d\x60\x9c\xce\xf9\x97\xeb\x55\x2f\x78\x73\x46\x6d\x31\x5d\xdf\x5f\x01\xdc\x9d\x7f\xbe\xaf\xb7\x80\xeb\xb7\xca\x89\xbb\xdb\xf3\xcf\xf7\x57\x57\x77\xe4\x17\xc8\xc9\xfc\x72\x7d\xab\x73\x46\xce\xb7\xe4\x97\x5b\xc6\xcc\x37\x67\x4c\x9e\x50\xad\x61\xb9\x96\x83\xeb\xfd\xc7\x98\xd0\x03\xad\xb9\x78\xb0\xd1\xc5\x04\x99\x18\xb4\x47\xfe\x09\x4c\x0c\x19\x0d\x23\x97\x04\xda\xd2\x4a\xd9\xc8\x4b\xe8\x88\x7f\x82\x8c\x16\x6c\x04\xa4\x92\x7d\xb4\xc0\xe8\xd7\x98\x80\x82\x21\x4b\xb6\x04\x86\xc2\xe0\xf4\x31\x26\x04\xe4\x76\x35\x82\xd7\x4b\xd0\xa0\x1d\x3d\x17\xad\xe0\x09\x2d\x9c\x74\x31\x74\x2c\x19\xb8\xa4\x95\x32\x50\x00\x2c\xe0\x09\x8e\x74\xc4\x60\x8b\x57\xf0\x00\x3a\x99\x02\xa6\xa4\x5c\x32\x6c\xc4\x1a\xa5\xb4\xa5\xc8\x7d\x25\x51\x86\x74\x8e\xc1\x94\x0c\x1a\x03\xea\x00\x1b\xba\x5a\xa4\x82\x07\x79\x09\x79\x5e\x06\x18\xc8\xc3\x49\x1b\x72\x94\x29\xc3\x92\xf4\x46\x56\x43\xc0\xe7\x52\x2f\xdd\xb4\x73\x94\x15\x7c\x6a\xed\xc4\x64\x48\xea\x71\xf1\x18\x13\x53\x06\x74\xe8\x31\x70\xf1\x10\xe8\x78\x06\x46\xe7\x4a\x06\x1f\x1d\x66\x26\x54\xf0\xd4\xc1\x03\xcc\x0c\xab\xd3\x06\x93\xe6\xda\xd4\x82\x99\x75\x86\xf6\x6f\xbf\x62\xb2\x84\x52\xa1\x1c\x7e\x07\x68\xb0\x85\x32\x70\xa2\xcc\xd2\x0a\xe4\xe8\x1c\x19\xe2\x62\x29\xb4\x1a\x06\x5f\x0a\x3e\x3b\x4e\x64\xb0\x82\x48\xda\x14\x47\x19\x42\x09\x46\xb8\x52\xf0\xa7\xa5\xb8\x6b\xbd\x43\x37\x7e\x0d\x5e\xe7\xdc\x39\xd9\x8a\x5b\x0b\x6b\x46\xe1\x61\x77\xa0\xfe\xc0\x44\xef\xa3\x8d\xf0\x2c\x75\xed\x1a\xf9\x1d\x83\x4d\x98\xa8\x73\xdd\xa9\xc6\xa5\x63\xe1\xbe\xab\x33\x05\x8f\x15\xfd\x46\xac\xe8\xa8\x64\x78\x2e\xda\xc3\x8a\xce\x61\x60\xcc\xf2\x75\x40\x03\x41\x7b\x05\xff\x96\x87\x13\x89\x16\xf2\x9b\x62\xa3\x34\x58\x58\xc1\xa7\xaa\x42\xd1\xe0\xe4\xed\x84\x65\x21\xcd\xb0\xd1\xa6\xbd\x28\x85\x41\x97\xa5\xa0\xba\xbb\x5d\xef\xc5\x07\x4f\xe8\x21\x14\xe7\x34\xac\x67\x9d\x90\x93\x06\x4b\xda\x5f\xda\x0f\x94\x5d\x83\xa7\xbe\xe3\x63\x3a\x52\x03\x61\x20\x52\x3f\xef\x12\x94\xca\x2e\x4c\x2a\xf8\x10\x20\xa6\xa0\x13\xb6\xce\x36\xda\x30\x25\xdd\xf4\x95\xf5\x42\xcc\xa2\xba\x83\x10\x5e\x21\x1b\xc2\x34\xc5\x43\x8e\x86\x84\x49\xcd\xf1\xb9\xa0\x82\x87\x62\x38\xa6\xae\xd9\xaf\x50\x53\xf0\xaf\x98\x98\x89\x2b\x07\x39\x6b\x20\xdb\xcf\x36\xdf\x79\xd8\x44\xac\xc7\xe2\x8a\xef\x6d\x1c\x6b\x88\xf0\xb0\x58\x05\x57\xc1\x9f\xad\x60\x87\x86\xcb\x4e\x28\xef\x29\x5b\xc1\x67\x6e\x1e\x1b\x57\x6e\xd1\x15\x5e\xb5\xc8\x07\x0d\x06\x9d\x15\xfc\x86\xa9\x7b\xa8\x22\x86\x65\xb2\xb3\x26\x64\xea\xde\x52\xf0\xc0\x9d\xe6\x81\xd6\xce\x1a\xf2\xd4\x81\xe7\xdb\x4d\x8c\x55\x5c\xb9\xe4\x15\x83\xa5\x9c\x51\xc1\x1f\xe2\x96\x8b\x09\x04\x8a\x8c\xa2\xd9\x7e\x33\x05\x38\x0f\xdd\x0a\xb9\xf5\xab\x51\x4d\x73\x17\x5a\x58\x8b\xdb\x28\xe8\x34\xc5\xf2\x38\xee\xab\x1a\x02\xa7\xcd\xae\xca\xca\x88\x82\xcf\x29\x54\xe8\x27\x00\xed\x94\xd3\x31\xa1\xc8\x29\x06\x81\x5b\x1f\x49\x4c\x3f\xe8\xae\x41\xa7\x4d\xed\xbd\xe3\x5e\xe4\x1e\xdb\x74\xd6\xe3\x69\xf7\x7f\x3d\x80\xc8\x02\x05\xc6\x54\xf3\xf2\x77\x6d\xe0\x2c\x17\x4b\xf8\x0b\x55\x8c\x22\x66\xc3\xc5\x67\xae\x50\x55\x19\xfd\x1d\x49\x0a\x39\xb3\x81\xf8\x26\x40\x14\x3c\x18\x38\xa1\x14\x61\xa3\x98\x13\xfb\x89\x37\xae\xad\x1e\x9a\x37\x0c\xa7\xd4\x3c\x3a\xcc\x28\x95\xd2\x17\x4c\x4d\x38\x5d\xd6\xe3\x27\xda\x00\x4f\x3b\x37\xb1\x77\x06\xa5\x11\xc9\x8e\x1a\x0b\x53\xdb\x19\xbd\x54\xc2\x31\x89\x01\x6a\xb0\x3e\x17\x11\xaa\x85\x35\x26\xd6\x5d\x5b\x7f\x54\x67\x74\xf3\xcc\xb3\x96\x7a\x45\x4e\x1b\x0a\xa4\x9b\xae\x36\x74\x23\xa3\x86\xde\xfa\xf8\xe9\x58\xce\x8f\x6b\xb7\x14\xf6\xf3\x4a\xc1\x5f\x7d\x38\x79\x5d\x11\x1d\xb3\xaa\xf2\x3a\x3c\xdc\xa0\xff\x4f\xc9\x1c\x25\xe0\xb4\x9f\x57\x93\xed\x18\xa2\x6b\x3c\x5d\x26\xd0\x94\xa5\xa8\x65\x02\x56\x4f\x17\x86\x0d\x03\x06\xcd\x3b\x8d\x04\xf0\x28\x8a\xba\x24\x26\x16\x05\xbf\x16\x92\x47\xba\x14\x6a\xe5\x3d\x48\x2b\x96\x6f\x33\xb1\xf9\xbb\xd4\x6f\x06\x6b\x0d\xc4\x5a\x7b\xcb\xae\x96\xfc\xa7\xe9\xf2\x3e\x8a\x14\xfc\xf5\x5e\x68\x1f\xbe\xab\xb4\xdd\xa8\x52\xf0\x05\x1d\x9c\x12\x85\x85\xa4\x2e\xc9\x22\x29\xd0\x9b\x98\x44\x13\xf5\xfd\x56\xf2\xf8\x39\x20\x93\xa4\xe2\x63\x3d\x57\xf5\xd4\xf8\x6e\x75\xaf\x25\x95\x3c\xb7\x90\xe9\xf0\x83\x48\x71\x46\xde\x05\xcb\xca\x5a\x8f\xc9\xfe\x98\x44\x81\x41\x87\xa9\x11\xd6\xc9\xbc\xf0\x5e\xf3\x72\xef\x89\x3a\xd6\xf7\x55\x5b\x5a\x02\xe5\x4c\xbe\x9a\x72\xaf\xe4\x4b\xa7\x85\x7b\x56\x5f\xdc\xd0\xc2\xe7\xe2\xfb\xb9\x7b\xbc\xb3\x4e\x28\xf8\xf0\x03\x91\x24\xe8\x05\xd3\x2a\xfb\x91\x6d\xea\x90\xe2\x48\x09\x6d\x1a\xbb\xbc\x5b\xb0\xac\x5e\xeb\x0a\x58\xbe\xde\x5f\x04\x91\xd6\xdf\x9b\xae\x1c\x1d\x31\x45\xd1\xed\xdc\x1f\xdb\x7c\x3e\x64\x61\xab\x8f\xd1\xe6\xc9\xef\xea\x5b\xc1\xd3\x8e\xb7\x16\x65\x73\xa1\x81\x35\x45\x0a\x3b\x15\x3b\x8c\xd5\x84\xb5\xe2\x1e\x25\x31\x28\x78\x14\x8d\xf5\x60\x2a\xd9\xd0\x4a\x3c\xd7\xc2\xa6\xdb\xbe\x49\x5c\x06\xe0\x23\x65\x37\x67\xdd\xa9\x64\x53\x6d\xde\xca\x2e\x33\xbb\xc6\x81\x21\xa8\x21\xcd\x2f\x3a\x51\xdd\x39\x45\x0d\x2d\x32\x85\x9c\x29\x61\x49\x03\xdd\x56\x84\x96\x31\xf2\x2d\xd9\x99\x47\x5f\xbe\xa1\xfb\x01\xcf\x9b\xe1\xf9\x99\xc7\xc7\xef\xad\x00\x0a\x3e\x36\x32\x5a\x02\x0c\x31\x5d\xb6\xbb\xa7\xaf\xcd\x31\x90\xa1\xef\xab\xbd\x5a\x41\xde\xd1\x81\x45\xe4\x3d\xb7\x3f\xb5\xbf\x12\x06\xb9\x73\x72\x88\x15\xbb\x3c\x05\xdf\xe3\x19\x4c\xd2\x79\x46\xe4\x08\xdf\xb9\x08\xf4\xf5\x44\xc1\x6f\x7f\xdf\x61\x43\x58\x85\xea\x5f\x3c\x14\x64\x8c\x38\xcc\x45\x5b\x89\x1b\x8f\xb9\xa6\xcb\xdb\x0a\xe5\xb1\xbe\x9d\x55\x36\x44\x59\x33\x4c\x0f\xdf\x5e\x7d\xda\x26\x23\xb7\x57\x94\xa6\x2d\x50\x6c\x44\x61\xe4\x4f\x7f\xa9\x2f\xee\x87\xf7\x53\x59\xc1\xaf\x23\x65\xf6\x2c\xd7\x05\xee\x82\xb2\x82\x0f\xd3\x00\x2d\x46\xfd\xec\xf0\xab\x0c\xab\x0a\x99\x0a\x9a\x50\xe3\x3b\x73\x5d\xc1\x3f\xe7\x44\xee\x63\x7c\x48\x42\x86\xb8\xfb\x86\x92\xba\xee\x6f\x2d\x6d\xe3\x3f\x70\xf7\x8f\x9b\x1b\xb8\x4d\xf1\xbf\x70\x73\x73\x7f\xf5\xf2\x82\xc1\xbe\xbe\xfe\x3f\x00\x00\xff\xff\xc8\x2d\x64\x17\x73\x0f\x00\x00"),
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xff\x9c\x57\x5b\x6f\x5b\x37\x12\x7e\xf7\xaf\x98\xd5\x73\x4d\xa3\xef\x8e\x01\x63\xab\xa2\x01\x52\x77\xb7\x4e\xf2\x4e\x91\xa3\xa3\x59\xf0\x72\x4c\x0e\xd5\x05\x0c\xff\xf7\x62\x78\xd3\x31\x12\x1b\x45\x9e\xda\x48\x14\x39\xf3\xdd\x66\xfc\xfc\x0c\x16\x8f\x14\x10\x76\x4c\xec\x70\x07\x2f\x2f\x9f\x74\xb0\x14\x16\xb8\x86\x8f\xc1\xe2\xff\x9f\x9f\x01\x83\x85\x97\x97\xab\xcd\x61\x13\x03\x63\x60\x39\x7e\x75\x6b\xe9\x0c\xc6\xe9\x9c\x3f\xec\x56\xbd\xe0\xf5\x09\xb5\xc5\xb4\xbb\xbb\x02\xb8\x3d\xfd\x0c\x64\x3f\xec\xfe\x42\x67\xa2\xc7\xdd\x5d\xbd\x12\x5c\x7f\x42\x8e\xdf\xde\x9c\x7e\xbe\xbb\xba\xba\x25\xbf\xd4\xa3\x2e\x2e\x71\x07\x39\x99\x0f\xbb\x1b\x9d\x33\x72\xbe\x21\xbf\xdc\x30\x66\xbe\x3e\x61\xf2\x84\x6a\x0d\xcb\x4e\x7e\xb2\xde\x7d\x8a\x09\x3d\xd0\x9a\x8b\x07\x1b\x5d\x4c\x90\x89\x41\x7b\xe4\x9f\xc0\xc4\x90\xd1\x30\x72\x49\xa0\x2d\xad\x94\x8d\xbc\x89\x8e\xf8\x27\xc8\x68\xc1\x46\x40\x2a\xd9\x47\x0b\x8c\x7e\x8d\x09\x28\x18\xb2\x64\x4b\x60\x28\x0c\x4e\x1f\x62\x42\x40\x6e\x57\x23\x78\xbd\x04\x0d\xda\xd1\x53\xd1\x0a\x1e\xd1\xc2\x51\x17\x43\x87\x92\x81\x4b\x5a\x29\x03\x05\xc0\x02\x9e\xe0\x40\x07\x0c\xb6\x78\x05\xf7\xa0\x93\x29\x60\x4a\xca\x25\xc3\x99\x58\xa3\x94\xb6\x14\xb9\xaf\x24\xca\x90\x4e\x31\x98\x92\x41\x63\x40\x1d\xe0\x8c\xae\x16\xa9\xe0\x5e\x5e\x42\x9e\x97\x01\x06\xf2\x70\xd4\x86\x1c\x65\xca\xb0\x24\x7d\x26\xab\x21\xe0\x53\xa9\x97\x9e\xb5\x73\x94\x15\x7c\x6e\xed\xc4\x64\x48\xea\x71\xf1\x10\x13\x53\x06\x74\xe8\x31\x70\xf1\x10\xe8\x70\x02\x46\xe7\x4a\x06\x1f\x1d\x66\x26\x54\xf0\xd8\xc1\x03\xcc\x0c\xab\xd3\x06\x93\xe6\xda\xd4\x82\x99\x75\x86\xf6\x6f\xbf\x62\xb2\x84\x52\xa1\x1c\x7e\x07\x68\xb0\x85\x32\x70\xa2\xcc\xd2\x0a\xe4\xe8\x1c\x19\xe2\x62\x29\xb4\x1a\x06\x5f\x0a\xbe\x38\x4e\x64\xb0\x82\x48\xda\x14\x47\x19\x42\x09\x46\xb8\x52\xf0\x87\xa5\xb8\x69\xbd\x43\x37\x7e\x0d\x5e\xe7\xdc\x39\x39\x17\xb7\x16\xd6\x8c\xc2\xc3\xe6\x40\xfd\x81\x89\xde\x47\x1b\xe1\x49\xea\xda\x34\xf2\x1b\x06\x9b\x30\x51\xe7\xba\x53\x8d\x4b\xc7\xc2\xbd\xa9\x33\x05\x0f\x15\xfd\x46\xac\xe8\xa8\x64\x78\x2a\xda\xc3\x8a\xce\x61\x60\xcc\xf2\x75\x40\x03\x41\x7b\x05\xff\x95\x87\x13\x89\x16\xf2\xab\x62\xa3\x34\x58\x58\xc1\xe7\xaa\x42\xd1\xe0\xe4\xed\x88\x65\x21\xcd\x70\xa6\xb3\xf6\xa2\x14\x06\x5d\x96\x82\xea\xf6\x66\xbd\x13\x1f\x3c\xa2\x87\x50\x9c\xd3\xb0\x9e\x74\x42\x4e\x1a\x2c\x69\x7f\x69\x3f\x50\x76\x0d\x9e\xfa\x8e\x8f\xe9\x40\x0d\x84\x81\x48\xfd\xbc\x4b\x50\x2a\xbb\x30\xa9\xe0\x63\x80\x98\x82\x4e\xd8\x3a\x3b\xd3\x19\x53\xd2\x4d\x5f\x59\x2f\xc4\x2c\xaa\xdb\x0b\xe1\x15\xb2\x21\x4c\x53\x3c\xe4\x68\x48\x98\xd4\x1c\x9f\x0a\x2a\xb8\x2f\x86\x63\xea\x9a\xfd\x06\x35\x05\xff\x89\x89\x99\xb8\x72\x90\xb3\x06\xb2\xfd\x6c\xf3\x9d\x87\xb3\x88\xf5\x50\x5c\xf1\xbd\x8d\x43\x8d\x13\x1e\x16\xab\xe0\x2a\xf8\xa3\x15\xec\xd0\x70\xd9\x08\xe5\x3d\x65\x2b\xf8\xc2\xcd\x63\xe3\xca\x73\x74\x85\x57\x2d\xf2\x41\x83\x41\x67\x05\xbf\x62\xea\x1e\xaa\x88\x61\x99\xec\xac\x09\x99\xba\xb7\x14\xdc\x73\xa7\x79\xa0\xb5\xb1\x86\x3c\xb5\xe7\xf9\x76\x13\x63\x15\x57\x2e\x79\xc5\x60\x29\x67\x54\xf0\xbb\xb8\xe5\x62\x02\x81\x22\xa3\x68\xb6\xdf\x4c\x01\x4e\x43\xb7\x42\x6e\xfd\x6a\x54\xd3\xdc\x85\x16\xd6\xe2\xce\x14\x74\x9a\x62\x79\x18\xf7\x55\x0d\x81\xd3\x66\x53\x65\x65\x44\xc1\x97\x14\x2a\xf4\x13\x80\x76\xca\xe9\x98\x50\xe4\x14\x83\xc0\xad\x0f\x24\xa6\x1f\x74\xd7\xa0\xd3\xa6\xf6\xde\x71\x2f\x72\x8f\x6d\x3a\xeb\xf1\xb4\xf9\xbf\x1e\x40\x64\x81\x02\x63\xaa\x79\xf9\x9b\x36\x70\x92\x8b\x25\xfc\x85\x2a\x46\x11\xb3\xe1\xe2\x33\x57\xa8\xaa\x8c\xfe\x89\x24\x85\x9c\xd9\x40\x7c\x15\x20\x0a\xee\x0d\x1c\x51\x8a\xb0\x51\xcc\x89\xfd\xc4\x2b\xd7\x56\x0f\xcd\x1b\x86\x53\x6a\x1e\xed\x67\x94\x4a\xe9\x0b\xa6\x26\x9c\x2e\xeb\xf1\x13\x6d\x80\xa7\x9d\x9b\xd8\x3b\x83\xd2\x88\x64\x47\x8d\x85\xa9\xed\x8c\x5e\x2a\xe1\x98\xc4\x00\x35\x58\x9f\x8a\x08\xd5\xc2\x1a\x13\xeb\xae\xad\xdf\xab\x33\xba\x79\xe6\x59\x4b\xbd\x22\xa7\x0d\x05\xd2\x4d\x57\x67\x74\x23\xa3\x86\xde\xfa\xf8\xe9\x58\xce\x8f\x6b\xb7\x14\xb6\xf3\x4a\xc1\x9f\x7d\x38\x79\x5d\x11\x1d\xb3\xaa\xf2\x3a\x3c\xdc\xa0\xff\x5f\xc9\x1c\x25\xe0\xb4\x9f\x57\x93\xed\x18\xa2\x6b\x3c\x5d\x26\xd0\x94\xa5\xa8\x65\x02\x56\x4f\x17\x86\x33\x06\x0c\x9a\x37\x1a\x09\xe0\x51\x14\x75\x49\x4c\x2c\x0a\x7e\x29\x24\x8f\x74\x29\xd4\xca\x7b\x90\x56\x2c\x5f\x67\x62\xf3\x77\xa9\xdf\x0c\xd6\x1a\x88\xb5\xf6\x96\x5d\x2d\xf9\x8f\xd3\xe5\x7d\x14\x29\xf8\xf3\xbd\xd0\xde\xbf\xa9\xb4\xcd\xa8\x52\xf0\x15\x1d\x1c\x13\x85\x85\xa4\x2e\xc9\x22\x29\xd0\x9b\x98\x44\x13\xf5\xfd\x56\xf2\xf8\x39\x20\x93\xa4\xe2\x43\x3d\x57\xf5\xd4\xf8\x6e\x75\xaf\x25\x95\x3c\xb7\x90\xe9\xf0\xbd\x48\x71\x46\xde\x05\xcb\xca\x5a\x8f\xc9\xfe\x98\x44\x81\x41\x87\xa9\x11\xd6\xc9\xbc\xf0\x5e\xf3\x72\xeb\x89\x3a\xd6\xb7\x55\x5b\x5a\x02\xe5\x4c\xbe\x9a\x72\xab\xe4\x4b\xa7\x85\x7b\x56\x5f\xdc\xd0\xc2\xe7\xe2\xfb\xb9\x7b\xbc\xb3\x4e\x28\xf8\xf8\x03\x91\x24\xe8\x05\xd3\x2a\xfb\x91\x6d\x6a\x9f\xe2\x48\x09\x6d\x1a\xbb\xbc\x59\xb0\xac\x5e\xeb\x0a\x58\xbe\xdd\x5f\x04\x91\xd6\xdf\xab\xae\x1c\x1d\x30\x45\xd1\xed\xdc\x1f\xdb\x7c\xde\x67\x61\xab\x8f\xd1\xe6\xc9\x37\xf5\xad\xe0\x71\xc3\x5b\x8b\xb2\xb9\xd0\xc0\x9a\x22\x85\x8d\x8a\x1d\xc6\x6a\xc2\x5a\x71\x8f\x92\x18\x14\x3c\x88\xc6\x7a\x30\x95\x6c\x68\x25\x9e\x6b\x61\xd3\x6d\xdf\x24\x2e\x03\xf0\x81\xb2\x9b\xb3\xee\x58\xb2\xa9\x36\x6f\x65\x97\x99\x5d\xe3\xc0\x10\xd4\x90\xe6\x57\x9d\xa8\xee\x9c\xa2\x86\x16\x99\x42\xce\x94\xb0\xa4\x81\x6e\x2b\x42\xcb\x18\xf9\x96\xec\xcc\xa3\xaf\xdf\xd1\xfd\x80\xe7\xd5\xf0\xfc\xc2\xe3\xe3\xf7\x56\x00\x05\x9f\x1a\x19\x2d\x01\x86\x98\x2e\xdb\xdd\xe3\xb7\xe6\x18\xc8\xd0\xdb\x6a\xaf\x56\x90\x77\x74\x60\x11\x79\xcf\xed\xcf\xed\xaf\x84\x41\xee\x9c\x1c\x62\xc5\x2e\x4f\xc1\xf7\x70\x02\x93\x74\x9e\x11\x39\xc2\x77\x2e\x02\x7d\x3d\x51\xf0\xeb\x3f\x77\xd8\x10\x56\xa1\xfa\x17\x0f\x05\x19\x23\x0e\x73\xd1\x56\xe2\xc6\x63\xae\xe9\xf2\xba\x42\x79\xac\x6f\x67\x95\x0d\x51\xd6\x0c\xd3\xfd\xf7\x57\x9f\xb6\xc9\xc8\xed\x15\xa5\x69\x0b\x14\x1b\x51\x18\xf9\xd3\x5f\xea\x8b\xfb\xfe\xfd\x54\x56\xf0\xcb\x48\x99\x2d\xcb\x75\x81\xbb\xa0\xac\xe0\xe3\x34\x40\x8b\x51\x3f\x3b\xfc\x26\xc3\xaa\x42\xa6\x82\x26\xd4\xf8\xce\x5c\x57\xf0\xef\x39\x91\xfb\x18\x1f\x92\x90\x21\xee\xbe\xa3\xa4\xae\xfb\x1b\x4b\xe7\xf1\x1f\xb8\xfd\xd7\xf5\x35\xdc\xa4\xf8\x17\x5c\x5f\xdf\x5d\x3d\x3f\x63\xb0\x2f\x2f\x7f\x07\x00\x00\xff\xff\x1d\xcf\x90\x40\x8a\x0f\x00\x00"),
 		},
 		"/news": &vfsgen۰DirInfo{
 			name:    "news",
@@ -102,6 +116,12 @@ var Templates = func() http.FileSystem {
 		fs["/news"].(os.FileInfo),
 		fs["/testing"].(os.FileInfo),
 	}
+	fs["/admin"].(*vfsgen۰DirInfo).entries = []os.FileInfo{
+		fs["/admin/dashboard.tmpl"].(os.FileInfo),
+	}
+	fs["/auth"].(*vfsgen۰DirInfo).entries = []os.FileInfo{
+		fs["/auth/fallback_sign_in.tmpl"].(os.FileInfo),
+	}
 	fs["/landing"].(*vfsgen۰DirInfo).entries = []os.FileInfo{
 		fs["/landing/about.tmpl"].(os.FileInfo),
 		fs["/landing/index.tmpl"].(os.FileInfo),