Merge branch 'master' into absolute_fluoride

2021-05-30 09:13:47 +00:00 · 2021-05-30 09:13:47 +00:00 · 4ab53547a8
commit 4ab53547a8
parent 9f34b60749 44d4b0d379
26 changed files with 685 additions and 477 deletions
--- a/21
+++ b/21
@ -26,18 +26,19 @@ bloat.def.conf:
 		< bloat.conf > bloat.def.conf

 install: bloat
-	mkdir -p $(BINPATH) $(SHAREPATH)/templates $(SHAREPATH)/static
-	cp bloat $(BINPATH)/bloat
-	chmod 0755 $(BINPATH)/bloat
-	cp -r templates/* $(SHAREPATH)/templates
-	chmod 0644 $(SHAREPATH)/templates/*
-	cp -r static/* $(SHAREPATH)/static
-	chmod 0644 $(SHAREPATH)/static/*
+	mkdir -p $(DESTDIR)$(BINPATH) \
+		$(DESTDIR)$(SHAREPATH)/templates \
+		$(DESTDIR)$(SHAREPATH)/static
+	cp bloat $(DESTDIR)$(BINPATH)/bloat
+	chmod 0755 $(DESTDIR)$(BINPATH)/bloat
+	cp -r templates/* $(DESTDIR)$(SHAREPATH)/templates
+	chmod 0644 $(DESTDIR)$(SHAREPATH)/templates/*
+	cp -r static/* $(DESTDIR)$(SHAREPATH)/static
+	chmod 0644 $(DESTDIR)$(SHAREPATH)/static/*

 uninstall:
-	rm -f $(BINPATH)/bloat
-	rm -fr $(SHAREPATH)/templates
-	rm -fr $(SHAREPATH)/static
+	rm -f $(DESTDIR)$(BINPATH)/bloat
+	rm -fr $(DESTDIR)$(SHAREPATH)

 clean: 
 	rm -f bloat
--- a/main.go
+++ b/main.go
@ -4,12 +4,10 @@ import (
 	"errors"
 	"fmt"
 	"log"
-	"net"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
-	"time"

 	"bloat/config"
 	"bloat/renderer"
@ -27,20 +25,6 @@ func errExit(err error) {
 	os.Exit(1)
 }

-func setupHttp() {
-	tr := http.DefaultTransport.(*http.Transport)
-	tr.MaxIdleConnsPerHost = 30
-	tr.MaxIdleConns = 300
-	tr.ForceAttemptHTTP2 = false
-	tr.DialContext = (&net.Dialer{
-		Timeout:   30 * time.Second,
-		KeepAlive: 3 * time.Minute,
-		DualStack: true,
-	}).DialContext
-	client := http.DefaultClient
-	client.Transport = tr
-}
-
 func main() {
 	opts, _, err := util.Getopts(os.Args, "f:")
 	if err != nil {
@ -108,11 +92,9 @@ func main() {
 		logger = log.New(lf, "", log.LstdFlags)
 	}

-	setupHttp()
-
 	s := service.NewService(config.ClientName, config.ClientScope,
-		config.ClientWebsite, customCSS, config.PostFormats, renderer,
-		sessionRepo, appRepo, config.SingleInstance)
+		config.ClientWebsite, customCSS, config.SingleInstance,
+		config.PostFormats, renderer, sessionRepo, appRepo)
 	handler := service.NewHandler(s, logger, config.StaticDirectory)

 	logger.Println("listening on", config.ListenAddress)
--- a/mastodon/filter.go
+++ b/mastodon/filter.go
@ -0,0 +1,50 @@
+package mastodon
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+)
+
+type Filter struct {
+	ID           string     `json:"id"`
+	Phrase       string     `json:"phrase"`
+	Context      []string   `json:"context"`
+	WholeWord    bool       `json:"whole_word"`
+	ExpiresAt    *time.Time `json:"expires_at"`
+	Irreversible bool       `json:"irreversible"`
+}
+
+func (c *Client) GetFilters(ctx context.Context) ([]*Filter, error) {
+	var filters []*Filter
+	err := c.doAPI(ctx, http.MethodGet, "/api/v1/filters", nil, &filters, nil)
+	if err != nil {
+		return nil, err
+	}
+	return filters, nil
+}
+
+func (c *Client) AddFilter(ctx context.Context, phrase string, context []string, irreversible bool, wholeWord bool, expiresIn *time.Time) error {
+	params := url.Values{}
+	params.Set("phrase", phrase)
+	for i := range context {
+		params.Add("context[]", context[i])
+	}
+	params.Set("irreversible", strconv.FormatBool(irreversible))
+	params.Set("whole_word", strconv.FormatBool(wholeWord))
+	if expiresIn != nil {
+		params.Set("expires_in", expiresIn.Format(time.RFC3339))
+	}
+	err := c.doAPI(ctx, http.MethodPost, "/api/v1/filters", params, nil, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *Client) RemoveFilter(ctx context.Context, id string) error {
+	return c.doAPI(ctx, http.MethodDelete, fmt.Sprintf("/api/v1/filters/%s", id), nil, nil, nil)
+}
--- a/model/settings.go
+++ b/model/settings.go
@ -11,6 +11,7 @@ type Settings struct {
 	FluorideMode         bool   `json:"fluoride_mode"`
 	DarkMode             bool   `json:"dark_mode"`
 	AntiDopamineMode     bool   `json:"anti_dopamine_mode"`
+	CSS                  string `json:"css"`
 }

 func NewSettings() *Settings {
@ -25,5 +26,6 @@ func NewSettings() *Settings {
 		FluorideMode:         false,
 		DarkMode:             false,
 		AntiDopamineMode:     false,
+		CSS:                  "",
 	}
 }
--- a/renderer/model.go
+++ b/renderer/model.go
@ -14,15 +14,10 @@ type Context struct {
 	CSRFToken        string
 	UserID           string
 	AntiDopamineMode bool
+	UserCSS          string
 	Referrer         string
 }

-type NavData struct {
-	CommonData  *CommonData
-	User        *mastodon.Account
-	PostContext model.PostContext
-}
-
 type CommonData struct {
 	Title           string
 	CustomCSS       string
@ -32,9 +27,17 @@ type CommonData struct {
 	Target          string
 }

+type NavData struct {
+	CommonData  *CommonData
+	User        *mastodon.Account
+	PostContext model.PostContext
+}
+
 type ErrorData struct {
 	*CommonData
-	Error string
+	Err        string
+	Retry      bool
+	SessionErr bool
 }

 type HomePageData struct {
@ -132,3 +135,8 @@ type SettingsData struct {
 	Settings    *model.Settings
 	PostFormats []model.PostFormat
 }
+
+type FiltersData struct {
+	*CommonData
+	Filters []*mastodon.Filter
+}
--- a/renderer/renderer.go
+++ b/renderer/renderer.go
@ -30,6 +30,7 @@ const (
 	RetweetedByPage  = "retweetedby.tmpl"
 	SearchPage       = "search.tmpl"
 	SettingsPage     = "settings.tmpl"
+	FiltersPage      = "filters.tmpl"
 )

 type TemplateData struct {
--- a/service/service.go
+++ b/service/service.go
@ -1,10 +1,8 @@
 package service

 import (
-	"context"
 	"errors"
 	"fmt"
-	"html/template"
 	"mime/multipart"
 	"net/url"
 	"strings"
@ -16,146 +14,152 @@ import (
 )

 var (
-	ctx                = context.Background()
-	errInvalidArgument = errors.New("invalid argument")
+	errInvalidArgument  = errors.New("invalid argument")
+	errInvalidSession   = errors.New("invalid session")
+	errInvalidCSRFToken = errors.New("invalid csrf token")
 )

 type service struct {
-	clientName     string
-	clientScope    string
-	clientWebsite  string
-	customCSS      string
-	postFormats    []model.PostFormat
-	renderer       renderer.Renderer
-	sessionRepo    model.SessionRepo
-	appRepo        model.AppRepo
-	singleInstance string
+	cname       string
+	cscope      string
+	cwebsite    string
+	css         string
+	instance    string
+	postFormats []model.PostFormat
+	renderer    renderer.Renderer
+	sessionRepo model.SessionRepo
+	appRepo     model.AppRepo
 }

-func NewService(clientName string,
-	clientScope string,
-	clientWebsite string,
-	customCSS string,
-	postFormats []model.PostFormat,
-	renderer renderer.Renderer,
-	sessionRepo model.SessionRepo,
-	appRepo model.AppRepo,
-	singleInstance string,
-) *service {
+func NewService(cname string, cscope string, cwebsite string,
+	css string, instance string, postFormats []model.PostFormat,
+	renderer renderer.Renderer, sessionRepo model.SessionRepo,
+	appRepo model.AppRepo) *service {
 	return &service{
-		clientName:     clientName,
-		clientScope:    clientScope,
-		clientWebsite:  clientWebsite,
-		customCSS:      customCSS,
-		postFormats:    postFormats,
-		renderer:       renderer,
-		sessionRepo:    sessionRepo,
-		appRepo:        appRepo,
-		singleInstance: singleInstance,
+		cname:       cname,
+		cscope:      cscope,
+		cwebsite:    cwebsite,
+		css:         css,
+		instance:    instance,
+		postFormats: postFormats,
+		renderer:    renderer,
+		sessionRepo: sessionRepo,
+		appRepo:     appRepo,
 	}
 }

-func getRendererContext(c *client) *renderer.Context {
-	var settings model.Settings
-	var session model.Session
-	var referrer string
-	if c != nil {
-		settings = c.Session.Settings
-		session = c.Session
-		referrer = c.url()
-	} else {
-		settings = *model.NewSettings()
-	}
-	return &renderer.Context{
-		HideAttachments:  settings.HideAttachments,
-		MaskNSFW:         settings.MaskNSFW,
-		ThreadInNewTab:   settings.ThreadInNewTab,
-		FluorideMode:     settings.FluorideMode,
-		DarkMode:         settings.DarkMode,
-		CSRFToken:        session.CSRFToken,
-		UserID:           session.UserID,
-		AntiDopamineMode: settings.AntiDopamineMode,
-		Referrer:         referrer,
-	}
-}
-
-func addToReplyMap(m map[string][]mastodon.ReplyInfo, key interface{},
-	val string, number int) {
-	if key == nil {
+func (s *service) authenticate(c *client, sid string, csrf string, ref string, t int) (err error) {
+	var sett *model.Settings
+	defer func() {
+		if sett == nil {
+			sett = model.NewSettings()
+		}
+		c.rctx = &renderer.Context{
+			HideAttachments:  sett.HideAttachments,
+			MaskNSFW:         sett.MaskNSFW,
+			ThreadInNewTab:   sett.ThreadInNewTab,
+			FluorideMode:     sett.FluorideMode,
+			DarkMode:         sett.DarkMode,
+			CSRFToken:        c.s.CSRFToken,
+			UserID:           c.s.UserID,
+			AntiDopamineMode: sett.AntiDopamineMode,
+			UserCSS:          sett.CSS,
+			Referrer:         ref,
+		}
+	}()
+	if t < SESSION {
 		return
 	}
-	keyStr, ok := key.(string)
-	if !ok {
-		return
+	if len(sid) < 1 {
+		return errInvalidSession
 	}
-	_, ok = m[keyStr]
-	if !ok {
-		m[keyStr] = []mastodon.ReplyInfo{}
+	c.s, err = s.sessionRepo.Get(sid)
+	if err != nil {
+		return errInvalidSession
 	}
-	m[keyStr] = append(m[keyStr], mastodon.ReplyInfo{val, number})
-}
-
-func (s *service) getCommonData(c *client, title string) (data *renderer.CommonData) {
-	data = &renderer.CommonData{
-		Title:     title + " - " + s.clientName,
-		CustomCSS: s.customCSS,
+	sett = &c.s.Settings
+	app, err := s.appRepo.Get(c.s.InstanceDomain)
+	if err != nil {
+		return err
 	}
-	if c != nil && c.Session.IsLoggedIn() {
-		data.CSRFToken = c.Session.CSRFToken
+	c.Client = mastodon.NewClient(&mastodon.Config{
+		Server:       app.InstanceURL,
+		ClientID:     app.ClientID,
+		ClientSecret: app.ClientSecret,
+		AccessToken:  c.s.AccessToken,
+	})
+	if t >= CSRF && (len(csrf) < 1 || csrf != c.s.CSRFToken) {
+		return errInvalidCSRFToken
 	}
 	return
 }

-func (s *service) ErrorPage(c *client, err error) {
+func (s *service) cdata(c *client, title string, count int, rinterval int,
+	target string) (data *renderer.CommonData) {
+	data = &renderer.CommonData{
+		Title:           title + " - " + s.cname,
+		CustomCSS:       s.css,
+		Count:           count,
+		RefreshInterval: rinterval,
+		Target:          target,
+	}
+	if c != nil && c.s.IsLoggedIn() {
+		data.CSRFToken = c.s.CSRFToken
+	}
+	return
+}
+
+func (s *service) ErrorPage(c *client, err error, retry bool) error {
 	var errStr string
+	var sessionErr bool
 	if err != nil {
 		errStr = err.Error()
+		if err == errInvalidSession || err == errInvalidCSRFToken {
+			sessionErr = true
+		}
 	}
-	commonData := s.getCommonData(nil, "error")
+	cdata := s.cdata(nil, "error", 0, 0, "")
 	data := &renderer.ErrorData{
-		CommonData: commonData,
-		Error:      errStr,
+		CommonData: cdata,
+		Err:        errStr,
+		Retry:      retry,
+		SessionErr: sessionErr,
 	}
-	rCtx := getRendererContext(c)
-	s.renderer.Render(rCtx, c, renderer.ErrorPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.ErrorPage, data)
 }

 func (s *service) SigninPage(c *client) (err error) {
-	commonData := s.getCommonData(nil, "signin")
+	cdata := s.cdata(nil, "signin", 0, 0, "")
 	data := &renderer.SigninData{
-		CommonData: commonData,
+		CommonData: cdata,
 	}
-	rCtx := getRendererContext(nil)
-	return s.renderer.Render(rCtx, c, renderer.SigninPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.SigninPage, data)
 }

 func (s *service) RootPage(c *client) (err error) {
 	data := &renderer.RootData{
-		Title: s.clientName,
+		Title: s.cname,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.RootPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.RootPage, data)
 }

 func (s *service) NavPage(c *client) (err error) {
-	u, err := c.GetAccountCurrentUser(ctx)
+	u, err := c.GetAccountCurrentUser(c.ctx)
 	if err != nil {
 		return
 	}
-	postContext := model.PostContext{
-		DefaultVisibility: c.Session.Settings.DefaultVisibility,
-		DefaultFormat:     c.Session.Settings.DefaultFormat,
+	pctx := model.PostContext{
+		DefaultVisibility: c.s.Settings.DefaultVisibility,
+		DefaultFormat:     c.s.Settings.DefaultFormat,
 		Formats:           s.postFormats,
 	}
-	commonData := s.getCommonData(c, "nav")
-	commonData.Target = "main"
+	cdata := s.cdata(c, "nav", 0, 0, "main")
 	data := &renderer.NavData{
 		User:        u,
-		CommonData:  commonData,
-		PostContext: postContext,
+		CommonData:  cdata,
+		PostContext: pctx,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.NavPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.NavPage, data)
 }

 func (s *service) TimelinePage(c *client, tType string, instance string,
@ -173,21 +177,21 @@ func (s *service) TimelinePage(c *client, tType string, instance string,
 	default:
 		return errInvalidArgument
 	case "home":
-		statuses, err = c.GetTimelineHome(ctx, &pg)
+		statuses, err = c.GetTimelineHome(c.ctx, &pg)
 		title = "Timeline"
 	case "direct":
-		statuses, err = c.GetTimelineDirect(ctx, &pg)
+		statuses, err = c.GetTimelineDirect(c.ctx, &pg)
 		title = "Direct Timeline"
 	case "local":
-		statuses, err = c.GetTimelinePublic(ctx, true, "", &pg)
+		statuses, err = c.GetTimelinePublic(c.ctx, true, "", &pg)
 		title = "Local Timeline"
 	case "remote":
 		if len(instance) > 0 {
-			statuses, err = c.GetTimelinePublic(ctx, false, instance, &pg)
+			statuses, err = c.GetTimelinePublic(c.ctx, false, instance, &pg)
 		}
 		title = "Remote Timeline"
 	case "twkn":
-		statuses, err = c.GetTimelinePublic(ctx, false, "", &pg)
+		statuses, err = c.GetTimelinePublic(c.ctx, false, "", &pg)
 		title = "The Whole Known Network"
 	}
 	if err != nil {
@ -218,7 +222,7 @@ func (s *service) TimelinePage(c *client, tType string, instance string,
 		nextLink = "/timeline/" + tType + "?" + v.Encode()
 	}

-	commonData := s.getCommonData(c, tType+" timeline ")
+	cdata := s.cdata(c, tType+" timeline ", 0, 0, "")
 	data := &renderer.TimelineData{
 		Title:      title,
 		Type:       tType,
@ -226,17 +230,31 @@ func (s *service) TimelinePage(c *client, tType string, instance string,
 		Statuses:   statuses,
 		NextLink:   nextLink,
 		PrevLink:   prevLink,
-		CommonData: commonData,
+		CommonData: cdata,
 	}
+	return s.renderer.Render(c.rctx, c.w, renderer.TimelinePage, data)
+}

-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.TimelinePage, data)
+func addToReplyMap(m map[string][]mastodon.ReplyInfo, key interface{},
+	val string, number int) {
+	if key == nil {
+		return
+	}
+	keyStr, ok := key.(string)
+	if !ok {
+		return
+	}
+	_, ok = m[keyStr]
+	if !ok {
+		m[keyStr] = []mastodon.ReplyInfo{}
+	}
+	m[keyStr] = append(m[keyStr], mastodon.ReplyInfo{val, number})
 }

 func (s *service) ThreadPage(c *client, id string, reply bool) (err error) {
-	var postContext model.PostContext
+	var pctx model.PostContext

-	status, err := c.GetStatus(ctx, id)
+	status, err := c.GetStatus(c.ctx, id)
 	if err != nil {
 		return
 	}
@ -244,26 +262,26 @@ func (s *service) ThreadPage(c *client, id string, reply bool) (err error) {
 	if reply {
 		var content string
 		var visibility string
-		if c.Session.UserID != status.Account.ID {
+		if c.s.UserID != status.Account.ID {
 			content += "@" + status.Account.Acct + " "
 		}
 		for i := range status.Mentions {
-			if status.Mentions[i].ID != c.Session.UserID &&
+			if status.Mentions[i].ID != c.s.UserID &&
 				status.Mentions[i].ID != status.Account.ID {
 				content += "@" + status.Mentions[i].Acct + " "
 			}
 		}

 		isDirect := status.Visibility == "direct"
-		if isDirect || c.Session.Settings.CopyScope {
+		if isDirect || c.s.Settings.CopyScope {
 			visibility = status.Visibility
 		} else {
-			visibility = c.Session.Settings.DefaultVisibility
+			visibility = c.s.Settings.DefaultVisibility
 		}

-		postContext = model.PostContext{
+		pctx = model.PostContext{
 			DefaultVisibility: visibility,
-			DefaultFormat:     c.Session.Settings.DefaultFormat,
+			DefaultFormat:     c.s.Settings.DefaultFormat,
 			Formats:           s.postFormats,
 			ReplyContext: &model.ReplyContext{
 				InReplyToID:     id,
@ -274,7 +292,7 @@ func (s *service) ThreadPage(c *client, id string, reply bool) (err error) {
 		}
 	}

-	context, err := c.GetStatusContext(ctx, id)
+	context, err := c.GetStatusContext(c.ctx, id)
 	if err != nil {
 		return
 	}
@ -293,16 +311,14 @@ func (s *service) ThreadPage(c *client, id string, reply bool) (err error) {
 		addToReplyMap(replies, statuses[i].InReplyToID, statuses[i].ID, i+1)
 	}

-	commonData := s.getCommonData(c, "post by "+status.Account.DisplayName)
+	cdata := s.cdata(c, "post by "+status.Account.DisplayName, 0, 0, "")
 	data := &renderer.ThreadData{
 		Statuses:    statuses,
-		PostContext: postContext,
+		PostContext: pctx,
 		ReplyMap:    replies,
-		CommonData:  commonData,
+		CommonData:  cdata,
 	}
-
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.ThreadPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.ThreadPage, data)
 }

 func (svc *service) StatusPopup(c *client, id string) (err error) {
@ -315,31 +331,29 @@ func (svc *service) StatusPopup(c *client, id string) (err error) {
 }

 func (s *service) LikedByPage(c *client, id string) (err error) {
-	likers, err := c.GetFavouritedBy(ctx, id, nil)
+	likers, err := c.GetFavouritedBy(c.ctx, id, nil)
 	if err != nil {
 		return
 	}
-	commonData := s.getCommonData(c, "likes")
+	cdata := s.cdata(c, "likes", 0, 0, "")
 	data := &renderer.LikedByData{
-		CommonData: commonData,
+		CommonData: cdata,
 		Users:      likers,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.LikedByPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.LikedByPage, data)
 }

 func (s *service) RetweetedByPage(c *client, id string) (err error) {
-	retweeters, err := c.GetRebloggedBy(ctx, id, nil)
+	retweeters, err := c.GetRebloggedBy(c.ctx, id, nil)
 	if err != nil {
 		return
 	}
-	commonData := s.getCommonData(c, "retweets")
+	cdata := s.cdata(c, "retweets", 0, 0, "")
 	data := &renderer.RetweetedByData{
-		CommonData: commonData,
+		CommonData: cdata,
 		Users:      retweeters,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.RetweetedByPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.RetweetedByPage, data)
 }

 func (s *service) NotificationPage(c *client, maxID string,
@ -355,11 +369,11 @@ func (s *service) NotificationPage(c *client, maxID string,
 		Limit: 20,
 	}

-	if c.Session.Settings.AntiDopamineMode {
+	if c.s.Settings.AntiDopamineMode {
 		excludes = []string{"follow", "favourite", "reblog"}
 	}

-	notifications, err := c.GetNotifications(ctx, &pg, excludes)
+	notifications, err := c.GetNotifications(c.ctx, &pg, excludes)
 	if err != nil {
 		return
 	}
@ -377,19 +391,16 @@ func (s *service) NotificationPage(c *client, maxID string,
 		nextLink = "/notifications?max_id=" + pg.MaxID
 	}

-	commonData := s.getCommonData(c, "notifications")
-	commonData.RefreshInterval = c.Session.Settings.NotificationInterval
-	commonData.Target = "main"
-	commonData.Count = unreadCount
+	cdata := s.cdata(c, "notifications", unreadCount,
+		c.s.Settings.NotificationInterval, "main")
 	data := &renderer.NotificationData{
 		Notifications: notifications,
 		UnreadCount:   unreadCount,
 		ReadID:        readID,
 		NextLink:      nextLink,
-		CommonData:    commonData,
+		CommonData:    cdata,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.NotificationPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.NotificationPage, data)
 }

 func (s *service) UserPage(c *client, id string, pageType string,
@ -404,15 +415,15 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		Limit: 20,
 	}

-	user, err := c.GetAccount(ctx, id)
+	user, err := c.GetAccount(c.ctx, id)
 	if err != nil {
 		return
 	}
-	isCurrent := c.Session.UserID == user.ID
+	isCurrent := c.s.UserID == user.ID

 	switch pageType {
 	case "":
-		statuses, err = c.GetAccountStatuses(ctx, id, false, &pg)
+		statuses, err = c.GetAccountStatuses(c.ctx, id, false, &pg)
 		if err != nil {
 			return
 		}
@ -421,7 +432,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 				pg.MaxID)
 		}
 	case "following":
-		users, err = c.GetAccountFollowing(ctx, id, &pg)
+		users, err = c.GetAccountFollowing(c.ctx, id, &pg)
 		if err != nil {
 			return
 		}
@ -430,7 +441,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 				id, pg.MaxID)
 		}
 	case "followers":
-		users, err = c.GetAccountFollowers(ctx, id, &pg)
+		users, err = c.GetAccountFollowers(c.ctx, id, &pg)
 		if err != nil {
 			return
 		}
@ -439,7 +450,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 				id, pg.MaxID)
 		}
 	case "media":
-		statuses, err = c.GetAccountStatuses(ctx, id, true, &pg)
+		statuses, err = c.GetAccountStatuses(c.ctx, id, true, &pg)
 		if err != nil {
 			return
 		}
@ -451,7 +462,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		if !isCurrent {
 			return errInvalidArgument
 		}
-		statuses, err = c.GetBookmarks(ctx, &pg)
+		statuses, err = c.GetBookmarks(c.ctx, &pg)
 		if err != nil {
 			return
 		}
@ -463,7 +474,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		if !isCurrent {
 			return errInvalidArgument
 		}
-		users, err = c.GetMutes(ctx, &pg)
+		users, err = c.GetMutes(c.ctx, &pg)
 		if err != nil {
 			return
 		}
@ -475,7 +486,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		if !isCurrent {
 			return errInvalidArgument
 		}
-		users, err = c.GetBlocks(ctx, &pg)
+		users, err = c.GetBlocks(c.ctx, &pg)
 		if err != nil {
 			return
 		}
@ -487,7 +498,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		if !isCurrent {
 			return errInvalidArgument
 		}
-		statuses, err = c.GetFavourites(ctx, &pg)
+		statuses, err = c.GetFavourites(c.ctx, &pg)
 		if err != nil {
 			return
 		}
@ -499,7 +510,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		if !isCurrent {
 			return errInvalidArgument
 		}
-		users, err = c.GetFollowRequests(ctx, &pg)
+		users, err = c.GetFollowRequests(c.ctx, &pg)
 		if err != nil {
 			return
 		}
@ -517,7 +528,7 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		}
 	}

-	commonData := s.getCommonData(c, user.DisplayName)
+	cdata := s.cdata(c, user.DisplayName+" @"+user.Acct, 0, 0, "")
 	data := &renderer.UserData{
 		User:       user,
 		IsCurrent:  isCurrent,
@ -525,10 +536,9 @@ func (s *service) UserPage(c *client, id string, pageType string,
 		Users:      users,
 		Statuses:   statuses,
 		NextLink:   nextLink,
-		CommonData: commonData,
+		CommonData: cdata,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.UserPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.UserPage, data)
 }

 func (s *service) UserSearchPage(c *client,
@ -537,14 +547,14 @@ func (s *service) UserSearchPage(c *client,
 	var nextLink string
 	var title = "search"

-	user, err := c.GetAccount(ctx, id)
+	user, err := c.GetAccount(c.ctx, id)
 	if err != nil {
 		return
 	}

 	var results *mastodon.Results
 	if len(q) > 0 {
-		results, err = c.Search(ctx, q, "statuses", 20, true, offset, id)
+		results, err = c.Search(c.ctx, q, "statuses", 20, true, offset, id)
 		if err != nil {
 			return err
 		}
@ -558,44 +568,40 @@ func (s *service) UserSearchPage(c *client,
 			url.QueryEscape(q), offset)
 	}

-	qq := template.HTMLEscapeString(q)
 	if len(q) > 0 {
-		title += " \"" + qq + "\""
+		title += " \"" + q + "\""
 	}

-	commonData := s.getCommonData(c, title)
+	cdata := s.cdata(c, title, 0, 0, "")
 	data := &renderer.UserSearchData{
-		CommonData: commonData,
+		CommonData: cdata,
 		User:       user,
-		Q:          qq,
+		Q:          q,
 		Statuses:   results.Statuses,
 		NextLink:   nextLink,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.UserSearchPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.UserSearchPage, data)
 }

 func (s *service) AboutPage(c *client) (err error) {
-	commonData := s.getCommonData(c, "about")
+	cdata := s.cdata(c, "about", 0, 0, "")
 	data := &renderer.AboutData{
-		CommonData: commonData,
+		CommonData: cdata,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.AboutPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.AboutPage, data)
 }

 func (s *service) EmojiPage(c *client) (err error) {
-	emojis, err := c.GetInstanceEmojis(ctx)
+	emojis, err := c.GetInstanceEmojis(c.ctx)
 	if err != nil {
 		return
 	}
-	commonData := s.getCommonData(c, "emojis")
+	cdata := s.cdata(c, "emojis", 0, 0, "")
 	data := &renderer.EmojiData{
 		Emojis:     emojis,
-		CommonData: commonData,
+		CommonData: cdata,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.EmojiPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.EmojiPage, data)
 }

 func (s *service) SearchPage(c *client,
@ -606,7 +612,7 @@ func (s *service) SearchPage(c *client,

 	var results *mastodon.Results
 	if len(q) > 0 {
-		results, err = c.Search(ctx, q, qType, 20, true, offset, "")
+		results, err = c.Search(c.ctx, q, qType, 20, true, offset, "")
 		if err != nil {
 			return err
 		}
@ -621,44 +627,54 @@ func (s *service) SearchPage(c *client,
 			url.QueryEscape(q), qType, offset)
 	}

-	qq := template.HTMLEscapeString(q)
 	if len(q) > 0 {
-		title += " \"" + qq + "\""
+		title += " \"" + q + "\""
 	}

-	commonData := s.getCommonData(c, title)
+	cdata := s.cdata(c, title, 0, 0, "")
 	data := &renderer.SearchData{
-		CommonData: commonData,
-		Q:          qq,
+		CommonData: cdata,
+		Q:          q,
 		Type:       qType,
 		Users:      results.Accounts,
 		Statuses:   results.Statuses,
 		NextLink:   nextLink,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.SearchPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.SearchPage, data)
 }

 func (s *service) SettingsPage(c *client) (err error) {
-	commonData := s.getCommonData(c, "settings")
+	cdata := s.cdata(c, "settings", 0, 0, "")
 	data := &renderer.SettingsData{
-		CommonData:  commonData,
-		Settings:    &c.Session.Settings,
+		CommonData:  cdata,
+		Settings:    &c.s.Settings,
 		PostFormats: s.postFormats,
 	}
-	rCtx := getRendererContext(c)
-	return s.renderer.Render(rCtx, c, renderer.SettingsPage, data)
+	return s.renderer.Render(c.rctx, c.w, renderer.SettingsPage, data)
+}
+
+func (svc *service) FiltersPage(c *client) (err error) {
+	filters, err := c.GetFilters(c.ctx)
+	if err != nil {
+		return
+	}
+	cdata := svc.cdata(c, "filters", 0, 0, "")
+	data := &renderer.FiltersData{
+		CommonData: cdata,
+		Filters:    filters,
+	}
+	return svc.renderer.Render(c.rctx, c.w, renderer.FiltersPage, data)
 }

 func (s *service) SingleInstance() (instance string, ok bool) {
-	if len(s.singleInstance) > 0 {
-		instance = s.singleInstance
+	if len(s.instance) > 0 {
+		instance = s.instance
 		ok = true
 	}
 	return
 }

-func (s *service) NewSession(instance string) (rurl string, sid string, err error) {
+func (s *service) NewSession(c *client, instance string) (rurl string, sid string, err error) {
 	var instanceURL string
 	if strings.HasPrefix(instance, "https://") {
 		instanceURL = instance
@ -671,18 +687,18 @@ func (s *service) NewSession(instance string) (rurl string, sid string, err erro
 	if err != nil {
 		return
 	}
-	csrfToken, err := util.NewCSRFToken()
+	csrf, err := util.NewCSRFToken()
 	if err != nil {
 		return
 	}

-	session := model.Session{
+	sess := model.Session{
 		ID:             sid,
 		InstanceDomain: instance,
-		CSRFToken:      csrfToken,
+		CSRFToken:      csrf,
 		Settings:       *model.NewSettings(),
 	}
-	err = s.sessionRepo.Add(session)
+	err = s.sessionRepo.Add(sess)
 	if err != nil {
 		return
 	}
@ -692,12 +708,12 @@ func (s *service) NewSession(instance string) (rurl string, sid string, err erro
 		if err != model.ErrAppNotFound {
 			return
 		}
-		mastoApp, err := mastodon.RegisterApp(ctx, &mastodon.AppConfig{
+		mastoApp, err := mastodon.RegisterApp(c.ctx, &mastodon.AppConfig{
 			Server:       instanceURL,
-			ClientName:   s.clientName,
-			Scopes:       s.clientScope,
-			Website:      s.clientWebsite,
-			RedirectURIs: s.clientWebsite + "/oauth_callback",
+			ClientName:   s.cname,
+			Scopes:       s.cscope,
+			Website:      s.cwebsite,
+			RedirectURIs: s.cwebsite + "/oauth_callback",
 		})
 		if err != nil {
 			return "", "", err
@ -723,36 +739,33 @@ func (s *service) NewSession(instance string) (rurl string, sid string, err erro
 	q.Set("scope", "read write follow")
 	q.Set("client_id", app.ClientID)
 	q.Set("response_type", "code")
-	q.Set("redirect_uri", s.clientWebsite+"/oauth_callback")
+	q.Set("redirect_uri", s.cwebsite+"/oauth_callback")
 	u.RawQuery = q.Encode()

 	rurl = instanceURL + u.String()
 	return
 }

-func (s *service) Signin(c *client, code string) (token string,
-	userID string, err error) {
-
+func (s *service) Signin(c *client, code string) (err error) {
 	if len(code) < 1 {
 		err = errInvalidArgument
 		return
 	}
-	err = c.AuthenticateToken(ctx, code, s.clientWebsite+"/oauth_callback")
+	err = c.AuthenticateToken(c.ctx, code, s.cwebsite+"/oauth_callback")
 	if err != nil {
 		return
 	}
-	token = c.GetAccessToken(ctx)
-
-	u, err := c.GetAccountCurrentUser(ctx)
+	u, err := c.GetAccountCurrentUser(c.ctx)
 	if err != nil {
 		return
 	}
-	userID = u.ID
-	return
+	c.s.AccessToken = c.GetAccessToken(c.ctx)
+	c.s.UserID = u.ID
+	return s.sessionRepo.Add(c.s)
 }

 func (s *service) Signout(c *client) (err error) {
-	s.sessionRepo.Remove(c.Session.ID)
+	s.sessionRepo.Remove(c.s.ID)
 	return
 }

@ -762,7 +775,7 @@ func (s *service) Post(c *client, content string, replyToID string,

 	var mediaIDs []string
 	for _, f := range files {
-		a, err := c.UploadMediaFromMultipartFileHeader(ctx, f)
+		a, err := c.UploadMediaFromMultipartFileHeader(c.ctx, f)
 		if err != nil {
 			return "", err
 		}
@ -777,7 +790,7 @@ func (s *service) Post(c *client, content string, replyToID string,
 		Visibility:  visibility,
 		Sensitive:   isNSFW,
 	}
-	st, err := c.PostStatus(ctx, tweet)
+	st, err := c.PostStatus(c.ctx, tweet)
 	if err != nil {
 		return
 	}
@ -785,7 +798,7 @@ func (s *service) Post(c *client, content string, replyToID string,
 }

 func (s *service) Like(c *client, id string) (count int64, err error) {
-	st, err := c.Favourite(ctx, id)
+	st, err := c.Favourite(c.ctx, id)
 	if err != nil {
 		return
 	}
@ -794,7 +807,7 @@ func (s *service) Like(c *client, id string) (count int64, err error) {
 }

 func (s *service) UnLike(c *client, id string) (count int64, err error) {
-	st, err := c.Unfavourite(ctx, id)
+	st, err := c.Unfavourite(c.ctx, id)
 	if err != nil {
 		return
 	}
@ -803,7 +816,7 @@ func (s *service) UnLike(c *client, id string) (count int64, err error) {
 }

 func (s *service) Retweet(c *client, id string) (count int64, err error) {
-	st, err := c.Reblog(ctx, id)
+	st, err := c.Reblog(c.ctx, id)
 	if err != nil {
 		return
 	}
@ -815,7 +828,7 @@ func (s *service) Retweet(c *client, id string) (count int64, err error) {

 func (s *service) UnRetweet(c *client, id string) (
 	count int64, err error) {
-	st, err := c.Unreblog(ctx, id)
+	st, err := c.Unreblog(c.ctx, id)
 	if err != nil {
 		return
 	}
@ -824,55 +837,55 @@ func (s *service) UnRetweet(c *client, id string) (
 }

 func (s *service) Vote(c *client, id string, choices []string) (err error) {
-	_, err = c.Vote(ctx, id, choices)
+	_, err = c.Vote(c.ctx, id, choices)
 	return
 }

 func (s *service) Follow(c *client, id string, reblogs *bool) (err error) {
-	_, err = c.AccountFollow(ctx, id, reblogs)
+	_, err = c.AccountFollow(c.ctx, id, reblogs)
 	return
 }

 func (s *service) UnFollow(c *client, id string) (err error) {
-	_, err = c.AccountUnfollow(ctx, id)
+	_, err = c.AccountUnfollow(c.ctx, id)
 	return
 }

 func (s *service) Accept(c *client, id string) (err error) {
-	return c.FollowRequestAuthorize(ctx, id)
+	return c.FollowRequestAuthorize(c.ctx, id)
 }

 func (s *service) Reject(c *client, id string) (err error) {
-	return c.FollowRequestReject(ctx, id)
+	return c.FollowRequestReject(c.ctx, id)
 }

 func (s *service) Mute(c *client, id string) (err error) {
-	_, err = c.AccountMute(ctx, id)
+	_, err = c.AccountMute(c.ctx, id)
 	return
 }

 func (s *service) UnMute(c *client, id string) (err error) {
-	_, err = c.AccountUnmute(ctx, id)
+	_, err = c.AccountUnmute(c.ctx, id)
 	return
 }

 func (s *service) Block(c *client, id string) (err error) {
-	_, err = c.AccountBlock(ctx, id)
+	_, err = c.AccountBlock(c.ctx, id)
 	return
 }

 func (s *service) UnBlock(c *client, id string) (err error) {
-	_, err = c.AccountUnblock(ctx, id)
+	_, err = c.AccountUnblock(c.ctx, id)
 	return
 }

 func (s *service) Subscribe(c *client, id string) (err error) {
-	_, err = c.Subscribe(ctx, id)
+	_, err = c.Subscribe(c.ctx, id)
 	return
 }

 func (s *service) UnSubscribe(c *client, id string) (err error) {
-	_, err = c.UnSubscribe(ctx, id)
+	_, err = c.UnSubscribe(c.ctx, id)
 	return
 }

@ -882,38 +895,50 @@ func (s *service) SaveSettings(c *client, settings *model.Settings) (err error)
 	default:
 		return errInvalidArgument
 	}
-	session, err := s.sessionRepo.Get(c.Session.ID)
+	if len(settings.CSS) > 1<<20 {
+		return errInvalidArgument
+	}
+	sess, err := s.sessionRepo.Get(c.s.ID)
 	if err != nil {
 		return
 	}
-	session.Settings = *settings
-	return s.sessionRepo.Add(session)
+	sess.Settings = *settings
+	return s.sessionRepo.Add(sess)
 }

 func (s *service) MuteConversation(c *client, id string) (err error) {
-	_, err = c.MuteConversation(ctx, id)
+	_, err = c.MuteConversation(c.ctx, id)
 	return
 }

 func (s *service) UnMuteConversation(c *client, id string) (err error) {
-	_, err = c.UnmuteConversation(ctx, id)
+	_, err = c.UnmuteConversation(c.ctx, id)
 	return
 }

 func (s *service) Delete(c *client, id string) (err error) {
-	return c.DeleteStatus(ctx, id)
+	return c.DeleteStatus(c.ctx, id)
 }

 func (s *service) ReadNotifications(c *client, maxID string) (err error) {
-	return c.ReadNotifications(ctx, maxID)
+	return c.ReadNotifications(c.ctx, maxID)
 }

 func (s *service) Bookmark(c *client, id string) (err error) {
-	_, err = c.Bookmark(ctx, id)
+	_, err = c.Bookmark(c.ctx, id)
 	return
 }

 func (s *service) UnBookmark(c *client, id string) (err error) {
-	_, err = c.Unbookmark(ctx, id)
+	_, err = c.Unbookmark(c.ctx, id)
 	return
 }
+
+func (svc *service) Filter(c *client, phrase string, wholeWord bool) (err error) {
+	fctx := []string{"home", "notifications", "public", "thread"}
+	return c.AddFilter(c.ctx, phrase, fctx, true, wholeWord, nil)
+}
+
+func (svc *service) UnFilter(c *client, id string) (err error) {
+	return c.RemoveFilter(c.ctx, id)
+}
--- a/service/transport.go
+++ b/service/transport.go
@ -1,8 +1,8 @@
 package service

 import (
+	"context"
 	"encoding/json"
-	"errors"
 	"log"
 	"net/http"
 	"strconv"
@ -10,44 +10,34 @@ import (

 	"bloat/mastodon"
 	"bloat/model"
+	"bloat/renderer"

 	"github.com/gorilla/mux"
 )

-var (
-	errInvalidSession   = errors.New("invalid session")
-	errInvalidCSRFToken = errors.New("invalid csrf token")
-)
-
 const (
 	sessionExp = 365 * 24 * time.Hour
 )

-type respType int
-
 const (
-	HTML respType = iota
+	HTML int = iota
 	JSON
 )

-type authType int
-
 const (
-	NOAUTH authType = iota
+	NOAUTH int = iota
 	SESSION
 	CSRF
 )

 type client struct {
 	*mastodon.Client
-	http.ResponseWriter
-	Req       *http.Request
-	CSRFToken string
-	Session   model.Session
-}
-
-func (c *client) url() string {
-	return c.Req.URL.RequestURI()
+	w    http.ResponseWriter
+	r    *http.Request
+	s    model.Session
+	csrf string
+	ctx  context.Context
+	rctx *renderer.Context
 }

 func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
@ -59,7 +49,7 @@ func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
 }

 func writeJson(c *client, data interface{}) error {
-	return json.NewEncoder(c).Encode(map[string]interface{}{
+	return json.NewEncoder(c.w).Encode(map[string]interface{}{
 		"data": data,
 	})
 }
@ -74,60 +64,44 @@ func serveJsonError(w http.ResponseWriter, err error) {
 }

 func redirect(c *client, url string) {
-	c.Header().Add("Location", url)
-	c.WriteHeader(http.StatusFound)
+	c.w.Header().Add("Location", url)
+	c.w.WriteHeader(http.StatusFound)
 }

 func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	r := mux.NewRouter()

-	writeError := func(c *client, err error, t respType) {
+	writeError := func(c *client, err error, t int, retry bool) {
 		switch t {
 		case HTML:
-			c.WriteHeader(http.StatusInternalServerError)
-			s.ErrorPage(c, err)
+			c.w.WriteHeader(http.StatusInternalServerError)
+			s.ErrorPage(c, err, retry)
 		case JSON:
-			c.WriteHeader(http.StatusInternalServerError)
-			json.NewEncoder(c).Encode(map[string]string{
+			c.w.WriteHeader(http.StatusInternalServerError)
+			json.NewEncoder(c.w).Encode(map[string]string{
 				"error": err.Error(),
 			})
 		}
 	}

-	authenticate := func(c *client, t authType) error {
-		if t >= SESSION {
-			cookie, err := c.Req.Cookie("session_id")
-			if err != nil || len(cookie.Value) < 1 {
-				return errInvalidSession
-			}
-			c.Session, err = s.sessionRepo.Get(cookie.Value)
-			if err != nil {
-				return errInvalidSession
-			}
-			app, err := s.appRepo.Get(c.Session.InstanceDomain)
-			if err != nil {
-				return err
-			}
-			c.Client = mastodon.NewClient(&mastodon.Config{
-				Server:       app.InstanceURL,
-				ClientID:     app.ClientID,
-				ClientSecret: app.ClientSecret,
-				AccessToken:  c.Session.AccessToken,
-			})
+	authenticate := func(c *client, t int) error {
+		var sid string
+		if cookie, _ := c.r.Cookie("session_id"); cookie != nil {
+			sid = cookie.Value
 		}
-		if t >= CSRF {
-			c.CSRFToken = c.Req.FormValue("csrf_token")
-			if len(c.CSRFToken) < 1 || c.CSRFToken != c.Session.CSRFToken {
-				return errInvalidCSRFToken
-			}
-		}
-		return nil
+		csrf := c.r.FormValue("csrf_token")
+		ref := c.r.URL.RequestURI()
+		return s.authenticate(c, sid, csrf, ref, t)
 	}

-	handle := func(f func(c *client) error, at authType, rt respType) http.HandlerFunc {
+	handle := func(f func(c *client) error, at int, rt int) http.HandlerFunc {
 		return func(w http.ResponseWriter, req *http.Request) {
 			var err error
-			c := &client{Req: req, ResponseWriter: w}
+			c := &client{
+				ctx: req.Context(),
+				w:   w,
+				r:   req,
+			}

 			defer func(begin time.Time) {
 				logger.Printf("path=%s, err=%v, took=%v\n",
@ -141,29 +115,24 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 			case JSON:
 				ct = "application/json"
 			}
-			c.Header().Add("Content-Type", ct)
+			c.w.Header().Add("Content-Type", ct)

 			err = authenticate(c, at)
 			if err != nil {
-				writeError(c, err, rt)
+				writeError(c, err, rt, req.Method == http.MethodGet)
 				return
 			}

 			err = f(c)
 			if err != nil {
-				writeError(c, err, rt)
+				writeError(c, err, rt, req.Method == http.MethodGet)
 				return
 			}
 		}
 	}

 	rootPage := handle(func(c *client) error {
-		sid, _ := c.Req.Cookie("session_id")
-		if sid == nil || len(sid.Value) < 0 {
-			redirect(c, "/signin")
-			return nil
-		}
-		session, err := s.sessionRepo.Get(sid.Value)
+		err := authenticate(c, SESSION)
 		if err != nil {
 			if err == errInvalidSession {
 				redirect(c, "/signin")
@ -171,7 +140,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 			}
 			return err
 		}
-		if len(session.AccessToken) < 1 {
+		if !c.s.IsLoggedIn() {
 			redirect(c, "/signin")
 			return nil
 		}
@ -187,18 +156,18 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if !ok {
 			return s.SigninPage(c)
 		}
-		url, sid, err := s.NewSession(instance)
+		url, sid, err := s.NewSession(c, instance)
 		if err != nil {
 			return err
 		}
-		setSessionCookie(c, sid, sessionExp)
+		setSessionCookie(c.w, sid, sessionExp)
 		redirect(c, url)
 		return nil
 	}, NOAUTH, HTML)

 	timelinePage := handle(func(c *client) error {
-		tType, _ := mux.Vars(c.Req)["type"]
-		q := c.Req.URL.Query()
+		tType, _ := mux.Vars(c.r)["type"]
+		q := c.r.URL.Query()
 		instance := q.Get("instance")
 		maxID := q.Get("max_id")
 		minID := q.Get("min_id")
@ -211,41 +180,41 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, SESSION, HTML)

 	threadPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		q := c.r.URL.Query()
 		reply := q.Get("reply")
 		return s.ThreadPage(c, id, len(reply) > 1)
 	}, SESSION, HTML)

 	likedByPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		return s.LikedByPage(c, id)
 	}, SESSION, HTML)

 	retweetedByPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		return s.RetweetedByPage(c, id)
 	}, SESSION, HTML)

 	notificationsPage := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		maxID := q.Get("max_id")
 		minID := q.Get("min_id")
 		return s.NotificationPage(c, maxID, minID)
 	}, SESSION, HTML)

 	userPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		pageType, _ := mux.Vars(c.Req)["type"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		pageType, _ := mux.Vars(c.r)["type"]
+		q := c.r.URL.Query()
 		maxID := q.Get("max_id")
 		minID := q.Get("min_id")
 		return s.UserPage(c, id, pageType, maxID, minID)
 	}, SESSION, HTML)

 	userSearchPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		q := c.r.URL.Query()
 		sq := q.Get("q")
 		offset, _ := strconv.Atoi(q.Get("offset"))
 		return s.UserSearchPage(c, id, sq, offset)
@ -260,7 +229,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, SESSION, HTML)

 	searchPage := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		sq := q.Get("q")
 		qType := q.Get("type")
 		offset, _ := strconv.Atoi(q.Get("offset"))
@ -271,50 +240,46 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		return s.SettingsPage(c)
 	}, SESSION, HTML)

+	filtersPage := handle(func(c *client) error {
+		return s.FiltersPage(c)
+	}, SESSION, HTML)
+
 	signin := handle(func(c *client) error {
-		instance := c.Req.FormValue("instance")
-		url, sid, err := s.NewSession(instance)
+		instance := c.r.FormValue("instance")
+		url, sid, err := s.NewSession(c, instance)
 		if err != nil {
 			return err
 		}
-		setSessionCookie(c, sid, sessionExp)
+		setSessionCookie(c.w, sid, sessionExp)
 		redirect(c, url)
 		return nil
 	}, NOAUTH, HTML)

 	oauthCallback := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		token := q.Get("code")
-		token, userID, err := s.Signin(c, token)
+		err := s.Signin(c, token)
 		if err != nil {
 			return err
 		}
-
-		c.Session.AccessToken = token
-		c.Session.UserID = userID
-		err = s.sessionRepo.Add(c.Session)
-		if err != nil {
-			return err
-		}
-
 		redirect(c, "/")
 		return nil
 	}, SESSION, HTML)

 	post := handle(func(c *client) error {
-		content := c.Req.FormValue("content")
-		replyToID := c.Req.FormValue("reply_to_id")
-		format := c.Req.FormValue("format")
-		visibility := c.Req.FormValue("visibility")
-		isNSFW := c.Req.FormValue("is_nsfw") == "on"
-		files := c.Req.MultipartForm.File["attachments"]
+		content := c.r.FormValue("content")
+		replyToID := c.r.FormValue("reply_to_id")
+		format := c.r.FormValue("format")
+		visibility := c.r.FormValue("visibility")
+		isNSFW := c.r.FormValue("is_nsfw") == "true"
+		files := c.r.MultipartForm.File["attachments"]

 		id, err := s.Post(c, content, replyToID, format, visibility, isNSFW, files)
 		if err != nil {
 			return err
 		}

-		location := c.Req.FormValue("referrer")
+		location := c.r.FormValue("referrer")
 		if len(replyToID) > 0 {
 			location = "/thread/" + replyToID + "#status-" + id
 		}
@ -323,8 +288,8 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, HTML)

 	like := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.Like(c, id)
 		if err != nil {
 			return err
@ -332,13 +297,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	unlike := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.UnLike(c, id)
 		if err != nil {
 			return err
@ -346,13 +311,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	retweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.Retweet(c, id)
 		if err != nil {
 			return err
@ -360,13 +325,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	unretweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.UnRetweet(c, id)
 		if err != nil {
 			return err
@ -374,25 +339,25 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	vote := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		statusID := c.Req.FormValue("status_id")
-		choices, _ := c.Req.PostForm["choices"]
+		id, _ := mux.Vars(c.r)["id"]
+		statusID := c.r.FormValue("status_id")
+		choices, _ := c.r.PostForm["choices"]
 		err := s.Vote(c, id, choices)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer")+"#status-"+statusID)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+statusID)
 		return nil
 	}, CSRF, HTML)

 	follow := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		q := c.r.URL.Query()
 		var reblogs *bool
 		if r, ok := q["reblogs"]; ok && len(r) > 0 {
 			reblogs = new(bool)
@ -402,111 +367,112 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unfollow := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnFollow(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	accept := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Accept(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	reject := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Reject(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	mute := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Mute(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unMute := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnMute(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	block := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Block(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unBlock := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnBlock(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	subscribe := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Subscribe(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unSubscribe := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnSubscribe(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	settings := handle(func(c *client) error {
-		visibility := c.Req.FormValue("visibility")
-		format := c.Req.FormValue("format")
-		copyScope := c.Req.FormValue("copy_scope") == "true"
-		threadInNewTab := c.Req.FormValue("thread_in_new_tab") == "true"
-		hideAttachments := c.Req.FormValue("hide_attachments") == "true"
-		maskNSFW := c.Req.FormValue("mask_nsfw") == "true"
-		ni, _ := strconv.Atoi(c.Req.FormValue("notification_interval"))
-		fluorideMode := c.Req.FormValue("fluoride_mode") == "true"
-		darkMode := c.Req.FormValue("dark_mode") == "true"
-		antiDopamineMode := c.Req.FormValue("anti_dopamine_mode") == "true"
+		visibility := c.r.FormValue("visibility")
+		format := c.r.FormValue("format")
+		copyScope := c.r.FormValue("copy_scope") == "true"
+		threadInNewTab := c.r.FormValue("thread_in_new_tab") == "true"
+		hideAttachments := c.r.FormValue("hide_attachments") == "true"
+		maskNSFW := c.r.FormValue("mask_nsfw") == "true"
+		ni, _ := strconv.Atoi(c.r.FormValue("notification_interval"))
+		fluorideMode := c.r.FormValue("fluoride_mode") == "true"
+		darkMode := c.r.FormValue("dark_mode") == "true"
+		antiDopamineMode := c.r.FormValue("anti_dopamine_mode") == "true"
+		css := c.r.FormValue("css")

 		settings := &model.Settings{
 			DefaultVisibility:    visibility,
@ -519,6 +485,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 			FluorideMode:         fluorideMode,
 			DarkMode:             darkMode,
 			AntiDopamineMode:     antiDopamineMode,
+			CSS:                  css,
 		}

 		err := s.SaveSettings(c, settings)
@ -530,49 +497,49 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, HTML)

 	muteConversation := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.MuteConversation(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unMuteConversation := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnMuteConversation(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	delete := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Delete(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	readNotifications := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		maxID := q.Get("max_id")
 		err := s.ReadNotifications(c, maxID)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.FormValue("referrer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	bookmark := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		err := s.Bookmark(c, id)
 		if err != nil {
 			return err
@ -580,13 +547,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	unBookmark := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		err := s.UnBookmark(c, id)
 		if err != nil {
 			return err
@ -594,19 +561,40 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+		return nil
+	}, CSRF, HTML)
+
+	filter := handle(func(c *client) error {
+		phrase := c.r.FormValue("phrase")
+		wholeWord := c.r.FormValue("whole_word") == "true"
+		err := s.Filter(c, phrase, wholeWord)
+		if err != nil {
+			return err
+		}
+		redirect(c, c.r.FormValue("referrer"))
+		return nil
+	}, CSRF, HTML)
+
+	unFilter := handle(func(c *client) error {
+		id, _ := mux.Vars(c.r)["id"]
+		err := s.UnFilter(c, id)
+		if err != nil {
+			return err
+		}
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	signout := handle(func(c *client) error {
 		s.Signout(c)
-		setSessionCookie(c, "", 0)
+		setSessionCookie(c.w, "", 0)
 		redirect(c, "/")
 		return nil
 	}, CSRF, HTML)

 	fLike := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.Like(c, id)
 		if err != nil {
 			return err
@ -615,7 +603,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, JSON)

 	fUnlike := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.UnLike(c, id)
 		if err != nil {
 			return err
@ -624,7 +612,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, JSON)

 	fRetweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.Retweet(c, id)
 		if err != nil {
 			return err
@ -633,7 +621,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, JSON)

 	fUnretweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.UnRetweet(c, id)
 		if err != nil {
 			return err
@ -662,6 +650,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	r.HandleFunc("/emojis", emojisPage).Methods(http.MethodGet)
 	r.HandleFunc("/search", searchPage).Methods(http.MethodGet)
 	r.HandleFunc("/settings", settingsPage).Methods(http.MethodGet)
+	r.HandleFunc("/filters", filtersPage).Methods(http.MethodGet)
 	r.HandleFunc("/signin", signin).Methods(http.MethodPost)
 	r.HandleFunc("/oauth_callback", oauthCallback).Methods(http.MethodGet)
 	r.HandleFunc("/post", post).Methods(http.MethodPost)
@ -687,6 +676,8 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	r.HandleFunc("/notifications/read", readNotifications).Methods(http.MethodPost)
 	r.HandleFunc("/bookmark/{id}", bookmark).Methods(http.MethodPost)
 	r.HandleFunc("/unbookmark/{id}", unBookmark).Methods(http.MethodPost)
+	r.HandleFunc("/filter", filter).Methods(http.MethodPost)
+	r.HandleFunc("/unfilter/{id}", unFilter).Methods(http.MethodPost)
 	r.HandleFunc("/signout", signout).Methods(http.MethodPost)
 	r.HandleFunc("/fluoride/like/{id}", fLike).Methods(http.MethodPost)
 	r.HandleFunc("/fluoride/unlike/{id}", fUnlike).Methods(http.MethodPost)
--- a/static/fluoride.js
+++ b/static/fluoride.js
@ -270,6 +270,64 @@ function handleStatusLink(a) {
 		a.target = "_blank";
 }

+function setPos(el, cx, cy, mw, mh) {
+	var h = el.clientHeight;
+	var w = el.clientWidth;
+	var left, top;
+	if (cx < mw/2) {
+		if (w + cx + 20 < mw) {
+			left = cx + 20; 
+		} else {
+			left = (mw - w);
+		}
+	} else {
+		if (cx - w - 20 > 0) {
+			left = cx - w - 20; 
+		} else {
+			left = 0;
+		}
+	}
+	top = (cy - (h/2));
+	if (top < 0) {
+		top = 0;
+	} else if (top + h > mh) {
+		top = (mh - h);
+	} 
+	el.style.left = left + "px";
+	el.style.top = top + "px";
+}
+
+var imgPrev = null;
+function handleImgPreview(a) {
+	a.onmouseenter = function(e) {
+		var mw = document.documentElement.clientWidth;
+		var mh = document.documentElement.clientHeight - 24;
+		var img = document.createElement("img");
+		img.id = "img-preview";
+		img.src = e.target.getAttribute("href");
+		img.style["max-width"] = mw + "px";
+		img.style["max-height"] = mh + "px";
+		img.onload = function(e2) {
+			setPos(e2.target, e.clientX, e.clientY, mw, mh);
+		}
+		document.body.appendChild(img);
+		imgPrev = img;
+	}
+	a.onmouseleave = function(e) {
+		var img = document.getElementById("img-preview");
+		if (img)
+			document.body.removeChild(img);
+		imgPrev = null;
+	}
+	a.onmousemove = function(e) {
+		if (!imgPrev)
+			return;
+		var mw = document.documentElement.clientWidth;
+		var mh = document.documentElement.clientHeight - 24;
+		setPos(imgPrev, e.clientX, e.clientY, mw, mh);
+	}
+}
+
 document.addEventListener("DOMContentLoaded", function() { 
 	checkCSRFToken();
 	checkAntiDopamineMode();
@ -303,6 +361,11 @@ document.addEventListener("DOMContentLoaded", function() {
 	for (var j = 0; j < links.length; j++) {
 		links[j].target = "_blank";
 	}
+
+	var links = document.querySelectorAll(".status-media-container .img-link");
+	for (var j = 0; j < links.length; j++) {
+		handleImgPreview(links[j]);
+	}
 });

 // @license-end
--- a/static/style.css
+++ b/static/style.css
@ -159,12 +159,20 @@ body {
 	margin-left: 4px;
 }

-.post-content {
+textarea {
 	padding: 4px;
 	font-size: 11pt;
 	font-family: initial;
-	width: 100%;
+}
+
+.post-content {
 	box-sizing: border-box;
+	width: 100%;
+}
+
+#css {
+	box-sizing: border-box;
+	max-width: 100%;
 }

 .pagination {
@ -351,9 +359,10 @@ a:hover,
 }

 .emoji-item-container {
-	min-width: 220px;
+	width: 220px;
 	display: inline-block;
 	margin: 4px 0;
+	overflow: hidden;
 }

 .emoji-item {
@ -552,6 +561,20 @@ kbd {
 	font-size: 10pt;
 }

+.filters {
+	margin: 10px 0;
+}
+
+.filters td {
+	padding: 2px 4px;
+}
+
+#img-preview {
+	pointer-events: none;
+	z-index: 2;
+	position: fixed;
+}
+
 .dark {
 	background-color: #222222;
 	background-image: none;
@ -562,7 +585,7 @@ kbd {
 	color: #81a2be;
 }

-.dark #post-content {
+.dark textarea {
 	background-color: #333333;
 	border: 1px solid #444444;
 	color: #eaeaea;
--- a/templates/about.tmpl
+++ b/templates/about.tmpl
@ -89,6 +89,10 @@
 			<td> Read notifications </td>
 			<td> <kbd>C</kbd> </td>
 		</tr>
+		<tr>
+			<td> Refresh thread page </td>
+			<td> <kbd>T</kbd> </td>
+		</tr>
 	</table>
 	<p>
 		You can activate the shortcuts by pressing the associated key with your browser's <a href="https://en.wikipedia.org/wiki/Access_key#Access_in_different_browsers" target="_blank">accesskey modifier</a>, 
--- a/templates/emoji.tmpl
+++ b/templates/emoji.tmpl
@ -7,7 +7,7 @@
 	<div class="emoji-item-container">
 		<div class="emoji-item">
 			<img class="emoji" src="{{.URL}}" alt="{{.ShortCode}}" height="32" />
-			<span class="emoji-shortcode">:{{.ShortCode}}:</span>
+			<span title=":{{.ShortCode}}:" class="emoji-shortcode">:{{.ShortCode}}:</span>
 		</div>
 	</div>
 	{{end}}
--- a/templates/error.tmpl
+++ b/templates/error.tmpl
@ -2,10 +2,15 @@
 {{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
 <div class="page-title"> Error </div>

-<div class="error-text"> {{.Error}} </div>
+<div class="error-text"> {{.Err}} </div>
 <div>
-	<a href="/timeline/home">Home</a>
-	<a href="/signin" target="_top">Sign In</a>
+	<a href="/timeline/home">home</a>
+	{{if .Retry}}
+	<a href="{{$.Ctx.Referrer}}">retry</a>
+	{{end}}
+	{{if .SessionErr}}
+	<a href="/signin" target="_top">signin</a>
+	{{end}}
 </div>

 {{template "footer.tmpl"}}
--- a/templates/filters.tmpl
+++ b/templates/filters.tmpl
@ -0,0 +1,40 @@
+{{with .Data}}
+{{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
+<div class="page-title"> Filters </div>
+
+{{if .Filters}}
+<table class="filters">
+	{{range .Filters}}
+	<tr>
+		<td> {{.Phrase}}{{if not .WholeWord}}*{{end}} </td>
+		<td> 
+			<form action="/unfilter/{{.ID}}" method="POST">
+				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+				<button type="submit"> Delete </button>
+			</form>
+		</td>
+	</tr>
+	{{end}}
+</table>
+{{else}}
+	<div class="filters"> No filters added </div>
+{{end}}
+
+<div class="page-title"> Add filter </div>
+<form action="/filter" method="POST">
+	<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+	<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+	<span class="settings-form-field">
+		<label for="phrase"> Phrase </label>
+		<input id="phrase" name="phrase" required>
+	</span>
+	<span class="settings-form-field">
+		<input id="whole-word" name="whole_word" type="checkbox" value="true" checked>
+		<label for="whole-word"> Whole word </label>
+	</span>
+	<button type="submit"> Add </button>
+</form>
+
+{{template "footer.tmpl"}}
+{{end}}
--- a/templates/header.tmpl
+++ b/templates/header.tmpl
@ -17,7 +17,7 @@
 	{{if .RefreshInterval}}
 	<meta http-equiv="refresh" content="{{.RefreshInterval}}">
 	{{end}}
-	<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
+	<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title | html}} </title>
 	<link rel="stylesheet" href="/static/style.css">
 	{{if .CustomCSS}}
 	<link rel="stylesheet" href="{{.CustomCSS}}">
@ -25,6 +25,9 @@
 	{{if $.Ctx.FluorideMode}}
 	<script src="/static/fluoride.js"></script>
 	{{end}}
+	{{if $.Ctx.UserCSS}}
+	<style>{{$.Ctx.UserCSS}}</style>
+	{{end}}
 </head>
 <body {{if $.Ctx.DarkMode}}class="dark"{{end}}>
 {{end}}
--- a/templates/nav.tmpl
+++ b/templates/nav.tmpl
@ -3,7 +3,7 @@
 <div class="user-info">
 	<div class="user-info-img-container">
 		<a class="img-link" href="/timeline/home" title="Home (1)">
-			<img class="user-info-img" src="{{.User.AvatarStatic}}" alt="profile-avatar" height="64" />
+			<img class="user-info-img" src="{{.User.Avatar}}" alt="profile-avatar" height="64" />
 		</a>
 	</div>
 	<div class="user-info-details-container">
--- a/templates/notification.tmpl
+++ b/templates/notification.tmpl
@ -23,7 +23,7 @@
 	<div class="notification-follow-container">
 		<div class="status-profile-img-container">
 			<a class="img-link" href="/user/{{.Account.ID}}">
-				<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="profile-avatar" height="48" />
+				<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="profile-avatar" height="48" />
 			</a>
 		</div>
 		<div class="notification-follow">
@ -43,7 +43,7 @@
 	<div class="notification-follow-container">
 		<div class="status-profile-img-container">
 			<a class="img-link" href="/user/{{.Account.ID}}">
-				<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="profile-avatar" height="48" />
+				<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="profile-avatar" height="48" />
 			</a>
 		</div>
 		<div class="notification-follow">
@ -76,7 +76,7 @@
 	{{else if eq .Type "reblog"}}
 	<div class="retweet-info">
 		<a class="img-link" href="/user/{{.Account.ID}}">
-			<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
 		</a>
 		<a href="/user/{{.Account.ID}}">
 			<span class="status-uname"> @{{.Account.Acct}} </span>
@ -90,7 +90,7 @@
 	{{else if eq .Type "favourite"}}
 	<div class="retweet-info">
 		<a class="img-link" href="/user/{{.Account.ID}}">
-			<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
 		</a>
 		<a href="/user/{{.Account.ID}}">
 			<span class="status-uname"> @{{.Account.Acct}} </span>
@ -104,7 +104,7 @@
 	{{else}}
 	<div class="retweet-info">
 		<a class="img-link" href="/user/{{.Account.ID}}">
-			<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
 		</a>
 		<a href="/user/{{.Account.ID}}">
 			<span class="status-uname"> @{{.Account.Acct}} </span>
--- a/templates/postform.tmpl
+++ b/templates/postform.tmpl
@ -15,7 +15,7 @@
 		<textarea id="post-content" name="content" class="post-content" cols="34" rows="5" accesskey="E" title="Edit post (E)">{{if .ReplyContext}}{{.ReplyContext.ReplyContent}}{{end}}</textarea>
 	</div>
 	<div>
-		{{if gt (len .Formats) 0}}
+		{{if .Formats}}
 		<span class="post-form-field">
 			{{$defFormat := .DefaultFormat}}
 			<select id="post-format" name="format" accesskey="F" title="Format (F)">
@ -34,7 +34,7 @@
 			</select>
 		</span>
 		<span class="post-form-field">
-			<input type="checkbox" id="nsfw-checkbox" name="is_nsfw" value="on" accesskey="N" title="NSFW (N)">
+			<input type="checkbox" id="nsfw-checkbox" name="is_nsfw" value="true" accesskey="N" title="NSFW (N)">
 			<label for="nsfw-checkbox"> NSFW </label>
 		</span>
 	</div>
--- a/templates/requestlist.tmpl
+++ b/templates/requestlist.tmpl
@ -4,7 +4,7 @@
 	<div class="user-list-item">
 		<div class="user-list-profile-img">
 			<a class="img-link" href="/user/{{.ID}}">
-				<img class="status-profile-img" src="{{.AvatarStatic}}" title="@{{.Acct}}" alt="avatar" height="48" />
+				<img class="status-profile-img" src="{{.Avatar}}" title="@{{.Acct}}" alt="avatar" height="48" />
 			</a>
 		</div>
 		<div class="user-list-name">
--- a/templates/search.tmpl
+++ b/templates/search.tmpl
@ -5,7 +5,7 @@
 <form class="search-form" action="/search" method="GET">
 	<span class="post-form-field">
 		<label for="query"> Query </label>
-		<input id="query" name="q" value="{{.Q}}">
+		<input id="query" name="q" value="{{.Q | html}}">
 	</span>
 	<span class="post-form-field">
 		<label for="type"> Type </label>
--- a/templates/settings.tmpl
+++ b/templates/settings.tmpl
@ -5,6 +5,7 @@
 <form id="settings-form" action="/settings" method="POST">
 	<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
 	<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+	{{if .PostFormats}}
 	<div class="settings-form-field">
 		<label for="visibility"> Default format </label>
 		{{$defFormat := .Settings.DefaultFormat}}
@ -14,6 +15,7 @@
 			{{end}}
 		</select>
 	</div>
+	{{end}}
 	<div class="settings-form-field">
 		<label for="visibility"> Default scope </label>
 		<select id="visibility" name="visibility">
@ -63,6 +65,12 @@
 		<input id="dark-mode" name="dark_mode" type="checkbox" value="true" {{if .Settings.DarkMode}}checked{{end}}>
 		<label for="dark-mode"> Use dark theme </label>
 	</div>
+	<div class="settings-form-field">
+		<label for="css"> Custom CSS: </label>
+	</div>
+	<div>
+		<textarea id="css" name="css" cols="80" rows="8">{{.Settings.CSS}}</textarea>
+	</div>
 	<button type="submit"> Save </button>
 </form>

--- a/templates/status.tmpl
+++ b/templates/status.tmpl
@ -3,7 +3,7 @@
 	{{if .Reblog}}
 	<div class="retweet-info">
 		<a class="img-link" href="/user/{{.Account.ID}}">
-			<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="24" />
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="24" />
 		</a>
 		<bdi class="status-dname"> {{EmojiFilter .Account.DisplayName .Account.Emojis}} </bdi>  
 		<a href="/user/{{.Account.ID}}"> 
@ -18,7 +18,7 @@
 	<div class="status-container status-{{.ID}}" data-id="{{.ID}}">
 		<div class="status-profile-img-container">
 			<a class="img-link" href="/user/{{.Account.ID}}">
-				<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+				<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
 			</a>
 		</div>
 		<div class="status"> 
@ -88,7 +88,7 @@
 				{{end}}
 			</div>
 			{{if .Content}}
-			<div class="status-content"> {{StatusContentFilter .SpoilerText .Content .Emojis .Mentions}} </div>
+			<div class="status-content"> {{StatusContentFilter (html .SpoilerText) .Content .Emojis .Mentions}} </div>
 			{{end}}
 			{{if .MediaAttachments}}
 			<div class="status-media-container">
@ -101,7 +101,7 @@
 				</a>
 				{{else}}
 				<a class="img-link" href="{{.URL}}" target="_blank" title="{{.Description}}">
-					<img class="status-image" src="{{.URL}}" alt="status-image" height="240" />
+					<img class="status-image" src="{{.PreviewURL}}" alt="status-image" height="240" />
 					{{if (and $.Ctx.MaskNSFW $s.Sensitive)}}
 					<div class="status-nsfw-overlay"></div>
 					{{end}}
@ -153,12 +153,12 @@
 				{{range $i, $o := .Poll.Options}}
 				<div class="poll-option">
 					{{if (or $s.Poll.Expired $s.Poll.Voted)}}
-					<div> {{EmojiFilter $o.Title $s.Emojis}} - {{$o.VotesCount}} votes </div>
+					<div> {{EmojiFilter (html $o.Title) $s.Emojis}} - {{$o.VotesCount}} votes </div>
 					{{else}}
 					<input type="{{if $s.Poll.Multiple}}checkbox{{else}}radio{{end}}" name="choices" 
 						id="poll-{{$s.ID}}-{{$i}}" value="{{$i}}">
 					<label for="poll-{{$s.ID}}-{{$i}}"> 
-						{{EmojiFilter $o.Title $s.Emojis}} 
+						{{EmojiFilter (html $o.Title) $s.Emojis}} 
 					</label>
 					{{end}}
 				</div>
@ -193,24 +193,19 @@
 					</a>
 				</div>
 				<div class="status-action">
-					{{if or (eq .Visibility "private") (eq .Visibility "direct")}}
-					<a class="status-retweet" href="" title="this status cannot be retweeted"> 
-						retweet
-					</a>
-					{{else}}
 					{{$rt := "retweet"}} {{if .Reblogged}} {{$rt = "unretweet"}} {{end}}
 					<form class="status-retweet" data-action="{{$rt}}" action="/{{$rt}}/{{.ID}}" method="post" target="_self">
 						<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
 						<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 						<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
-						<input type="submit" value="{{$rt}}" class="btn-link">
+						<input type="submit" value="{{$rt}}" class="btn-link" 
+							{{if or (eq .Visibility "private") (eq .Visibility "direct")}}title="this status cannot be retweeted" disabled{{end}}>
 						<a class="status-retweet-count" href="/retweetedby/{{.ID}}" title="click to see the the list"> 
 							{{if and (not $.Ctx.AntiDopamineMode) .ReblogsCount}}
 								({{DisplayInteractionCount .ReblogsCount}})
 							{{end}}
 						</a>
 					</form>
-					{{end}}
 				</div>
 				<div class="status-action">
 					{{$like := "like"}} {{if .Favourited}} {{$like = "unlike"}} {{end}}
--- a/templates/thread.tmpl
+++ b/templates/thread.tmpl
@ -1,6 +1,9 @@
 {{with $s := .Data}}
 {{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
-<div class="page-title"> Thread </div>
+<div class="notification-title-container">
+	<span class="page-title"> Thread </span>
+	<a class="notification-refresh" href="{{$.Ctx.Referrer}}" accesskey="T" title="Refresh (T)">refresh</a>
+</div>

 {{range .Statuses}}

--- a/templates/user.tmpl
+++ b/templates/user.tmpl
@ -5,8 +5,8 @@
 <div class="user-info-container">
 <div>
 	<div class="user-profile-img-container">
-		<a class="img-link" href="{{.User.AvatarStatic}}" target="_blank">
-			<img class="user-profile-img" src="{{.User.AvatarStatic}}" alt="profile-avatar" height="96" />
+		<a class="img-link" href="{{.User.Avatar}}" target="_blank">
+			<img class="user-profile-img" src="{{.User.Avatar}}" alt="profile-avatar" height="96" />
 		</a>
 	</div>
 	<div class="user-profile-details-container">
@ -119,11 +119,15 @@
 		{{end}}
 		<div>
 			<a href="/usersearch/{{.User.ID}}"> search statuses </a>
+			{{if .IsCurrent}} - <a href="/filters"> filters </a> {{end}}
 		</div>
 	</div>
 	<div class="user-profile-decription">
 	{{EmojiFilter .User.Note .User.Emojis}}
 	</div>
+	{{if .User.Fields}}{{range .User.Fields}}
+	<div>{{.Name}} - {{.Value}}</div>
+	{{end}}{{end}}
 </div>
 </div>

--- a/templates/userlist.tmpl
+++ b/templates/userlist.tmpl
@ -4,7 +4,7 @@
 	<div class="user-list-item">
 		<div class="user-list-profile-img">
 			<a class="img-link" href="/user/{{.ID}}">
-				<img class="status-profile-img" src="{{.AvatarStatic}}" title="@{{.Acct}}" alt="avatar" height="48" />
+				<img class="status-profile-img" src="{{.Avatar}}" title="@{{.Acct}}" alt="avatar" height="48" />
 			</a>
 		</div>
 		<div class="user-list-name">
--- a/templates/usersearch.tmpl
+++ b/templates/usersearch.tmpl
@ -5,7 +5,7 @@
 <form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
 	<span class="post-form-field>
 		<label for="query"> Query </label>
-		<input id="query" name="q" value="{{.Q}}">
+		<input id="query" name="q" value="{{.Q | html}}">
 	</span>
 	<button type="submit"> Search </button>
 </form>